Severity: Medium
Affected location: index.ts:167-190
Issue:
No per-user/per-connection message rate limiting on WebSockets; attackers can spam messages and force DB growth.
Mitigation plan:
- Add token-bucket rate limiter per user/connection.
- Enforce payload size and message frequency limits.
- Temporarily mute/disconnect abusive connections.
Verification / tests:
- Test burst over limit gets throttled/rejected.
- Ensure normal chat throughput still works.
Severity: Medium
Affected location:
index.ts:167-190Issue:
No per-user/per-connection message rate limiting on WebSockets; attackers can spam messages and force DB growth.
Mitigation plan:
Verification / tests: