From f4d17f78f7d129e17216d7ee1ce5871b71f2ade6 Mon Sep 17 00:00:00 2001
From: Jakob Ackermann <jakob.ackermann@overleaf.com>
Date: Thu, 24 Mar 2022 15:40:54 +0000
Subject: [PATCH] Merge pull request #7194 from
 overleaf/jpa-rate-limit-zip-download

[web] rate-limit project zip download requests

GitOrigin-RevId: c99b7474de26b0e8a288863dccb60a25adfdc1b0
---
 services/web/app/src/router.js | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/services/web/app/src/router.js b/services/web/app/src/router.js
index f9d65ac150..181a9ac2e9 100644
--- a/services/web/app/src/router.js
+++ b/services/web/app/src/router.js
@@ -670,11 +670,22 @@ function initialize(webRouter, privateApiRouter, publicApiRouter) {
 
   webRouter.get(
     '/Project/:Project_id/download/zip',
+    RateLimiterMiddleware.rateLimit({
+      endpointName: 'zip-download',
+      params: ['Project_id'],
+      maxRequests: 10,
+      timeInterval: 60,
+    }),
     AuthorizationMiddleware.ensureUserCanReadProject,
     ProjectDownloadsController.downloadProject
   )
   webRouter.get(
     '/project/download/zip',
+    RateLimiterMiddleware.rateLimit({
+      endpointName: 'multiple-projects-zip-download',
+      maxRequests: 10,
+      timeInterval: 60,
+    }),
     AuthorizationMiddleware.ensureUserCanReadMultipleProjects,
     ProjectDownloadsController.downloadMultipleProjects
   )