From d52c30f272af3b66146b6254f0c14bd0ec9242f6 Mon Sep 17 00:00:00 2001
From: Chrystal Maria Griffiths <hello@chrystalgriffiths.com>
Date: Fri, 15 Feb 2019 13:16:39 +0000
Subject: [PATCH] Merge pull request #1512 from
 sharelatex/as-rate-limit-confirm-uni-domain-endpoint

Rate limit confirm university domain endpoint

GitOrigin-RevId: 1d03eec3c0e8208e5f643000693f685957e15442
---
 services/web/app/coffee/router.coffee | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/services/web/app/coffee/router.coffee b/services/web/app/coffee/router.coffee
index d99d9b596d..0e7cacc8e6 100644
--- a/services/web/app/coffee/router.coffee
+++ b/services/web/app/coffee/router.coffee
@@ -403,7 +403,11 @@ module.exports = class Router
 			),
 			AuthenticationController.httpAuth,
 			CompileController.getFileFromClsiWithoutUser
-		publicApiRouter.post '/api/institutions/confirm_university_domain', AuthenticationController.httpAuth, InstitutionsController.confirmDomain
+		publicApiRouter.post '/api/institutions/confirm_university_domain', RateLimiterMiddlewear.rateLimit({
+			endpointName: 'confirm-university-domain',
+			maxRequests: 1,
+			timeInterval: 60
+		}), AuthenticationController.httpAuth, InstitutionsController.confirmDomain
 
 		webRouter.get '/chrome', (req, res, next) ->
 			# Match v1 behaviour - this is used for a Chrome web app