diff --git a/src/routes/route-utils.ts b/src/routes/route-utils.ts
index 795caa6..6265b60 100644
--- a/src/routes/route-utils.ts
+++ b/src/routes/route-utils.ts
@@ -129,6 +129,9 @@ export async function getUser(req: express.Request) {
       httpStatus: 401,
     });
   }
+  if (!req.user) {
+    notConnected();
+  }
   const user = (req.user as any).user;
   if (!user) {
     notConnected();
diff --git a/src/server.ts b/src/server.ts
index bb32878..2d71d16 100644
--- a/src/server.ts
+++ b/src/server.ts
@@ -68,9 +68,13 @@ export default async function start() {
     }),
     windowMs: 15 * 60 * 1000, // 15 minutes
     max: async (request: express.Request, response: express.Response) => {
-      const user = await getUser(request);
-      if (user && user.isAdmin) return 0;
-      if (user) return config.RATE_LIMIT;
+      try {
+        const user = await getUser(request);
+        if (user && user.isAdmin) return 0;
+        if (user) return config.RATE_LIMIT;
+      } catch (_) {
+        // ignore: user not connected
+      }
       // if not logged in, limit to half the rate
       return config.RATE_LIMIT / 2;
     },