Jack Levy d6ebbf75d0 security: brute-force protection on auth endpoints (v1.1.0) ...

- Nginx rate limit: 20 req/min per IP on /api/auth/login and /register
- slowapi rate limit: 10/min on login, 5/hour on register (Redis-backed)
- Real client IP extracted from X-Forwarded-For for accurate per-IP limiting

Authored by: Jack Levy

2026-03-15 18:07:53 -04:00

2.9 KiB

Raw Blame History

View Raw