feat: add input sanitization middleware#8
Open
devSoniia wants to merge 191 commits into
Open
Conversation
…289#63) - Add ERR_SAME_PARTY (E010) constant to types.rs for consistent error codes - Use ERR_SAME_PARTY in validate_create_stream() instead of inline string - Update test to match new error code prefix
- Pre-deployment checklist (tests, keys, audit, XLM balance) - Step-by-step deploy commands for token and stream contracts - Post-deploy verification steps - Rollback procedure: pause+upgrade or revert to previous WASM
- Connect wallet via Freighter - Create stream, withdraw, query state with TypeScript examples - Error handling with PayStream error codes
- examples/javascript/stream.js — create stream, query state (Node.js) - examples/python/stream.py — create stream, query state (stellar-sdk) - examples/rust/stream.rs — create stream, query claimable (off-chain client) - examples/README.md — setup instructions and links - README.md — link examples/ and docs/integration/frontend.md
Closes Vera3289#101 — TypeScript SDK (sdk/ package) Closes Vera3289#102 — Freighter wallet integration Closes Vera3289#103 — Demo React app Closes Vera3289#104 — pollClaimable utility - sdk/: PayStreamClient wrapping all 10 contract functions with full TypeScript types; read-only calls via simulateTransaction, mutating calls return unsigned XDR for caller to sign and submit - sdk/src/freighter.ts: connectFreighter, getFreighterPublicKey, freighterSignTransaction, isFreighterConnected helpers; throws FreighterNotInstalledError with install link when extension absent - sdk/src/poll.ts: pollClaimable(client, streamId, intervalMs, cb) polls claimable() at a configurable interval, stops on unsubscribe, handles network errors gracefully - demo/: Vite + React app connecting to testnet; connect wallet, create stream, load stream by ID, live claimable balance (5 s poll), withdraw button for employee
…ounty - Add in-scope / out-of-scope sections - Add coordinated disclosure timeline table - Add bug bounty programme with severity/reward tiers - Retain existing audit table and security design notes - Reference threat-model.md and remediation.md Closes Vera3289#64
- 30+ terms defined covering streams, storage, Soroban, SEP-41, fees, etc. - Accessible to developers unfamiliar with Stellar - Linked from docs/api-reference.md Closes Vera3289#93
Audits all DataKey and TokenDataKey variants across both contracts. No PII found. Documents methodology, findings, and recommendations. Closes Vera3289#67
feat: TypeScript SDK, Freighter wallet, pollClaimable, and demo app
…ema-docs Issue Vera3289#87: add event schema reference documentation
…-audit Issue Vera3289#75: Fund-lock audit and recovery regression test
…ce-docs Issue Vera3289#97: add performance benchmark documentation
…nbook docs: add mainnet deployment runbook (Vera3289#86)
feat: add SDK usage examples in JS, Python, and Rust (Vera3289#95)
…ntegration docs: add frontend integration guide for JS/TS (Vera3289#91)
…-employee fix: reject stream creation when employer == employee (Vera3289#63)
- Add FeeBps and FeeRecipient variants to DataKey enum - Add PendingAdmin to DataKey (was missing, used by storage.rs) - Add get/set_fee_bps and get/set_fee_recipient storage helpers - Add set_protocol_fee admin function (0-100 bps, E011 if exceeded) - Deduct fee from withdrawal amount; send to fee_recipient - Fee of 0 disables the mechanism entirely - Fix broken use statement in test.rs and add missing imports - Add 5 tests: no fee default, 1% fee deduction, disable fee, above-max rejected (E011), non-admin rejected, 0.5% rounding Closes Vera3289#125
feat: add protocol fee mechanism
docs: storage audit — no PII in contract storage
docs: add glossary of PayStream and Stellar terms
docs: complete SECURITY.md with scope, disclosure timeline, and bug bounty
… quickstart (Vera3289#82), FAQ (Vera3289#88) - Vera3289#62: validate token address via try_balance SEP-41 probe in create_stream and create_streams_batch; reject invalid addresses with ERR_INVALID_TOKEN (E012) - Vera3289#69: add propose_employer_transfer + accept_employer_transfer for safe two-step stream ownership transfer; old employer loses control on acceptance - Vera3289#82: add docs/quickstart.md — zero to running local stream in <30 min - Vera3289#88: add docs/faq.md — 17 Q&A entries covering tokens, errors, testnet, employer transfer, fee estimation, and event indexing Also fix pre-existing compile errors and test bugs: - types.rs: remove duplicate MinDeposit DataKey; add FeeBps, FeeRecipient, PendingEmployer variants; add ERR_FEE_TOO_HIGH, ERR_INVALID_TOKEN, ERR_UNAUTHORIZED_TRANSFER constants - token/lib.rs: add missing mod storage and mod types declarations - test.rs: fix imports (testutils Address/Ledger traits), fix upgrade call signature, fix pause/cancel balance assertions, add set_min_deposit where needed, gate WASM-dependent upgrade tests behind wasm-tests feature flag All 44 tests pass.
…3289#108 Vera3289#109 Vera3289#110 Vera3289#111) - Vera3289#109: Dark mode via CSS custom properties; manual toggle button; respects prefers-color-scheme; persists choice in localStorage - Vera3289#110: Accessibility audit fixes — semantic HTML (header/main/section/ul/li), ARIA labels/roles/live regions, aria-invalid + aria-describedby on inputs, aria-pressed on toggle, aria-busy on async buttons, skip-to-content link, focus-visible ring, sr-only utility class - Vera3289#111: Stream creation form with client-side validation (deposit > 0, rate > 0, stop_time in future or 0); inline error messages; estimated stream duration hint; re-validates on every field change after first submit - Vera3289#108: Transaction history panel per stream via Horizon testnet API; paginated (10/page) with Load More; shows timestamp, type, amount Also fixes pre-existing SDK issues: - Replace non-existent @freighter-api/freighter-api npm dep with globalThis access (extension is injected at runtime, not installed via npm) - Fix stellar-sdk v13 import: SorobanRpc → rpc - Switch SDK tsconfig to ESNext/bundler module output for Vite compatibility
- Add .gitleaks.toml with Stellar-specific secret patterns (Vera3289#38) - Add .github/workflows/secret-scan.yml running gitleaks on push/PR (Vera3289#38) - Add scripts/pre-commit-hook.sh for local staged-file scanning (Vera3289#38) - Document pre-commit hook in CONTRIBUTING.md (Vera3289#38) - Add coverage job to CI using cargo-llvm-cov + Codecov upload (Vera3289#39) - Add PR coverage diff comment via lcov-reporter-action (Vera3289#39) - Add codecov badge to README (Vera3289#39) - Add .rustfmt.toml with project style settings (Vera3289#41) Closes Vera3289#38, Vera3289#39, Vera3289#41 Note: Vera3289#40 (clippy -D warnings) was already enforced in CI
— CSV export, error boundaries, skeletons, cancel modal Issue Vera3289#233 – CSV export for stream history - Add export button (⬇ CSV) on StreamStatusCard and date-range filter UI (from/to date inputs) in the inline history panel - Expand CSV columns to include all required fields: date, stream_id, employee, token, type, amount (was missing employee and token) - exportAllHistory now accepts employee and token params; buildCsv signature updated accordingly Issue Vera3289#234 – React error boundary components - New ErrorBoundary class component with getDerivedStateFromError, componentDidCatch (console.error, ready for monitoring), and retry button - Top-level boundary wraps <App /> in main.tsx - Per-route boundaries wrap each tab panel (Stream Demo, Employer Dashboard, Employee Earnings, Batch Create) - CSS fallback card in styles.css (.eb-fallback, .eb-heading, .eb-message) Issue Vera3289#235 – Loading skeleton for stream cards - New StreamCardSkeleton component that mirrors StreamStatusCard layout: header row, 4-cell metrics grid, and progress bar placeholder - Animated pulse effect via @Keyframes skel-pulse - Wired into EmployerDashboard: 3 skeletons shown when loading && no streams yet (covers both initial load and refetch after streams are cleared) Issue Vera3289#236 – Stream cancellation confirmation modal - New CancelConfirmModal component with earned/refund amount summary, "type CANCEL to confirm" guard, Escape-key dismissal, and ARIA attributes - Cancel button on StreamStatusCard now calls the parent callback directly; EmployerDashboard intercepts it with setCancelStream(s) to open the modal instead of window.confirm - Employer-computed earned/refund stroops passed as props - CSS modal styles (.modal-backdrop, .modal-box, .modal-summary, .modal-actions) Fixes: add missing explorerAccountUrl / explorerTxUrl helpers in StreamStatusCard (called but never defined — would crash at runtime) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
docs: add error code reference and update API documentation and FAQ
…3-236 "feat: CSV export, error boundaries, loading skeletons, cancel confirmation modal (Vera3289#233–Vera3289#236)"
…yee-balance-ticker feat: add live-updating employee balance ticker
fixed issue 228 253 319 325
…claimable-counter Feat/live claimable counter
…am-duration feat(contract): enforce 10-year max stream duration
…ache-layer feat(api): add Redis cache layer for get_stream calls
…tadata-api feat(api): add GET /tokens/:address metadata endpoint
…ultistage-build feat(docker): add multi-stage build with WASM output stage
fixed issue 249 258 267 305
…rd-269 feat: document and test reentrancy guard on withdraw
feat: implement stream expiry auto-cancellation
…-306 feat: add Trivy container vulnerability scanning to CI
…fig-304 chore: add Dependabot config for npm/cargo/actions with auto-merge
Bumps the patch-updates group with 1 update: [soroban-sdk](https://github.com/stellar/rs-soroban-sdk). Updates `soroban-sdk` from 26.0.0 to 26.0.1 - [Release notes](https://github.com/stellar/rs-soroban-sdk/releases) - [Commits](stellar/rs-soroban-sdk@v26.0.0...v26.0.1) --- updated-dependencies: - dependency-name: soroban-sdk dependency-version: 26.0.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: patch-updates ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Updates the requirements on [nodemailer](https://github.com/nodemailer/nodemailer), [bullmq](https://github.com/taskforcesh/bullmq), [@bull-board/api](https://github.com/felixmosh/bull-board/tree/HEAD/packages/api) and [@bull-board/express](https://github.com/felixmosh/bull-board/tree/HEAD/packages/express) to permit the latest version. Updates `nodemailer` from 8.0.9 to 8.0.10 - [Release notes](https://github.com/nodemailer/nodemailer/releases) - [Changelog](https://github.com/nodemailer/nodemailer/blob/master/CHANGELOG.md) - [Commits](nodemailer/nodemailer@v8.0.9...v8.0.10) Updates `bullmq` to 5.77.6 - [Release notes](https://github.com/taskforcesh/bullmq/releases) - [Commits](taskforcesh/bullmq@v5.8.0...v5.77.6) Updates `@bull-board/api` to 5.23.0 - [Release notes](https://github.com/felixmosh/bull-board/releases) - [Changelog](https://github.com/felixmosh/bull-board/blob/master/CHANGELOG.md) - [Commits](https://github.com/felixmosh/bull-board/commits/v5.23.0/packages/api) Updates `@bull-board/express` to 5.23.0 - [Release notes](https://github.com/felixmosh/bull-board/releases) - [Changelog](https://github.com/felixmosh/bull-board/blob/master/CHANGELOG.md) - [Commits](https://github.com/felixmosh/bull-board/commits/v5.23.0/packages/express) --- updated-dependencies: - dependency-name: nodemailer dependency-version: 8.0.10 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: patch-updates - dependency-name: bullmq dependency-version: 5.77.6 dependency-type: direct:production dependency-group: patch-updates - dependency-name: "@bull-board/api" dependency-version: 5.23.0 dependency-type: direct:production dependency-group: patch-updates - dependency-name: "@bull-board/express" dependency-version: 5.23.0 dependency-type: direct:production dependency-group: patch-updates ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds
backend/src/sanitize.rs— middleware that sanitizes all incoming API request bodies.Changes
employer,employee,admin,token, or ending in_addressare validated (56 chars, G-prefix, base32 alphabet)error_response()returns{"error": "validation_failed", "fields": [...]}Acceptance Criteria
Closes Vera3289#254