IdempotencyKey middleware caches POST responses by Idempotency-Key
header for 24h. Prevents duplicate registrations from network retries.
Returns X-Idempotency-Replayed: true on cached responses.
Commit #102.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- UpdateDnsRecords Action: controller method now one-liner, all DNS
logic in Action with activity logging and edit lock.
- Prometheus metrics at /v1/metrics: chain_height, alias_count,
claims_pending, dns_tickets, gateways_live. Grafana-ready.
- ValidateJsonRequest middleware: enforces application/json on POST,
64KB body size limit. Applied to all /v1/* API routes.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
DomainScope middleware checks Host header per-request — Octane-safe.
Applied to Api homepage (scoped to api.lthn.io). Explorer and Docs
subdomain routes stay disabled — catch-all routes like /{section}/{page?}
match before middleware runs, breaking other routes. These modules
need own containers for proper domain isolation.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Bearer token auth middleware on POST /register and /records
- Throttle: 10 registrations/min, 20 DNS updates/min
- Token configurable via API_TOKEN env var (disabled when empty)
- Daemon alias validation: a-z 0-9 . - up to 255 chars
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
