Merge pull request #3414 from overleaf/jpa-rate-limit-downloads

[misc] add rate-limits to download routes of mics output files

GitOrigin-RevId: d1d646fc3da6b628adc762ce84860e3701e3857d

services/web/app/src/router.js

@@ -368,6 +368,14 @@ function initialize(webRouter, privateApiRouter, publicApiRouter) {
     CompileController.downloadPdf
   )
 
+  // Align with limits defined in CompileController.downloadPdf
+  const rateLimiterMiddlewareOutputFiles = RateLimiterMiddleware.rateLimit({
+    endpointName: 'misc-output-download',
+    params: ['Project_id'],
+    maxRequests: 1000,
+    timeInterval: 60 * 60
+  })
+
   // Used by the pdf viewers
   webRouter.get(
     /^\/project\/([^/]*)\/output\/(.*)$/,
@@ -379,6 +387,7 @@ function initialize(webRouter, privateApiRouter, publicApiRouter) {
       req.params = params
       next()
     },
+    rateLimiterMiddlewareOutputFiles,
     AuthorizationMiddleware.ensureUserCanReadProject,
     CompileController.getFileFromClsi
   )
@@ -394,6 +403,7 @@ function initialize(webRouter, privateApiRouter, publicApiRouter) {
       req.params = params
       next()
     },
+    rateLimiterMiddlewareOutputFiles,
     AuthorizationMiddleware.ensureUserCanReadProject,
     CompileController.getFileFromClsi
   )
@@ -410,6 +420,7 @@ function initialize(webRouter, privateApiRouter, publicApiRouter) {
       req.params = params
       next()
     },
+    rateLimiterMiddlewareOutputFiles,
     AuthorizationMiddleware.ensureUserCanReadProject,
     CompileController.getFileFromClsi
   )
@@ -427,6 +438,7 @@ function initialize(webRouter, privateApiRouter, publicApiRouter) {
       req.params = params
       next()
     },
+    rateLimiterMiddlewareOutputFiles,
     AuthorizationMiddleware.ensureUserCanReadProject,
     CompileController.getFileFromClsi
   )