Comprehensive test suite covering:
- Mint and validate with bits=2
- Replay detection
- Resource mismatch
- Invalid format, bad version, bad date
- Insufficient difficulty
- Expired stamps
- Zero bits bypass
- Long date format (YYMMDDHHMMSS)
- Multiple unique stamps
- Higher difficulty stamps accepted at lower threshold
Add SHA-256-based hashcash proof-of-work requirement to POST /session
to prevent abuse via rapid session creation. The server advertises the
required difficulty via GET /server (hashcash_bits field), and clients
must include a valid stamp in the X-Hashcash request header.
Server-side:
- New internal/hashcash package with stamp validation (format, bits,
date, resource, replay prevention via in-memory spent set)
- Config: NEOIRC_HASHCASH_BITS env var (default 20, set 0 to disable)
- GET /server includes hashcash_bits when > 0
- POST /session validates X-Hashcash header when enabled
- Returns HTTP 402 for missing/invalid stamps
Client-side:
- SPA: fetches hashcash_bits from /server, computes stamp using Web
Crypto API with batched SHA-256, shows 'Computing proof-of-work...'
feedback during computation
- CLI: api package gains MintHashcash() function, CreateSession()
auto-fetches server info and computes stamp when required
Stamp format: 1:bits:YYMMDD:resource::counter (standard hashcash)
closes #11
