Add Input Validation and Rate Limiting to API Routes

[Emmzyemms]

Type: Security / Reliability
Priority: 🟠 HIGH

Description:
The /api/upload route validates file type/size but does not validate the number of files per request (a caller could send 1000 files). The job routes accept any string as id with no format validation. Server-side rate limiting is absent from all API routes (the existing rateLimiter.ts only runs client-side).

Acceptance Criteria:

• /api/upload: cap files.length at a configurable max (e.g. 10); return 400 if exceeded
• /api/jobs/[id]: validate id format (UUID or alphanumeric, max 64 chars); return 400 on invalid
• Implement server-side rate limiting middleware using an in-memory or Redis-backed token bucket
• Rate limit headers (X-RateLimit-Limit, X-RateLimit-Remaining, Retry-After) are returned on 429 responses
• Add integration tests for each validation edge case

---

[stpatrickghost]

@stpatrickghost has applied to work on this issue as part of the Stellar Wave Program's 6th wave.

Please maintainer... Assign me this issue... I'll resolve it without errors 🙏

ℹ️ Repo Maintainers: To accept this application, review their application or assign @stpatrickghost to this issue.

[jahswillb-dev]

@jahswillb-dev has applied to work on this issue as part of the Stellar Wave Program's 6th wave.

hello maintainer, please assign me this issue, i can deliver today

ℹ️ Repo Maintainers: To accept this application, review their application or assign @jahswillb-dev to this issue.

[fridaypetra55-afk]

@fridaypetra55-afk has applied to work on this issue as part of the Stellar Wave Program's 6th wave.

I have reviewed the issue requirements and would love to contribute. I am comfortable working with smart contracts, backend systems, and developer tooling. I will provide regular updates and ensure high-quality implementation.

ℹ️ Repo Maintainers: To accept this application, review their application or assign @fridaypetra55-afk to this issue.

[drips-wave]

Congratulations, @fridaypetra55-afk! 🎉 Your application was accepted by the repo's maintainers, and the issue is due on June 30, 2026.

🧑‍💻 @fridaypetra55-afk: Please resolve the issue such that the repo's maintainers have enough time to review your contribution before the due date. You'll earn Points for completing the issue on-time, which will make you eligible for a share of the Stellar Wave Program's reward pool.

Warning

When opening a PR, please link it to this issue to ensure it gets tracked accurately. Points are awarded when this issue is marked as completed by the maintainer.

🤠 Repo maintainers: Please keep an eye on the contributor's progress and review their work before the due date. You can manage this issue, including adjusting its complexity and points, here.

🌊 Happy Wave 🌊