Hello maintainer, i noticed that there is no ratelimit protetcion on https://book.dansmonorage.blue/confirm-email endpoint, so we can perform bruteforce attack
Steps to reproduce:
Create a acount with victims email id
When the account is created, its ask for email confirmation via validating OTP on https://book.dansmonorage.blue/confirm-email
Enter any random OTP and try to perfrom bruteforce attack
Patch recommendation:
Add ratelimit protecion on POST confirmation email endpoints/parameters