From c2eb7513834eeb5adfa53fff897f585de87e4821 Mon Sep 17 00:00:00 2001
From: nsfisis <nsfisis@gmail.com>
Date: Tue, 30 Dec 2025 22:08:47 +0900
Subject: feat(security): add rate limiting and CORS middleware
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Add rate limiting to login endpoint (5 requests/minute per IP)
- Configure CORS middleware with environment-based origin control
- Expose rate limit headers in CORS for client visibility
- Update hono to 4.11.3 for rate limiter peer dependency

🤖 Generated with [Claude Code](https://claude.ai/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 docs/dev/roadmap.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'docs/dev/roadmap.md')

diff --git a/docs/dev/roadmap.md b/docs/dev/roadmap.md
index 38ef3be..d877d78 100644
--- a/docs/dev/roadmap.md
+++ b/docs/dev/roadmap.md
@@ -193,8 +193,8 @@ Smaller features first to enable early MVP validation.
 **Goal**: Address security vulnerabilities identified in code review
 
 ### High Priority
-- [ ] Add rate limiting to login endpoint (brute force protection)
-- [ ] Configure CORS middleware
+- [x] Add rate limiting to login endpoint (brute force protection)
+- [x] Configure CORS middleware
 
 ### Medium Priority
 - [ ] Fix card update authorization in sync push (verify existing card ownership)
-- 
cgit v1.2.3-70-g09d2