diff --git a/features/sso/backend-api/src/features/auth/auth.controller.ts b/features/sso/backend-api/src/features/auth/auth.controller.ts index aa4441712..25f6f37c3 100755 --- a/features/sso/backend-api/src/features/auth/auth.controller.ts +++ b/features/sso/backend-api/src/features/auth/auth.controller.ts @@ -60,7 +60,7 @@ export class AuthController { * Account lockout: After 5 failed attempts, progressive lockout (5min -> 15min -> 1hr -> 24hr) */ @Post("login") - @Throttle({ default: { limit: 5, ttl: 60000 } }) // 5 per minute + @Throttle({ default: { limit: +(process.env.THROTTLE_AUTH_LIMIT ?? 5), ttl: +(process.env.THROTTLE_AUTH_TTL ?? 60000) } }) async login( @Body() loginDto: LoginDto, @Req() req: Request, @@ -153,7 +153,7 @@ export class AuthController { * Liveness verification happens post-registration via VerificationGate. */ @Post("register") - @Throttle({ default: { limit: 10, ttl: 3600000 } }) // 10 per hour + @Throttle({ default: { limit: +(process.env.THROTTLE_REGISTER_LIMIT ?? 10), ttl: +(process.env.THROTTLE_REGISTER_TTL ?? 3600000) } }) async register( @Body() registerDto: RegisterDto & { browserSignals?: Record }, @Req() req: Request,