fix login error

2026-02-28 17:35:57 +01:00
parent e2be29c712
commit 4476ca82de
4 changed files with 43 additions and 6 deletions
--- a/backend/src/app.ts
+++ b/backend/src/app.ts
@@ -8,6 +8,9 @@ import { errorHandler, notFoundHandler } from './middleware/error.middleware';

 const app: Application = express();

+// Trust proxy (required for correct IP detection behind Traefik/Nginx)
+app.set('trust proxy', 1);
+
 // Security middleware
 app.use(helmet());

@@ -17,7 +20,7 @@ app.use(cors({
  credentials: true,
 }));

-// Rate limiting
+// Rate limiting - general API routes
 const limiter = rateLimit({
  windowMs: environment.rateLimit.windowMs,
  max: environment.rateLimit.max,
@@ -26,6 +29,16 @@ const limiter = rateLimit({
  legacyHeaders: false,
 });

+// Rate limiting - auth routes (more generous to avoid blocking logins)
+const authLimiter = rateLimit({
+  windowMs: 15 * 60 * 1000, // 15 minutes
+  max: 30, // 30 auth attempts per window
+  message: 'Zu viele Anmeldeversuche. Bitte versuchen Sie es später erneut.',
+  standardHeaders: true,
+  legacyHeaders: false,
+});
+
+app.use('/api/auth', authLimiter);
 app.use('/api', limiter);

 // Body parsing middleware