Description:
The frontend sends a 'ping' every minute. The backend must verify this ping is signed by the user's wallet before updating the DB.
Acceptance Criteria:
[ ] Verify x-signature header using stellar-sdk.
[ ] Check if timestamp is recent (replay attack prevention).
[ ] Update student_progress table only if valid.
Priority: Critical
Labels: security, api
Description:
The frontend sends a 'ping' every minute. The backend must verify this ping is signed by the user's wallet before updating the DB.
Acceptance Criteria:
[ ] Verify x-signature header using stellar-sdk.
[ ] Check if timestamp is recent (replay attack prevention).
[ ] Update student_progress table only if valid.
Priority: Critical
Labels: security, api