feat(auth): named rate limiters (skip in tests)

packages/backend/src/middleware/rate-limit.ts

@@ -0,0 +1,21 @@
+import rateLimit from 'express-rate-limit';
+
+const fifteenMin = 15 * 60 * 1000;
+
+function makeLimiter(max: number, codeMessage = 'Too many attempts, please try again later') {
+  return rateLimit({
+    windowMs: fifteenMin,
+    limit: max,
+    standardHeaders: 'draft-7',
+    legacyHeaders: false,
+    skip: () => process.env.NODE_ENV === 'test',
+    handler: (_req, res) => {
+      res.status(429).json({ error: { code: 'RATE_LIMITED', message: codeMessage } });
+    },
+  });
+}
+
+export const loginLimiter = makeLimiter(10);
+export const registerLimiter = makeLimiter(5);
+export const forgotPasswordLimiter = makeLimiter(5);
+export const tokenLimiter = makeLimiter(20);