feat: add throttling to user invitation and login endpoints

Artuomka · Artuomka · commit 7bbbe0aacd09 · 2026-02-05T14:56:22.000Z
diff --git a/backend/src/entities/company-info/company-info.controller.ts b/backend/src/entities/company-info/company-info.controller.ts
@@ -224,6 +224,7 @@ export class CompanyInfoController {
 		type: InvitedUserInCompanyAndConnectionGroupDs,
 	})
 	@UseGuards(CompanyAdminGuard)
+	@Throttle({ default: { limit: isTest() ? 200 : 10, ttl: 60000 } })
 	@Put('user/:companyId')
 	async inviteUserInCompanyAndConnectionGroup(
 		@UserId() userId: string,
diff --git a/backend/src/entities/user/user.controller.ts b/backend/src/entities/user/user.controller.ts
@@ -71,6 +71,8 @@ import { UserSettingsDataRequestDto } from './dto/user-settings-data-request.dto
 import { RequestRestUserPasswordDto } from './dto/request-rest-user-password.dto.js';
 import { SuccessResponse } from '../../microservices/saas-microservice/data-structures/common-responce.ds.js';
 import { Timeout } from '../../decorators/timeout.decorator.js';
+import { Throttle } from '@nestjs/throttler';
+import { isTest } from '../../helpers/app/is-test.js';
 
 @UseInterceptors(SentryInterceptor)
 @Timeout()
@@ -143,6 +145,7 @@ export class UserController {
 		description: 'Login successful.',
 		type: TokenExpDs,
 	})
+	@Throttle({ default: { limit: isTest() ? 200 : 5, ttl: 60000 } })
 	@Post('user/login/')
 	async usualLogin(
 		@Res({ passthrough: true }) response: Response,
