Add rate limiter to import api

lib/api/project_import.rb

@@ -18,6 +18,14 @@ module API
       def validate_file!
         render_api_error!('The file is invalid', 400) unless file_is_valid?
       end
+
+      def throttled?(key, scope)
+        rate_limiter.throttled?(key, scope: scope)
+      end
+
+      def rate_limiter
+        ::Gitlab::ApplicationRateLimiter
+      end
     end
 
     before do
@@ -43,6 +51,14 @@ module API
         success Entities::ProjectImportStatus
       end
       post 'import' do
+        key = "project_import".to_sym
+
+        if throttled?(key, [current_user, key])
+          rate_limiter.log_request(request, "#{key}_request_limit".to_sym, current_user)
+
+          render_api_error!({ error: _('This endpoint has been requested too many times. Try again later.') }, 429)
+        end
+
         validate_file!
 
         Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-foss/issues/42437')

spec/requests/api/project_import_spec.rb

@@ -196,6 +196,19 @@ describe API::ProjectImport do
       end
     end
 
+    context 'when request exceeds the rate limit' do
+      before do
+        allow(::Gitlab::ApplicationRateLimiter).to receive(:throttled?).and_return(true)
+      end
+
+      it 'prevents users from importing projects' do
+        post api('/projects/import', user), params: { path: 'test-import', file: fixture_file_upload(file), namespace: namespace.id }
+
+        expect(response).to have_gitlab_http_status(429)
+        expect(json_response['message']['error']).to eq('This endpoint has been requested too many times. Try again later.')
+      end
+    end
+
     def stub_import(namespace)
       expect_any_instance_of(ProjectImportState).to receive(:schedule)
       expect(::Projects::CreateService).to receive(:new).with(user, hash_including(namespace_id: namespace.id)).and_call_original