Unable to reload limit rate

[purefountain]

Bug report

When using the Supabase local development environment, I am utilizing the Auth "reload" feature (with the hot_reload directory being watched).I added a new environment file named aaaa.env containing the following configuration: GOTRUE_RATE_LIMIT_EMAIL_SENT="200000000". Although the logs indicate that the project successfully detected and read the aaaa.env file, the api.limiterOpts remains unchanged. In other words, the GOTRUE_RATE_LIMIT_EMAIL_SENT setting failed to take effect after the reload.

Describe the bug

Upon reviewing the source code, I discovered that the previous limiterOpts were already set via the following loop: for _, o := range opt { o.apply(api) }.

Because of this, api.limiterOpts is no longer null, which prevents the new configuration values from being assigned or updated.

To Reproduce

1、Create a directory named hot_reload.

2、Start the Auth service in debug mode, setting the watch_dir to the hot_reload directory.

3、Create a file named aaaa.env inside the hot_reload directory with the content: GOTRUE_RATE_LIMIT_EMAIL_SENT="200000000".

4、Observe the Email value within api.limiterOpts to check if it has been updated to reflect the new environment variable.

Expected behavior

Screenshots

System information

• OS: 26.0 (25A8353)

Additional context

Do I need to fix this bug？

[mastermanas805]

This looks like it's been fixed by #2469 (merged 2026-04-09). That PR moves the rate limiter into a dedicated internal/api/apilimiter package and wires it into the serve-time config reload, which directly addresses the api.limiterOpts not-refreshed-on-reload root cause described here. Verified in master HEAD (commit d03d796).

@aantti — if it's reasonable to close this as fixed, that'd help cleanup the queue. Happy to verify with a fresh hot_reload roundtrip if you want concrete confirmation.