Merge pull request #24309 from overleaf/tm-recurly-webhook-ratelimit

Make a new less restrictive ratelimiter for the recurly callback GitOrigin-RevId: 61bc39110a7ecc6e8f937478a9ccc965b555add5
2026-06-11 23:20:47 +02:00 · 2025-03-21 11:57:02 +00:00
parent bdcf1d3a83
commit f5c92cb627
1 changed files with 6 additions and 1 deletions
@@ -168,7 +168,12 @@ export default {
    // recurly callback
    publicApiRouter.post(
      '/user/subscription/callback',
-      RateLimiterMiddleware.rateLimit(subscriptionRateLimiter),
+      RateLimiterMiddleware.rateLimit(
+        new RateLimiter('recurly-callback', {
+          points: 200,
+          duration: 60,
+        })
+      ),
      AuthenticationController.requireBasicAuth({
        [Settings.apis.recurly.webhookUser]: Settings.apis.recurly.webhookPass,
      }),