Mariano/portal login 3 (#2276)

* feat(auth): enhance security with rate limiting and redirect URL validation

- Implemented in-memory rate limiting for authentication requests to mitigate brute force attacks, with stricter limits for sensitive endpoints.
- Added redirect URL validation to prevent open redirects, allowing only specified hosts.
- Improved logging for rate limit exceedances during development.
- Cleaned up old rate limit entries periodically to optimize memory usage.
- Updated the OTP form to remove unnecessary API_URL declaration.

* refactor(auth): update environment variable usage for base URL

- Changed references from AUTH_BASE_URL and BETTER_AUTH_URL to BASE_URL for consistency in cookie domain handling.
- Updated comments to clarify the purpose of BASE_URL in relation to OAuth callbacks and cookie domains.

* refactor(auth): update base URL configuration for auth client

- Changed baseURL in authClient to use NEXT_PUBLIC_API_URL or default to 'http://localhost:3333' for improved environment configuration.
- This change enhances flexibility for different deployment environments.

Author: Marfuen

apps/portal/src/app/lib/auth-client.ts

@@ -7,8 +7,7 @@ import { createAuthClient } from 'better-auth/react';
 import { ac, allRoles } from '@comp/auth';
 
 export const authClient = createAuthClient({
-  // Empty baseURL = calls go through the portal's own /api/auth/* proxy
-  baseURL: '',
+  baseURL: process.env.NEXT_PUBLIC_API_URL || 'http://localhost:3333',
   plugins: [
     organizationClient({ ac, roles: allRoles }),
     emailOTPClient(),