implement previous login throttle limit removed from libnest with test

[joshunrau]

Implement the previous libnest configuration, which only worked for methods with the name "login" (removed), and replace with a better, more configurable and testable implementation.

These are user-configurable via the LOGIN_REQUEST_THROTTLER_LIMIT and LOGIN_REQUEST_THROTTLER_TTL environment variables, which are set very high by default (50 and 60,000 respectively) as at the Douglas all users share an IP.

Summary by CodeRabbit

• New Features

  • Implemented rate limiting on login and authentication token request endpoints to protect against unauthorized access attempts.

• Chores

  • Updated dependencies to support rate limiting capabilities.
  • Added environment variables to configure rate limiting thresholds.
  • Updated build-time dependency configuration.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Caution

Review failed

The pull request is closed.

Walkthrough

Implements login request rate limiting by adding a custom ThrottleLoginRequest decorator to NestJS, applying it to auth controller methods, and configuring throttle limits via environment variables with sensible defaults.

Changes

Cohort / File(s)	Summary
Configuration & Environment .env.template, docker-compose.yaml, package.json	Added LOGIN_REQUEST_THROTTLER_LIMIT and LOGIN_REQUEST_THROTTLER_TTL environment variables; expanded pnpm onlyBuiltDependencies list with 9 packages
API Dependencies apps/api/package.json	Updated @douglasneuroinformatics/libnest to ^8.2.0; added @nestjs/platform-fastify ^11.1.11 and @nestjs/throttler ^6.5.0
Core Throttling Implementation apps/api/src/core/decorators/throttle-login-request.decorator.ts, apps/api/src/core/constants.ts	Introduced ThrottleLoginRequest decorator factory reading config from env variables with zod validation; defined DEFAULT_LOGIN_REQUEST_THROTTLER_LIMIT (50) and DEFAULT_LOGIN_REQUEST_THROTTLER_TTL (60000) constants
Auth Integration apps/api/src/auth/auth.controller.ts	Applied @ThrottleLoginRequest() decorator to login and getCreateInstrumentToken methods
Testing apps/api/src/core/decorators/__tests__/throttle-login-request.decorator.spec.ts	Added comprehensive test suite verifying throttler behavior with default and custom environment configurations using fake timers

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• chore: update libnest and increment version #1166: Updates @douglasneuroinformatics/libnest dependency version similarly to this PR

✨ Finishing touches

• 📝 Generate docstrings

---

📜 Recent review details

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between ceaf3d6 and 31bc01b.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (8)

• .env.template
• apps/api/package.json
• apps/api/src/auth/auth.controller.ts
• apps/api/src/core/constants.ts
• apps/api/src/core/decorators/__tests__/throttle-login-request.decorator.spec.ts
• apps/api/src/core/decorators/throttle-login-request.decorator.ts
• docker-compose.yaml
• package.json

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}