Add per-IP rate limiting (login + general API)

cmd/server/main.go

@@ -1,6 +1,7 @@
 package main
 
 import (
+	"ResendIt/internal/api/middleware"
 	"ResendIt/internal/auth"
 	"ResendIt/internal/db"
 	"ResendIt/internal/file"
@@ -14,6 +15,7 @@ import (
 	"html/template"
 	"net/http"
 	"os"
+	"time"
 
 	"github.com/gin-gonic/gin"
 	"github.com/joho/godotenv"
@@ -74,6 +76,9 @@ func main() {
 	createAdminUser(userService)
 
 	apiRoute := r.Group("/api")
+	// General API rate limiting to reduce abuse/spam.
+	// ~60 req/min per IP with some burst room.
+	apiRoute.Use(middleware.RateLimitByIP(60, time.Minute, 30, 5*time.Minute))
 
 	auth.RegisterRoutes(apiRoute, authHandler)
 	user.RegisterRoutes(apiRoute, userHandler)