feat: add rate limiting to organization build job endpoint

Add @Throttle decorator to GET /build/:buildJobId endpoint to limit to 300 requests per minute to prevent abuse. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-02-15 20:30:33 +00:00 · 2026-02-08 09:39:55 +02:00
parent 2c05785096
commit 3258159474
1 changed files with 3 additions and 1 deletions
--- a/packages/server/src/modules/Organization/Organization.controller.ts
+++ b/packages/server/src/modules/Organization/Organization.controller.ts
@@ -17,6 +17,7 @@ import {
  HttpCode,
  Param,
 } from '@nestjs/common';
+import { Throttle } from '@nestjs/throttler';
 import { BuildOrganizationService } from './commands/BuildOrganization.service';
 import {
  BuildOrganizationDto,
@@ -50,7 +51,7 @@ export class OrganizationController {
    private readonly updateOrganizationService: UpdateOrganizationService,
    private readonly getBuildOrganizationJobService: GetBuildOrganizationBuildJob,
    private readonly orgBaseCurrencyLockingService: OrganizationBaseCurrencyLocking,
-  ) { }
+  ) {}

  @Post('build')
  @HttpCode(200)
@@ -77,6 +78,7 @@ export class OrganizationController {
  }

  @Get('build/:buildJobId')
+  @Throttle({ default: { limit: 300, ttl: 60000 } }) // 300 req/min
  @ApiParam({
    name: 'buildJobId',
    required: true,