feat: add rate limit for email verification codes

[boris-w]

No description provided.

[Copilot]

Pull Request Overview

This PR implements rate limiting for email verification codes across signup, password reset, and email change flows. The changes refactor existing rate limit logic into a centralized service and extend it to cover all email verification scenarios.

• Consolidates rate limit configuration from authConfig to thresholdConfig with separate settings for each email flow
• Introduces a reusable checkSendMailRateLimit method in MailSenderService to handle rate limiting consistently
• Adds UI countdown timers using a new useCutDown hook to display remaining wait time to users

Reviewed Changes

Copilot reviewed 18 out of 18 changed files in this pull request and generated 3 comments.

Show a summary per file

File	Description
packages/openapi/src/admin/setting/get-public.ts	Replaces single rate limit field with three separate fields for different email verification flows
packages/common-i18n/src/locales/*/common.json, auth.json	Adds localized error messages for rate limit violations
apps/nextjs-app/src/lib/server-env.ts	Adds type definitions for new rate limit configuration fields
apps/nextjs-app/src/features/auth/pages/ResetPasswordPage.tsx	Improves error handling type annotations
apps/nextjs-app/src/features/auth/pages/ForgetPasswordPage.tsx	Implements countdown timer and rate limit error handling for password reset
apps/nextjs-app/src/features/auth/components/SignForm.tsx	Extracts countdown logic to reusable hook and updates field references
apps/nextjs-app/src/features/app/hooks/useSetting.ts	Adds new query hook for public settings
apps/nextjs-app/src/features/app/hooks/useCutDown.ts	Creates reusable countdown timer hook
apps/nextjs-app/src/features/app/components/setting/account/ChangeEmailDialog.tsx	Implements countdown timer and rate limit error handling for email change
apps/nestjs-backend/src/features/setting/open-api/setting-open-api.controller.ts	Updates controller to use new threshold config fields
apps/nestjs-backend/src/features/mail-sender/mail-sender.service.ts	Adds centralized rate limiting method with cache-based tracking
apps/nestjs-backend/src/features/auth/local-auth/local-auth.service.ts	Refactors email sending to use new centralized rate limiting
apps/nestjs-backend/src/configs/threshold.config.ts	Moves rate limit config with backward compatibility and adds new fields
apps/nestjs-backend/src/configs/auth.config.ts	Removes old rate limit field
apps/nestjs-backend/src/cache/types.ts	Updates cache key types to reflect new generic rate limit pattern

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

[Copilot]

The fallback chain for signupVerificationSendMailCodeRate creates an implicit dependency on deprecated environment variable BACKEND_SIGNUP_VERIFICATION_CODE_RATE_LIMIT_SECONDS. Consider documenting this backward compatibility in a comment or setting a deprecation timeline.

[Copilot]

The magic number 2 for network latency adjustment should be extracted to a named constant (e.g., NETWORK_LATENCY_BUFFER_SECONDS = 2) to improve code clarity and maintainability.

[Copilot]

The as const assertion on a template literal with variables has no effect since the type cannot be literal. Remove the as const assertion as it provides no type safety benefit here.

Suggested change

	const rateLimitKey = `send-mail-rate-limit:${_rateLimitKey}:${email}` as const;
	const rateLimitKey = `send-mail-rate-limit:${_rateLimitKey}:${email}`;