···
const user = requireAuth(req);
+
const rateLimitError = enforceRateLimit(req, "passkey-register-options", {
+
ip: { max: 10, windowSeconds: 5 * 60 },
+
if (rateLimitError) return rateLimitError;
const options = await createRegistrationOptions(user);
return Response.json(options);
···
const _user = requireAuth(req);
+
const rateLimitError = enforceRateLimit(req, "passkey-register-verify", {
+
ip: { max: 10, windowSeconds: 5 * 60 },
+
if (rateLimitError) return rateLimitError;
const body = await req.json();
const { response: credentialResponse, challenge, name } = body;
···
"/api/passkeys/authenticate/options": {
+
const rateLimitError = enforceRateLimit(req, "passkey-auth-options", {
+
ip: { max: 10, windowSeconds: 5 * 60 },
+
if (rateLimitError) return rateLimitError;
const body = await req.json();
···
"/api/passkeys/authenticate/verify": {
+
const rateLimitError = enforceRateLimit(req, "passkey-auth-verify", {
+
ip: { max: 10, windowSeconds: 5 * 60 },
+
if (rateLimitError) return rateLimitError;
const body = await req.json();
const { response: credentialResponse, challenge } = body;
···
const user = requireAuth(req);
+
const rateLimitError = enforceRateLimit(req, "passkey-update", {
+
ip: { max: 10, windowSeconds: 60 * 60 },
+
if (rateLimitError) return rateLimitError;
const body = await req.json();
const passkeyId = req.params.id;
···
const user = requireAuth(req);
+
const rateLimitError = enforceRateLimit(req, "passkey-delete", {
+
ip: { max: 10, windowSeconds: 60 * 60 },
+
if (rateLimitError) return rateLimitError;
const passkeyId = req.params.id;
deletePasskey(passkeyId, user.id);
return Response.json({ success: true });
···
return Response.json({ error: "Invalid session" }, { status: 401 });
+
const rateLimitError = enforceRateLimit(req, "delete-session", {
+
ip: { max: 20, windowSeconds: 60 * 60 },
+
if (rateLimitError) return rateLimitError;
const body = await req.json();
const targetSessionId = body.sessionId;
···
return Response.json({ error: "Invalid session" }, { status: 401 });
+
const rateLimitError = enforceRateLimit(req, "update-name", {
+
ip: { max: 10, windowSeconds: 5 * 60 },
+
if (rateLimitError) return rateLimitError;
const body = await req.json();
···
return Response.json({ error: "Invalid session" }, { status: 401 });
+
const rateLimitError = enforceRateLimit(req, "update-avatar", {
+
ip: { max: 10, windowSeconds: 5 * 60 },
+
if (rateLimitError) return rateLimitError;
const body = await req.json();
···
return Response.json({ error: "Invalid session" }, { status: 401 });
+
const rateLimitError = enforceRateLimit(req, "update-notifications", {
+
ip: { max: 10, windowSeconds: 5 * 60 },
+
if (rateLimitError) return rateLimitError;
const body = await req.json();
const { email_notifications_enabled } = body;
if (typeof email_notifications_enabled !== "boolean") {
···
const user = requireSubscription(req);
+
const rateLimitError = enforceRateLimit(req, "upload-transcription", {
+
ip: { max: 20, windowSeconds: 60 * 60 },
+
if (rateLimitError) return rateLimitError;
const formData = await req.formData();
const file = formData.get("audio") as File;
dunkirk.sh