No rate limit/throttle code is present; this is critical for brute-force protection and abuse prevention.
Where seen:
No matches for throttling/rate limit across *.py
Acceptance criteria
Throttling enabled globally with tighter limits for /auth/token/, and reasonable limits for /patients/, /records/, /appointments/.
Documented settings + tests verifying throttling triggers.
No rate limit/throttle code is present; this is critical for brute-force protection and abuse prevention.
Where seen:
No matches for throttling/rate limit across *.py
Acceptance criteria
Throttling enabled globally with tighter limits for
/auth/token/, and reasonable limits for/patients/, /records/, /appointments/.Documented settings + tests verifying throttling triggers.