[Bug] publicRoutes registers /:username and /:username/card/:cardId twice each — one handler silently swallows the other

[MehtabSandhu11]

Summary

In apps/backend/src/routes/public.ts, three routes are accidentally defined twice. The first registration uses a config: { rateLimit: {...} } object but contains no handler body — instead, the actual handler is a second app.get(...) call nested inside the first one. Fastify registers the outer call as a route with no handler and ignores the inner call. In practice this means the intended business logic never executes.

Root Cause

apps/backend/src/routes/public.ts:

// Outer call — registered as a route, no handler body
app.get('/:username', {
  config: { rateLimit: { max: 100, timeWindow: '1 minute' } }
}, async (request, reply) => {
  // ← JSDoc comment, then...
  app.get('/:username', async (request, reply) => {  // ← inner duplicate
    // actual logic lives here
  });
});

The same pattern occurs for /:username/card/:cardId (lines 221 and 234).

Expected Behaviour

Rate limiting config and handler body should be in one app.get() call per route.

Proposed Fix

Merge each pair into a single registration:

app.get('/:username', {
  config: { rateLimit: { max: 100, timeWindow: '1 minute' } },
}, async (request: FastifyRequest<{ Params: { username: string } }>, reply: FastifyReply) => {
  // actual handler logic here
});

Apply the same merge to /:username/card/:cardId.

Acceptance Criteria

• Each public route is registered exactly once with both rate-limit config and handler present
• GET /api/u/:username returns correct profile data
• GET /api/u/:username/card/:cardId returns correct card data
• Integration tests cover both routes

Please assign this issue to me under GSSoC

[Harxhit]

@MehtabSandhu11 I have assigned this issue to you.