Area: security · Effort: S\n\nWhat: Add rate limiting so the same email address cannot trigger repeated password reset emails.\n\nWhy: Without this, the endpoint can be abused to spam users.\n\nHints:\n- backend/src/auth/auth.service.ts\n- Store a cooldown key in Redis keyed by email
Area: security · Effort: S\n\nWhat: Add rate limiting so the same email address cannot trigger repeated password reset emails.\n\nWhy: Without this, the endpoint can be abused to spam users.\n\nHints:\n-
backend/src/auth/auth.service.ts\n- Store a cooldown key in Redis keyed by email