jamey/berrypod
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity

add rate limiting and HSTS for security hardening
Some checks failed
deploy / deploy (push) Failing after 8m33s
Details

Browse Source 
- Add Hammer library for rate limiting with ETS backend
- Rate limit login (5/min), magic link (3/min), newsletter (10/min), API (60/min)
- Add themed 429 error page using bare shop styling
- Enable HSTS in production with rewrite_on for Fly proxy
- Add security hardening plan to docs

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
jamey
2026-03-08 08:58:43 +00:00
parent 48eb7a9d9c
commit 0c2d4ac406
14 changed files with 507 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/berrypod_web/controllers/cart_controller.ex
View File

@@ -11,6 +11,8 @@ defmodule BerrypodWeb.CartController do
alias Berrypod.Cart
plug BerrypodWeb.Plugs.RateLimit, [type: :api] when action == :update
@doc """
Updates the cart in session (JSON API for JS hook).
"""