Merge pull request #2996 from overleaf/jpa-rate-limit-project-download

[misc] rate limit the download of project revisions to 30 per user/hour

GitOrigin-RevId: 81244a0dad1cf183da69406ef488f6684d5f134a
This commit is contained in:
Jakob Ackermann 2020-07-10 12:46:33 +02:00 committed by Copybot
parent ce3ca981a8
commit cafe9387f8

View file

@ -543,6 +543,11 @@ function initialize(webRouter, privateApiRouter, publicApiRouter) {
) )
webRouter.get( webRouter.get(
'/project/:project_id/version/:version/zip', '/project/:project_id/version/:version/zip',
RateLimiterMiddleware.rateLimit({
endpointName: 'download-project-revision',
maxRequests: 30,
timeInterval: 60 * 60
}),
AuthorizationMiddleware.ensureUserCanReadProject, AuthorizationMiddleware.ensureUserCanReadProject,
HistoryController.downloadZipOfVersion HistoryController.downloadZipOfVersion
) )