# Issue #282: Add HTTP request timeouts (DoS risk)

## Objective

Add 10-second timeout to all HTTP requests to prevent DoS attacks via slowloris and resource exhaustion.

## Security Impact

- DoS via slowloris attack (attacker sends data very slowly)
- Resource exhaustion from hung connections
- API becomes unresponsive
- P0 security vulnerability

## Current Status

✅ HttpModule is already configured with 10-second timeout in federation.module.ts:29

- All HTTP requests via HttpService automatically use this timeout
- No code changes needed in command.service.ts, query.service.ts, or event.service.ts

## Approach

1. Verify timeout is properly configured at module level
2. Add explicit test to verify timeout enforcement
3. Add tests for timeout scenarios
4. Document timeout configuration
5. Verify all federation HTTP requests use the configured HttpService

## Implementation Plan

- [ ] Review federation.module.ts timeout configuration
- [ ] Add test for HTTP timeout enforcement
- [ ] Add test for timeout error handling
- [ ] Verify query.service.ts uses timeout
- [ ] Verify event.service.ts uses timeout
- [ ] Verify command.service.ts uses timeout
- [ ] Run quality gates (lint, typecheck, build, tests)

## Testing

- Test HTTP request times out after 10 seconds
- Test timeout errors are handled gracefully
- Test all federation services respect timeout
- Maintain 85%+ coverage

## Notes

- Timeout already configured via HttpModule.register({ timeout: 10000 })
- Need to add explicit tests to verify timeout works
- This is a verification and testing issue, not an implementation issue