feat(jsonrpc): restrict batch size, response size, address size and request timeout

[317787106]

Summary

• Add node.jsonrpc.maxBatchSize to limit JSON-RPC batch request size, preventing resource exhaustion from oversized batch calls
• Add node.jsonrpc.maxResponseBodySize to cap response body size, mitigating potential DoS via large response generation
• Add node.jsonrpc.maxAddressSize to restrict the number of addresses in a single request
• Add node.jsonrpc.maxRequestTimeout to enforce a timeout on JSON-RPC request processing

Motivation

These limits protect the JSON-RPC API surface from abuse patterns including:

• Unbounded batch requests that exhaust server memory/CPU
• Requests with large address lists causing disproportionate computation
• Long-running requests that tie up server threads

Configuration

New fields in config.conf under node.jsonrpc:

node {
  jsonrpc {
    maxBatchSize = 100
    maxResponseBodySize = 10485760  # 10MB
    maxAddressSize = 20
    maxRequestTimeout = 5000        # ms
  }
}

Test plan

• Verify batch requests exceeding maxBatchSize are rejected with appropriate error
• Verify responses exceeding maxResponseBodySize return JsonRpcResponseTooLargeException
• Verify requests with address count exceeding maxAddressSize are rejected
• Verify requests exceeding maxRequestTimeout are terminated
• Verify default config values are backward-compatible

🤖 Generated with Claude Code