fix: add /api/stats and /api/og to rate limiting middleware

[KaparthyReddy]

Fixes #902

Description

Both /api/stats and /api/og endpoints were excluded from the rate limiting middleware matcher, allowing unlimited requests with no throttling. /api/og is especially severe as it always passes bypassCache: true, meaning every call triggers a fresh GitHub API request regardless of volume.

This fix adds both routes to the middleware matcher in middleware.ts, consistent with how /api/streak and /api/github are already protected.

Files changed: middleware.ts only — 1 line changed in the matcher array, JSDoc comment updated.

Pillar

• 🛠️ Other (Bug fix, refactoring, docs)

Visual Preview

N/A — middleware change, no SVG output affected.

Checklist before requesting a review:

• I have read the CONTRIBUTING.md file.
• I have tested these changes locally (localhost:3000/api/streak?user=YOUR_USERNAME).
• I have run npm run format and npm run lint locally and resolved all errors.
• My commits follow the Conventional Commits format.
• I have updated README.md if I added a new theme or URL parameter.
• I have starred the repo.
• I have made sure that I have only one commit to merge in this PR.
• The SVG output matches the CommitPulse "premium quality" aesthetic standard.
• (Recommended) I joined the CommitPulse Discord community.

[vercel]

@KaparthyReddy is attempting to deploy a commit to the jhasourav07's projects Team on Vercel.

A member of the Team first needs to authorize it.

[github-actions]

👋 Hey @KaparthyReddy, welcome to CommitPulse! 🎉

Thanks for opening your first pull request — this is a big deal and we appreciate the effort!

While you wait for a review, please double-check:

• ✅ You've read the CONTRIBUTING.md checklist
• ✅ npm run lint, npm run format, and npm run test all pass locally
• ✅ Your PR has a visual preview if it touches any SVG output
• 💬 You've joined our Discord for faster PR feedback

A maintainer will review your PR shortly. Hang tight! 🚀

[github-actions]

🚨 Hey @KaparthyReddy, the CI Pipeline is failing on this PR and it has been marked as status:blocked.

Please fix the issues before this can be reviewed. Here's how:

1. Run checks locally before pushing:

npm run format:check   # Check Prettier formatting
npm run lint           # Run ESLint
npm run typecheck      # TypeScript type check
npm run test           # Run unit tests (Vitest)
npm run build          # Verify production build passes

2. Auto-fix common issues:

npm run format         # Auto-fix formatting with Prettier
npm run lint -- --fix  # Auto-fix lint errors where possible

3. Check the full failure log here:
👉 View CI Run

Once you push a fix and the CI passes, the status:blocked label will be removed automatically. 💪

[github-actions]

🎉 Congratulations @KaparthyReddy! Your PR has been successfully merged. 🚀

Thank you for contributing to CommitPulse. Your work helps us build a better tool for the community.

⚠️ Important for GSSoC Contributors:
You are strictly advised to join our Discord Server as it is mandatory for all GSSoC participants. All important announcements, point claims, and community discussions happen there.

Keep building! 💻✨