BA
Better Auth3d ago
Aditya Kirad

not getting rate limited

Hey folks I'm testing the rate limit functionality and here is my code https://mystb.in/56596703647e0db856 even though I'm making more than 2 signIn request in one minute I'm not getting rate limited or any other error also please check if I'm handling the auth error correctly
7 Replies
bekacru
bekacru2d ago
rate limiter works only on prod unless you pass enabled:true to force active it on dev
Aditya Kirad
Aditya KiradOP2d ago
you can check the code I provided I have enabled it
bekacru
bekacru2d ago
okay then sign-in and other endpoints employ custom rate limiting rules by default which is in 10 seconds window you can make max 3 requests. You can pass customRules to override this
Aditya Kirad
Aditya KiradOP2d ago
okay can you check one thing if I'm handling the auth error correctly because error.status === "FORBIDDEN" doesn't clearly suggest that error happened becaus email was not verified or I will get this status when only email is not verified etc
bekacru
bekacru2d ago
it reutrns 429 not 403
Aditya Kirad
Aditya KiradOP2d ago
what? I was talking about this piece of code 
export async function signIn(prevState: unknown, formData: FormData) {
  const submission = parseWithZod(formData, { schema: signInSchema });

  if (submission.status !== "success") {
    return submission.reply();
  }

  try {
    await signInEmail({
      body: {
        ...submission.value,
        callbackURL: "/",
      },
    });
  } catch (error) {
    if (error instanceof APIError) {
      if (error.status === "TOO_MANY_REQUESTS") {
        return submission.reply({
          formErrors: [error.message],
        });
      }
      if (error.status === "FORBIDDEN") {
        return submission.reply({
          formErrors: ["Verify your email before siging in"],
        });
      }
      if (error.status === "UNAUTHORIZED") {
        return submission.reply({
          fieldErrors: {
            email: ["Invalid Credentials"],
            password: ["Invalid Credentials"],
          },
        });
      }
      throw error;
    }
    throw error;
  }
}
export async function signIn(prevState: unknown, formData: FormData) {
  const submission = parseWithZod(formData, { schema: signInSchema });

  if (submission.status !== "success") {
    return submission.reply();
  }

  try {
    await signInEmail({
      body: {
        ...submission.value,
        callbackURL: "/",
      },
    });
  } catch (error) {
    if (error instanceof APIError) {
      if (error.status === "TOO_MANY_REQUESTS") {
        return submission.reply({
          formErrors: [error.message],
        });
      }
      if (error.status === "FORBIDDEN") {
        return submission.reply({
          formErrors: ["Verify your email before siging in"],
        });
      }
      if (error.status === "UNAUTHORIZED") {
        return submission.reply({
          fieldErrors: {
            email: ["Invalid Credentials"],
            password: ["Invalid Credentials"],
          },
        });
      }
      throw error;
    }
    throw error;
  }
}
am I handling the error correct way
bekacru
bekacru2d ago
oh sorry you should check the error message or code instead of relying on status code

Did you find this page helpful?