To help with any abuse of the app, it would be wise to add a rate limiter.

It would make sense to rate limit by tenant (only an issue if you're in multi host mode, which won't affect most self-hosters)

In the interest of "keep it simple" - let's start with this:

• Rate limit ONLY for creating posts and comments
• Rate limit by tenant (i.e. X posts per tenant)
• Allow the limits to be set in config

Something that uses middleware to manage this, for example something a bit like the article describes here: https://blog.logrocket.com/rate-limiting-go-application/

I don't think we need an extra lib for this, since the requirements are quite simple.