Rate limiting not applied to any API routes

## Problem

Rate limiting infrastructure is implemented (`api/rate_limit.py` with slowapi + Redis) and configured in settings, but no endpoints use the `@limiter.limit()` decorator. Resource-intensive endpoints can be called without restriction.

## Impact

- `/api/optimize/route` and `/api/voyage/calculate` are CPU-intensive and can be hammered
- No per-API-key rate limits despite having the infrastructure
- No protection against abuse

## Steps to fix

1. Add rate limit decorators to endpoints:
   - Heavy computation: `@limiter.limit("10/minute")` for optimize, voyage
   - File uploads: `@limiter.limit("10/minute")` for RTZ parse, CSV upload
   - Standard: `@limiter.limit("60/minute")` for other endpoints
2. Add 429 error handler for `RateLimitExceeded`
3. Test rate limiting behavior

## Files

- `api/rate_limit.py`
- `api/main.py`


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Rate limiting not applied to any API routes #8

Problem

Impact

Steps to fix

Files

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Rate limiting not applied to any API routes #8

Description

Problem

Impact

Steps to fix

Files

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions