aa8879bc69
Public-flip audit: drop audit-ticket prefixes + topology refs + AI scaffolding
...
cardano-api: strip 'Fix #N:' audit-ticket prefixes from inline comments (was
50+ in main.py), drop hardening-pass changelog blocks from module docstring,
rewrite README to drop deploy paths + marketing sections, keep tier/auth/TTL
+ policy IDs.
cardano-checkout-py: drop TradeCraft lineage refs, swap chromaticcraft/tradecraft
test fixtures for acme/globex, repository URL → git.sulkta.com.
2026-05-27 11:15:02 -07:00
11b551b0fe
fix: Security hardening pass 3 - body stream limit, challenge rate limit, COSE validation, TRP refresh batching
...
- Fix #17 : Body size middleware reads actual body stream (catches chunked/missing Content-Length)
- Fix #17 : Challenge flood prevention - per-address rate limit (5/min) + outstanding limit (10 max)
- Fix #18 : COSE algorithm validation (must be EdDSA/-8)
- Fix #18 : COSE element type validation (protected, sig must be bytes; key must be 32 bytes)
- Fix #19 : TRP refresh uses Redis Set + batched Postgres query (eliminates N+1)
- Fix #20 : Pagination page parameter capped at 10000 across all endpoints
Bumped version to 2.3.0
2026-03-21 10:34:25 -07:00
038cbbb9c6
fix: Security hardening pass 2 - body limit, CIP-8 bypass, pagination, cbor2 bump
...
- Fix #11 : Request body size limit (64KB) on /v1/tx/submit via middleware
- Fix #12 : CIP-8 empty payload bypass - reject empty payloads explicitly
- Fix #13 : Pagination on /v1/address/{addr}/tokens and /v1/asset/{policy_id}/info
- Fix #14 : Bump cbor2 to >=5.6.5 (CVE-2024-26134 tag decoding DoS)
- Fix #15 : Fixed holder count query (was using GROUP BY + COUNT DISTINCT incorrectly)
- Fix #16 : Async lock for protocol params cache to prevent stampede
2026-03-21 10:09:15 -07:00
dac26ea1ba
Security hardening: fix 10 vulnerabilities
...
CRITICAL:
- Fix #1 : Atomic nonce GETDEL to prevent race conditions in verify_auth()
HIGH:
- Fix #2 : X-Forwarded-For only trusted from TRUSTED_PROXIES set
- Fix #3 : TRP tier refresh every 10min (was 60min) + 48h key expiry
- Fix #4 : SHA-256 hashed key storage in Redis (raw key never stored)
MEDIUM:
- Fix #5 : Generic error messages - no internal detail leakage
- Fix #6 : Auth refresh is self-service only (documented)
- Fix #7 : CBOR validation before tx submit
- Fix #8 : Input validation regex for addresses, tx hashes, policy IDs
LOW:
- Fix #9 : Correct tx hash calculation (blake2b of tx body, not full tx)
- Fix #10 : Enforce key expiry globally in get_api_key_info
Version bumped to 2.1.0
2026-03-21 09:47:58 -07:00
d5fbec496f
fix: Enforce strict tier-based access control for node endpoints
...
Access control hierarchy:
- Anonymous (free): db-sync read-only ONLY, no node access
- Standard (≥50 TRP): db-sync + node read (UTxOs, protocol-params)
- Elevated (≥500 TRP): everything + tx submit
- Master: unrestricted
Node endpoints now return HTTP 403 for insufficient tier:
- GET /v1/address/{addr}/utxos → requires standard+
- GET /v1/protocol-params → requires standard+
- POST /v1/tx/submit → requires elevated+ (403 for standard/anonymous)
Added require_standard_tier and require_elevated_tier dependencies.
2026-03-21 09:15:40 -07:00
163de03322
feat: Add node integration, TRP-gated auth, CIP-8 verification
...
- Node integration endpoints:
- GET /v1/address/{address}/utxos - query UTxOs directly from node
- POST /v1/tx/submit - submit signed transactions
- GET /v1/protocol-params - current epoch protocol parameters
- TRP-gated permissionless API keys:
- POST /v1/auth/challenge - get nonce for wallet signing
- POST /v1/auth/verify - verify CIP-8 signature, issue key based on TRP balance
- POST /v1/auth/refresh - re-check TRP balance and update tier
- Background task: hourly tier refresh for all TRP-gated keys
- Tier thresholds: 50+ TRP = standard, 500+ TRP = elevated
- TX submit rate limits: anonymous=blocked, standard=2/min, elevated=10/min
- Added pycardano, cbor2, PyNaCl dependencies
- Updated Dockerfile with cardano-cli binary
2026-03-21 08:52:46 -07:00
631a0aa2a0
Add graceful error handling for db-sync initialization
2026-03-18 11:47:03 -07:00
104e11f098
Initial commit: Cardano chain data REST API
2026-03-18 11:43:46 -07:00
