Security: Add rate limiting to auth endpoints #13

New Issue

Open

opened 2026-02-17 16:49:18 +00:00 by santhoshj · 0 comments

santhoshj commented 2026-02-17 16:49:18 +00:00

Owner

Copy Link

Summary

The login and register endpoints don't have rate limiting, making them vulnerable to brute force attacks.

Location

• backend/app/Http/Controllers/Api/V1/AuthController.php:13
• backend/app/Http/Controllers/Api/V1/AuthController.php:35

Acceptance Criteria

• Add Laravel throttle middleware to auth routes
• Limit to 5 attempts per minute for login
• Limit to 3 attempts per minute for register

Related

• Security review finding

## Summary The login and register endpoints don't have rate limiting, making them vulnerable to brute force attacks. ## Location - `backend/app/Http/Controllers/Api/V1/AuthController.php:13` - `backend/app/Http/Controllers/Api/V1/AuthController.php:35` ## Acceptance Criteria - [ ] Add Laravel throttle middleware to auth routes - [ ] Limit to 5 attempts per minute for login - [ ] Limit to 3 attempts per minute for register ## Related - Security review finding

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

tdd-headroom

No results found.

Labels

Clear labels

tdd-documentation

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

vj santhoshj

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: santhoshj/headroom#13