From 2117d24bda1d031cbd7d7a1307b60b24cfbc896c Mon Sep 17 00:00:00 2001
From: Jakob Ackermann <jakob.ackermann@overleaf.com>
Date: Thu, 31 Mar 2022 08:54:43 +0100
Subject: [PATCH] Merge pull request #7294 from
 overleaf/jpa-ratelimit-2fa-check

[web] rate-limit 2fa check requests

GitOrigin-RevId: da3d2f15c68cff101de807c1eae91edbd86481e7
---
 .../web/app/src/Features/Security/RateLimiterMiddleware.js    | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/services/web/app/src/Features/Security/RateLimiterMiddleware.js b/services/web/app/src/Features/Security/RateLimiterMiddleware.js
index 41a0f804b5..c32c7e9d81 100644
--- a/services/web/app/src/Features/Security/RateLimiterMiddleware.js
+++ b/services/web/app/src/Features/Security/RateLimiterMiddleware.js
@@ -16,8 +16,10 @@ const settings = require('@overleaf/settings')
   Unique clients are identified by user_id if logged in, and IP address if not.
 */
 function rateLimit(opts) {
+  const getUserId =
+    opts.getUserId || (req => SessionManager.getLoggedInUserId(req.session))
   return function (req, res, next) {
-    const userId = SessionManager.getLoggedInUserId(req.session) || req.ip
+    const userId = getUserId(req) || req.ip
     if (
       settings.smokeTest &&
       settings.smokeTest.userId &&