RealDevSquad · AnujChhikara · Feb 24, 2026 · Feb 24, 2026 · prakashchoudhary07 · Feb 25, 2026
diff --git a/routes/discordactions.js b/routes/discordactions.js
@@ -31,22 +31,13 @@
 const { Services } = require("../constants/bot");
 const { verifyCronJob } = require("../middlewares/authorizeBot");
 const { authorizeAndAuthenticate } = require("../middlewares/authorizeUsersAndService");
-const { disableRoute } = require("../middlewares/shortCircuit");
 const router = express.Router();
 
 router.post("/groups", authenticate, checkIsVerifiedDiscord, validateGroupRoleBody, createGroupRole);
 router.get("/groups", authenticate, checkIsVerifiedDiscord, validateLazyLoadingParams, getPaginatedAllGroupRoles);
 router.delete("/groups/:groupId", authenticate, checkIsVerifiedDiscord, authorizeRoles([SUPERUSER]), deleteGroupRole);
 router.post("/roles", authenticate, checkIsVerifiedDiscord, validateMemberRoleBody, addGroupRoleToMember);
-/**
- * Short-circuit the GET method for this endpoint
- * Refer https://github.com/Real-Dev-Squad/todo-action-items/issues/269 for more details.
- */
-router.get("/invite", disableRoute, authenticate, getUserDiscordInvite);
-/**
- * Short-circuit this POST method for this endpoint
- * Refer https://github.com/Real-Dev-Squad/todo-action-items/issues/269 for more details.
- */
+router.get("/invite", authenticate, getUserDiscordInvite);
@@ -31,13 +31,21 @@
 const { Services } = require("../constants/bot");
 const { verifyCronJob } = require("../middlewares/authorizeBot");
 const { authorizeAndAuthenticate } = require("../middlewares/authorizeUsersAndService");
+const rateLimit = require("express-rate-limit");
 const router = express.Router();
+const getUserInviteLimiter = rateLimit({
+  windowMs: 15 * 60 * 1000, // 15 minutes
+  max: 50, // limit each IP to 50 requests per windowMs for GET /invite
+  standardHeaders: true,
+  legacyHeaders: false,
+});
+
 router.post("/groups", authenticate, checkIsVerifiedDiscord, validateGroupRoleBody, createGroupRole);
 router.get("/groups", authenticate, checkIsVerifiedDiscord, validateLazyLoadingParams, getPaginatedAllGroupRoles);
 router.delete("/groups/:groupId", authenticate, checkIsVerifiedDiscord, authorizeRoles([SUPERUSER]), deleteGroupRole);
 router.post("/roles", authenticate, checkIsVerifiedDiscord, validateMemberRoleBody, addGroupRoleToMember);
-router.get("/invite", authenticate, getUserDiscordInvite);
+router.get("/invite", authenticate, getUserInviteLimiter, getUserDiscordInvite);
 router.post("/invite", authenticate, checkCanGenerateDiscordLink, generateInviteForUser);
 router.delete("/roles", authenticate, checkIsVerifiedDiscord, deleteRole);
@@ -42,7 +42,8 @@
    "passport-github2": "0.1.12",
    "passport-google-oauth20": "^2.0.0",
    "rate-limiter-flexible": "5.0.3",
-    "winston": "3.13.0"
+    "winston": "3.13.0",
+    "express-rate-limit": "^8.2.1"
  },
  "devDependencies": {
    "@types/chai": "4.3.16",
@@ -31,13 +31,21 @@
 const { Services } = require("../constants/bot");
 const { verifyCronJob } = require("../middlewares/authorizeBot");
 const { authorizeAndAuthenticate } = require("../middlewares/authorizeUsersAndService");
+const rateLimit = require("express-rate-limit");
 const router = express.Router();

+const getUserInviteLimiter = rateLimit({
+  windowMs: 15 * 60 * 1000, // 15 minutes
+  max: 50, // limit each IP to 50 requests per windowMs for GET /invite
+  standardHeaders: true,
+  legacyHeaders: false,
+});
+
 router.post("/groups", authenticate, checkIsVerifiedDiscord, validateGroupRoleBody, createGroupRole);
 router.get("/groups", authenticate, checkIsVerifiedDiscord, validateLazyLoadingParams, getPaginatedAllGroupRoles);
 router.delete("/groups/:groupId", authenticate, checkIsVerifiedDiscord, authorizeRoles([SUPERUSER]), deleteGroupRole);
 router.post("/roles", authenticate, checkIsVerifiedDiscord, validateMemberRoleBody, addGroupRoleToMember);
-router.get("/invite", authenticate, getUserDiscordInvite);
+router.get("/invite", authenticate, getUserInviteLimiter, getUserDiscordInvite);
 router.post("/invite", authenticate, checkCanGenerateDiscordLink, generateInviteForUser);

 router.delete("/roles", authenticate, checkIsVerifiedDiscord, deleteRole);
@@ -42,7 +42,8 @@
    "passport-github2": "0.1.12",
    "passport-google-oauth20": "^2.0.0",
    "rate-limiter-flexible": "5.0.3",
-    "winston": "3.13.0"
+    "winston": "3.13.0",
+    "express-rate-limit": "^8.2.1"
  },
  "devDependencies": {
    "@types/chai": "4.3.16",
 router.post("/invite", authenticate, checkCanGenerateDiscordLink, generateInviteForUser);
 
 router.delete("/roles", authenticate, checkIsVerifiedDiscord, deleteRole);