You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: adminforth/documentation/docs/tutorial/03-Customization/12-security.md
+26-1Lines changed: 26 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -30,6 +30,31 @@ new AdminForth({
30
30
In this case users who will check "Remember me" checkbox will be logged in for 7 days instead of 24 hours.
31
31
32
32
33
+
## Login rate limits
34
+
35
+
AdminForth rate-limits login attempts by client IP using `auth.rateLimit`. Password login, OAuth login, and passkey login use the same configured limits, but each login method has its own independent rate-limit bucket.
36
+
37
+
By default AdminForth uses:
38
+
39
+
```ts
40
+
['500/5m', '5000/1h', '10000/1d']
41
+
```
42
+
43
+
You can override it in the app config:
44
+
45
+
```ts ./index.ts
46
+
newAdminForth({
47
+
...
48
+
auth: {
49
+
rateLimit: ['10/5m', '100/1h', '500/1d']
50
+
}
51
+
})
52
+
```
53
+
54
+
The format is `requests/period`, where period can use `s`, `m`, `h`, or `d`.
55
+
Because rate limits are keyed by client IP, configure `auth.clientIpHeader` when AdminForth runs behind a trusted CDN or reverse proxy. See [Trusting client IP addresses](#trusting-client-ip-addresses).
56
+
57
+
33
58
## Password strength
34
59
35
60
AdminForth allows to set validation RegExp based rules for any field. This can be reused for password strength validation.
@@ -284,4 +309,4 @@ This means that a user is allowed to make up to 20 requests within one day, and
284
309
- h → hours (1h)
285
310
- d → days (1d)
286
311
287
-
> ☝ Сonsume(key) is used to check whether a specific key such as a userId, IP address, or any other identifier has exceeded its allowed request limit. If the limit has not been reached, it returns true, meaning the request is allowed to proceed.
312
+
> ☝ Сonsume(key) is used to check whether a specific key such as a userId, IP address, or any other identifier has exceeded its allowed request limit. If the limit has not been reached, it returns true, meaning the request is allowed to proceed.
>⚠️Note: we use key/value adapter to store used password reset token for validity period and we recomend to use stateful adapter like Redis in production, because stateless adapter (like key/value RAM) is cleared after server restart and password reset token could be re-used for the second time
//baseUrl is optional, if not provided, will default to "https://api.mailgun.net" but if you are using Mailgun EU, you should use "https://api.eu.mailgun.net" instead
108
-
baseUrl: process.env.MAILGUN_REGION_URLasstring,
109
-
}),
110
-
110
+
apiKey: process.env.MAILGUN_API_KEYasstring,
111
+
domain: process.env.MAILGUN_DOMAINasstring,
112
+
//baseUrl is optional, if not provided, will default to "https://api.mailgun.net" but if you are using Mailgun EU, you should use "https://api.eu.mailgun.net" instead
Copy file name to clipboardExpand all lines: adminforth/documentation/docs/tutorial/09-Plugins/23-background-jobs.md
+2-1Lines changed: 2 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -9,7 +9,7 @@ BackgroundJobsPlugin adds a durable background job system to AdminForth. Jobs ar
9
9
10
10
11
11
## Setup
12
-
12
+
> ‼️ Note, that before deploying this plugin, you should create volume for the level db and pass is as `levelDbPath` param, so background jobs will be saved between redeploys
0 commit comments