From c2eb7513834eeb5adfa53fff897f585de87e4821 Mon Sep 17 00:00:00 2001
From: nsfisis <nsfisis@gmail.com>
Date: Tue, 30 Dec 2025 22:08:47 +0900
Subject: feat(security): add rate limiting and CORS middleware
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Add rate limiting to login endpoint (5 requests/minute per IP)
- Configure CORS middleware with environment-based origin control
- Expose rate limit headers in CORS for client visibility
- Update hono to 4.11.3 for rate limiter peer dependency

🤖 Generated with [Claude Code](https://claude.ai/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 src/server/index.ts | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'src/server/index.ts')

diff --git a/src/server/index.ts b/src/server/index.ts
index a2a3a77..ad7f48a 100644
--- a/src/server/index.ts
+++ b/src/server/index.ts
@@ -1,12 +1,13 @@
 import { serve } from "@hono/node-server";
 import { Hono } from "hono";
 import { logger } from "hono/logger";
-import { errorHandler } from "./middleware/index.js";
+import { createCorsMiddleware, errorHandler } from "./middleware/index.js";
 import { auth, cards, decks, study, sync } from "./routes/index.js";
 
 const app = new Hono();
 
 app.use("*", logger());
+app.use("/api/*", createCorsMiddleware());
 app.onError(errorHandler);
 
 // Chain routes for RPC type inference
-- 
cgit v1.2.3-70-g09d2