Merge pull request #32026 from overleaf/jpa-rate-limit-accept-invite

[web] add rate limit for accepting project invite GitOrigin-RevId: 1b6e8d7b7547d03cbf3a8ed53b606b9541e37d1f
2026-05-30 12:24:25 +02:00 · 2026-03-05 11:01:34 +00:00
parent ada0922988
commit ee294c524d
1 changed files with 5 additions and 0 deletions
--- a/services/web/app/src/Features/Collaborators/CollaboratorsRouter.mjs
+++ b/services/web/app/src/Features/Collaborators/CollaboratorsRouter.mjs
@@ -28,6 +28,10 @@ const rateLimiters = {
    points: 20,
    duration: 60,
  }),
+  acceptProjectInvite: new RateLimiter('accept-project-invite', {
+    points: 25, // just over view-project-invite
+    duration: 60,
+  }),
 }

 export default {
@@ -124,6 +128,7 @@ export default {
        'project-invite'
      ),
      AuthenticationController.requireLogin(),
+      RateLimiterMiddleware.rateLimit(rateLimiters.acceptProjectInvite),
      CollaboratorsInviteController.acceptInvite,
      AnalyticsRegistrationSourceMiddleware.clearSource()
    )