test: allow disabling rate limiting for e2e runs

The full Playwright suite authenticates ~100 times in a few minutes, far
over the login endpoint's 5/minute limit, so most specs failed at the
beforeEach login with 429s.

Add an OIDC_OP_RATE_LIMIT_ENABLED setting (default True) wired to the
slowapi limiter's enabled flag, and set it to false in tests/e2e/run.sh.
Production behavior is unchanged.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

src/porchlight/app.py

@@ -128,6 +128,7 @@ def create_app(settings: Settings | None = None) -> FastAPI:
     )
 
     # Rate limiting
+    limiter.enabled = settings.rate_limit_enabled
     app.state.limiter = limiter
 
     @app.exception_handler(RateLimitExceeded)

src/porchlight/config.py

@@ -52,6 +52,9 @@ class Settings(BaseSettings):
     # Magic links
     invite_ttl: int = 86400  # seconds
 
+    # Rate limiting (disable for e2e/load tests that authenticate repeatedly)
+    rate_limit_enabled: bool = True
+
     # Signing keys
     signing_key_path: str = "data/keys"
 

tests/e2e/run.sh

@@ -28,6 +28,7 @@ echo "Starting Porchlight on port ${PORT}..."
 echo "  DB: ${OIDC_OP_SQLITE_PATH}"
 OIDC_OP_ISSUER="${TARGET_URL}" \
 OIDC_OP_DEBUG=true \
+OIDC_OP_RATE_LIMIT_ENABLED=false \
   uv run --directory "$PROJECT_ROOT" \
   uvicorn porchlight.app:create_app \
     --factory --host 127.0.0.1 --port "$PORT" \