Describe the bug
The relay exposes limits.client.subscription.maxLimit (default: 5000) in the NIP-11 relay information document via root-request-handler.ts:90, telling clients that at most 5,000 events will be returned per query. However, this value is never actually enforced anywhere in the query path.
To Reproduce
Steps to reproduce the behavior:
- Start a nostream relay with default settings (
maxLimit: 5000 in default-settings.yaml)
- Connect via WebSocket and send:
["REQ", "test-sub", {"kinds": [1], "limit": 999999}]
- Observe that the relay attempts to stream up to 999,999 events from Postgres - the
maxLimit: 5000 setting has no effect
Expected behavior
findByFilters() should clamp currentFilter.limit to the configured maxLimit before passing it to the query builder.
Screenshots
The request didn't get flagged, and nostream tried to stream events (though locally I don't have 999999 events stored.)
System (please complete the following information):
- OS: Any
- Platform: Docker / Standalone
- Version: 2.1.1 (commit d8f62b4)
Additional context
- This creates a broken contract: the relay tells clients the limit is 5,000 but accepts and executes arbitrary values
- Impact: resource exhaustion (memory + DB connections), potential denial of service on relays with large event stores
Describe the bug
The relay exposes
limits.client.subscription.maxLimit(default: 5000) in the NIP-11 relay information document viaroot-request-handler.ts:90, telling clients that at most 5,000 events will be returned per query. However, this value is never actually enforced anywhere in the query path.To Reproduce
Steps to reproduce the behavior:
maxLimit: 5000indefault-settings.yaml)maxLimit: 5000setting has no effectExpected behavior
findByFilters()should clampcurrentFilter.limitto the configuredmaxLimitbefore passing it to the query builder.Screenshots
The request didn't get flagged, and nostream tried to stream events (though locally I don't have 999999 events stored.)
System (please complete the following information):
Additional context