Daniel

Not really sure why the test to validate the config options is failing on Postgres with `Unhandled promise rejection: error: duplicate key value violates unique constraint "pg_class_relname_nsp_index" (line 534)`

`express-rate-limit` is compatible with reverse proxies https://github.com/nfriedly/express-rate-limit#troubleshooting-proxy-issues

That is correct. In that case, wouldn't using AWS WAF/Cloudflare be preferred for rate limiting

> It's also not the best approach to limit on the application layer, a DoS that reached so far already caused some damage. Yes, I think this is why in...

We can use [mongoDB](https://www.npmjs.com/package/rate-limit-mongo) as an optional store which would help for multiple instances. We could do IP address if session is undefined, otherwise `request.user.id`. I think this would make...

Ok, no worries. Should we still have the option for the limit to be global, regardless of IP (ddos protection)?

I think we need the [Monaco editor](https://github.com/microsoft/monaco-editor) for this - would be good if we could pass types in too

Isn’t that what you were suggesting?

Oh, right. My misunderstanding

`ace-builds` is 50M, `graphiql` is 10M. Not huge, but they have many subdependancies as well