From d94432f2f51a626800a24bf23e85a43baea85807 Mon Sep 17 00:00:00 2001
From: aniket866 <iamaniketkumarmaner@gmail.com>
Date: Sun, 15 Feb 2026 01:59:28 +0530
Subject: [PATCH] fixing-json-attack

---
 src/server/websocket.ts | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/server/websocket.ts b/src/server/websocket.ts
index f06ad7a..5c35971 100644
--- a/src/server/websocket.ts
+++ b/src/server/websocket.ts
@@ -22,6 +22,7 @@ export function createWsServer(server: Server) {
     const wss = new WebSocketServer({ noServer: true });
     const inputHandler = new InputHandler();
     const LAN_IP = getLocalIp();
+    const MAX_PAYLOAD_SIZE = 10 * 1024; // 10KB limit
 
     console.log(`WebSocket Server initialized (Upgrade mode)`);
     console.log(`WS LAN IP: ${LAN_IP}`);
@@ -44,6 +45,13 @@ export function createWsServer(server: Server) {
         ws.on('message', async (data: string) => {
             try {
                 const raw = data.toString();
+
+                // Prevent JSON DoS
+                if (raw.length > MAX_PAYLOAD_SIZE) {
+                    console.warn('Payload too large, rejecting message.');
+                    return;
+                }
+
                 const msg = JSON.parse(raw);
 
                 if (msg.type === 'get-ip') {