[release-v2.1] multi: Main module backports.#3660
Merged
davecgh merged 5 commits intodecred:release-v2.1from Apr 6, 2026
Merged
[release-v2.1] multi: Main module backports.#3660davecgh merged 5 commits intodecred:release-v2.1from
davecgh merged 5 commits intodecred:release-v2.1from
Conversation
This cleans up and modernizes the code related to checking transaction
inputs as follows:
- Make code more consistent with the rest of the package
- Update various errors to include more detailed information:
- Consistently include the full referenced output in errors instead of
only the transaction hash
- Use fewer abbreviations in errors to improve clarity
- Add some additional checks to assert invalid states
- Consolidate logic for adding txouts to views and improve readability
with new types and funcs
- Conform to the modern editorconfig settings
The sync manager considers the services when the initial peer is created, but the remote services are not known until the handshake completes. This adds a channel that is closed when a verack is received in order to wait for the handshake to complete prior to creating the sync manager peer to ensure the remote services are known and populated. It also moves the code that adds the peer to the server to happen after the handshake as well since it relies on the sync manager. This was discovered by changes that will be in the next commit to no longer improperly assume the remote services before they're known.
- Comments and more descriptive names for tests. - Using t.Run() provides better test metrics and removes the need to include the name of the test in log lines. - Pull a block out TestCheckAuth and make it a separate test.
This fixes an issue where the server treated an unset admin auth hash as unconditional success under the assumption that this state corresponds to the server running certificate auth. However, the server can also reach this state under basic auth by configuring limited credentials without admin credentials. In this case the limited user would have unrestricted access to all admin functions.
When both the `Origin` header and the request `Host` header lack an
explicit port (common behind reverse proxies on standard ports 443/80),
both values collapse to empty string, and `equalASCIIFold("",
"")` returns `true` - allowing **any cross-origin websocket handshake**
to succeed.
jrick
approved these changes
Apr 6, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This is a backport of the following PRs to the 2.1 release branch: