Harden API Rate Limits

## Description
The current API rate limits are excessively high, posing potential security risks (Brute-force, DoS, Disk Exhaustion).

### Analysis
Current limits (per minute):
- **Auth**: 500 (Too permissive for brute-force protection)
- **API**: 5000 (Unnecessarily high for a single user)
- **Upload**: 1000 (Major risk of Disk Space Exhaustion - 5GB+/min potential)

### Proposed Changes
Adjust the limits in `backend/src/middleware/rateLimit.js` to values that balance security with usability, considering users behind NAT/Reverse Proxies.

| Limiter | Old Value | New Value | Reasoning |
| :--- | :--- | :--- | :--- |
| **Auth** | 500 | **120** | Allows ~2 req/s. Sufficient for small teams behind NAT, but slows down brute-force attacks significantly. |
| **API** | 5000 | **1000** | Sufficient for heavy sync usage, prevents backend overload. |
| **Upload** | 1000 | **60** | Limits uploads to ~1/sec. Prevents rapid disk filling while allowing normal drag & drop usage. |

### Tasks
1. Update `authLimiter` max to **120**.
2. Update `apiLimiter` max to **1000**.
3. Update `uploadLimiter` max to **60**.

## Complexity
**Complexity**: 1/10

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Harden API Rate Limits #163

Description

Analysis

Proposed Changes

Tasks

Complexity

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Limiter	Old Value	New Value	Reasoning
Auth	500	120	Allows ~2 req/s. Sufficient for small teams behind NAT, but slows down brute-force attacks significantly.
API	5000	1000	Sufficient for heavy sync usage, prevents backend overload.
Upload	1000	60	Limits uploads to ~1/sec. Prevents rapid disk filling while allowing normal drag & drop usage.

Harden API Rate Limits #163

Description

Description

Analysis

Proposed Changes

Tasks

Complexity

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions