Rate Limiting Middleware

[CodeMaverick-143]

Public APIs are vulnerable to abuse and DDoS attacks.

Technical Implementation:

• Implement a Token Bucket or Leaky Bucket algorithm.
• Store counters in memory (default) or Redis (production).
• Add X-RateLimit-* headers to responses.
• Configuration: windowMs, max, message.

---

Acceptance Criteria:

• Requests exceeding the limit receive a 429 Too Many Requests status.
• Headers correctly reflect remaining requests and reset time.