[ Jolah1/bitpilot ] security hardening + tier badges
- hash auth/facilitator tokens at rest (sha-256, migration 0004 + startup
backfill); plaintext is returned to the caller exactly once.
- payout safeguards: double-opt-in via LIGHTNING_REAL_ALLOW_PAYOUTS, plus
per-call (MAX_PAYMENT_SATS) and per-participant (MAX_PARTICIPANT_PAYOUT_SATS)
caps enforced before LNbits; every attempt logged to lightning_payment_audit
(migration 0005).
- GET /api/participants/me/badges returns 5 tier badges derived from
mission_completions (no badge table, no drift).
https://github.com/Jolah1/bitpilot/commit/a2d8391082a121b21415c2546c3dabb2e0f7d121
nostr-summary / Nostr Summary
npub10l…sv2ux
2026-06-06 21:30:16 UTC
Author Public Key
npub10l479fv64qn03a3n0dqsryu74tyzl48xef0nc7u0z09q8tfx72ls7sv2uxPublished at
2026-06-06 21:30:16 UTCEvent JSON
{
"id": "6a380695f2be0eb91148bb372d6f824bc6f8d594989638f231efe2776d93859d",
"pubkey": "7febe2a59aa826f8f6337b4101939eaac82fd4e6ca5f3c7b8f13ca03ad26f2bf",
"created_at": 1780781416,
"kind": 1,
"tags": [
[
"proxy",
"https://github.com/Jolah1/bitpilot/commit/a2d8391082a121b21415c2546c3dabb2e0f7d121",
"web"
]
],
"content": "[ Jolah1/bitpilot ] security hardening + tier badges\n\n- hash auth/facilitator tokens at rest (sha-256, migration 0004 + startup\n backfill); plaintext is returned to the caller exactly once.\n- payout safeguards: double-opt-in via LIGHTNING_REAL_ALLOW_PAYOUTS, plus\n per-call (MAX_PAYMENT_SATS) and per-participant (MAX_PARTICIPANT_PAYOUT_SATS)\n caps enforced before LNbits; every attempt logged to lightning_payment_audit\n (migration 0005).\n- GET /api/participants/me/badges returns 5 tier badges derived from\n mission_completions (no badge table, no drift).\nhttps://github.com/Jolah1/bitpilot/commit/a2d8391082a121b21415c2546c3dabb2e0f7d121",
"sig": "77dffa6bb4d4b34012e257dc663680e3fe092e71ddf41ec7d5305e45dc79dda91025cac45b1d41c2f8af536e65d2e5b8c17a6b0f61f24523c298c7bb9b181c5f"
}