Revert "Fix auth routes rate limiter, remove duplicate entry"

[CodeWithCJ]

Reverts #878

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request performs a full revert of a previous change (PR #878) that aimed to optimize rate limiting for authentication routes and eliminate a redundant route definition. Consequently, the server's authentication rate limiting configuration has been reset to its state before the original fix, and a duplicate route entry has been restored.

Highlights

• Rate Limiter Reversion: The authLimiter middleware was removed from the /api/auth and /api/admin/auth routes, and re-applied to the /auth route.
• Duplicate Route Reintroduction: A duplicate route definition for /api/admin/auth was re-added to the server configuration.

Changelog

• SparkyFitnessServer/SparkyFitnessServer.js
  • Re-applied the authLimiter middleware to the /auth route.
  • Removed the authLimiter middleware from the /api/auth route.
  • Removed the authLimiter middleware from the /api/admin/auth route.
  • Re-added a duplicate route definition for /api/admin/auth.

Activity

• No specific activity has been recorded for this pull request yet.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request reverts a previous commit that fixed issues with rate limiting and a duplicate route registration. As a result, this PR re-introduces a critical security vulnerability by removing rate limiting from authentication endpoints, and also brings back a duplicate route definition. My review includes comments to address these regressions.

[gemini-code-assist]

Removing the authLimiter from this route is a critical security regression that leaves the endpoint vulnerable to brute-force attacks. Please restore the rate limiter.

Suggested change

	app.use("/api/auth", authRoutes);
	app.use("/api/auth", authLimiter, authRoutes);

[gemini-code-assist]

Removing the authLimiter from this admin route is a critical security regression that leaves the endpoint vulnerable to brute-force attacks. Please restore the rate limiter.

Suggested change

	app.use("/api/admin/auth", adminAuthRoutes);
	app.use("/api/admin/auth", authLimiter, adminAuthRoutes);

[gemini-code-assist]

This line re-introduces a duplicate registration for the /api/admin/auth route, which is already defined on line 359. Please remove this duplicate to avoid potential issues with middleware and routing.

[gemini-code-assist]

This rate limiter for /auth is ineffective because the application's authentication routes are prefixed with /api. This line should be removed, and the rate limiters should be applied directly to the /api/auth and /api/admin/auth routes as suggested in the other comments.