|
|
038cbbb9c6
|
fix: Security hardening pass 2 - body limit, CIP-8 bypass, pagination, cbor2 bump
- Fix #11: Request body size limit (64KB) on /v1/tx/submit via middleware
- Fix #12: CIP-8 empty payload bypass - reject empty payloads explicitly
- Fix #13: Pagination on /v1/address/{addr}/tokens and /v1/asset/{policy_id}/info
- Fix #14: Bump cbor2 to >=5.6.5 (CVE-2024-26134 tag decoding DoS)
- Fix #15: Fixed holder count query (was using GROUP BY + COUNT DISTINCT incorrectly)
- Fix #16: Async lock for protocol params cache to prevent stampede
|
2026-03-21 10:09:15 -07:00 |
|
|
|
163de03322
|
feat: Add node integration, TRP-gated auth, CIP-8 verification
- Node integration endpoints:
- GET /v1/address/{address}/utxos - query UTxOs directly from node
- POST /v1/tx/submit - submit signed transactions
- GET /v1/protocol-params - current epoch protocol parameters
- TRP-gated permissionless API keys:
- POST /v1/auth/challenge - get nonce for wallet signing
- POST /v1/auth/verify - verify CIP-8 signature, issue key based on TRP balance
- POST /v1/auth/refresh - re-check TRP balance and update tier
- Background task: hourly tier refresh for all TRP-gated keys
- Tier thresholds: 50+ TRP = standard, 500+ TRP = elevated
- TX submit rate limits: anonymous=blocked, standard=2/min, elevated=10/min
- Added pycardano, cbor2, PyNaCl dependencies
- Updated Dockerfile with cardano-cli binary
|
2026-03-21 08:52:46 -07:00 |
|
