fix: systemd resource limits, Tor rotation transition, unwrap elimination, RPC timeouts

- I2: Add MemoryMax=4G, LimitNOFILE=65535, TasksMax=2048 to systemd service
- I3: Tor rotation keeps old service for 1h transition before cleanup
- R14: Replace .parse().unwrap() with .unwrap_or(localhost) in rate limiter
- R15: Replace 7 unwrap/expect in mesh protocol with proper error propagation
- R27: Add 10s timeouts to mesh Bitcoin RPC calls

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Dorian
2026-03-21 01:46:40 +00:00
parent 95fbb094b0
commit c3d4a7063b
6 changed files with 143 additions and 64 deletions

View File

@@ -620,16 +620,20 @@ async fn bitcoin_rpc_getblockcount(client: &reqwest::Client) -> Result<u64> {
let body = serde_json::json!({
"jsonrpc": "1.0", "id": "mesh", "method": "getblockcount", "params": []
});
let resp: BitcoinRpcResponse<u64> = client
.post("http://127.0.0.1:8332/")
.basic_auth(&rpc_user, Some(&rpc_pass))
.json(&body)
.send()
.await
.map_err(|e| anyhow::anyhow!("Bitcoin RPC send failed: {}", e))?
.json()
.await
.map_err(|e| anyhow::anyhow!("Bitcoin RPC parse failed: {}", e))?;
let resp: BitcoinRpcResponse<u64> = tokio::time::timeout(
Duration::from_secs(10),
client
.post("http://127.0.0.1:8332/")
.basic_auth(&rpc_user, Some(&rpc_pass))
.json(&body)
.send()
)
.await
.map_err(|_| anyhow::anyhow!("Bitcoin RPC getblockcount timed out after 10s"))?
.map_err(|e| anyhow::anyhow!("Bitcoin RPC send failed: {}", e))?
.json()
.await
.map_err(|e| anyhow::anyhow!("Bitcoin RPC parse failed: {}", e))?;
if let Some(err) = resp.error {
anyhow::bail!("Bitcoin RPC: {}", err);
}
@@ -645,28 +649,40 @@ async fn bitcoin_rpc_getblockheader_by_height(
let body = serde_json::json!({
"jsonrpc": "1.0", "id": "mesh", "method": "getblockhash", "params": [height]
});
let resp: BitcoinRpcResponse<String> = client
.post("http://127.0.0.1:8332/")
.basic_auth(&rpc_user, Some(&rpc_pass))
.json(&body)
.send()
.await?
.json()
.await?;
let resp: BitcoinRpcResponse<String> = tokio::time::timeout(
Duration::from_secs(10),
client
.post("http://127.0.0.1:8332/")
.basic_auth(&rpc_user, Some(&rpc_pass))
.json(&body)
.send()
)
.await
.map_err(|_| anyhow::anyhow!("Bitcoin RPC getblockhash timed out after 10s"))?
.map_err(|e| anyhow::anyhow!("Bitcoin RPC getblockhash send failed: {}", e))?
.json()
.await
.map_err(|e| anyhow::anyhow!("Bitcoin RPC getblockhash parse failed: {}", e))?;
let hash = resp.result.ok_or_else(|| anyhow::anyhow!("No block hash"))?;
// Then get full header
let body = serde_json::json!({
"jsonrpc": "1.0", "id": "mesh", "method": "getblockheader", "params": [hash, true]
});
let resp: BitcoinRpcResponse<serde_json::Value> = client
.post("http://127.0.0.1:8332/")
.basic_auth(&rpc_user, Some(&rpc_pass))
.json(&body)
.send()
.await?
.json()
.await?;
let resp: BitcoinRpcResponse<serde_json::Value> = tokio::time::timeout(
Duration::from_secs(10),
client
.post("http://127.0.0.1:8332/")
.basic_auth(&rpc_user, Some(&rpc_pass))
.json(&body)
.send()
)
.await
.map_err(|_| anyhow::anyhow!("Bitcoin RPC getblockheader timed out after 10s"))?
.map_err(|e| anyhow::anyhow!("Bitcoin RPC getblockheader send failed: {}", e))?
.json()
.await
.map_err(|e| anyhow::anyhow!("Bitcoin RPC getblockheader parse failed: {}", e))?;
let header = resp.result.ok_or_else(|| anyhow::anyhow!("No block header"))?;
Ok(BlockHeaderInfo {