backend: Refactor login rate limiting to allow bypass in test environment

2025-04-15 11:48:10 +02:00 · 2025-04-15 11:48:10 +02:00 · 5c67f2a370
commit 5c67f2a370
parent 0eab569b91
2 changed files with 12 additions and 3 deletions
--- a/backend/src/middlewares/auth.middleware.ts
+++ b/backend/src/middlewares/auth.middleware.ts
@ -156,8 +156,17 @@ export const allowAnonymous = async (req: Request) => {
 };

 // Limit login attempts to avoid brute force attacks
-export const loginLimiter = rateLimit({
+const loginLimiter = rateLimit({
 	windowMs: ms('15m'),
 	limit: 5,
 	message: 'Too many login attempts, please try again later'
 });
+
+export const withLoginLimiter = (req: Request, res: Response, next: NextFunction) => {
+	// Bypass rate limiting in test environment
+	if (process.env.NODE_ENV === 'test') {
+		return next();
+	}
+
+	return loginLimiter(req, res, next);
+};
--- a/backend/src/routes/auth.routes.ts
+++ b/backend/src/routes/auth.routes.ts
@ -1,7 +1,7 @@
 import { Router } from 'express';
 import bodyParser from 'body-parser';
 import * as authCtrl from '../controllers/auth.controller.js';
-import { validateLoginRequest, loginLimiter, tokenAndRoleValidator, withAuth } from '../middlewares/index.js';
+import { validateLoginRequest, withLoginLimiter, tokenAndRoleValidator, withAuth } from '../middlewares/index.js';
 import { UserRole } from '@typings-ce';

 export const authRouter = Router();
@ -9,7 +9,7 @@ authRouter.use(bodyParser.urlencoded({ extended: true }));
 authRouter.use(bodyParser.json());

 // Auth Routes
-authRouter.post('/login', validateLoginRequest, loginLimiter, authCtrl.login);
+authRouter.post('/login', validateLoginRequest, withLoginLimiter, authCtrl.login);
 authRouter.post('/logout', authCtrl.logout);
 authRouter.post('/refresh', authCtrl.refreshToken);
 authRouter.get(