feat: add rate limit to join codes controller

This commit is contained in:
Cengiz Guertusgil
2025-12-12 17:21:57 +01:00
parent 0c2d3cccb1
commit 09a2e7d7d7
2 changed files with 9 additions and 0 deletions
+1
View File
@@ -1,5 +1,6 @@
class JoinCodesController < ApplicationController
allow_unauthenticated_access
rate_limit to: 10, within: 3.minutes, only: :create, with: -> { head :too_many_requests }
before_action :set_join_code
before_action :ensure_join_code_is_valid
@@ -94,4 +94,12 @@ class JoinCodesControllerTest < ActionDispatch::IntegrationTest
assert_response :unprocessable_entity
end
end
test "create is rate limited" do
Rails.cache.stubs(:increment).returns(11)
post join_path(code: @join_code.code, script_name: @account.slug), params: { email_address: "test@example.com" }
assert_response :too_many_requests
end
end