Fix security

backend/app/core/config.py

@@ -22,6 +22,7 @@ class Settings(BaseSettings):
     TELEGRAM_BOT_TOKEN: str = ""
     TELEGRAM_BOT_USERNAME: str = ""
     TELEGRAM_LINK_TOKEN_EXPIRE_MINUTES: int = 10
+    BOT_API_SECRET: str = ""  # Secret key for bot-to-backend communication
 
     # Frontend
     FRONTEND_URL: str = "http://localhost:3000"

backend/app/core/rate_limit.py

@@ -0,0 +1,5 @@
+from slowapi import Limiter
+from slowapi.util import get_remote_address
+
+# Rate limiter using client IP address as key
+limiter = Limiter(key_func=get_remote_address)