From 2581137f8b1c4d5155af62b83c4d36983cc8eeb7 Mon Sep 17 00:00:00 2001
From: unknown <yousef.khrissat@shooty.com>
Date: Wed, 21 Aug 2024 11:19:19 +0300
Subject: [PATCH] added otp limiter

---
 .env.example                           |  2 ++
 src/auth/services/user-auth.service.ts | 12 ++++++++----
 2 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/.env.example b/.env.example
index 944dba0..54773c4 100644
--- a/.env.example
+++ b/.env.example
@@ -88,3 +88,5 @@ FIREBASE_MEASUREMENT_ID=
 
 FIREBASE_DATABASE_URL=
 
+OTP_LIMITER=
+
diff --git a/src/auth/services/user-auth.service.ts b/src/auth/services/user-auth.service.ts
index ddcb8e9..4df01db 100644
--- a/src/auth/services/user-auth.service.ts
+++ b/src/auth/services/user-auth.service.ts
@@ -20,6 +20,7 @@ import { UserEntity } from '../../../libs/common/src/modules/user/entities/user.
 import * as argon2 from 'argon2';
 import { differenceInSeconds } from '@app/common/helper/differenceInSeconds';
 import { LessThan, MoreThan } from 'typeorm';
+import { ConfigService } from '@nestjs/config';
 
 @Injectable()
 export class UserAuthService {
@@ -32,6 +33,7 @@ export class UserAuthService {
     private readonly emailService: EmailService,
     private readonly userRoleRepository: UserRoleRepository,
     private readonly roleTypeRepository: RoleTypeRepository,
+    private readonly configService: ConfigService,
   ) {}
 
   async signUp(userSignUpDto: UserSignUpDto): Promise<UserEntity> {
@@ -139,8 +141,10 @@ export class UserAuthService {
   }
 
   async generateOTP(data: UserOtpDto): Promise<string> {
-    const threeDaysAgo = new Date();
-    threeDaysAgo.setDate(threeDaysAgo.getDate() - 3);
+    const otpLimiter = new Date();
+    otpLimiter.setDate(
+      otpLimiter.getDate() - this.configService.get<number>('OTP_LIMITER'),
+    );
     const userExists = await this.userRepository.exists({
       where: {
         region: data.regionUuid
@@ -159,14 +163,14 @@ export class UserAuthService {
     await this.otpRepository.delete({
       email: data.email,
       type: data.type,
-      createdAt: LessThan(threeDaysAgo),
+      createdAt: LessThan(otpLimiter),
     });
     const countOfOtp = await this.otpRepository.count({
       withDeleted: true,
       where: {
         email: data.email,
         type: data.type,
-        createdAt: MoreThan(threeDaysAgo),
+        createdAt: MoreThan(otpLimiter),
       },
     });
     const lastOtp = await this.otpRepository.findOne({