From 500a7b60e09bee210ef959ab37a2697c7345e290 Mon Sep 17 00:00:00 2001 From: Jakob Ackermann Date: Thu, 26 Nov 2020 12:55:22 +0000 Subject: [PATCH] Merge pull request #3414 from overleaf/jpa-rate-limit-downloads [misc] add rate-limits to download routes of mics output files GitOrigin-RevId: d1d646fc3da6b628adc762ce84860e3701e3857d --- services/web/app/src/router.js | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/services/web/app/src/router.js b/services/web/app/src/router.js index 34f10fc9b3..2e0a37427e 100644 --- a/services/web/app/src/router.js +++ b/services/web/app/src/router.js @@ -368,6 +368,14 @@ function initialize(webRouter, privateApiRouter, publicApiRouter) { CompileController.downloadPdf ) + // Align with limits defined in CompileController.downloadPdf + const rateLimiterMiddlewareOutputFiles = RateLimiterMiddleware.rateLimit({ + endpointName: 'misc-output-download', + params: ['Project_id'], + maxRequests: 1000, + timeInterval: 60 * 60 + }) + // Used by the pdf viewers webRouter.get( /^\/project\/([^/]*)\/output\/(.*)$/, @@ -379,6 +387,7 @@ function initialize(webRouter, privateApiRouter, publicApiRouter) { req.params = params next() }, + rateLimiterMiddlewareOutputFiles, AuthorizationMiddleware.ensureUserCanReadProject, CompileController.getFileFromClsi ) @@ -394,6 +403,7 @@ function initialize(webRouter, privateApiRouter, publicApiRouter) { req.params = params next() }, + rateLimiterMiddlewareOutputFiles, AuthorizationMiddleware.ensureUserCanReadProject, CompileController.getFileFromClsi ) @@ -410,6 +420,7 @@ function initialize(webRouter, privateApiRouter, publicApiRouter) { req.params = params next() }, + rateLimiterMiddlewareOutputFiles, AuthorizationMiddleware.ensureUserCanReadProject, CompileController.getFileFromClsi ) @@ -427,6 +438,7 @@ function initialize(webRouter, privateApiRouter, publicApiRouter) { req.params = params next() }, + rateLimiterMiddlewareOutputFiles, AuthorizationMiddleware.ensureUserCanReadProject, CompileController.getFileFromClsi )