From 384dd7ed8147d37d78602eda9e2a4f1891cd8720 Mon Sep 17 00:00:00 2001
From: Utsav Joshi <98454866+utsavjosh1@users.noreply.github.com>
Date: Tue, 28 Apr 2026 23:02:34 +0530
Subject: [PATCH] Potential fix for code scanning alert no. 77: Missing rate
 limiting

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 apps/api/src/routes/discord.routes.ts | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/apps/api/src/routes/discord.routes.ts b/apps/api/src/routes/discord.routes.ts
index b849eec..d41beef 100644
--- a/apps/api/src/routes/discord.routes.ts
+++ b/apps/api/src/routes/discord.routes.ts
@@ -1,10 +1,19 @@
 import { Router } from "express";
+import rateLimit from "express-rate-limit";
 import { authenticateToken } from "../middleware/auth.js";
 import { DiscordController } from "../controllers/discord.controller.js";
 
 const router = Router();
 const discordController = new DiscordController();
 
+const discordRateLimiter = rateLimit({
+  windowMs: 15 * 60 * 1000,
+  max: 100,
+  standardHeaders: true,
+  legacyHeaders: false,
+});
+
+router.use(discordRateLimiter);
 router.use(authenticateToken);
 
 router.get("/callback", discordController.handleCallback);