From 3058f87e38fc99608881da4dd98d9fe742ee69b0 Mon Sep 17 00:00:00 2001
From: dholms <dtholmgren@gmail.com>
Date: Sat, 3 Feb 2024 16:10:45 -0600
Subject: [PATCH] tweak password reset rate limit

---
 .../pds/src/api/com/atproto/server/requestPasswordReset.ts  | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/packages/pds/src/api/com/atproto/server/requestPasswordReset.ts b/packages/pds/src/api/com/atproto/server/requestPasswordReset.ts
index d5fb4333a58..22f25925172 100644
--- a/packages/pds/src/api/com/atproto/server/requestPasswordReset.ts
+++ b/packages/pds/src/api/com/atproto/server/requestPasswordReset.ts
@@ -8,12 +8,14 @@ export default function (server: Server, ctx: AppContext) {
       {
         durationMs: DAY,
         points: 15,
-        calcKey: ({ input }) => input.body.email.toLowerCase(),
+        calcKey: ({ input, req }) =>
+          `${input.body.email.toLowerCase()}-${req.ip}`,
       },
       {
         durationMs: HOUR,
         points: 5,
-        calcKey: ({ input }) => input.body.email.toLowerCase(),
+        calcKey: ({ input, req }) =>
+          `${input.body.email.toLowerCase()}-${req.ip}`,
       },
     ],
     handler: async ({ input }) => {