This PR makes a number of improvements to rate limiter:
splits withAuthToken middleware into two: withJWT (which takes JWT string from headers/body/query and parses/validates it) and withAuthToken (which takes parsed JWT and performs DB lookup for user)
moves JWT verification function into a separate file so that it could be easily imported and reused in tests
places withRateLimiter middleware between withJWT and withAuthToken so that rate limiter checks would be performed after JWT verification but before DB lookup
This PR makes a number of improvements to rate limiter:
withAuthToken
middleware into two:withJWT
(which takes JWT string from headers/body/query and parses/validates it) andwithAuthToken
(which takes parsed JWT and performs DB lookup for user)withRateLimiter
middleware betweenwithJWT
andwithAuthToken
so that rate limiter checks would be performed after JWT verification but before DB lookup