Merge pull request #16000 from overleaf/jpa-web-join-project-rate-limit-per-user-id

[web] apply rate limit for joinProject per user-id and project-id GitOrigin-RevId: d03a81f4ff55d9a8f6d4ea4ca3633e3682e6dacb
2024-11-07 20:31:06 -05:00 · 2023-11-29 15:47:38 +01:00 · 2023-11-29 15:47:38 +01:00 · a523283559
commit a523283559
parent de945a432d
2 changed files with 3 additions and 1 deletions
--- a/services/web/app/src/Features/Editor/EditorHttpController.js
+++ b/services/web/app/src/Features/Editor/EditorHttpController.js
@ -58,7 +58,7 @@ const unsupportedSpellcheckLanguages = [

 async function joinProject(req, res, next) {
  const projectId = req.params.Project_id
-  let userId = req.query.user_id
+  let userId = req.query.user_id // keep schema in sync with router
  if (userId === 'anonymous-user') {
    userId = null
  }
--- a/services/web/app/src/Features/Editor/EditorRouter.js
+++ b/services/web/app/src/Features/Editor/EditorRouter.js
@ -70,6 +70,8 @@ module.exports = {
      AuthenticationController.requirePrivateApiAuth(),
      RateLimiterMiddleware.rateLimit(rateLimiters.joinProject, {
        params: ['Project_id'],
+        // keep schema in sync with controller
+        getUserId: req => req.query.user_id,
      }),
      EditorHttpController.joinProject
    )