rama/halobestie-clone
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Tier 1 hardening: trustProxy + per-IP rate limit + anonymity flag

Browse Source 
- Fastify public app now passes `trustProxy: true` so request.ip resolves to
  the real client IP from X-Forwarded-For when behind Cloud Run / a load
  balancer. Without this the per-IP rate limit was either useless or
  collapsed all users into one shared LB IP.
- The `anonymity_enabled` config row + JS default + migration seed now
  default to `false`. The flag is dead code (no business logic ever
  consumed it) and the actual rule is simpler than the toggle implied:
  mitras always see the customer's chosen call_name; only phone+email
  are private. The whole feature is queued for rip-out as a separate
  cleanup pass.

The per-IP OTP rate limit (10/hr) was also effectively disabled by
upserting `app_config.otp_max_per_ip_per_hour = 1000000` — a runtime
config change, not a code change. Per-phone (3/hr) + Fazpass cost
remains the real abuse gate.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
ramadhan sjamsani
2026-04-27 18:58:26 +08:00
parent a560b0936c
commit e54bdf2c6c
3 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
backend/src/services/config.service.js
View File

@@ -4,7 +4,7 @@ const sql = getDb()
export const getAnonymityConfig = async () => {
const [row] = await sql`SELECT value FROM app_config WHERE key = 'anonymity'`
return { anonymity_enabled: row?.value?.enabled ?? true }
return { anonymity_enabled: row?.value?.enabled ?? false }
}
export const setAnonymityConfig = async (enabled) => {