Security: ensure global and per-route rate-limiting and abuse protection

[gelluisaac]

Description: Ensure unauthenticated endpoints and critical endpoints have rate limiting protections; verify rate-limiter-flexible is applied consistently.

• Scope: packages/backend middleware and routes.
• Expected behavior: Rate-limits applied with sensible defaults and whitelisting for internal services.
• Current behavior: Rate-limiter library present but audit required.
• Steps to reproduce: Inspect middleware and test endpoints.
• Acceptance criteria: All public endpoints have rate-limits and tests validate throttling behavior.
• Priority: high
• Files/components affected: packages/backend/src/middleware
• Recommended implementation steps:
  1. Add centralized rate-limiter middleware and unit tests.
  2. Configure per-route limits and exemptions.

[sweetesty]

@sweetesty has applied to work on this issue as part of the Stellar Wave Program's 5th wave.

Hi please can I work on this issue

ℹ️ Repo Maintainers: To accept this application, review their application or assign @sweetesty to this issue.

[drips-wave]

Congratulations, @sweetesty! 🎉 Your application was accepted by the repo's maintainers, and the issue is due on June 2, 2026.

🧑‍💻 @sweetesty: Please resolve the issue such that the repo's maintainers have enough time to review your contribution before the due date. You'll earn Points for completing the issue on-time, which will make you eligible for a share of the Stellar Wave Program's reward pool.

Warning

When opening a PR, please link it to this issue to ensure it gets tracked accurately. Points are awarded when this issue is marked as completed by the maintainer.

🤠 Repo maintainers: Please keep an eye on the contributor's progress and review their work before the due date. You can manage this issue, including adjusting its complexity and points, here.

🌊 Happy Wave 🌊