Skip to content

Add Boltz PostgreSQL debug endpoint #96

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
TaprootFreak merged 4 commits into from
Jan 24, 2026
Merged

Add Boltz PostgreSQL debug endpoint #96

TaprootFreak merged 4 commits into from
Jan 24, 2026

Conversation

@TaprootFreak
Copy link
Contributor

@TaprootFreak TaprootFreak commented Jan 24, 2026
edited by davidleomay
Loading

Summary

  • Add new endpoint POST /support/debug/boltz for querying Boltz PostgreSQL database
  • Same security mechanisms as existing MSSQL debug endpoint (SQL AST parsing, column blocking)
  • Add boltz-debug.sh shell script for CLI access

Changes

  • Add pg dependency for PostgreSQL connection
  • New endpoint with DEBUG role authentication
  • Blocked sensitive columns: referrals.apiKey/apiSecret, keyproviders.privateKey, *.preimage
  • Blocked system schemas: pg_catalog, information_schema, pg_toast

Configuration

Requires new environment variables in Azure:

BOLTZ_PG_HOST=postgres.boltz.internal
BOLTZ_PG_PORT=5432
BOLTZ_PG_DATABASE=boltz
BOLTZ_PG_USER=readonly
BOLTZ_PG_PASSWORD=***

After merge: Configure BOLTZ_PG_* environment variables in Azure App Service.

Usage

./scripts/boltz-debug.sh "SELECT * FROM swaps LIMIT 10"
./scripts/boltz-debug.sh "SELECT * FROM chainswaps WHERE pair = 'USDT_ETH/JUSD_CITREA'"

Test plan

  • Configure BOLTZ_PG_* environment variables in Azure
  • Test endpoint with DEBUG role wallet
  • Verify blocked columns are masked
  • Verify blocked schemas are rejected

@TaprootFreak
Add Boltz PostgreSQL debug endpoint
7c26a69 
- Add new endpoint POST /support/debug/boltz for querying Boltz PostgreSQL
- Same security as MSSQL debug endpoint (SQL AST parsing, column blocking)
- Blocked columns: referrals.apiKey/apiSecret, keyproviders.privateKey, *.preimage
- Blocked schemas: pg_catalog, information_schema, pg_toast
- Add boltz-debug.sh shell script for CLI access
- Add pg dependency for PostgreSQL connection
- Requires BOLTZ_PG_* environment variables for configuration
@TaprootFreak
Fix Boltz blocked columns config
d7f9a56 
- Remove non-existent keyproviders table (actual table is 'keys' with no sensitive data)
- Add dblink functions to blocked list (external DB connections)
@TaprootFreak
Fix PostgreSQL case-sensitivity in script examples
9985267 
PostgreSQL tables reverseSwaps and chainSwaps require double
quotes due to camelCase naming. Updated script help text with
correct quoting examples and clarified config comment.
@TaprootFreak
Add missing blocked column and dangerous function
8a7eeae 
- Block minerFeeInvoicePreimage in reverseSwaps table
- Block pg_sleep function to prevent DoS attacks
@TaprootFreak TaprootFreak marked this pull request as ready for review January 24, 2026 07:27
@TaprootFreak TaprootFreak merged commit aff45b6 into develop Jan 24, 2026
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bernd2022 bernd2022 bernd2022 approved these changes

@davidleomay davidleomay Awaiting requested review from davidleomay

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@TaprootFreak @bernd2022