fix(auth): override Better Auth sign-in rate limit defaults

Override Better Auth default rate limits for /sign-in/* and /sign-up/*
paths by adding customRules to both rateLimit blocks in auth.ts:
- /sign-in/social: max 10, window 60
- /sign-in/email: max 10, window 60
- /sign-up/email: max 5, window 60
- /get-session: false (unchanged)

Co-Authored-By: Paperclip <noreply@paperclip.ing>

apps/api/src/lib/auth.ts

@@ -96,12 +96,15 @@ export async function initAuth(): Promise<void> {
           max: 100,
           window: 10,
           storage: "memory",
-          customRules: {
+customRules: {
-            "/get-session": false,
+          "/sign-in/social": { max: 10, window: 60 },
-          },
+          "/sign-in/email": { max: 10, window: 60 },
+          "/sign-up/email": { max: 5, window: 60 },
+          "/get-session": false,
         },
-        plugins: [
+      },
-          genericOAuth({
+      plugins: [
+        genericOAuth({
             config: [
               {
                 providerId: "authentik",
@@ -247,6 +250,9 @@ export async function initAuth(): Promise<void> {
         window: 10,
         storage: "memory",
         customRules: {
+          "/sign-in/social": { max: 10, window: 60 },
+          "/sign-in/email": { max: 10, window: 60 },
+          "/sign-up/email": { max: 5, window: 60 },
           "/get-session": false,
         },
       },