Add rate limiting to login endpoint
Security: - Add slowapi dependency for rate limiting - Create rate_limit.py module with configurable limits - Apply 5 requests/minute limit to login endpoint - Make rate limit configurable via ORCHARD_LOGIN_RATE_LIMIT env var Testing: - Set high rate limit (1000/min) in docker-compose.local.yml for tests - All 265 tests pass
This commit is contained in:
Mondo Diaz
@@ -24,6 +24,8 @@ services:
|
||||
- ORCHARD_S3_USE_PATH_STYLE=true
|
||||
- ORCHARD_REDIS_HOST=redis
|
||||
- ORCHARD_REDIS_PORT=6379
|
||||
# Higher rate limit for local development/testing
|
||||
- ORCHARD_LOGIN_RATE_LIMIT=1000/minute
|
||||
depends_on:
|
||||
postgres:
|
||||
condition: service_healthy
|
||||
|
||||
Reference in New Issue
Block a user