update rate limiting docs

.env.example

@@ -55,8 +55,8 @@ STORAGE_S3_FORCE_PATH_STYLE=false
 # --- Security & Authentication ---
 
 # Rate Limiting
-# The window in milliseconds for which API requests are checked. Defaults to 900000 (15 minutes).
-RATE_LIMIT_WINDOW_MS=900000
+# The window in milliseconds for which API requests are checked. Defaults to 60000 (1 minute).
+RATE_LIMIT_WINDOW_MS=60000
 # The maximum number of API requests allowed from an IP within the window. Defaults to 100.
 RATE_LIMIT_MAX_REQUESTS=100
 

docs/api/rate-limiting.md

@@ -8,7 +8,7 @@ The rate limiter restricts the number of requests an IP address can make within
 
 By default, the limits are:
 
-- **100 requests** per **15 minutes** per IP address.
+- **100 requests** per **1 minute** per IP address.
 
 If this limit is exceeded, the API will respond with an HTTP `429 Too Many Requests` status code.
 
@@ -27,7 +27,7 @@ When an IP address is rate-limited, the API will return a JSON response with the
 
 You can customize the rate-limiting settings by setting the following environment variables in your `.env` file:
 
-- `RATE_LIMIT_WINDOW_MS`: The time window in milliseconds. Defaults to `900000` (15 minutes).
+- `RATE_LIMIT_WINDOW_MS`: The time window in milliseconds. Defaults to `60000` (1 minute).
 - `RATE_LIMIT_MAX_REQUESTS`: The maximum number of requests allowed per IP address within the time window. Defaults to `100`.
 
 ## Handling Rate Limits

packages/backend/src/config/api.ts

@@ -2,7 +2,7 @@ import 'dotenv/config';
 
 export const apiConfig = {
     rateLimit: {
-        windowMs: process.env.RATE_LIMIT_WINDOW_MS ? parseInt(process.env.RATE_LIMIT_WINDOW_MS, 10) : 15 * 60 * 1000, // 15 minutes
+        windowMs: process.env.RATE_LIMIT_WINDOW_MS ? parseInt(process.env.RATE_LIMIT_WINDOW_MS, 10) : 1 * 60 * 1000, // 1 minutes
         max: process.env.RATE_LIMIT_MAX_REQUESTS ? parseInt(process.env.RATE_LIMIT_MAX_REQUESTS, 10) : 100, // limit each IP to 100 requests per windowMs
     }
 };