feat(auth): implement Resend email quota and rate limit protection

Track Resend API usage via response headers to prevent quota exhaustion Block auth requests with 503 when email delivery limits are reached
2026-05-03 19:42:41 +08:00
parent 40f85ae85c
commit b0e2464c24
5 changed files with 200 additions and 40 deletions
--- a/.env.example
+++ b/.env.example
@@ -11,6 +11,10 @@ VITE_API_BASE_URL=http://localhost:20016
 VITE_SITE_URL=https://pokopiawiki.tootaio.com
 RESEND_API_KEY=
 EMAIL_FROM="Pokopia Wiki <onboarding@resend.dev>"
+RESEND_DAILY_QUOTA_LIMIT=100
+RESEND_MONTHLY_QUOTA_LIMIT=3000
+RESEND_QUOTA_RESERVE=5
+RESEND_QUOTA_SNAPSHOT_TTL_MINUTES=10
 AI_MODERATION_API_KEY=

 # Cloudflared tunnel deployment example: