|
|
d5fbec496f
|
fix: Enforce strict tier-based access control for node endpoints
Access control hierarchy:
- Anonymous (free): db-sync read-only ONLY, no node access
- Standard (≥50 TRP): db-sync + node read (UTxOs, protocol-params)
- Elevated (≥500 TRP): everything + tx submit
- Master: unrestricted
Node endpoints now return HTTP 403 for insufficient tier:
- GET /v1/address/{addr}/utxos → requires standard+
- GET /v1/protocol-params → requires standard+
- POST /v1/tx/submit → requires elevated+ (403 for standard/anonymous)
Added require_standard_tier and require_elevated_tier dependencies.
|
2026-03-21 09:15:40 -07:00 |
|
|
|
163de03322
|
feat: Add node integration, TRP-gated auth, CIP-8 verification
- Node integration endpoints:
- GET /v1/address/{address}/utxos - query UTxOs directly from node
- POST /v1/tx/submit - submit signed transactions
- GET /v1/protocol-params - current epoch protocol parameters
- TRP-gated permissionless API keys:
- POST /v1/auth/challenge - get nonce for wallet signing
- POST /v1/auth/verify - verify CIP-8 signature, issue key based on TRP balance
- POST /v1/auth/refresh - re-check TRP balance and update tier
- Background task: hourly tier refresh for all TRP-gated keys
- Tier thresholds: 50+ TRP = standard, 500+ TRP = elevated
- TX submit rate limits: anonymous=blocked, standard=2/min, elevated=10/min
- Added pycardano, cbor2, PyNaCl dependencies
- Updated Dockerfile with cardano-cli binary
|
2026-03-21 08:52:46 -07:00 |
|
