mirror of
https://github.com/tiennm99/ccs.git
synced 2026-07-17 04:17:11 +00:00
fix(websocket): add maxPayload limit to prevent DoS attacks
Set 1MB payload limit and disable perMessageDeflate to prevent memory exhaustion and zip bomb attacks on WebSocket server.
This commit is contained in:
@@ -32,7 +32,11 @@ export interface ServerInstance {
|
||||
export async function startServer(options: ServerOptions): Promise<ServerInstance> {
|
||||
const app = express();
|
||||
const server = http.createServer(app);
|
||||
const wss = new WebSocketServer({ server });
|
||||
const wss = new WebSocketServer({
|
||||
server,
|
||||
maxPayload: 1024 * 1024, // 1MB hard limit to prevent DoS
|
||||
perMessageDeflate: false, // Prevent zip bomb attacks
|
||||
});
|
||||
|
||||
// JSON body parsing with error handler for malformed JSON
|
||||
app.use(express.json());
|
||||
|
||||
Reference in New Issue
Block a user