fix(voice-call): harden media stream pre-start websocket handling

2026-03-12 07:20:45 +00:00 · 2026-02-22 23:25:11 +01:00
parent 1ad9f9af5a
commit 1d8968c8a8
8 changed files with 340 additions and 3 deletions
--- a/docs/plugins/voice-call.md
+++ b/docs/plugins/voice-call.md
@@ -107,6 +107,10 @@ Set config under `plugins.entries.voice-call.config`:
          streaming: {
            enabled: true,
            streamPath: "/voice/stream",
+            preStartTimeoutMs: 5000,
+            maxPendingConnections: 32,
+            maxPendingConnectionsPerIp: 4,
+            maxConnections: 128,
          },
        },
      },
@@ -125,6 +129,11 @@ Notes:
 - If you use ngrok free tier, set `publicUrl` to the exact ngrok URL; signature verification is always enforced.
 - `tunnel.allowNgrokFreeTierLoopbackBypass: true` allows Twilio webhooks with invalid signatures **only** when `tunnel.provider="ngrok"` and `serve.bind` is loopback (ngrok local agent). Use for local dev only.
 - Ngrok free tier URLs can change or add interstitial behavior; if `publicUrl` drifts, Twilio signatures will fail. For production, prefer a stable domain or Tailscale funnel.
+- Streaming security defaults:
+  - `streaming.preStartTimeoutMs` closes sockets that never send a valid `start` frame.
+  - `streaming.maxPendingConnections` caps total unauthenticated pre-start sockets.
+  - `streaming.maxPendingConnectionsPerIp` caps unauthenticated pre-start sockets per source IP.
+  - `streaming.maxConnections` caps total open media stream sockets (pending + active).

 ## Stale call reaper