Make rate limiter configuration verbose (#17184)

Make rate limiter configuration verbose to prevent confusion in the
future.

Co-authored-by: chiedo <chiedo@users.noreply.github.com>
Co-authored-by: James M. Greene <JamesMGreene@github.com>

Author: chiedo

middleware/rate-limit.js

@@ -5,15 +5,22 @@ const Redis = require('ioredis')
 const isProduction = process.env.NODE_ENV === 'production'
 const { REDIS_URL } = process.env
 const rateLimitDatabaseNumber = 0
+const EXPIRES_IN_AS_SECONDS = 60
 
 module.exports = rateLimit({
   // 1 minute (or practically unlimited outside of production)
-  windowMs: isProduction ? (60 * 1000) : 1,
+  windowMs: isProduction ? (EXPIRES_IN_AS_SECONDS * 1000) : 1, // Non-Redis configuration in `ms`. Used as a fallback when Redis is not working or active.
   // limit each IP to X requests per windowMs
   max: 250,
   // Don't rate limit requests for 200s and redirects
   // Or anything with a status code less than 400
   skipSuccessfulRequests: true,
   // When available, use Redis
-  store: REDIS_URL && new RedisStore({ client: new Redis(REDIS_URL, { db: rateLimitDatabaseNumber }) })
+  store: REDIS_URL && new RedisStore({
+    client: new Redis(REDIS_URL, {
+      db: rateLimitDatabaseNumber
+    }),
+    // 1 minute (or practically unlimited outside of production)
+    expiry: isProduction ? EXPIRES_IN_AS_SECONDS : 1 // Redis configuration in `s`
+  })
 })