Fix unique IP rate limiter
The unique IP rate limiter stopped working when Rack Attack settings
were enabled the initializer because the TooManyIps
exception would
be raised inside the Rack Attack middleware, which would result in a 500
error.
To fix this, we use a custom middleware to lookup the user before the
Rack Attack middleware gets a chance to run and explicitly call the
limiter there. If the TooManyIps
exception is raised then, we return a
429 error and log a message.
Closes #198939 (closed)
Edited by 🤖 GitLab Bot 🤖