From 96b781b7fd424b4572eaccd37b5c4958b57daf34 Mon Sep 17 00:00:00 2001
From: Vishnu Narayanan <iamwishnu@gmail.com>
Date: Tue, 13 Feb 2024 18:48:11 +0530
Subject: [PATCH] fix: throttle contact search endpoint to prevent abuse
 (#8919)

Throttle contact_search endpoint to prevent abuse/maintain db perf
ref: https://discord.com/channels/897869226579222540/899920096972111883/1206919316402999326
---
 config/initializers/rack_attack.rb | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/config/initializers/rack_attack.rb b/config/initializers/rack_attack.rb
index 99974f4f7..440fc43cb 100644
--- a/config/initializers/rack_attack.rb
+++ b/config/initializers/rack_attack.rb
@@ -148,6 +148,12 @@ class Rack::Attack
     match_data[:account_id] if match_data.present?
   end
 
+  ## Prevent abuse of contact search api
+  throttle('/api/v1/accounts/:account_id/contacts/search', limit: 5, period: 1.minute) do |req|
+    match_data = %r{/api/v1/accounts/(?<account_id>\d+)/contacts/search}.match(req.path)
+    match_data[:account_id] if match_data.present?
+  end
+
   ## ----------------------------------------------- ##
 end