Now we have a normalized sequence of "security" middlewares for public endpoints:
1. crash recovery (always first)
2. CDN security (whatever that means)
3. HTTP metrics (prometheus)
4. rate limiter (effect will be visible via metrics, but not logs)
5. out tracing (for logs)
6. All the rest
Since this commit, this sequence is same in both portal and API servers.
Main reason being otter/v2 release with APIs for sliding expiration.
- added new cache API to use Loader logic from otter/v2 (fetch from DB)
- main direction of work is improving "negative caching" performance
(currently it is still intertwined with the main cache)
- expose new Prometheus metric for cache hit ratio
Taras Kushnir