From 91e56a0813572d13ff384e57230d899623e99449 Mon Sep 17 00:00:00 2001
From: Waleed Latif <walif6@gmail.com>
Date: Fri, 8 May 2026 19:02:48 -0700
Subject: [PATCH] feat(auth): add per-IP rate limiting to signup, signin, and
 password reset

---
 apps/sim/lib/auth/auth.ts | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/apps/sim/lib/auth/auth.ts b/apps/sim/lib/auth/auth.ts
index b446fff9727..2ba6413e9d8 100644
--- a/apps/sim/lib/auth/auth.ts
+++ b/apps/sim/lib/auth/auth.ts
@@ -181,6 +181,19 @@ export const auth = betterAuth({
     provider: 'pg',
     schema,
   }),
+  rateLimit: {
+    enabled: true,
+    customRules: {
+      '/sign-up/email': { window: 600, max: 3 },
+      '/sign-in/email': { window: 60, max: 10 },
+      '/forget-password': { window: 600, max: 3 },
+    },
+  },
+  advanced: {
+    ipAddress: {
+      ipAddressHeaders: ['cf-connecting-ip', 'x-forwarded-for'],
+    },
+  },
   session: {
     cookieCache: {
       enabled: true,