Email verification
When signing in with the
requiredEmailVerification
option on, if the user didn't verify his email address yet, a verification email is automatically sent. This means that the user could spam the sign-in button and/or route
Is there any way to prevent that?
I guess I could define a custom ratelimit for the sign-in route, as shown here: https://www.better-auth.com/docs/concepts/rate-limit#rate-limit-window but it's not really what I'm looking for. I don't want to ratelimit the route, I just want a cooldown on the verification emailRate Limit | Better Auth
How to limit the number of requests a user can make to the server in a given time period.
Solution:Jump to solution
I ended up doing exactly that, creating a new column in my db. This is what is looks like:
```tsx
const throwInvalidCredsError = (isEmail: boolean) => {...
4 Replies
An option I can think of is to extend the user table or create a new one and define a column with the datetime of when the verification email was sent. If the datetime is within a certain range of the current datetime you could skip sending the verification email. You can add this check in your function which sends the verification email.
I guess you're right
Kinda hoped there was some option/config I didn't know about or something 😦
Not sure if the built in ratelimit covers this or not, But either use a db column like the other guy said inside your send verification email function just add a custom ratelimit
Solution
I ended up doing exactly that, creating a new column in my db. This is what is looks like: