Rate limiting with custom login handler

Hey everyone.

I’ve got a custom login handler allowing for “passwordless” login – you enter your email and we send you a PIN.

Looks something like this:

Accounts.registerLoginHandler("pinLogin" loginRequest => ...)

According to the docs, Core/DDP Rate Limiter works on both subscriptions and methods. That’s great, but I’m not sure what method I need to rate limit for a custom login handler.

Any suggestions? Thank you.

According to this post, Meteor already does its own rate limiting for logins, but I’m not sure about custom login handlers.

I think custom login handlers are already rate limited, those handlers are like “middlewares” that intercept the call to the login method and that is the one that is rate limited.

1 Like