josh/Vector
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

chore: remove auth rate limiting
CI / Lint · Typecheck · Test · Build (push) Successful in 51s
Details
CI / Playwright (smoke) (push) Has been skipped
Details
CI / Build & push images (push) Successful in 1m59s
Details

Browse Source 
Vector is an internal service — throttling /api/auth requests provides
no meaningful protection and gets in the way of legitimate use. Drops
the express-rate-limit middleware and dependency.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
Josh Wright
2026-04-19 20:19:12 -04:00
parent da6bd071ee
commit be20fe587a
3 changed files with 1 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files
apps/api/package.json
-1
View File
@@ -22,7 +22,6 @@
"cors": "^2.8.6",
"dotenv": "^17.4.2",
"express": "^5.2.1",
"express-rate-limit": "^8.3.2",
"helmet": "^8.1.0",
"jsonwebtoken": "^9.0.3",
"pino": "^10.3.1",
apps/api/src/app.ts
+1 -10
View File
@@ -3,7 +3,6 @@ import cookieParser from 'cookie-parser';
import cors from 'cors';
import helmet from 'helmet';
import { pinoHttp } from 'pino-http';
import rateLimit from 'express-rate-limit';
import { prisma } from '@vector/db';
import { env } from './env.js';
@@ -69,15 +68,7 @@ app.get('/readyz', async (_req, res) => {
}
});
const authLimiter = rateLimit({
windowMs: 60 * 1000,
limit: env.NODE_ENV === 'production' ? 5 : 50,
standardHeaders: 'draft-7',
legacyHeaders: false,
message: { code: 'RATE_LIMITED', message: 'Too many auth requests. Try again soon.' },
});
app.use('/api/auth', authLimiter, authRoutes);
app.use('/api/auth', authRoutes);
app.use('/api', requireCsrf);
app.use('/api/users', userRoutes);
app.use('/api/manufacturers', manufacturerRoutes);