feat: add rate limit for email verification codes

[boris-w]

No description provided.

[Copilot]

Pull Request Overview

This PR implements rate limiting for email verification codes across signup, password reset, and email change flows. The changes refactor existing rate limit logic into a centralized service and extend it to cover all email verification scenarios.

• Consolidates rate limit configuration from authConfig to thresholdConfig with separate settings for each email flow
• Introduces a reusable checkSendMailRateLimit method in MailSenderService to handle rate limiting consistently
• Adds UI countdown timers using a new useCutDown hook to display remaining wait time to users

Reviewed Changes

Copilot reviewed 18 out of 18 changed files in this pull request and generated 3 comments.

Show a summary per file

File	Description
packages/openapi/src/admin/setting/get-public.ts	Replaces single rate limit field with three separate fields for different email verification flows
packages/common-i18n/src/locales/*/common.json, auth.json	Adds localized error messages for rate limit violations
apps/nextjs-app/src/lib/server-env.ts	Adds type definitions for new rate limit configuration fields
apps/nextjs-app/src/features/auth/pages/ResetPasswordPage.tsx	Improves error handling type annotations
apps/nextjs-app/src/features/auth/pages/ForgetPasswordPage.tsx	Implements countdown timer and rate limit error handling for password reset
apps/nextjs-app/src/features/auth/components/SignForm.tsx	Extracts countdown logic to reusable hook and updates field references
apps/nextjs-app/src/features/app/hooks/useSetting.ts	Adds new query hook for public settings
apps/nextjs-app/src/features/app/hooks/useCutDown.ts	Creates reusable countdown timer hook
apps/nextjs-app/src/features/app/components/setting/account/ChangeEmailDialog.tsx	Implements countdown timer and rate limit error handling for email change
apps/nestjs-backend/src/features/setting/open-api/setting-open-api.controller.ts	Updates controller to use new threshold config fields
apps/nestjs-backend/src/features/mail-sender/mail-sender.service.ts	Adds centralized rate limiting method with cache-based tracking
apps/nestjs-backend/src/features/auth/local-auth/local-auth.service.ts	Refactors email sending to use new centralized rate limiting
apps/nestjs-backend/src/configs/threshold.config.ts	Moves rate limit config with backward compatibility and adds new fields
apps/nestjs-backend/src/configs/auth.config.ts	Removes old rate limit field
apps/nestjs-backend/src/cache/types.ts	Updates cache key types to reflect new generic rate limit pattern

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

[coveralls]

Pull Request Test Coverage Report for Build 18829339397

Details

• 85 of 138 (61.59%) changed or added relevant lines in 4 files are covered.
• 1 unchanged line in 1 file lost coverage.
• Overall coverage increased (+0.004%) to 75.193%

---

Changes Missing Coverage	Covered Lines	Changed/Added Lines	%
apps/nestjs-backend/src/features/setting/open-api/setting-open-api.controller.ts	1	4	25.0%
apps/nestjs-backend/src/features/mail-sender/mail-sender.service.ts	11	26	42.31%
apps/nestjs-backend/src/features/auth/local-auth/local-auth.service.ts	67	102	65.69%

Files with Coverage Reduction	New Missed Lines	%
apps/nestjs-backend/src/features/auth/local-auth/local-auth.service.ts	1	69.98%

Totals
Change from base Build 18828976341:	0.004%
Covered Lines:	51021
Relevant Lines:	67853

---

💛 - Coveralls

[github-actions]

🧹 Preview Environment Cleanup

• PR feat: add rate limit for email verification codes #2041 has been Merged
• Preview environment has been deleted
• Cleanup time: 2025-10-27T04:50:56.828Z