From ee294c524debc094ff7083270bf3c46fd1bcf70d Mon Sep 17 00:00:00 2001
From: Mathias Jakobsen <mathias.jakobsen@overleaf.com>
Date: Thu, 5 Mar 2026 11:01:34 +0000
Subject: [PATCH] Merge pull request #32026 from
 overleaf/jpa-rate-limit-accept-invite

[web] add rate limit for accepting project invite

GitOrigin-RevId: 1b6e8d7b7547d03cbf3a8ed53b606b9541e37d1f
---
 .../app/src/Features/Collaborators/CollaboratorsRouter.mjs   | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/services/web/app/src/Features/Collaborators/CollaboratorsRouter.mjs b/services/web/app/src/Features/Collaborators/CollaboratorsRouter.mjs
index 6b4ead8cac..4e706fd499 100644
--- a/services/web/app/src/Features/Collaborators/CollaboratorsRouter.mjs
+++ b/services/web/app/src/Features/Collaborators/CollaboratorsRouter.mjs
@@ -28,6 +28,10 @@ const rateLimiters = {
     points: 20,
     duration: 60,
   }),
+  acceptProjectInvite: new RateLimiter('accept-project-invite', {
+    points: 25, // just over view-project-invite
+    duration: 60,
+  }),
 }
 
 export default {
@@ -124,6 +128,7 @@ export default {
         'project-invite'
       ),
       AuthenticationController.requireLogin(),
+      RateLimiterMiddleware.rateLimit(rateLimiters.acceptProjectInvite),
       CollaboratorsInviteController.acceptInvite,
       AnalyticsRegistrationSourceMiddleware.clearSource()
     )