feat: limit gateway payload size

api/v2/gateway/index.js

@@ -9,6 +9,7 @@ const Channel = require("../../../models/Channel");
 const Message = require("../../../models/Message");
 const { parseMessage, packet } = require("./messageparser");
 const { checkToken } = require("../../../common/auth/authfunctions");
+const config = require("../../../config");
 
 const wsCloseCodes = {
     PAYLOAD_ERROR: [4001, "Error while handling payload"],
@@ -19,7 +20,8 @@ const wsCloseCodes = {
     NOT_AUTHORIZED: [4006, "Not authorized"],
     FLOODING: [4007, "Flooding"],
     NO_PING: [4008, "No ping"],
-    UNSUPPORTED_ATTRIBUTE: [4009, "Unsupported attribute."],
+    UNSUPPORTED_ATTRIBUTE: [4009, "Unsupported attribute"],
+    ILLEGAL_PAYLOAD_SIZE: [4010, "Illegal payload size"],
 };
 
 const attributes = {
@@ -287,7 +289,10 @@ class GatewayServer {
             ws.session = session;
             ws.on("message", async (data, isBinary) => {
                 try {
-                    if (isBinary || !ws.session) return ws.close(wsCloseCodes.PAYLOAD_ERROR[0], wsCloseCodes.PAYLOAD_ERROR[1]);
+                    if (isBinary || !ws.session)
+                        return ws.close(wsCloseCodes.PAYLOAD_ERROR[0], wsCloseCodes.PAYLOAD_ERROR[1]);
+                    if (data.byteLength > config.gatewayMaxPayloadBytes)
+                        return ws.close(wsCloseCodes.ILLEGAL_PAYLOAD_SIZE[0], wsCloseCodes.ILLEGAL_PAYLOAD_SIZE[0]);
                     const status = await this.handler.handleMessage(ws.session, parseMessage(data.toString()));
                     if (status && status.error) {
                         return ws.close(status.error[0], status.error[1]);

config.js

@@ -37,6 +37,7 @@ module.exports = {
     tokenExpiresIn: "8h",
     gatewayPingInterval: 15000,
     gatewayPingCheckInterval: 4500,
+    gatewayMaxPayloadBytes: 4096,
     clientFacingPingInterval: 14750,
     bcryptRounds: 10,
     experiments: {