(feat) Per-Route Rate Limiting

[kevcomparadise]

per-route rate limiting feature

• Added support for mixed routes configuration (string and { path, max, duration })
• Implemented per-route request counting (each route maintains its own counter)
• Ensured that global fallback limits still apply when no specific route matches
• Preserved global ban behavior — exceeding any limit will ban the IP across all routes
• Introduced per-route/IP storage keys to avoid counter collisions between endpoints
• Added E2E tests
• Added documentation explaining how to use per-route limits

The following documentation section has been added to the README:

## Per-Route Rate Limiting

`nuxt-api-shield` supports **per-route rate limiting**, allowing you to define custom limits for specific API endpoints while keeping a global default configuration for all other routes.

This is useful when certain endpoints (such as `/api/login`, `/api/auth`, or `/api/payment`) require stricter protection.

### Configuration Example

The `routes` option accepts a mixed array:

- **String:** applies the global rate limit configuration
- **Object:** applies custom per-route limits

```ts
export default defineNuxtConfig({
  nuxtApiShield: {
    limit: {
      max: 12,
      duration: 108,
      ban: 3600
    },

    routes: [
      // String → uses global defaults
      '/api/example',

      // Object → custom limit for this route
      {
        path: '/api/example-per-route',
        max: 5,
        duration: 10
        // "ban" remains global
      }
    ],
  }
})

Feel free to share any thoughts or adjustments

[kevcomparadise]

Link #120

[rrd108]

Ah thanks, you were really quick!