userAdityaa/caravel
1
1
Fork 0
forked from coracle/caravel
Code Pull Requests Activity

chore: harden relay plan validation to prevent billing bypass and plan-state drift

Browse Source
This commit is contained in:
Aditya Chaudhary
2026-04-17 01:15:38 +05:45
parent 145b511f9d
commit 4a4d949786
4 changed files with 48 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files
backend/spec/api.md
+3 -2
View File
@@ -204,7 +204,8 @@ Refer to https://github.com/nostr-protocol/nips/blob/master/98.md for details. U
## `prepare_relay(&self, relay: Relay) -> anyhow::Result<Relay>`
- Validate `subdomain`
- If `plan` is free and `blossom` is enabled, return `premium-feature`
- If `plan` is free and `livekit` is enabled, return `premium-feature`
- Validate that `plan` matches a known plan id from `Query::list_plans`
- If selected `plan` does not include `blossom` and `blossom` is enabled, return `premium-feature`
- If selected `plan` does not include `livekit` and `livekit` is enabled, return `premium-feature`
- Populate `schema` if not already set
- Populate missing fields using reasonable defaults