summaryrefslogtreecommitdiffstats
path: root/internal/handler
Commit message (Collapse)AuthorAgeFilesLines
* Add Nym community favicon and allow img-src in CSPGab Virebent4 days1-2/+1
| | | | | | favicon.ico/32/48 reference the official Nym icon so the site is recognizable as Nym-community. CSP img-src 'self' data: was needed for the PNG variants to load under the strict script-src 'self' policy.
* Fix payload cap: double base64 inflation broke files near the old 10MB limitGab Virebent10 days1-1/+1
| | | | | | | | | | | | | | | | The old 10MB cap was checked against the wire body, but two base64 layers sit between the raw file and that body: crypto.js base64-encodes the file before AEAD encryption, then nym.Client.Send base64-encodes the ciphertext again to embed it in the JSON sent to the local nym-client over its control WebSocket. A file at exactly the old cap produced a wire body just over the limit after the first layer, and would have blown nym-client's own hardcoded 16MB WebSocket message limit after the second, surfacing as an opaque 500. Lower the wire-body cap to 11MB, which keeps the second base64 layer with real margin under nym-client's 16MB ceiling. Effective safe raw file size is now roughly 8MB, not 10MB. Reported by Ch1ffr3punk on nym.forum, reproduced with an exact 10MB file.
* Add client-side proof of work and fix X25519 WebCrypto API usageGab Virebent12 days1-2/+12
| | | | | | | | | | | | | Self-contained hashcash-style PoW on /submit: client finds a nonce so SHA-256("<unix-ts>:<nonce>") has enough leading zero bits, sent as an X-Nymdrop-Pow header; server verifies and rejects expired or replayed stamps, no challenge round-trip required. Difficulty tunable via --pow-difficulty without a rebuild. Also fixes a latent bug in the browser crypto: X25519 was being requested as ECDH with namedCurve "X25519", which is not a valid WebCrypto combination and always throws. Modern WebCrypto exposes X25519 as its own algorithm identifier.
* Initial public release: Nym-native anonymous submission systemGab Virebent2026-06-202-0/+52
End-to-end verified pipeline (browser -> HTTP relay -> Nym mixnet -> reader). Client-side X25519+HKDF+AES-GCM-256, no-log blind relay, AGPL-3.0.