What exactly do isauthenticated and ratelimit in advanced settings do?
Couldnt find it in the documentation.
These are custom policies for users-permissions plugin.
Take a look at their code to understand what they do:
isAuthenticated - Verifies if the user that requested the url is authenticated.
rateLimit - Is used to limit repeated requests from an IP to APIs and/or endpoints. For more details about rateLimit please refer to koa2-ratelimit official documentation.
Rate limit is currently used on the following auth endpoints:
/connect/*
/auth/local
/auth/local/register
/auth/forgot-password
/auth/reset-password
You can use it to protect some important endpoints from spamming.
1 Like
I don’t understand why I would need to add an isAuthenticated policy within the authenticated role. Don’t all enabled actions within this role already require being authenticated?
that’s exactly why i started researching what isAuthenticated meant to do and stumbled across this thread.
Anybody got any clue?