fix: move rate limiting before auth checks

- Rate limiting now happens immediately after parsing
- Prevents spam from wasting resources on auth validation
- Protects against DoS from unauthenticated request floods
- IP-based rate limits now apply to all spam, not just authenticated users

0 files changed, 0 insertions, 0 deletions