38 lines
1.4 KiB
TypeScript
38 lines
1.4 KiB
TypeScript
import { env } from "~/env.server";
|
|
import { singleton } from "~/utils/singleton";
|
|
import {
|
|
checkMfaRateLimit as checkMfaRateLimitWith,
|
|
createMfaRateLimiters,
|
|
type MfaRateLimiters,
|
|
} from "./mfaRateLimiter.server";
|
|
|
|
// Production singletons, wired to the env-derived rate-limit Redis.
|
|
// Kept out of `mfaRateLimiter.server.ts` so that module stays free of
|
|
// `env.server` and remains testable in isolation (see that file).
|
|
const mfaRateLimiters = singleton("mfaRateLimiters", () =>
|
|
createMfaRateLimiters({
|
|
redisOptions: {
|
|
port: env.RATE_LIMIT_REDIS_PORT,
|
|
host: env.RATE_LIMIT_REDIS_HOST,
|
|
username: env.RATE_LIMIT_REDIS_USERNAME,
|
|
password: env.RATE_LIMIT_REDIS_PASSWORD,
|
|
tlsDisabled: env.RATE_LIMIT_REDIS_TLS_DISABLED === "true",
|
|
clusterMode: env.RATE_LIMIT_REDIS_CLUSTER_MODE_ENABLED === "1",
|
|
},
|
|
})
|
|
);
|
|
|
|
export const mfaRateLimiter = mfaRateLimiters.perMinute;
|
|
export const mfaDailyRateLimiter = mfaRateLimiters.daily;
|
|
|
|
/**
|
|
* Production entrypoint: rate-limit an MFA validation attempt for `userId`
|
|
* against the env-configured limiter pair. Throws `MfaRateLimitError` when
|
|
* either the per-minute or the cumulative daily cap is exceeded.
|
|
*/
|
|
export function checkMfaRateLimit(userId: string, limiters: MfaRateLimiters = mfaRateLimiters) {
|
|
return checkMfaRateLimitWith(userId, limiters);
|
|
}
|
|
|
|
export { MfaRateLimitError } from "./mfaRateLimiter.server";
|