dev: edge rate limit for email share

src/backend/src/services/ShareService.js

@@ -266,6 +266,11 @@ class ShareService extends BaseService {
                 // featureflag({ feature: 'share' }),
             ],
             handler: async (req, res) => {
+                const svc_edgeRateLimit = req.services.get('edge-rate-limit');
+                if ( ! svc_edgeRateLimit.check('verify-pass-recovery-token') ) {
+                    return res.status(429).send('Too many requests.');
+                }
+
                 const actor = Actor.adapt(req.user);
                 if ( ! (actor.type instanceof UserActorType) ) {
                     throw APIError.create('forbidden');

src/backend/src/services/abuse-prevention/EdgeRateLimitService.js

@@ -44,6 +44,10 @@ class EdgeRateLimitService extends BaseService {
                 limit: 10,
                 window: 15 * MINUTE,
             },
+            ['share']: {
+                limit: 30,
+                window: 1 * MINUTE,
+            },
             ['send-confirm-email']: {
                 limit: 10,
                 window: HOUR,