1 files changed, 8 insertions, 0 deletions

diff --git a/app/controllers/search_controller.rb b/app/controllers/search_controller.rb
index 99a6dfa811e..d58ed252a36 100644
--- a/app/controllers/search_controller.rb
+++ b/app/controllers/search_controller.rb
@@ -17,6 +17,7 @@ class SearchController < ApplicationController
     search_term_present = params[:search].present? || params[:term].present?
     search_term_present && !params[:project_id].present?
   end
+  before_action :check_email_search_rate_limit!, only: [:show, :count, :autocomplete]
 
   rescue_from ActiveRecord::QueryCanceled, with: :render_timeout
 
@@ -142,6 +143,7 @@ class SearchController < ApplicationController
     payload[:metadata]['meta.search.filters.confidential'] = params[:confidential]
     payload[:metadata]['meta.search.filters.state'] = params[:state]
     payload[:metadata]['meta.search.force_search_results'] = params[:force_search_results]
+    payload[:metadata]['meta.search.project_ids'] = params[:project_ids]
 
     if search_service.abuse_detected?
       payload[:metadata]['abuse.confidence'] = Gitlab::Abuse.confidence(:certain)
@@ -198,6 +200,12 @@ class SearchController < ApplicationController
       render status: :request_timeout
     end
   end
+
+  def check_email_search_rate_limit!
+    return unless search_service.params.email_lookup?
+
+    check_rate_limit!(:user_email_lookup, scope: [current_user])
+  end
 end
 
 SearchController.prepend_mod_with('SearchController')