Files
triggerdotdev--trigger.dev/apps/webapp/app/services/mfa/mfaRateLimiterGlobal.server.ts
T
2026-07-13 13:32:57 +08:00

38 lines
1.4 KiB
TypeScript

import { env } from "~/env.server";
import { singleton } from "~/utils/singleton";
import {
checkMfaRateLimit as checkMfaRateLimitWith,
createMfaRateLimiters,
type MfaRateLimiters,
} from "./mfaRateLimiter.server";
// Production singletons, wired to the env-derived rate-limit Redis.
// Kept out of `mfaRateLimiter.server.ts` so that module stays free of
// `env.server` and remains testable in isolation (see that file).
const mfaRateLimiters = singleton("mfaRateLimiters", () =>
createMfaRateLimiters({
redisOptions: {
port: env.RATE_LIMIT_REDIS_PORT,
host: env.RATE_LIMIT_REDIS_HOST,
username: env.RATE_LIMIT_REDIS_USERNAME,
password: env.RATE_LIMIT_REDIS_PASSWORD,
tlsDisabled: env.RATE_LIMIT_REDIS_TLS_DISABLED === "true",
clusterMode: env.RATE_LIMIT_REDIS_CLUSTER_MODE_ENABLED === "1",
},
})
);
export const mfaRateLimiter = mfaRateLimiters.perMinute;
export const mfaDailyRateLimiter = mfaRateLimiters.daily;
/**
* Production entrypoint: rate-limit an MFA validation attempt for `userId`
* against the env-configured limiter pair. Throws `MfaRateLimitError` when
* either the per-minute or the cumulative daily cap is exceeded.
*/
export function checkMfaRateLimit(userId: string, limiters: MfaRateLimiters = mfaRateLimiters) {
return checkMfaRateLimitWith(userId, limiters);
}
export { MfaRateLimitError } from "./mfaRateLimiter.server";