Rate limiting with custom login handler

drone1 · May 30, 2019, 8:21pm

Hey everyone.

I’ve got a custom login handler allowing for “passwordless” login – you enter your email and we send you a PIN.

Looks something like this:

Accounts.registerLoginHandler("pinLogin" loginRequest => ...)

According to the docs, Core/DDP Rate Limiter works on both subscriptions and methods. That’s great, but I’m not sure what method I need to rate limit for a custom login handler.

Any suggestions? Thank you.

drone1 · May 30, 2019, 8:26pm

According to this post, Meteor already does its own rate limiting for logins, but I’m not sure about custom login handlers.

pmogollon · May 30, 2019, 9:29pm

I think custom login handlers are already rate limited, those handlers are like “middlewares” that intercept the call to the login method and that is the one that is rate limited.

rjdavid · May 31, 2019, 5:39pm