Support for client-submitted transactions with ReCaptcha and allow-all validations #24
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Currently, Octane doesn't support transaction that are submitted from client. Such transactions could be used to drain fee payer by requesting many transactions, breaking the state for them (for example, by withdrawing all of the tokens), then submitting them to the network with
skip-preflight
options. Fee payers get charged, but transaction fails.For some fee payers, spending these fees could be tolerable and, basically, "cost of doing business". This PR introduces a non-default config option. When enabled,
transfer
andcreateAssociatedTokenAccount
endpoints return signatures, instead of submitting transactions.buildWhirlpoolsSwap
in this case will return pre-signed transaction, sosendWhirlpoolsSwap
can be omitted.The config option could be:
This way, all transactions will be allowed.
Alternatively, this config option will only pre-sign transactions if user passed reCaptcha validation:
In this case, node operator has to set
RECAPTCHA_API_KEY
variable and passreCaptchaToken
with request.