how to limit the amount of data being sent by the client through websocket?

2.4k views Asked by At

I am using the ws module and I'd like to limit the amount of data being sent by the client over websocket to 1Mb. This will prevent a malicious user from sending huge amounts of data (in terms of GB) causing the server to run out of memory, which would cause denial of service errors for every normal user.
For example, example Express allows to specify the max size of a post request body like so:

bodyParser.json({limit:'1Mb'})

How I do something similar with the ws module?
I tried

var ws = require('ws').Server
var wsserver = new ws({port:8080, limit:'1Mb'})

But this of course doesn't work.
I want the transmission of data to be interrupted (after 1Mb is exceeded) and the websocket connection to be closed. How can I do that?
There must be a way to limit the frames of data coming from the client...

1

There are 1 answers

6
Ghedipunk On

That ability does not (currently) exist in that library.

Poking around their source code, it appears that the place to start would be processPacket() method in https://github.com/websockets/ws/blob/master/lib/Receiver.js .

Once you have the packet header available, you can see the size of the message being sent. If it's above a certain threshold, there should be a way to close the connection before all of the bytes are even hitting your network.

Of course, the nice thing to do would be to fork their repository, issue a feature request, add in a configuration option that defaults to not taking any action if it's not set (don't break backwards compatibility), and submit a pull request.

If they like it, they'll merge. If not, you'll still be able to merge their future versions into your own repo and stay up to date without having to re-do your work each time they submit a new release.