Implement authentication system with access control UI

backend/app/rate_limit.py

@@ -0,0 +1,16 @@
+"""Rate limiting configuration for Orchard API.
+
+Uses slowapi for rate limiting with IP-based keys.
+"""
+
+import os
+from slowapi import Limiter
+from slowapi.util import get_remote_address
+
+# Rate limiter - uses IP address as key
+limiter = Limiter(key_func=get_remote_address)
+
+# Rate limit strings - configurable via environment for testing
+# Default: 5 login attempts per minute per IP
+# In tests: set ORCHARD_LOGIN_RATE_LIMIT to a high value like "1000/minute"
+LOGIN_RATE_LIMIT = os.environ.get("ORCHARD_LOGIN_RATE_LIMIT", "5/minute")