* add InvalidCredentialsError with language-agnostic code and update backend & web logout logic
* error.code in API error responses
Updated the error handler to serialize responseErr.code as the JSON error field, falling back to responseErr.name when no code is set.
* fix(lint): whitespace and missing def
* fix(lint): missed one
* add InvalidCredentialsError case for bad token
Add test verifying that auth middleware throws InvalidCredentialsError with code "invalid_credentials" and correct translated message when the API token is invalid.
* fix(test): user fields implicitly required
---------
Co-authored-by: Kalista Payne <sabrecat@gmail.com>
* simplify ip address management by using the trust proxy express option
* add setupExpress file
* fix redirects middleware tests
* fix lint
* short circuit the ip blocking middleware
* basic implementation with ip based limiting
* improve logging
* upgrade apidoc
* apidoc: add introduction section
* fix lint
* fix tests
* fix lint
* add unit tests for rate limiter
* do not send retry-after header when points are available
* automatically fix lint
* fix more lint issues
* use userId as key for rate limit when available
