From 05c8fd067b3980b3a7f61b9517d21d8eadafe95f Mon Sep 17 00:00:00 2001
From: tone <tonesc@qq.com>
Date: Fri, 19 Dec 2025 20:32:18 +0800
Subject: [PATCH] =?UTF-8?q?feat:=20=E6=B7=BB=E5=8A=A0=E9=83=A8=E5=88=86API?=
 =?UTF-8?q?=E9=99=90=E6=B5=81=E8=A7=84=E5=88=99?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 apps/backend/src/app.module.ts           | 14 ++++++++++++--
 apps/backend/src/auth/auth.controller.ts | 20 +++++++++++++++++---
 apps/backend/src/sms/sms.controller.ts   |  6 +++++-
 3 files changed, 34 insertions(+), 6 deletions(-)

diff --git a/apps/backend/src/app.module.ts b/apps/backend/src/app.module.ts
index 41500f6..18b836e 100644
--- a/apps/backend/src/app.module.ts
+++ b/apps/backend/src/app.module.ts
@@ -34,9 +34,19 @@ import { CommonModule } from './common/common.module';
       ignoreUserAgents: [/googlebot/i, /bingbot/i],
       throttlers: [
         {
-          name: '1_min',
+          name: 'min',
           limit: 100,
-          ttl: 60000, // 1 minute
+          ttl: 60 * 1000,
+        },
+        {
+          name: 'hour',
+          limit: 500,
+          ttl: 60 * 60 * 1000,
+        },
+        {
+          name: 'day',
+          limit: 10000,
+          ttl: 24 * 60 * 60 * 1000,
         },
       ],
     }),
diff --git a/apps/backend/src/auth/auth.controller.ts b/apps/backend/src/auth/auth.controller.ts
index 3735fee..a42ba36 100644
--- a/apps/backend/src/auth/auth.controller.ts
+++ b/apps/backend/src/auth/auth.controller.ts
@@ -45,9 +45,11 @@ export class AuthController {
 
   @Post('login/password')
   @UseGuards(ThrottlerGuard)
-  @Throttle({ 'min': { limit: 10, ttl: 60 * 1000 } })
-  @Throttle({ 'hour': { limit: 20, ttl: 60 * 60 * 1000 } })
-  @Throttle({ 'day': { limit: 50, ttl: 24 * 60 * 60 * 1000 } })
+  @Throttle({
+    'min': { limit: 5, ttl: 60 * 1000 },
+    'hour': { limit: 20, ttl: 60 * 60 * 1000 },
+    'day': { limit: 50, ttl: 24 * 60 * 60 * 1000 }
+  })
   async loginByPassword(
     @Body() loginDto: LoginByPasswordDto,
     @Res({ passthrough: true }) res: Response,
@@ -61,6 +63,10 @@ export class AuthController {
   }
 
   @Post('login/sms')
+  @UseGuards(ThrottlerGuard)
+  @Throttle({
+    'day': { limit: 50, ttl: 24 * 60 * 60 * 1000 }
+  })
   async loginBySms(
     @Body() dto: SmsLoginDto,
     @Res({ passthrough: true }) res: Response,
@@ -77,6 +83,10 @@ export class AuthController {
 
 
   @Post('passkey/login/options')
+  @UseGuards(ThrottlerGuard)
+  @Throttle({
+    'day': { limit: 20, ttl: 24 * 60 * 60 * 1000 }
+  })
   async loginByPasskeyOptions(
     @Res({ passthrough: true }) res: Response,
   ) {
@@ -94,6 +104,10 @@ export class AuthController {
   }
 
   @Post('passkey/login')
+  @UseGuards(ThrottlerGuard)
+  @Throttle({
+    'day': { limit: 20, ttl: 24 * 60 * 60 * 1000 }
+  })
   async loginByPasskey(
     @Req() req: Request,
     @Body() body: PasskeyLoginDto,
diff --git a/apps/backend/src/sms/sms.controller.ts b/apps/backend/src/sms/sms.controller.ts
index 1a22ee6..5ea2105 100644
--- a/apps/backend/src/sms/sms.controller.ts
+++ b/apps/backend/src/sms/sms.controller.ts
@@ -10,7 +10,11 @@ export class SmsController {
 
     @Post('send/login')
     @UseGuards(ThrottlerGuard)
-    @Throttle({ sms_login: { limit: 10, ttl: 60000 } })
+    @Throttle({
+        'min': { limit: 3, ttl: 60 * 1000 },
+        'hour': { limit: 10, ttl: 60 * 60 * 1000 },
+        'day': { limit: 20, ttl: 24 * 60 * 60 * 1000 }
+    })
     async sendLoginSms(@Body() dto: SendLoginSmsDto) {
         await this.smsService.sendSms(dto.phone, 'login');
         return null;