mirror of
https://github.com/documenso/documenso.git
synced 2026-06-22 04:12:06 +10:00
Lucas Smith
3887aa67c8
Replace per-event webhook handlers with a single sync function that fetches the current state from Stripe and converges the local subscription, claim, and organisation type. - Create organisations upfront before checkout, restricted as "pending payment" until the first payment syncs - Add rate-limited subscription sync route, triggered on checkout success so the UI doesn't wait on webhooks - Surface pending payment state in banner, billing table, and limits
114 lines
2.1 KiB
TypeScript
114 lines
2.1 KiB
TypeScript
import { createRateLimit } from './rate-limit';
|
|
|
|
// ---- Auth (Tier 1 - Critical, sends emails) ----
|
|
|
|
export const signupRateLimit = createRateLimit({
|
|
action: 'auth.signup',
|
|
max: 3,
|
|
window: '3h',
|
|
});
|
|
|
|
export const forgotPasswordRateLimit = createRateLimit({
|
|
action: 'auth.forgot-password',
|
|
max: 3,
|
|
globalMax: 20,
|
|
window: '1h',
|
|
});
|
|
|
|
export const resendVerifyEmailRateLimit = createRateLimit({
|
|
action: 'auth.resend-verify-email',
|
|
max: 3,
|
|
globalMax: 20,
|
|
window: '1h',
|
|
});
|
|
|
|
export const request2FAEmailRateLimit = createRateLimit({
|
|
action: 'auth.request-2fa-email',
|
|
max: 5,
|
|
globalMax: 20,
|
|
window: '15m',
|
|
});
|
|
|
|
// ---- Auth (Tier 2 - Unauthenticated) ----
|
|
|
|
export const loginRateLimit = createRateLimit({
|
|
action: 'auth.login',
|
|
max: 10,
|
|
globalMax: 50,
|
|
window: '15m',
|
|
});
|
|
|
|
export const resetPasswordRateLimit = createRateLimit({
|
|
action: 'auth.reset-password',
|
|
max: 5,
|
|
globalMax: 20,
|
|
window: '1h',
|
|
});
|
|
|
|
export const verifyEmailRateLimit = createRateLimit({
|
|
action: 'auth.verify-email',
|
|
max: 5,
|
|
globalMax: 20,
|
|
window: '15m',
|
|
});
|
|
|
|
export const passkeyRateLimit = createRateLimit({
|
|
action: 'auth.passkey',
|
|
max: 10,
|
|
globalMax: 50,
|
|
window: '15m',
|
|
});
|
|
|
|
export const linkOrgAccountRateLimit = createRateLimit({
|
|
action: 'auth.link-org-account',
|
|
max: 5,
|
|
globalMax: 20,
|
|
window: '1h',
|
|
});
|
|
|
|
export const reportSenderRateLimit = createRateLimit({
|
|
action: 'recipient.report-sender',
|
|
max: 1,
|
|
window: '7d',
|
|
});
|
|
|
|
// ---- Billing ----
|
|
|
|
export const syncSubscriptionRateLimit = createRateLimit({
|
|
action: 'billing.sync-subscription',
|
|
max: 10,
|
|
window: '15m',
|
|
});
|
|
|
|
// ---- API (Tier 4 - Standard) ----
|
|
|
|
export const apiV1RateLimit = createRateLimit({
|
|
action: 'api.v1',
|
|
max: 100,
|
|
window: '1m',
|
|
});
|
|
|
|
export const apiV2RateLimit = createRateLimit({
|
|
action: 'api.v2',
|
|
max: 100,
|
|
window: '1m',
|
|
});
|
|
|
|
export const apiTrpcRateLimit = createRateLimit({
|
|
action: 'api.trpc',
|
|
max: 100,
|
|
window: '1m',
|
|
});
|
|
|
|
export const aiRateLimit = createRateLimit({
|
|
action: 'api.ai',
|
|
max: 3,
|
|
window: '1m',
|
|
});
|
|
|
|
export const fileUploadRateLimit = createRateLimit({
|
|
action: 'api.file-upload',
|
|
max: 20,
|
|
window: '1m',
|
|
});
|