···
const user = requireAuth(req);
897
+
const rateLimitError = enforceRateLimit(req, "passkey-register-options", {
898
+
ip: { max: 10, windowSeconds: 5 * 60 },
900
+
if (rateLimitError) return rateLimitError;
const options = await createRegistrationOptions(user);
return Response.json(options);
···
const _user = requireAuth(req);
914
+
const rateLimitError = enforceRateLimit(req, "passkey-register-verify", {
915
+
ip: { max: 10, windowSeconds: 5 * 60 },
917
+
if (rateLimitError) return rateLimitError;
const body = await req.json();
const { response: credentialResponse, challenge, name } = body;
···
"/api/passkeys/authenticate/options": {
944
+
const rateLimitError = enforceRateLimit(req, "passkey-auth-options", {
945
+
ip: { max: 10, windowSeconds: 5 * 60 },
947
+
if (rateLimitError) return rateLimitError;
const body = await req.json();
···
"/api/passkeys/authenticate/verify": {
962
+
const rateLimitError = enforceRateLimit(req, "passkey-auth-verify", {
963
+
ip: { max: 10, windowSeconds: 5 * 60 },
965
+
if (rateLimitError) return rateLimitError;
const body = await req.json();
const { response: credentialResponse, challenge } = body;
···
const user = requireAuth(req);
1033
+
const rateLimitError = enforceRateLimit(req, "passkey-update", {
1034
+
ip: { max: 10, windowSeconds: 60 * 60 },
1036
+
if (rateLimitError) return rateLimitError;
const body = await req.json();
const passkeyId = req.params.id;
···
const user = requireAuth(req);
1056
+
const rateLimitError = enforceRateLimit(req, "passkey-delete", {
1057
+
ip: { max: 10, windowSeconds: 60 * 60 },
1059
+
if (rateLimitError) return rateLimitError;
const passkeyId = req.params.id;
deletePasskey(passkeyId, user.id);
return Response.json({ success: true });
···
return Response.json({ error: "Invalid session" }, { status: 401 });
1101
+
const rateLimitError = enforceRateLimit(req, "delete-session", {
1102
+
ip: { max: 20, windowSeconds: 60 * 60 },
1104
+
if (rateLimitError) return rateLimitError;
const body = await req.json();
const targetSessionId = body.sessionId;
···
return Response.json({ error: "Invalid session" }, { status: 401 });
1321
+
const rateLimitError = enforceRateLimit(req, "update-name", {
1322
+
ip: { max: 10, windowSeconds: 5 * 60 },
1324
+
if (rateLimitError) return rateLimitError;
const body = await req.json();
···
return Response.json({ error: "Invalid session" }, { status: 401 });
1353
+
const rateLimitError = enforceRateLimit(req, "update-avatar", {
1354
+
ip: { max: 10, windowSeconds: 5 * 60 },
1356
+
if (rateLimitError) return rateLimitError;
const body = await req.json();
···
return Response.json({ error: "Invalid session" }, { status: 401 });
1385
+
const rateLimitError = enforceRateLimit(req, "update-notifications", {
1386
+
ip: { max: 10, windowSeconds: 5 * 60 },
1388
+
if (rateLimitError) return rateLimitError;
const body = await req.json();
const { email_notifications_enabled } = body;
if (typeof email_notifications_enabled !== "boolean") {
···
const user = requireSubscription(req);
2077
+
const rateLimitError = enforceRateLimit(req, "upload-transcription", {
2078
+
ip: { max: 20, windowSeconds: 60 * 60 },
2080
+
if (rateLimitError) return rateLimitError;
const formData = await req.formData();
const file = formData.get("audio") as File;
dunkirk.sh