Merge pull request #4166 from overleaf/sk-analytics-rate-limit

Analytics: add rate-limiter to analytics api GitOrigin-RevId: c58843a2c693b5276e962cc23d701b960e82f186
2024-11-21 20:47:08 -05:00 · 2021-06-11 09:40:08 +01:00 · 2021-06-11 09:40:08 +01:00 · c0d3b776e2
commit c0d3b776e2
parent bd24e523e3
1 changed files with 17 additions and 0 deletions
--- a/services/web/app/src/Features/Analytics/AnalyticsRouter.js
+++ b/services/web/app/src/Features/Analytics/AnalyticsRouter.js
@ -1,22 +1,39 @@
 const AuthenticationController = require('./../Authentication/AuthenticationController')
 const AnalyticsController = require('./AnalyticsController')
 const AnalyticsProxy = require('./AnalyticsProxy')
+const RateLimiterMiddleware = require('./../Security/RateLimiterMiddleware')

 module.exports = {
  apply(webRouter, privateApiRouter, publicApiRouter) {
    webRouter.post(
      '/event/:event([a-z0-9-_]+)',
+      RateLimiterMiddleware.rateLimit({
+        endpointName: 'analytics-record-event',
+        maxRequests: 200,
+        timeInterval: 60,
+      }),
      AnalyticsController.recordEvent
    )

    webRouter.put(
      '/editingSession/:projectId',
+      RateLimiterMiddleware.rateLimit({
+        endpointName: 'analytics-update-editing-session',
+        params: ['projectId'],
+        maxRequests: 20,
+        timeInterval: 60,
+      }),
      AnalyticsController.updateEditingSession
    )

    publicApiRouter.use(
      '/analytics/uniExternalCollaboration',
      AuthenticationController.requirePrivateApiAuth(),
+      RateLimiterMiddleware.rateLimit({
+        endpointName: 'analytics-uni-external-collab-proxy',
+        maxRequests: 20,
+        timeInterval: 60,
+      }),
      AnalyticsProxy.call('/uniExternalCollaboration')
    )
  },