Add rate limiting for public API routes

[Lakes41]

Summary

Protect public API endpoints from accidental overload and basic abuse by adding configurable rate limiting.

Current Behaviour

The API exposes public routes for membership lookup, profile lookup, access checks, and member listing without visible request throttling.

Expected Behaviour

The API should limit repeated requests by IP address or configured client identifier while preserving normal SDK and frontend usage.

Suggested Implementation

Add Fastify-compatible rate limiting with configurable limits per route group. Use stricter limits for expensive endpoints such as community member listing and more permissive limits for lightweight health checks. Make Redis-backed storage optional if the project already runs Redis in deployment.

Files or Areas Likely Affected

• apps/access-api/src/app.ts
• apps/access-api/src/index.ts
• apps/access-api/src/routes.ts
• apps/access-api/src/config.ts
• .env.example
• README.md

Acceptance Criteria

• Rate limiting can be configured through environment variables
• Health checks are excluded or given a separate safe limit
• Expensive public endpoints have bounded request rates
• Rate-limit responses return a clear HTTP status and message
• Tests cover allowed requests, blocked requests, and disabled rate limiting
• Documentation explains how to tune limits for local and production environments

Additional Notes

Avoid hard-coding production limits. Defaults should be safe for local development and easy to override.

[coderolisa]

Hello Maintainer,

I'd like to work on this issue. I've reviewed the requirements and can complete the implementation as specified.

Please assign it to me. Thank you!

[OlaGreat]

I'd like to take this on.

I'm a software engineer with experience in blockchain, backend systems, and open-source contribution. I've reviewed the issue and I'm confident I can deliver a clean implementation with tests covering the acceptance criteria. Happy to follow the project's existing conventions.

[grantfox-oss]

🦊 GrantFox — @coderolisa has been assigned to this issue as part of the Official Campaign campaign!

Next steps:

1. Open a Pull Request referencing this issue (e.g., Closes #20)
2. Your PR will be reviewed by the Adamantine-guild maintainers

Good luck! Track your progress on GrantFox.