feat: phone number rate limit whitelist

Author: 86667

.env.example

@@ -25,6 +25,9 @@ HG_HOMESERVER_PUBKY=ufibwbmed6jeq9k4p583go95wofakh9fwpp4k734trq79pd9u1uy
 # HG_MAX_SMS_VERIFICATIONS_PER_WEEK=2
 # HG_MAX_SMS_VERIFICATIONS_PER_YEAR=4
 
+# Phone numbers to exempt from SMS verification rate limits (comma-separated, E.164 format)
+# HG_SMS_VERIFICATIONS_LIMIT_WHITELIST=+1234567890,+0987654321
+
 # Lightning Verification Settings
 # HG_LIGHTNING_INVOICE_PRICE_SAT=1000
 # HG_LIGHTNING_INVOICE_EXPIRY_SECONDS=600

.gitignore

@@ -1,3 +1,3 @@
 /target
 .env
-./claude
+.claude/*

src/infrastructure/config.rs

@@ -22,6 +22,8 @@ pub struct EnvConfig {
     pub max_sms_verifications_per_week: u32,
     #[serde(default = "default_max_sms_verifications_per_year")]
     pub max_sms_verifications_per_year: u32,
+    #[serde(default)]
+    pub sms_verifications_limit_whitelist: Vec<String>,
     #[serde(default = "default_lightning_verification_price_sat")]
     pub lightning_invoice_price_sat: u64,
     #[serde(default = "default_lightning_verification_expiry_seconds")]
@@ -89,6 +91,7 @@ impl EnvConfig {
             homeserver_pubky: "test-homeserver-pubky".to_string(),
             max_sms_verifications_per_week: 2,
             max_sms_verifications_per_year: 4,
+            sms_verifications_limit_whitelist: vec![],
             allow_cors: true,
             lightning_invoice_price_sat: 1000,
             lightning_invoice_expiry_seconds: 60 * 10,

src/sms_verification/app_state.rs

@@ -23,6 +23,7 @@ impl AppState {
             homeserver_admin_api.clone(),
             config.max_sms_verifications_per_week,
             config.max_sms_verifications_per_year,
+            config.sms_verifications_limit_whitelist.clone(),
         );
         Self {
             db,

src/sms_verification/service.rs

@@ -18,6 +18,7 @@ pub struct SmsVerificationService {
     hasher_argon2id: HasherArgon2id,
     max_verifications_per_week: u32,
     max_verifications_per_year: u32,
+    limit_whitelist: Vec<String>,
 }
 
 impl SmsVerificationService {
@@ -26,22 +27,28 @@ impl SmsVerificationService {
         homeserver_admin_api: HomeserverAdminAPI,
         max_verifications_per_week: u32,
         max_verifications_per_year: u32,
+        limit_whitelist: Vec<String>,
     ) -> Self {
         Self {
             prelude_api,
             homeserver_admin_api,
             hasher_argon2id: HasherArgon2id::new(),
             max_verifications_per_week,
             max_verifications_per_year,
+            limit_whitelist,
         }
     }
 
     /// Check if a phone number has reached its limits for new verificaitons
     pub async fn check_verification_limit(
         &mut self,
         executor: &mut UnifiedExecutor<'_>,
+        phone_number: &str,
         phone_number_hash: &str,
     ) -> Result<(), SmsVerificationError> {
+        if self.limit_whitelist.iter().any(|w| w == phone_number) {
+            return Ok(());
+        }
         let weekly_count = SmsVerificationRepository::count_verified_sessions_in_last_days(
             executor,
             phone_number_hash,
@@ -90,8 +97,12 @@ impl SmsVerificationService {
 
         let mut executor: UnifiedExecutor<'_> = db.pool().into();
 
-        self.check_verification_limit(&mut executor, &phone_number_hash)
-            .await?;
+        self.check_verification_limit(
+            &mut executor,
+            request.phone_number.as_str(),
+            &phone_number_hash,
+        )
+        .await?;
 
         let prelude_response = self
             .prelude_api

src/sms_verification/tests.rs

@@ -44,7 +44,7 @@ async fn create_service_with_mocked_apis(servers: &WiremockServers) -> SmsVerifi
         &config.homeserver_admin_password,
         &config.homeserver_pubky,
     );
-    SmsVerificationService::new(prelude_api, homeserver_admin_api, 2, 4)
+    SmsVerificationService::new(prelude_api, homeserver_admin_api, 2, 4, vec![])
 }
 
 #[sqlx::test]