From beb128f1c998be5ecad1152ee633afafd9f62283 Mon Sep 17 00:00:00 2001
From: Saniddhya Dubey <dubeysaniddhya@gmail.com>
Date: Sun, 3 May 2026 04:54:53 -0400
Subject: [PATCH 1/2] fix: maxLimit checks added to subscription requests

---
 src/handlers/subscribe-message-handler.ts       |  8 ++++++++
 .../handlers/subscribe-message-handler.spec.ts  | 17 +++++++++++++++++
 2 files changed, 25 insertions(+)

diff --git a/src/handlers/subscribe-message-handler.ts b/src/handlers/subscribe-message-handler.ts
index 6d5c1e1e..970af008 100644
--- a/src/handlers/subscribe-message-handler.ts
+++ b/src/handlers/subscribe-message-handler.ts
@@ -116,6 +116,14 @@ export class SubscribeMessageHandler implements IMessageHandler, IAbortable {
       }
     }
 
+    const maxLimit = subscriptionLimits?.maxLimit ?? 0
+    if (maxLimit > 0) {
+      const hasExcessiveLimit = filters.some((filter) => filter.limit !== undefined && filter.limit > maxLimit)
+      if (hasExcessiveLimit) {
+        return `Limit too high: Filter limit must be less than or equal to ${maxLimit}`
+      }
+    }
+
     if (
       typeof subscriptionLimits?.maxSubscriptionIdLength === 'number' &&
       subscriptionId.length > subscriptionLimits.maxSubscriptionIdLength
diff --git a/test/unit/handlers/subscribe-message-handler.spec.ts b/test/unit/handlers/subscribe-message-handler.spec.ts
index 4ff024d8..35f1bb2b 100644
--- a/test/unit/handlers/subscribe-message-handler.spec.ts
+++ b/test/unit/handlers/subscribe-message-handler.spec.ts
@@ -367,6 +367,23 @@ describe('SubscribeMessageHandler', () => {
       )
     })
 
+    it('returns reason if filter limit exceeds max limit', () => {
+      settingsFactory.returns({
+        limits: {
+          client: {
+            subscription: {
+              maxLimit: 50,
+            },
+          },
+        },
+      })
+      filters = [{ limit: 100 }]
+
+      expect((handler as any).canSubscribe(subscriptionId, filters)).to.equal(
+        'Limit too high: Filter limit must be less than or equal to 50',
+      )
+    })
+
     it('returns reason if subscription id is too long', () => {
       settingsFactory.returns({
         limits: {

From dcfa5cb9a49b6d790a00483eef7071a5b820c6f4 Mon Sep 17 00:00:00 2001
From: Saniddhya Dubey <dubeysaniddhya@gmail.com>
Date: Sun, 3 May 2026 04:59:16 -0400
Subject: [PATCH 2/2] docs(changeset): fix: maxLimit checks added to
 subscription message handler

---
 .changeset/brown-bears-pay.md | 5 +++++
 1 file changed, 5 insertions(+)
 create mode 100644 .changeset/brown-bears-pay.md

diff --git a/.changeset/brown-bears-pay.md b/.changeset/brown-bears-pay.md
new file mode 100644
index 00000000..2b1997c8
--- /dev/null
+++ b/.changeset/brown-bears-pay.md
@@ -0,0 +1,5 @@
+---
+"nostream": patch
+---
+
+fix: maxLimit checks added to subscription message handler