From 400bda9e7261557ac2e888c3d471214e5a378c64 Mon Sep 17 00:00:00 2001
From: isra el <vernu1997@gmail.com>
Date: Sat, 12 Jul 2025 18:18:33 +0300
Subject: [PATCH] chore(api): limit max number of email verification requests

---
 api/src/auth/auth.service.ts | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/api/src/auth/auth.service.ts b/api/src/auth/auth.service.ts
index 3878f62..645f733 100644
--- a/api/src/auth/auth.service.ts
+++ b/api/src/auth/auth.service.ts
@@ -257,6 +257,20 @@ export class AuthService {
   }
 
   async sendEmailVerificationEmail(user: UserDocument) {
+    // Check if user has requested email verification more than 5 times in the last 24 hours
+    const twentyFourHoursAgo = new Date(Date.now() - 24 * 60 * 60 * 1000)
+    const verificationCount = await this.emailVerificationModel.countDocuments({
+      user: user._id,
+      createdAt: { $gte: twentyFourHoursAgo }
+    })
+
+    if (verificationCount >= 5) {
+      throw new HttpException(
+        { error: 'Too many email verification requests. Please try again later.' },
+        HttpStatus.TOO_MANY_REQUESTS
+      )
+    }
+
     const verificationCode = uuidv4()
     const expiresAt = new Date(Date.now() + 20 * 60 * 1000) // 20 minutes