cdd24a5def
- Added a new `api` service for the NestJS backend, including health checks and dependencies on PostgreSQL, Redis, and MinIO. - Introduced PostgreSQL and Redis services with health checks and configurations for data persistence. - Added MinIO for S3-compatible object storage and a one-shot service to initialize required buckets. - Updated the Nginx configuration to proxy requests to the new backend API and MinIO storage. - Enhanced the Dockerfile to support the new API environment variables and configurations. - Updated the `package.json` and `package-lock.json` to include new dependencies for QR code generation and other utilities. Co-authored-by: Cursor <cursoragent@cursor.com>
797 B
797 B
Nostr Auth Security Checklist
- Replay window: enforce ±120s
created_attolerance; reject reused or stale events. - HTTPS only: require TLS termination before the API; never accept plain HTTP in production.
- Canonical URL: sign/verify the exact scheme + host + path + query; strip fragments.
- Payload hashing: hash raw bytes; reject if the
payloadtag hash differs from the received body. - Rate limiting: apply IP/pubkey-based throttling to mitigate brute force or flood attempts.
- Logging hygiene: avoid persisting raw payloads/signatures; redact PII and secrets from logs.
- Dependency pinning: lock
nostr-toolsand crypto dependencies; track CVEs and update promptly. - Test coverage: maintain ≥90% coverage for the Nostr auth service/guard and add E2E cases for tamper/replay.