Configure @nestjs/throttler Rate Limiting with Stricter Auth Endpoint Limits and Retry-After Headers

**Description:**
Enable the `@nestjs/throttler` rate limiter as a standalone protection layer that is already installed but not configured, to protect the API from abuse.

**Tasks:**
- Configure `ThrottlerModule` in `AppModule` using `THROTTLE_TTL` and `THROTTLE_LIMIT` from `ConfigService`
- Apply `ThrottlerGuard` globally
- Add stricter per-route limits on auth endpoints (`/api/auth/login`, `/api/auth/register`) — 5 requests per minute
- Return `429 Too Many Requests` with a `Retry-After` header
- Add `THROTTLE_TTL` and `THROTTLE_LIMIT` to `.env.example` with sensible defaults

**Acceptance Criteria:**
- Exceeding the global limit returns `429`
- Auth endpoints enforce a stricter limit than the global default
- The `Retry-After` header is present on `429` responses

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Configure @nestjs/throttler Rate Limiting with Stricter Auth Endpoint Limits and Retry-After Headers #228

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Configure @nestjs/throttler Rate Limiting with Stricter Auth Endpoint Limits and Retry-After Headers #228

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions