Implement API Rate Limiting for Backend Endpoints

[eccentriccoder01]

Issue Type

Feature Enhancement / Security

Description

The backend API currently lacks rate limiting mechanisms, which can lead to several issues:

• Vulnerability to brute force attacks on authentication endpoints
• Potential for denial-of-service (DoS) attacks
• Uncontrolled resource consumption
• No protection against automated scraping or abuse

Current State

• No rate limiting is implemented in backend/base.py or any blueprint
• All endpoints are unprotected
• Razorpay payment endpoints could be abused
• Login and registration endpoints are particularly vulnerable

Proposed Solution

Implement rate limiting using Flask-Limiter:

1. Add flask-limiter to backend/requirements.txt
2. Configure rate limits in backend/config.py
3. Add IP-based tracking with Redis backend for production
4. Return proper HTTP 429 responses
5. Add custom headers (X-RateLimit-Limit, X-RateLimit-Remaining)

Acceptance Criteria

• Rate limiting middleware integrated
• Different rate limits for different endpoint categories
• Proper error responses with retry-after information
• Configuration support for development vs production
• Documentation for rate limit policies
• Unit tests for rate limiting behavior

Additional Context

Critical for production deployment as the app integrates with Razorpay payments and handles user authentication.

[gizemcell]

hi , i came from JWoc. I'm interested in contributing. Could you please assign it to me?

[eccentriccoder01]

Sure @gizemcell! Just make sure to:
 

• Stay updated by fetching changes from the upstream in your local repo, as multiple people are constantly updating the main.
• Include relevant screenshots/info in the PR.
• Reach out in case of any doubts...
   
  Assigning this issue to you, 4 days for this. All the best👍🏻