From 96bbffa704a3df93c38c36db4e280943058ff7db Mon Sep 17 00:00:00 2001 From: Jakob Ackermann Date: Wed, 29 Nov 2023 15:47:38 +0100 Subject: [PATCH] Merge pull request #16000 from overleaf/jpa-web-join-project-rate-limit-per-user-id [web] apply rate limit for joinProject per user-id and project-id GitOrigin-RevId: d03a81f4ff55d9a8f6d4ea4ca3633e3682e6dacb --- services/web/app/src/Features/Editor/EditorHttpController.js | 2 +- services/web/app/src/Features/Editor/EditorRouter.js | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/services/web/app/src/Features/Editor/EditorHttpController.js b/services/web/app/src/Features/Editor/EditorHttpController.js index 719a71b192..1ad5ebbd08 100644 --- a/services/web/app/src/Features/Editor/EditorHttpController.js +++ b/services/web/app/src/Features/Editor/EditorHttpController.js @@ -58,7 +58,7 @@ const unsupportedSpellcheckLanguages = [ async function joinProject(req, res, next) { const projectId = req.params.Project_id - let userId = req.query.user_id + let userId = req.query.user_id // keep schema in sync with router if (userId === 'anonymous-user') { userId = null } diff --git a/services/web/app/src/Features/Editor/EditorRouter.js b/services/web/app/src/Features/Editor/EditorRouter.js index 6539e9e524..eda8d9c891 100644 --- a/services/web/app/src/Features/Editor/EditorRouter.js +++ b/services/web/app/src/Features/Editor/EditorRouter.js @@ -70,6 +70,8 @@ module.exports = { AuthenticationController.requirePrivateApiAuth(), RateLimiterMiddleware.rateLimit(rateLimiters.joinProject, { params: ['Project_id'], + // keep schema in sync with controller + getUserId: req => req.query.user_id, }), EditorHttpController.joinProject )