fixed limiter

backend/server.js

@@ -1,17 +1,12 @@
 import express from "express";
+const app = express();
+const port = 7001;
+
 import cors from "cors";
 import apiRouter from "./routes/api.js";
 import { rateLimit } from "express-rate-limit";
 
-const app = express();
-const port = 7001;
-
 app.set("trust proxy", 1); // Required when running behind a proxy (e.g. Docker/NGINX) so rate-limit can read X-Forwarded-For.
-app.use(cors());
-app.use(express.urlencoded({ extended: true }));
-app.set("view engine", "ejs");
-app.use(express.json());
-app.use("/api", apiRouter);
 
 const limits = {
   time: 1, // = 1 minute
@@ -28,6 +23,12 @@ const limiter = rateLimit({
 
 app.use(limiter);
 
+app.use(cors());
+app.use(express.urlencoded({ extended: true }));
+app.set("view engine", "ejs");
+app.use(express.json());
+app.use("/api", apiRouter);
+
 app.get("/", (req, res) => {
   res.render("index.ejs", { title: port });
 });