once auth ships, reject all non-authorized requests

[gruns]

add two rate limits when no auth token is provided

• solid rate limits per IP. eg a max of like 5 reqs/IP/s
• extreme rate limit per origin/referer. eg a max of 5 reqs/referer/s
• do not ship this until auth ships 🙂
• return http 429 appropriately when rate limits hit

requests with an invalid auth token will still be rejected

[hannahhoward]

changed to initial implementation being NO unauthorized requests

[gruns]

yep! new implementation plan:

stage 1: auth required for every request. all requests without auth are rejected outright by l1s
stage 2: all requests without auth are severely rate limited to allow curl, wget, and other 'toy' usage of saturn without auth

for stage 2, the goal of the rate limits is:

1. to allow for toy usage of saturn, eg with curl from the command line for debugging
2. to explicitly disallow production usage of saturn without auth. for prod use, a customer must sign up and add auth to their requests

here are some potential rate limiting strategies to consider for implementation:

• rate limit per IP, e.g. 5 reqs/IP/sec
• rate limit per origin, e.g. 5 reqs/origin/sec
• download rate limit per request, e.g. 200kbps maximum download speed per request
• response size per request, e.g. 10MB maximum response size per request

some combination of all, or some, of the above rate limits will help accomplish both of stage 2's goals above