5req/s universal rate limit

src/app.module.ts

@@ -1,7 +1,8 @@
 import { Module } from '@nestjs/common';
 import { ConfigModule, ConfigService } from '@nestjs/config';
+import { APP_GUARD } from '@nestjs/core';
 import { EventEmitterModule } from '@nestjs/event-emitter';
-import { ThrottlerModule } from '@nestjs/throttler';
+import { ThrottlerGuard, ThrottlerModule } from '@nestjs/throttler';
 import { AppController } from './app.controller';
 import { AppService } from './app.service';
 import { UsersModule } from './users/users.module';
@@ -76,8 +77,8 @@ function validateOptionalProvider(
       inject: [ConfigService],
       useFactory: (config: ConfigService) => [
         {
-          ttl: config.get('THROTTLE_TTL', 60000),
+          ttl: config.get('THROTTLE_TTL', 1000),
-          limit: config.get('THROTTLE_LIMIT', 10),
+          limit: config.get('THROTTLE_LIMIT', 5),
         },
       ],
     }),
@@ -91,6 +92,12 @@ function validateOptionalProvider(
     DollsModule,
   ],
   controllers: [AppController],
-  providers: [AppService],
+  providers: [
+    AppService,
+    {
+      provide: APP_GUARD,
+      useClass: ThrottlerGuard,
+    },
+  ],
 })
 export class AppModule {}

src/friends/friends.controller.spec.ts

@@ -1,5 +1,4 @@
 import { Test, TestingModule } from '@nestjs/testing';
-import { ThrottlerModule } from '@nestjs/throttler';
 import { FriendsController } from './friends.controller';
 import { FriendsService } from './friends.service';
 import { UsersService } from '../users/users.service';
@@ -18,6 +17,7 @@ describe('FriendsController', () => {
     userId: 'user-1',
     email: 'user1@example.com',
     roles: [],
+    tokenType: 'access' as const,
   };
 
   const mockUser1 = {
@@ -83,14 +83,6 @@ describe('FriendsController', () => {
 
   beforeEach(async () => {
     const module: TestingModule = await Test.createTestingModule({
-      imports: [
-        ThrottlerModule.forRoot([
-          {
-            ttl: 60000,
-            limit: 10,
-          },
-        ]),
-      ],
       controllers: [FriendsController],
       providers: [
         { provide: FriendsService, useValue: mockFriendsService },

src/friends/friends.controller.ts

@@ -7,8 +7,8 @@ import {
   Body,
   Query,
   HttpCode,
-  UseGuards,
   Logger,
+  UseGuards,
 } from '@nestjs/common';
 import {
   ApiTags,
@@ -19,7 +19,6 @@ import {
   ApiUnauthorizedResponse,
   ApiQuery,
 } from '@nestjs/swagger';
-import { ThrottlerGuard, Throttle } from '@nestjs/throttler';
 import { User, FriendRequest, Prisma } from '@prisma/client';
 import { FriendsService } from './friends.service';
 import { JwtAuthGuard } from '../auth/guards/jwt-auth.guard';
@@ -62,8 +61,6 @@ export class FriendsController {
   ) {}
 
   @Get('search')
-  @UseGuards(ThrottlerGuard)
-  @Throttle({ default: { limit: 10, ttl: 60000 } })
   @ApiOperation({
     summary: 'Search users by username',
     description: 'Search for users by username to send friend requests',