Comments (8)
rahimklaber
commented on August 16, 2024
2
Link in description not working :
https://stellar-wallet.azurewebsites.net
@LorDDark6660 only specific endpoints are accecible. Seems to work fine for me.
from stellar-quest-bounties.
DieKautz
commented on August 16, 2024
I looked a bit into your endpoints and your api seems pretty sophisticated 😃
I don't know whether I covered every endpoint and result, but I found two oddities in the /pay endpoint
- I might triggered a timeout on the /pay endpoint by trying to send less than a stroop to a valid account id.
- By leaving exactly one stroop in my account I got "5.9604645E-8" as a balance from the /info endpoint and cannot send it to some other account
Maybe in correlation with that: when sending a significantly small amount compared to the balance it does not get less
ps: kotlin rocks 🚀
from stellar-quest-bounties.
rahimklaber
commented on August 16, 2024
@DieKautz Thanks for the feedback.
It should work correctly now. Now, when sending less than a stroop you should get bad request.
Kotlin is awesome indeed.
from stellar-quest-bounties.
DieKautz
commented on August 16, 2024
It's fixed as far as I can tell.
The whole application seems very mature as part of this bounty.
I don't know whether its sensible to set no restrictions on usernames and passwords in production, but that shouldn't be a big problem here as this is just an API in in the deeper backend. (in production users would've already been created and handled elsewhere?)
Review criteria from bounty file
endpoints as stated in spec with valid JWT bearer auth
/register
- checking body fields
- checking for already existing users
- checking for sensible input
/login
- recognizing correct credentials
- checking body fields
/info
- returning right users address and balance
- correctly showing external incoming funds
- validating JWT key
/pay
- successfully sending funds to external addresses
- successfully sending funds to other muxed accounts
- checking body fields [x] checking amount (>= 1 stroop & <= balance)
- validating JWT key
Also password are getting stored hashed and avoiding SQL-Injections by using the DSL.
from stellar-quest-bounties.
rahimklaber
commented on August 16, 2024
@DieKautz I agree with what you said about the usernames and passwords. I will change it. Thanks.
from stellar-quest-bounties.
rahimklaber
commented on August 16, 2024
@DieKautz I finally got around to working on this again. On further thought I agree with you that this server probably shouldn't handle the registration/login. However, I did add a very simple username/password checker that can be extended to support more rigorous checking.
from stellar-quest-bounties.
LorDDark6660
commented on August 16, 2024
Link in description not working :
https://stellar-wallet.azurewebsites.net
from stellar-quest-bounties.
kalepail
commented on August 16, 2024
559134a441c1251edbd37ae880455a1473a72b1af4d84e3c85f4aa8603fcf103
from stellar-quest-bounties.
Related Issues (20)
- Basic Account Viewer by boonku HOT 7
- TypeScript SEP-0010 Server Reference Implementation
- Custom token generator HOT 1
- Tangem XDR Signer HOT 2
- Stellar Account as a Service HOT 7
- Basic Account Viewer by vishwaskamath
- Basic Account Viewer by sohanrai HOT 5
- Basic Account Viewer by Rachanashenoy20 HOT 2
- Basic Account Viewer by vinamogit HOT 11
- basic-account-viewer by orsab HOT 9
- stellar-accounts-as-a-service by orsab HOT 7
- New bounty for Fee Stats in Lab Endpoint Explorer HOT 7
- Bounty Submission: Add Get_Fees to the Stellar Laboratory Endpoints Explorer HOT 2
- claimable-balances-account-viewer by DFugere1 HOT 15
- TipBot HOT 4
- SEP-10 implementation by orsab HOT 4
- JavaScript SEP-0010 Server Reference Implementation by DFugere HOT 2
- Tangem xdr signer
- Tip bot by orsab HOT 9
- Basic account viewer by huuquyet HOT 8
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from stellar-quest-bounties.