v0.7.8 - Fully static builds implemented with musl-gcc

2025-10-11 10:51:03 -04:00
parent d449513861
commit ecd7095123
23 changed files with 3801 additions and 89 deletions
--- a/src/websockets.h
+++ b/src/websockets.h
@@ -14,6 +14,23 @@
 #define CHALLENGE_MAX_LENGTH 128
 #define AUTHENTICATED_PUBKEY_MAX_LENGTH 65  // 64 hex + null

+// Rate limiting constants for malformed requests
+#define MAX_MALFORMED_REQUESTS_PER_HOUR 10
+#define MALFORMED_REQUEST_BLOCK_DURATION 3600  // 1 hour in seconds
+#define RATE_LIMIT_CLEANUP_INTERVAL 300        // 5 minutes
+
+// Filter validation constants
+#define MAX_FILTERS_PER_REQUEST 10
+#define MAX_AUTHORS_PER_FILTER 100
+#define MAX_IDS_PER_FILTER 100
+#define MAX_KINDS_PER_FILTER 50
+#define MAX_TAG_VALUES_PER_FILTER 100
+#define MAX_KIND_VALUE 65535
+#define MAX_TIMESTAMP_VALUE 2147483647  // Max 32-bit signed int
+#define MAX_LIMIT_VALUE 5000
+#define MAX_SEARCH_LENGTH 256
+#define MAX_TAG_VALUE_LENGTH 1024
+
 // Enhanced per-session data with subscription management, NIP-42 authentication, and rate limiting
 struct per_session_data {
    int authenticated;
@@ -36,6 +53,11 @@ struct per_session_data {
    time_t last_failed_attempt;              // Timestamp of last failed attempt
    time_t rate_limit_until;                 // Time until rate limiting expires
    int consecutive_failures;                // Consecutive failed attempts for backoff
+
+    // Rate limiting for malformed requests
+    int malformed_request_count;             // Count of malformed requests in current hour
+    time_t malformed_request_window_start;   // Start of current hour window
+    time_t malformed_request_blocked_until;  // Time until blocked for malformed requests
 };

 // NIP-11 HTTP session data structure for managing buffer lifetime