All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
- HTTP API not responding - axum rate limiter required
ConnectInfo<SocketAddr>to extract the client IP; without it the middleware silently dropped every request (#2). The webserver now starts and serves traffic in Docker. - Docker build broken - Bumped builder image from
rust:1.85-slim-bookwormtorust:1.86-slim-bookworm. Newer transitive deps (icu_properties,idna_adapter) require rustc 1.86.
- max_hops limit reduced from 10 to 5 (default: 3) to prevent CPU exhaustion attacks
- Bounded configuration values - CACHE_SIZE (100-100,000), RATE_LIMIT (1-1000), CACHE_TTL (10-3600s)
- Request body size limit - 1MB limit to prevent memory exhaustion
- DVM max_hops validation - Now properly validates and clamps values (was silently accepting any value)
- Less verbose error messages - Pubkey validation errors no longer leak exact validation rules
- DVM response hardening - Removed full request echo from responses
- Default max_hops changed from 5 to 3
- Maximum allowed max_hops changed from 10 to 5
GET /follows?pubkey=xxx- Returns array of pubkeys that the given pubkey followsGET /common-follows?from=xxx&to=yyy- Returns array of pubkeys that both from and to follow (mutual follows)GET /path?from=xxx&to=yyy- Returns array of pubkeys forming the shortest path between two pubkeys
- Core Web of Trust graph indexing from Nostr relays
GET /health- Health check endpointGET /stats- Graph and cache statisticsGET /distance- Query social distance between two pubkeysPOST /distance/batch- Batch distance queries (up to 100 targets)- Bidirectional BFS algorithm for efficient path finding
- LRU cache with TTL for query results
- Per-IP rate limiting
- Optional DVM (NIP-90) interface
- SQLite persistence for graph state