Security: Hardened G4 Server Proxy by MichaelSovereign · Pull Request #2869 · Scottcjn/Rustchain

MichaelSovereign · 2026-05-02T05:09:11Z

Summary

This PR improves the security and reliability of the server_proxy.py module used for legacy hardware connectivity.

Changes

Endpoint Whitelisting: Added a whitelist for /api/ paths to prevent access to unauthorized internal endpoints.
Header Forwarding: Properly forwards X-Forwarded-For and Authorization headers to the upstream server for better auditing and security.
Timeout Increase: Increased timeout to 15s to accommodate potentially slow legacy hardware requests.

Closes #7414

…ottcjn#2288)

…ministic JSON

…warding

jaxint

PR Review: G4 Server Proxy Hardening

Summary

Hardens the G4 server proxy against race conditions and unauthorized access.

Key Changes

server_proxy.py — Added authentication and input validation to proxy requests.
Shared security foundation — Uses the same replay protection and deterministic JSON logic from #2867.

Observations

✅ Proper access control — Proxy is a common attack surface; hardening it prevents lateral movement.
✅ Consistent approach — Shares security primitives with other MichaelSovereign PRs, suggesting a coordinated hardening effort.

Assessment

✅ Approve — Solid security improvement.

Reviewed by: jaxint
Wallet: AhqbFaPBPLMMiaLDzA9WhQcyvv4hMxiteLhPk3NhG1iG

MichaelSovereign added 8 commits April 12, 2026 16:30

feat: implement RIP-309 Phase 1 Fingerprint Check Rotation

9005379

fix: address Codex review for RIP-309 Phase 1

1c1e41c

fix: complete RIP-309 integration with reward gating and signature fix

d4ad46b

fix: integrate canonical RIP-309 rotation module for reward weighting

4d2b086

fix: bind _handle_get_state signature to msg_id and ttl (arity fix Sc…

d5c825d

…ottcjn#2288)

Security: Hardened P2P sync with replay protection, nonces, and deter…

2080a24

…ministic JSON

Security: Prevent mining reward type confusion in mempool and UTXO apply

464a08e

Security: Hardened Server Proxy with path whitelisting and header for…

ba859a7

…warding

MichaelSovereign requested a review from Scottcjn as a code owner May 2, 2026 05:09

github-actions Bot added BCOS-L1 Beacon Certified Open Source tier BCOS-L1 (required for non-doc PRs) node Node server related tests Test suite changes size/L PR: 201-500 lines labels May 2, 2026

jaxint approved these changes May 3, 2026

View reviewed changes

jaxint mentioned this pull request May 3, 2026

Claim: PR Review #2869 - Security PR by MichaelSovereign Scottcjn/rustchain-bounties#8362

Open

Scottcjn closed this May 3, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Security: Hardened G4 Server Proxy#2869

Security: Hardened G4 Server Proxy#2869
MichaelSovereign wants to merge 8 commits intoScottcjn:mainfrom
MichaelSovereign:security-fix/proxy-hardening

MichaelSovereign commented May 2, 2026

Uh oh!

jaxint left a comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Uh oh!

Conversation

MichaelSovereign commented May 2, 2026

Summary

Changes

Uh oh!

jaxint left a comment

Choose a reason for hiding this comment

PR Review: G4 Server Proxy Hardening

Summary

Key Changes

Observations

Assessment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants