From b92aec9d306afe5258016d23d3bb8812fa63b0b7 Mon Sep 17 00:00:00 2001 From: juancarmore Date: Tue, 22 Jul 2025 12:39:03 +0200 Subject: [PATCH] backend: reduce login attempt window to 5 minutes and skip successful requests --- backend/src/middlewares/auth.middleware.ts | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/backend/src/middlewares/auth.middleware.ts b/backend/src/middlewares/auth.middleware.ts index bf22e33..9e77de8 100644 --- a/backend/src/middlewares/auth.middleware.ts +++ b/backend/src/middlewares/auth.middleware.ts @@ -217,8 +217,9 @@ const getAuthenticatedUserOrAnonymous = async (req: Request): Promise => { // Limit login attempts to avoid brute force attacks const loginLimiter = rateLimit({ - windowMs: ms('15m'), + windowMs: ms('5m'), limit: 5, + skipSuccessfulRequests: true, message: 'Too many login attempts, please try again later' });