From 9ab2bc3d0e67e89d423a992d3fd1aa60cee517cf Mon Sep 17 00:00:00 2001
From: lila <beiweitemderbeste@protonmail.com>
Date: Thu, 23 Apr 2026 20:36:36 +0200
Subject: [PATCH] feat(api): apply rate limiters to game and lobby routes

Wire gameLimiter into gameRouter and lobbyLimiter into lobbyRouter.
Both run after requireAuth since they key by req.session.user.id.
---
 apps/api/src/routes/gameRouter.ts  | 3 +++
 apps/api/src/routes/lobbyRouter.ts | 2 ++
 2 files changed, 5 insertions(+)

diff --git a/apps/api/src/routes/gameRouter.ts b/apps/api/src/routes/gameRouter.ts
index f65bfb6..850a146 100644
--- a/apps/api/src/routes/gameRouter.ts
+++ b/apps/api/src/routes/gameRouter.ts
@@ -2,9 +2,12 @@ import express from "express";
 import type { Router } from "express";
 import { createGame, submitAnswer } from "../controllers/gameController.js";
 import { requireAuth } from "../middleware/authMiddleware.js";
+import { gameLimiter } from "../middleware/rateLimiters.js";
 
 export const gameRouter: Router = express.Router();
 
 gameRouter.use(requireAuth);
+gameRouter.use(gameLimiter);
+
 gameRouter.post("/start", createGame);
 gameRouter.post("/answer", submitAnswer);
diff --git a/apps/api/src/routes/lobbyRouter.ts b/apps/api/src/routes/lobbyRouter.ts
index 5bd82dd..5cc24c9 100644
--- a/apps/api/src/routes/lobbyRouter.ts
+++ b/apps/api/src/routes/lobbyRouter.ts
@@ -5,10 +5,12 @@ import {
   joinLobbyHandler,
 } from "../controllers/lobbyController.js";
 import { requireAuth } from "../middleware/authMiddleware.js";
+import { lobbyLimiter } from "../middleware/rateLimiters.js";
 
 export const lobbyRouter: Router = express.Router();
 
 lobbyRouter.use(requireAuth);
+lobbyRouter.use(lobbyLimiter);
 
 lobbyRouter.post("/", createLobbyHandler);
 lobbyRouter.post("/:code/join", joinLobbyHandler);