test : added unit tests for rate-limit.ts

[tmdeveloper007]

Closes #2760.

Summary of What Has Been Done: Added a vitest test file test/rate-limit.test.ts covering getClientIp and createMemoryFixedWindowRateLimiter from src/lib/rate-limit.ts.

Changes Made:

• Created test/rate-limit.test.ts with 18 tests across 2 describe blocks.
• getClientIp: tested cf-connecting-ip, x-real-ip, x-forwarded-for each in isolation; tested header priority (cf > x-real > x-forwarded-for); tested whitespace trimming; tested single-IP x-forwarded-for with no comma; tested unknown fallback when no headers present.
• createMemoryFixedWindowRateLimiter: tested first request allowed with remaining = limit-1; tested requests up to limit allowed; tested request number limit+1 blocked with remaining=0; tested window expiry resets the counter; tested reset timestamp alignment; tested per-key independence; tested custom windowMs; tested remaining never goes negative.

Impact it Made: The rate limiter protects all API routes from abuse. getClientIp determines which client is rate-limited; incorrect IP detection can cause legitimate users to share limits with abusers or vice versa. Testing the limiter logic ensures the fixed-window algorithm is correctly implemented.

Hello @Priyanshu-byte-coder, please assign this issue to me (@tmdeveloper007) so I can open a focused PR.

[github-actions]

GSSoC Label Checklist 🏷️

@Umbrella-io — please apply the appropriate labels before merging:

Difficulty (pick one):

• level:beginner — 20 pts
• level:intermediate — 35 pts
• level:advanced — 55 pts
• level:critical — 80 pts

Quality (optional):

• quality:clean — ×1.2 multiplier
• quality:exceptional — ×1.5 multiplier

Validation (required to score):

• gssoc:approved — counts for points
• gssoc:invalid / gssoc:spam / gssoc:ai-slop — does not score

Type labels (type:*) are auto-detected from files and title. Review and adjust if needed.
Points formula: (difficulty × quality_multiplier) + type_bonus

[Priyanshu-byte-coder]

Closing as duplicate. #2733 was selected as the best rate-limit test suite (comprehensive coverage of fallback chain, , window reset, pruning, and bounded-map behavior). Thanks for contributing!