[EC-502] Rate Limiting Improvements (#2231)

* [EC-502] Add custom Redis IP rate limit processing strategy

* [EC-502] Formatting

* [EC-502] Add documentation and app setting config options

* [EC-502] Formatting

* [EC-502] Fix appsettings.json keys

* [EC-502] Replace magic string for cache key

* [EC-502] Add tests for custom processing strategy

* [EC-502] Formatting

* [EC-502] Use base class for custom processing strategy

* [EC-502] Fix failing test

src/Core/Settings/GlobalSettings.cs

@@ -69,6 +69,8 @@ public class GlobalSettings : IGlobalSettings
     public virtual ISsoSettings Sso { get; set; } = new SsoSettings();
     public virtual StripeSettings Stripe { get; set; } = new StripeSettings();
     public virtual ITwoFactorAuthSettings TwoFactorAuth { get; set; } = new TwoFactorAuthSettings();
+    public virtual DistributedIpRateLimitingSettings DistributedIpRateLimiting { get; set; } =
+        new DistributedIpRateLimitingSettings();
 
     public string BuildExternalUri(string explicitValue, string name)
     {
@@ -498,4 +500,23 @@ public class GlobalSettings : IGlobalSettings
     {
         public bool EmailOnNewDeviceLogin { get; set; } = false;
     }
+
+    public class DistributedIpRateLimitingSettings
+    {
+        public bool Enabled { get; set; } = true;
+
+        /// <summary>
+        /// Maximum number of Redis timeouts that can be experienced within the sliding timeout
+        /// window before IP rate limiting is temporarily disabled.
+        /// TODO: Determine/discuss a suitable maximum
+        /// </summary>
+        public int MaxRedisTimeoutsThreshold { get; set; } = 10;
+
+        /// <summary>
+        /// Length of the sliding window in seconds to track Redis timeout exceptions.
+        /// TODO: Determine/discuss a suitable sliding window
+        /// </summary>
+        public int SlidingWindowSeconds { get; set; } = 120;
+    }
+
 }