feat: implement rate limiting for auth APIs

[ash1shkumar]

Related Issue

Closes #108

Description

Implemented IP-based rate limiting for authentication APIs to reduce signup spam, brute-force attempts, and bot abuse.

Added centralized request throttling using rate-limiter-flexible.

Changes Made

• Added rate-limiter-flexible
• Created reusable rate limiter utility
• Added signup request throttling
• Added 429 response handling for excessive requests

Security Improvements

• Prevents API abuse and signup spam
• Reduces brute-force attack attempts
• Improves backend authentication security
• Adds centralized request limiting logic

Type of Change

• Security Enhancement
• Backend Improvement
• API Protection

Programs

Contributing under:

• GSSoC 2026
• NSoC 2026

Difficulty

Level 3 / Advanced

[vercel]

@ash1shkumar is attempting to deploy a commit to the shreemp194-gmailcom's projects Team on Vercel.

A member of the Team first needs to authorize it.

[github-actions]

👋 Thank you for opening this pull request! I will review your changes and assist you soon.

[ash1shkumar]

@Shriii19 Please review this PR when possible. Since this implementation involves backend/security-focused improvements and production-level handling, could you please update the label from Level 2 to Level 3 / Advanced? Thanks!

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
flow-forge	Ready	Preview, Comment	May 25, 2026 3:40pm

[Shriii19]

@ash1shkumar resolve conflicts.

[ash1shkumar]

@Shriii19 ,resolved conflicts.PR is ready for review.

[Shriii19]

20:51:20.031 Running build in Washington, D.C., USA (East) – iad1
20:51:20.032 Build machine configuration: 2 cores, 8 GB
20:51:20.215 Cloning github.com/Shriii19/FlowForge (Branch: feat/auth-rate-limiting, Commit: 697c99d)
20:51:21.746 Cloning completed: 1.531s
20:51:21.885 Found .vercelignore
20:51:21.899 Removed 0 ignored files defined in .vercelignore
20:51:22.421 Restored build cache from previous deployment (46V3NV7D2Ap21QZjE9SV1tJz2zsE)
20:51:22.668 Running "vercel build"
20:51:22.691 Vercel CLI 54.4.1
20:51:22.923 Running "install" command: npm install --no-workspaces...
20:51:33.107
20:51:33.108 added 14 packages, and audited 450 packages in 10s
20:51:33.108
20:51:33.108 153 packages are looking for funding
20:51:33.109 run npm fund for details
20:51:33.149
20:51:33.150 5 moderate severity vulnerabilities
20:51:33.150
20:51:33.150 To address issues that do not require attention, run:
20:51:33.150 npm audit fix
20:51:33.150
20:51:33.151 To address all issues (including breaking changes), run:
20:51:33.151 npm audit fix --force
20:51:33.151
20:51:33.151 Run npm audit for details.
20:51:33.215 Detected Next.js version: 16.2.6
20:51:33.217 Running "npm run build"
20:51:33.365 npm warn config ignoring workspace config at /vercel/path0/frontend/.npmrc
20:51:33.395
20:51:33.395 > frontend@0.1.0 build
20:51:33.396 > cross-env NODE_OPTIONS=--max-old-space-size=4096 next build
20:51:33.396
20:51:34.405 Applying modifyConfig from Vercel
20:51:34.425 ▲ Next.js 16.2.6 (Turbopack)
20:51:34.426
20:51:34.436 ⚠ The "middleware" file convention is deprecated. Please use "proxy" instead. Learn more: https://nextjs.org/docs/messages/middleware-to-proxy
20:51:34.470 Creating an optimized production build ...
20:51:53.097
20:51:53.098 > Build error occurred
20:51:53.102 Error: Turbopack build failed with 1 errors:
20:51:53.103 ./frontend/lib/rateLimiter.ts:1:1
20:51:53.103 Module not found: Can't resolve 'rate-limiter-flexible'
20:51:53.104 > 1 | import { RateLimiterMemory } from "rate-limiter-flexible";
20:51:53.104 | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
20:51:53.105 2 |
20:51:53.105 3 | export const signupRateLimiter = new RateLimiterMemory({
20:51:53.105 4 | points: 5,
20:51:53.105
20:51:53.105
20:51:53.105
20:51:53.105 Import trace:
20:51:53.106 App Route:
20:51:53.106 ./frontend/lib/rateLimiter.ts
20:51:53.106 ./frontend/app/api/auth/signup/route.ts
20:51:53.106
20:51:53.106 https://nextjs.org/docs/messages/module-not-found
20:51:53.106
20:51:53.106
20:51:53.106 at (./frontend/lib/rateLimiter.ts:1:1)
20:51:53.106 at (https://nextjs.org/docs/messages/module-not-found)
20:51:53.189 npm error Lifecycle script build failed with error:
20:51:53.190 npm error code 1
20:51:53.190 npm error path /vercel/path0/frontend
20:51:53.190 npm error workspace frontend@0.1.0
20:51:53.190 npm error location /vercel/path0/frontend
20:51:53.191 npm error command failed
20:51:53.191 npm error command sh -c cross-env NODE_OPTIONS=--max-old-space-size=4096 next build
20:51:53.230 Error: Command "npm run build" exited with 1

[Shriii19]

can you fix those error

[ash1shkumar]

@Shriii19 Fixed those building errors. This PR is now ready for review.