Skip to content

Require signed auth for DWS email routes#30

Open
lawyered0 wants to merge 1 commit into
JejuNetwork:mainfrom
lawyered0:codex/dws-email-auth
Open

Require signed auth for DWS email routes#30
lawyered0 wants to merge 1 commit into
JejuNetwork:mainfrom
lawyered0:codex/dws-email-auth

Conversation

@lawyered0

@lawyered0 lawyered0 commented Feb 8, 2026

Copy link
Copy Markdown

Summary\n- require signed wallet auth headers for /email routes outside localnet\n- accept x-jeju-address (fallback x-wallet-address) but verify signature\n\n## Testing\n- not run (not requested)

@lawyered0

lawyered0 commented Feb 8, 2026

Copy link
Copy Markdown
Author

Why this change: /email trusted x-wallet-address alone, so any caller could read or mutate someone else’s mailbox. This requires signed x-jeju-* headers in non-localnet while retaining localnet dev behavior.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@lawyered0