From cafe9387f836c92eb6432b9f035e1b38a526cc70 Mon Sep 17 00:00:00 2001 From: Jakob Ackermann Date: Fri, 10 Jul 2020 12:46:33 +0200 Subject: [PATCH] Merge pull request #2996 from overleaf/jpa-rate-limit-project-download [misc] rate limit the download of project revisions to 30 per user/hour GitOrigin-RevId: 81244a0dad1cf183da69406ef488f6684d5f134a --- services/web/app/src/router.js | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/services/web/app/src/router.js b/services/web/app/src/router.js index e94946542f..41020d748d 100644 --- a/services/web/app/src/router.js +++ b/services/web/app/src/router.js @@ -543,6 +543,11 @@ function initialize(webRouter, privateApiRouter, publicApiRouter) { ) webRouter.get( '/project/:project_id/version/:version/zip', + RateLimiterMiddleware.rateLimit({ + endpointName: 'download-project-revision', + maxRequests: 30, + timeInterval: 60 * 60 + }), AuthorizationMiddleware.ensureUserCanReadProject, HistoryController.downloadZipOfVersion )