feat(agent-chat): complete core workflow and strengthen auth rate limiting

2026-02-25 16:51:12 +08:00
parent 53c72e48e6
commit cd40b2b4f4
62 changed files with 3441 additions and 3 deletions
@@ -74,6 +74,12 @@ async def login(
    payload: LoginRequest,
    service: AuthService = Depends(get_auth_service),
 ) -> AuthTokenResponse:
+    await enforce_rate_limit(
+        scope="login",
+        identifier=payload.email,
+        limit=10,
+        window_seconds=60,
+    )
    return await service.login(payload)


@@ -82,6 +88,12 @@ async def refresh(
    payload: RefreshRequest,
    service: AuthService = Depends(get_auth_service),
 ) -> AuthTokenResponse:
+    await enforce_rate_limit(
+        scope="refresh",
+        identifier=payload.refresh_token,
+        limit=10,
+        window_seconds=60,
+    )
    return await service.refresh(payload)


@@ -90,6 +102,12 @@ async def logout(
    payload: LogoutRequest,
    service: AuthService = Depends(get_auth_service),
 ) -> Response:
+    await enforce_rate_limit(
+        scope="logout",
+        identifier=payload.refresh_token,
+        limit=10,
+        window_seconds=60,
+    )
    await service.logout(payload.refresh_token)
    return Response(status_code=204)