Implement rate limiting in the API

[rajdip-b]

Is your feature request related to a problem? Please describe.
I would like the API to have rate limiting set up so that malicious actors can't spam our APIs.

Describe the solution you'd like
Use this document as a reference: https://docs.nestjs.com/security/rate-limiting

Suggestions for implementing this feature are most welcome!

[Sachinsharma01]

@rajdip-b picking this as this does not require major change, can work parallelly with create user #13
assign this to me

[rajdip-b]

@Sachinsharma01 assigned to you. Do open a thread in discord regarding this issue since we still haven't fixed on what parameters we will do the rate limit. So you can get on with this after we have came to a decision!

[Sachinsharma01]

ok, got it

[Sachinsharma01]

As per discussion, we are going to have rate limiting as below

We would want to send OTP, validate OTP to be rate limited to 10 requests per minute for a single user
Upon multiple failures of validate OTP (20 consecutive times over any period), we want to send a mail to the user that their account failed authentication 20 times. They might want to take the necessary steps.
The rest of the endpoints will follow a standard 20-50 requests per minute based on the computation power it takes, but we will stall that for a later issue.

[rajdip-b]

Yes, correct. That looks good! @Sachinsharma01

[Sachinsharma01]

yeah, picking this up for development

[bansal-harsh-2504]

can I work on this issue? @rajdip-b

[rajdip-b]

Sure thing! Go ahead.

[rajdip-b]

The requirements of this issue is still not clear, so please feel free to add a list of the implementations you would be making before you go ahead and code it.

[bansal-harsh-2504]

But the next 10days are very hectic for me and I can only start solving after that. If that's okay with you

[rajdip-b]

Yeah no problem with that