feat(cash-in): super_config.max_cash_in_sats per-tx cap + UI (#31)
Some checks failed
ci.yml / feat(cash-in): super_config.max_cash_in_sats per-tx cap + UI (#31) (pull_request) Failing after 0s
Some checks failed
ci.yml / feat(cash-in): super_config.max_cash_in_sats per-tx cap + UI (#31) (pull_request) Failing after 0s
Wires the server-side per-transaction cash-in ceiling the `create_withdraw` handler already enforces (it read the value defensively via getattr; this makes it a first-class config field). - migrations.py m012: ADD COLUMN super_config.max_cash_in_sats INTEGER (NULL = no cap). - models.py: SuperConfig.max_cash_in_sats + UpdateSuperConfigData field with a >= 0 validator. - super-fee dialog: a "Max cash-in per transaction (sats)" input; blank sends null (the PUT skips null, preserving the current value — set 0 to reject every cash-in). crud `update_super_config` and the PUT endpoint flow the field through automatically (dynamic dict update; check_super_user gated). Why a sats cap and not the bunker ACL: the ACL / usage caps (#28) gate call *rate*, not *sats*, and `principal_sats` is necessarily ATM-attested — so a single in-rate call could request an arbitrarily large payout. This bounds a compromised/buggy machine to one capped transaction. Verified on the dev stack: m012 runs, the model round-trips the column (GET returns the set value), and a negative value is rejected.
This commit is contained in:
parent
607b71e796
commit
9abf695fd5
4 changed files with 54 additions and 3 deletions
13
models.py
13
models.py
|
|
@ -482,6 +482,10 @@ class SuperConfig(BaseModel):
|
|||
super_cash_in_fee_fraction: float = 0.0
|
||||
super_cash_out_fee_fraction: float = 0.0
|
||||
super_fee_wallet_id: str | None
|
||||
# Per-transaction cash-in ceiling in sats (#31). The bunker ACL gates call
|
||||
# rate, not sats, so this bounds a single ATM-attested principal. NULL = no
|
||||
# cap.
|
||||
max_cash_in_sats: int | None = None
|
||||
updated_at: datetime
|
||||
|
||||
|
||||
|
|
@ -489,6 +493,7 @@ class UpdateSuperConfigData(BaseModel):
|
|||
super_cash_in_fee_fraction: float | None = None
|
||||
super_cash_out_fee_fraction: float | None = None
|
||||
super_fee_wallet_id: str | None = None
|
||||
max_cash_in_sats: int | None = None
|
||||
|
||||
@validator(
|
||||
"super_cash_in_fee_fraction",
|
||||
|
|
@ -501,6 +506,14 @@ class UpdateSuperConfigData(BaseModel):
|
|||
raise ValueError("super fee fraction must be between 0 and 1")
|
||||
return round(float(v), 4)
|
||||
|
||||
@validator("max_cash_in_sats")
|
||||
def _cap_non_negative(cls, v):
|
||||
if v is None:
|
||||
return v
|
||||
if v < 0:
|
||||
raise ValueError("max_cash_in_sats must be >= 0")
|
||||
return int(v)
|
||||
|
||||
|
||||
# =============================================================================
|
||||
# Operator UX action carriers — partial-tx and balance-settlement features.
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue