Merge pull request #7194 from overleaf/jpa-rate-limit-zip-download

[web] rate-limit project zip download requests

GitOrigin-RevId: c99b7474de26b0e8a288863dccb60a25adfdc1b0

services/web/app/src/router.js

@@ -670,11 +670,22 @@ function initialize(webRouter, privateApiRouter, publicApiRouter) {
 
   webRouter.get(
     '/Project/:Project_id/download/zip',
+    RateLimiterMiddleware.rateLimit({
+      endpointName: 'zip-download',
+      params: ['Project_id'],
+      maxRequests: 10,
+      timeInterval: 60,
+    }),
     AuthorizationMiddleware.ensureUserCanReadProject,
     ProjectDownloadsController.downloadProject
   )
   webRouter.get(
     '/project/download/zip',
+    RateLimiterMiddleware.rateLimit({
+      endpointName: 'multiple-projects-zip-download',
+      maxRequests: 10,
+      timeInterval: 60,
+    }),
     AuthorizationMiddleware.ensureUserCanReadMultipleProjects,
     ProjectDownloadsController.downloadMultipleProjects
   )