Skip to content

[Feature] Protect our login pages / public api routes #39

New issue
New issue
Open
Open
[Feature] Protect our login pages / public api routes#39
Labels
ImportantStuff that's importantMVPIssues that will get us to our minimum viable productsecurityIssues related to security
@AntGa

Description

@AntGa
AntGa
opened on Oct 9, 2024

Issue: Implement Rate Limiting and Protection for Login Page and API Routes

Description

Currently, our login page and API routes are not rate limited or adequately protected. This vulnerability exposes our application to potential spam attacks and abuse of database calls, which could lead to performance degradation and security issues. This poses a problem if we want our api routes to be public to integrate into other projects such as discord bots or integrations into other websites.

Objectives

Implement rate limiting on the login page to prevent brute-force attacks.
Apply rate limiting to all API routes to mitigate spam and abuse.
Ensure that the application remains user-friendly while enhancing security.

Acceptance Criteria

  • Rate limiting is implemented on the login page and all API routes.
  • Review of the implemented changes via a pull request (PR).
  • Thorough testing to ensure the rate limiting functions correctly and does not adversely affect user experience.
  • Documentation updated to reflect changes made to rate limiting and security measures.

Metadata

Metadata

Assignees

No one assigned

    Labels

    ImportantStuff that's importantMVPIssues that will get us to our minimum viable productsecurityIssues related to security

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions