Add rate limiting

[aji70]

Description

The goal is to protect the API with rate limiting. Apply global limit (e.g. 100 req/min per IP) and stricter limits for auth routes (login, register: 5/min per IP). Use @nestjs/throttler or custom Redis-based limiter. Return 429 when limit exceeded.

Tasks

1. Add throttler:

• Install @nestjs/throttler
• Configure global limit: 100 requests per 60 seconds per IP
• Configure auth routes: 5 requests per 60 seconds per IP for POST /auth/login, POST /auth/register

2. Response:

• Return 429 with Retry-After header when limit exceeded
• Include clear error message

Additional Requirements

• Use Redis for distributed rate limiting if multiple instances (optional)
• Exclude health check from global limit
• Document rate limits in README or API docs

Acceptance Criteria

• Excessive requests return 429
• Auth routes have stricter limit
• Retry-After header present in 429 response

[drips-wave]

This issue has been added to the Stellar Wave Program and is worth 200 Points.

🧑‍💻 Interested in contributing? Apply to work on this issue on Drips Wave, earn points, and receive rewards.

Warning

Only applications submitted via the apply link above will be considered. Please do not apply by commenting on the issue or opening a PR directly.

🤠 Repo maintainers: You can manage this issue's Points and Complexity on your Maintainer Dashboard here. Please keep an eye on applications and respond quickly 💙

ℹ️ Learn more about Drips Wave

[codebestia]

@codebestia has applied to work on this issue as part of the Stellar Wave Program's 2nd wave.

Hello Maintainer
Can i work on this?

ℹ️ Repo Maintainers: To accept this application, review their application or assign @codebestia to this issue.

[henrypeters]

@henrypeters has applied to work on this issue as part of the Stellar Wave Program's 2nd wave.

Hi, I’m a full stack developer, I would love to work on this issue

ℹ️ Repo Maintainers: To accept this application, review their application or assign @henrypeters to this issue.

[drips-wave]

Congratulations, @henrypeters! 🎉 Your application was accepted by the repo's maintainers, and the issue is due on February 26, 2026.

🧑‍💻 @henrypeters: Please resolve the issue such that the repo's maintainers have enough time to review your contribution before the due date. You'll earn Points for completing the issue on-time, which will make you eligible for a share of the Stellar Wave Program's reward pool.

Warning

When opening a PR, please link it to this issue to ensure it gets tracked accurately. Points are issued when this issue is marked as completed by the maintainer.

🤠 Repo maintainers: Please keep an eye on the contributor's progress and review their work before the due date. You can manage this issue, including adjusting its complexity and points, here.

🌊 Happy Wave 🌊