feat: add WebSocket rate limiting for enhanced security

[SurajPatil1404]

've made a meaningful contribution that adds WebSocket rate limiting to enhance the security of the application. Here's what the contribution includes:

Added a new RateLimitConfig class that configures WebSocket limits:

Maximum text message size: 64KB
Maximum binary message size: 64KB
Maximum sessions per remote address: 2
Added corresponding properties in application-prod.properties

[thughari]

Hey @SurajPatil1404 ! 👋

Thanks a lot for the great suggestion, adding WebSocket rate limiting is definitely a smart move to improve security and protect the app from abuse.

I went ahead and tried implementing it, but I ran into a compile-time issue with the following line:

container.setMaxSessionsPerRemote(2);

The compiler throws this error:

The method setMaxSessionsPerRemote(int) is undefined for the type ServletServerContainerFactoryBean

It looks like ServletServerContainerFactoryBean doesn’t actually support that method, at least in the standard Spring WebSocket implementation. Perhaps this setting exists in a different WebSocket container or version?

Also, just to confirm my understanding! if this configuration did work, it would limit users coming from the same public IP (for example, multiple users on the same Wi-Fi network) to a maximum of 2 concurrent WebSocket connections, right? That might unintentionally restrict legitimate users behind NAT.

The message size limits (64KB) are working perfectly though, they’re a great addition for stability and memory safety.

Really appreciate the insight and your help on this! 🙌

[thughari]

Heads-up: ServletServerContainerFactoryBean doesn’t have a method called setMaxSessionsPerRemote(int) in the standard Spring implementation, so this line causes a compile-time error. We might need a different approach if we want to limit concurrent sessions per remote IP.