fix: off rate-limiting

src/application/commands/user_login_start.py

@@ -121,7 +121,7 @@ class UserLoginStartCommand:
                     self._logger.error(f'Failed to publish login email event for {email}: {str(exception)}')
                     raise ApplicationException(503, 'Temporary error. Please try again.')
 
-                self._logger.info(f'Login email verification code queued email={email} code={code}')
+                self._logger.info(f'Login email verification code queued email={email}')
                 return True
 
             self._logger.error(f'login start failed: code space exhausted for {email}')

src/application/commands/user_registration_complete.py

@@ -45,7 +45,7 @@ class UserRegistrationCompleteCommand:
 
         cached_email = await self._cache.get(code_key)
         if not cached_email:
-            self._logger.info(f'Registration failed: code not found (email={email}, code={code})')
+            self._logger.info(f'Registration failed: code not found (email={email})')
             raise ApplicationException(400, 'Invalid or expired code')
 
         if cached_email != email:

src/application/commands/user_registration_start.py

@@ -121,7 +121,7 @@ class UserRegistrationStartCommand:
                     self._logger.error(f'Failed to publish registration email event for {email}: {str(exception)}')
                     raise ApplicationException(503, 'Temporary error. Please try again.')
 
-                self._logger.info(f'Registration email verification code queued email={email} code={code}')
+                self._logger.info(f'Registration email verification code queued email={email}')
                 return True
 
             self._logger.error(f'Registration start failed: code space exhausted for {email}')

src/presentation/routing/auth.py

@@ -31,8 +31,8 @@ auth_router = APIRouter(prefix='/auth', tags=['auth'])
     response_class=ORJSONResponse,
     status_code=status.HTTP_200_OK,
 )
-@rate_limit(limit=5, window_seconds=60, scope='ip')
-@rate_limit(limit=3, window_seconds=600, scope='key', key_prefix='rl:reg_start', key_builder=email_rl_key)
+#@rate_limit(limit=5, window_seconds=60, scope='ip')
+#@rate_limit(limit=3, window_seconds=600, scope='key', key_prefix='rl:reg_start', key_builder=email_rl_key)
 @csrf_protect()
 async def registration_start(
     request: Request,
@@ -44,7 +44,7 @@ async def registration_start(
     return {'success': result}
 
 @auth_router.post(path='/registration/complete', response_class=ORJSONResponse, status_code=status.HTTP_201_CREATED)
-@rate_limit(limit=10, window_seconds=300, scope='ip')
+#@rate_limit(limit=10, window_seconds=300, scope='ip')
 @csrf_protect()
 async def registration(
     request: Request,
@@ -105,8 +105,8 @@ async def registration(
     return response
 
 @auth_router.post(path='/login/start', response_class=ORJSONResponse, status_code=status.HTTP_200_OK)
-@rate_limit(limit=5, window_seconds=60, scope='ip')
-@rate_limit(limit=3, window_seconds=600, scope='key', key_prefix='rl:login_start', key_builder=email_rl_key)
+#@rate_limit(limit=5, window_seconds=60, scope='ip')
+#@rate_limit(limit=3, window_seconds=600, scope='key', key_prefix='rl:login_start', key_builder=email_rl_key)
 @csrf_protect()
 async def login_start(
     request: Request,
@@ -118,7 +118,7 @@ async def login_start(
     return {'success': result}
 
 @auth_router.post(path='/login/compete', response_class=ORJSONResponse, status_code=status.HTTP_200_OK)
-@rate_limit(limit=10, window_seconds=300, scope='ip')
+#@rate_limit(limit=10, window_seconds=300, scope='ip')
 @csrf_protect()
 async def login(
         request: Request,
@@ -200,7 +200,7 @@ async def login(
     return response
 
 @auth_router.post(path='/logout', response_class=ORJSONResponse, status_code=status.HTTP_200_OK)
-@rate_limit(limit=settings.RATE_LIMIT_REQUESTS, window_seconds=settings.RATE_LIMIT_WINDOW, scope='ip')
+#@rate_limit(limit=settings.RATE_LIMIT_REQUESTS, window_seconds=settings.RATE_LIMIT_WINDOW, scope='ip')
 @csrf_protect()
 async def logout_current(
     request: Request,