feat: lit-payments crate foundation + magic-link auth#359
Open
clawdbot-glitch003 wants to merge 2 commits into
Open
feat: lit-payments crate foundation + magic-link auth#359clawdbot-glitch003 wants to merge 2 commits into
clawdbot-glitch003 wants to merge 2 commits into
Conversation
clawdbot-glitch003
force-pushed
the
glitch003/lit-payments-foundation
branch
from
f68c988 to
a13625d
Compare
New ops-facing billing service. Deploys to Railway, outside the TEE.
This PR ships the crate skeleton + magic-link auth + login UI; the
admin credit portal endpoints come in a follow-up PR.
What's here:
- Rocket binary crate at lit-payments/, sibling to lit-billing-core.
- Postgres migrations for operators + sessions tables.
- Seed migration with chris@litprotocol.com (admin) +
Salamiademola73@gmail.com (mod).
- HMAC-signed magic-link tokens (15-min expiry), verified at
/auth/verify with constant-time signature compare.
- Resend integration for sending magic-link emails.
- Session cookies (private/HttpOnly/Secure/SameSite=Lax, 7-day).
- Operator request guard so future protected routes just take
`operator: Operator`.
- Vanilla HTML/JS login page + signed-in landing page.
- Multi-stage Dockerfile for Railway (build context = repo root).
- README covering local dev + Railway deploy + Resend setup.
Stacked on glitch003/lit-billing-core (PR #358). Targets that branch
so it can land cleanly once the extraction merges.
cargo check + cargo test --lib + cargo clippy -D warnings + cargo fmt
all clean. Tests cover the token issue/verify roundtrip + the
expired/tampered/wrong-key failure modes.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Codex review on the foundation PR flagged two real holes in the magic- link request endpoint. Both fixed: 1. Per-email rate limit (60s cooldown, in-memory via moka). Checked *before* the operators table is touched so a flood of requests for any single email returns at constant time regardless of allowlist status. Defeats inbox spam + Resend-quota burning by anyone who knows or guesses an operator's email. 2. Email send is now spawned via tokio::spawn instead of awaited inline. The operator-found branch and the not-found branch return at the same speed (DB-lookup-bounded), so an external caller can no longer distinguish operators from non-operators by latency. New file: src/auth/rate_limit.rs (40 LoC + 3 unit tests). Mailer derives Clone for the spawn move. Cargo deps: moka 0.12 (already used by lit-api-server). cargo check + cargo test --lib (9 tests, 3 new) + clippy -D warnings + cargo fmt --check all clean. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
clawdbot-glitch003
force-pushed
the
glitch003/lit-payments-foundation
branch
from
742d64a to
a41d7aa
Compare
clawdbot-glitch003
changed the base branch from
glitch003/lit-billing-core
to
next
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
lit-payments/crate — Rocket binary, sqlx-postgres, depends onlit-billing-core. Foundation only; admin credit portal comes in the next stacked PR.operators+sessionstables. Seed migration includes chris@litprotocol.com (admin) and the Discord mod (mod).Stacked on #358 — targets
glitch003/lit-billing-core. When #358 lands, I'll rebase this ontonext.Test plan
cargo checkcleancargo test --lib— 6 token-verification tests pass (roundtrip + expired + tampered + wrong-key + malformed + constant-time)cargo clippy --all-targets -- -D warningscleancargo fmt --checkclean