Middleware

Rate Limiter

The rate limiter middleware prevents abuse by limiting the number of WebSocket messages per user per second. It is applied to the WebSocket gateway.

Configure the rate limit via BoardModule.register():

BoardModule.register({
    // ...
    sync: {
        maxMessageRatePerUser: 60, // messages per second per user
    },
})

When a client exceeds the rate limit, the server responds with:

{
    type: 'rate-limited',
    retryAfterMs: 1000
}

Size Guard

The size guard middleware limits the size of incoming HTTP request bodies. This protects against excessively large payloads, particularly for asset uploads.

Asset size limits are configured through the limits option:

BoardModule.register({
    // ...
    limits: {
        maxAssetSizeMb: 25,   // per-file limit
        maxBoardSizeMb: 100,  // per-board total limit
    },
})

These limits are enforced at the AssetService level. The size guard middleware provides an additional early-rejection layer at the HTTP level before the request body is fully parsed.