npub12m5exm2uk3xa674cc5r0hlyvccs5xxn7qv83ezuteefv5972nquq4j4szl/esp32-tollgate/main/tollgate

npub12m5exm2uk3xa674cc5r0hlyvccs5xxn7qv83ezuteefv5972nquq4j4szl/esp32-tollgate/main/tollgate_api.c, branch feature/cvm-integration [no description] https://upleb.uk/npub12m5exm2uk3xa674cc5r0hlyvccs5xxn7qv83ezuteefv5972nquq4j4szl/esp32-tollgate/atom?h=feature%2Fcvm-integration 2026-05-17T11:09:31+00:00 feat: per-client NAT filtering via LWIP_HOOK_IP4_CANFORWARD 2026-05-17T11:09:31+00:00 Your Name you@example.com 2026-05-17T11:09:31+00:00 urn:sha1:0c2c67b463d6a90aaa0bb69bf3c91dba1d9ec3ec - Add lwip_tollgate_hooks.h defining LWIP_HOOK_IP4_CANFORWARD macro - Inject hook into lwIP build via CMakeLists.txt ESP_IDF_LWIP_HOOK_FILENAME - Filter forwarded packets by source IP against firewall allowed list - Only filter packets from AP subnet (10.192.45.0/24), allow all others - Fix byte order bug: use network byte order for firewall_is_client_allowed - NAT always enabled, removed global NAT toggle functions - Remove spent-secret tracking from session.c (mint is authority) - Remove unused get_ap_netif() function - Reduce API server stack from 32KB to 16KB (fixes ESP_ERR_HTTPD_TASK) - Add esp_random.h stub for unit tests - All 186 unit tests passing - Verified on hardware: block->pay->allow->revoke->block E2E works feat(phase6): bytes-based billing - dual metric support 2026-05-16T23:20:07+00:00 Your Name you@example.com 2026-05-16T23:20:07+00:00 urn:sha1:edd125d0e3fe5fe7c0edf30c429723f3b0120c68 - session_create_bytes() + session_add_bytes() for bytes-metric sessions - session_is_expired() dispatches on config metric (bytes vs milliseconds) - cashu_calculate_allotment() unified dispatcher for both metrics - tollgate_api discovery/usage/session_event use configured metric - config: metric field defaults to 'bytes', step_size_bytes=22020096 (21MB) - 14 new unit tests (148 total passing) - ASSERT_EQ_UINT64 macro added to test framework Phase 3: Nostr identity derivation + wifistr service discovery 2026-05-16T18:25:05+00:00 Your Name you@example.com 2026-05-16T18:25:05+00:00 urn:sha1:4c47ae188b288e7d24bd9566ab3e6a6805d9484f - Add identity.c/h: HMAC-SHA512 derivation from nsec → npub, STA/AP MAC, SSID, AP IP - Add nostr_event.c/h: NIP-01 event serialization + Schnorr signing (BIP-340) - Add geohash.c/h: lat/lon to geohash encoding - Add wifistr.c/h: kind 38787 event builder + WebSocket publish to Nostr relays - Update config.c/h: nsec-based identity, Nostr relay/geo config, remove static SSID/IP - Replace custom mbedTLS wallet with nucula library (libsecp256k1) - Remove wallet.c/h, wallet_persist.c/h (replaced by nucula_lib component) - Verified on Board A: derived SSID, captive portal, payment, wallet, wifistr publish Phase 3: on-device Cashu wallet with mbedTLS secp256k1 + SPIFFS persistence + PSRAM 2026-05-16T10:02:55+00:00 Your Name you@example.com 2026-05-16T10:02:55+00:00 urn:sha1:133e40c82afb4d7659758b1fa57925ac57af4621 - wallet.c/h: secp256k1 ECP primitives (hash_to_curve, scalar_mul, point_add) - wallet_persist.c/h: SPIFFS persistence with threshold-based write protection - Fee accounting for swap (input_fee_ppk from /v1/keysets) - Keyset fetch via /v1/keysets (586 bytes vs 21KB for /v1/keys) - Wallet API: GET /wallet, POST /wallet/swap, POST /wallet/send - Payment proofs auto-stored to wallet + persisted on SPIFFS - PSRAM enabled for large allocations (ESP32-S3 has 8MB) - Wallet init deferred to dedicated task (avoids sys_evt stack overflow) - Cashu proof ID buffer size fixed (66 hex chars, not 16) - HTTP client: added fetch_headers() call for proper response handling - persist_threshold_sats config parameter (default: 1 sat) Captive portal detection fix + Phase 2 tests 16-18,20 passing (17/17) 2026-05-15T23:16:32+00:00 Your Name you@example.com 2026-05-15T23:16:32+00:00 urn:sha1:50b5975ac8793d6d820c35b5999f8a909f64e71b - Add DoT reject server on port 853 (TCP RST forces DNS-over-TLS fallback) - DNS hijack returns NXDOMAIN for all non-A query types (no forwarding for unauthed) - Shorter TTL on hijack responses (10s) for faster captive detection - Explicit 302 redirect handlers for /generate_204, /hotspot-detect.html, etc. - HTTP and DNS request logging for debugging captive detection - Per-MAC tracking in firewall (find_by_mac, get_mac_for_ip with ARP fallback) - Session MAC tracking (session_find_by_mac) - Phase 2 test 18: add route through TollGate before ping test - All 17 Phase 2 tests pass (15-21 + whoami + portal form) Phase 2 WIP: token decode works, TLS checkstate succeeds (crashes after response) 2026-05-15T22:07:20+00:00 Your Name you@example.com 2026-05-15T22:07:20+00:00 urn:sha1:c342801162e62ff017ead18688107397d229f606 - cashu.c: dynamic json_buf sizing (was 2048 stack, now heap based on token length) - cashu.c: strip trailing newline/CR from token input (cashu CLI appends 'Balance: 0 sat') - cashu.c: esp_crt_bundle_attach for HTTPS to mint API - cashu.c: esp_http_client_open/write/fetch_headers/read pattern for HTTPS POST - cashu.c: remove debug b64url_decode logging - tollgate_api.c: loop httpd_req_recv for full body (was single call, missed TCP segments) - tollgate_api.c: stack_size=32768 for TLS in httpd handler - config.c: fix default mint URL from nofee.testnut to testnut.cashu.space - CMakeLists.txt: add esp-tls dependency for cert bundle - CHECKLIST.md: updated with infrastructure status and TDD plan Known issue: device reboots after checkstate returns 966 bytes with status=200. Crash likely in post-response processing (JSON parse or session create). Fix stack overflow and heap-allocate large buffers in Cashu/payment path 2026-05-15T17:35:46+00:00 Your Name you@example.com 2026-05-15T17:35:46+00:00 urn:sha1:aed51d824f598f7315282936037c4d5b6e7fb4b8 - tollgate_api.c: increase httpd stack_size to 16384 (was default 4096) - cashu.c: heap-allocate b64, json_buf, post_body, resp_buf instead of stack - cashu.c: proper free() on all error paths - Makefile: replace Go-based tokens target with nutshell wallet targets - Makefile: add wallet-setup, wallet-info, wallet-balance, mint-token, send-token Phase 2 WIP: Cashu payment endpoints, session tracking, updated checklist 2026-05-15T16:57:14+00:00 Your Name you@example.com 2026-05-15T16:57:14+00:00 urn:sha1:1263d86314fc0760d9be8eea415ccecbc047a5eb - Add cashu.c/h: Cashu token decode (cashuA/base64url), proof state check via mint API, allotment calculator - Add session.c/h: time-based session management with allotment/expiry, spent secret tracking - Add tollgate_api.c/h: HTTP server on :2121 with GET / (kind=10021 discovery), POST / (payment processing), /usage, /whoami - Update captive portal HTML: replace Grant Free Access with Cashu token paste form + Pay & Connect button - Update tollgate_main.c: wire in session manager, TollGate API, 1s session tick loop - Add tests/phase2.mjs: Phase 2 test suite (discovery, invalid token, wrong mint, valid payment) - Update CHECKLIST.md: reflect Phase 1 complete, Phase 2 in progress with known bugs Known issues (not yet flashed): - Stack overflow crash in httpd POST handler (need stack_size=16384 + heap allocations) - cashu_decode_token uses 2KB stack buffer (needs heap alloc) - Mint URL should be testnut.cashu.space (nofee.testnut has API compat issues)