From f5c92cb6274802968f7f6460c6413d45ff66efc7 Mon Sep 17 00:00:00 2001
From: Thomas Mees <thomas-@users.noreply.github.com>
Date: Fri, 21 Mar 2025 11:57:02 +0000
Subject: [PATCH] Merge pull request #24309 from
 overleaf/tm-recurly-webhook-ratelimit

Make a new less restrictive ratelimiter for the recurly callback

GitOrigin-RevId: 61bc39110a7ecc6e8f937478a9ccc965b555add5
---
 .../app/src/Features/Subscription/SubscriptionRouter.mjs   | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/services/web/app/src/Features/Subscription/SubscriptionRouter.mjs b/services/web/app/src/Features/Subscription/SubscriptionRouter.mjs
index 67b5538bf8..073ed68eae 100644
--- a/services/web/app/src/Features/Subscription/SubscriptionRouter.mjs
+++ b/services/web/app/src/Features/Subscription/SubscriptionRouter.mjs
@@ -168,7 +168,12 @@ export default {
     // recurly callback
     publicApiRouter.post(
       '/user/subscription/callback',
-      RateLimiterMiddleware.rateLimit(subscriptionRateLimiter),
+      RateLimiterMiddleware.rateLimit(
+        new RateLimiter('recurly-callback', {
+          points: 200,
+          duration: 60,
+        })
+      ),
       AuthenticationController.requireBasicAuth({
         [Settings.apis.recurly.webhookUser]: Settings.apis.recurly.webhookPass,
       }),