From 135f425fcfad227a83543dc2e2d0416f45120cf7 Mon Sep 17 00:00:00 2001
From: Scott Wilson <scottraywilson@gmail.com>
Date: Wed, 4 Jun 2025 20:00:53 -0700
Subject: [PATCH] improvement: trim and substring keys and default to realIp

---
 backend/src/server/routes/v1/invite-org-router.ts | 3 ++-
 backend/src/server/routes/v1/password-router.ts   | 2 +-
 backend/src/server/routes/v2/user-router.ts       | 2 +-
 backend/src/server/routes/v3/signup-router.ts     | 2 +-
 4 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/backend/src/server/routes/v1/invite-org-router.ts b/backend/src/server/routes/v1/invite-org-router.ts
index 117532703f..525d519136 100644
--- a/backend/src/server/routes/v1/invite-org-router.ts
+++ b/backend/src/server/routes/v1/invite-org-router.ts
@@ -82,7 +82,8 @@ export const registerInviteOrgRouter = async (server: FastifyZodProvider) => {
     url: "/signup-resend",
     config: {
       rateLimit: smtpRateLimit({
-        keyGenerator: (req) => (req.body as { membershipId: string }).membershipId
+        keyGenerator: (req) =>
+          (req.body as { membershipId?: string })?.membershipId?.trim().substring(0, 100) ?? req.realIp
       })
     },
     method: "POST",
diff --git a/backend/src/server/routes/v1/password-router.ts b/backend/src/server/routes/v1/password-router.ts
index 32921087b5..eeb730f291 100644
--- a/backend/src/server/routes/v1/password-router.ts
+++ b/backend/src/server/routes/v1/password-router.ts
@@ -81,7 +81,7 @@ export const registerPasswordRouter = async (server: FastifyZodProvider) => {
     url: "/email/password-reset",
     config: {
       rateLimit: smtpRateLimit({
-        keyGenerator: (req) => (req.body as { email: string }).email
+        keyGenerator: (req) => (req.body as { email?: string })?.email?.trim().substring(0, 100) ?? req.realIp
       })
     },
     schema: {
diff --git a/backend/src/server/routes/v2/user-router.ts b/backend/src/server/routes/v2/user-router.ts
index 730d34bb91..bbd566334f 100644
--- a/backend/src/server/routes/v2/user-router.ts
+++ b/backend/src/server/routes/v2/user-router.ts
@@ -13,7 +13,7 @@ export const registerUserRouter = async (server: FastifyZodProvider) => {
     url: "/me/emails/code",
     config: {
       rateLimit: smtpRateLimit({
-        keyGenerator: (req) => (req.body as { username: string }).username
+        keyGenerator: (req) => (req.body as { username?: string })?.username?.trim().substring(0, 100) ?? req.realIp
       })
     },
     schema: {
diff --git a/backend/src/server/routes/v3/signup-router.ts b/backend/src/server/routes/v3/signup-router.ts
index 275836b1e0..c249e7dbe5 100644
--- a/backend/src/server/routes/v3/signup-router.ts
+++ b/backend/src/server/routes/v3/signup-router.ts
@@ -14,7 +14,7 @@ export const registerSignupRouter = async (server: FastifyZodProvider) => {
     method: "POST",
     config: {
       rateLimit: smtpRateLimit({
-        keyGenerator: (req) => (req.body as { email: string }).email
+        keyGenerator: (req) => (req.body as { email?: string })?.email?.trim().substring(0, 100) ?? req.realIp
       })
     },
     schema: {