Fix security vulnerability Issue 707 by implementing rate limiting on…

[Shubham-Gotawade]

Summary

This PR implements defensive middleware throttling on the project matching engine endpoint. Previously, the /api/recommend route had no request limits, leaving the backend highly vulnerable to automated script abuse, computational bottlenecking, and resource exhaustion. This update adds individual client IP rate limiting alongside a graceful JSON fallback payload handler.

Related Issue [required]

Closes #707

Type of Change

• Bug fix — resolves a broken behaviour
• Feature — adds new functionality
• Data — adds new projects to data/projects.json
• Documentation — updates docs, README, or code comments only
• Style — CSS or visual changes only, no logic change
• Refactor — restructures code without changing behaviour
• Test — adds or updates tests

What Was Changed

File	Change made
requirements.txt	Added Flask-Limiter==3.7.0 dependency tracking.
routes/main_routes.py	Initialized client tracker (get_remote_address), added a native 429 error intercept handler, and attached the 5 requests/min limit decorator.
app.py	Registered the global rate limiter instantiation smoothly with the Flask core app object.

How to Test This PR

1. Clone this branch: git checkout security/rate-limiting
2. Install new dependencies: pip install -r requirements.txt
3. Launch the local dev environment: python app.py
4. Use a tool or refresh the recommendation request 6 times rapidly within one minute. Verify that the 6th request gracefully blocks and returns a clean structured JSON string {"status": 429, "error": "Too Many Requests"} instead of crashing.

Test Results

Manual middleware integration verification passed successfully. Throttling triggers exactly on limit saturation parameters and handles client error responses safely.

Self-Review Checklist

• I have read CONTRIBUTING.md and followed all guidelines
• My branch name follows the convention: feat/, fix/, docs/, data/, style/, test/
• Every new function I wrote has a docstring
• I have not modified files outside the scope of the linked issue

Notes for Reviewer

None. The middleware isolates client requests natively inside blueprint scopes to avoid cross-route state leaking.

[vercel]

@Shubham-Gotawade is attempting to deploy a commit to the komalsony234-1530's projects Team on Vercel.

A member of the Team first needs to authorize it.

[github-actions]

Thank you for submitting your first pull request to DevPath.

Before review:

• Complete the PR template fully
• Ensure all tests pass
• Link your PR to an issue
• Keep changes scoped to the issue

A maintainer will review your contribution soon.