FIX tx prioritization auth and mined-tx template checks#259
Merged
Conversation
added 4 commits
May 6, 2026 18:18
Require a dedicated API_TX_TOKEN bearer credential before POST /api/tx/{tx}
can submit and prioritize transactions through bitcoind. Treat the token as
part of the prioritizing-txs configuration gate, so the endpoint is available
only when RPC_URL, RPC_USER, RPC_PWD, RPC_FEE_DELTA, and API_TX_TOKEN are all
set.
Keep disabled prioritization returning the existing 503 response, and reject
missing or invalid endpoint credentials with 401 before any Bitcoin RPC is
attempted. Store the API token alongside the BitcoindRpc state used by the API
server instead of leaving the write path unauthenticated.
When prioritized transactions disappear from new templates, check bitcoind
mempool state in the background before reporting an error. Remove txids that
are no longer in the mempool, warn on mempool-check failures, and only log a
template error when bitcoind still reports the transaction as mempool-resident.
Add regression coverage for disabled prioritization config, unauthorized tx
requests, bearer-token acceptance, missing API_TX_TOKEN config, and bitcoind
not-in-mempool error classification.
Treat txn-already-in-mempool from sendrawtransaction as a successful lookup. Decode the raw transaction locally, derive its txid, and still call prioritisetransaction. Keep other sendrawtransaction RPC errors rejected, and add regression coverage for the duplicate-mempool path.
Priceless-P
approved these changes
May 8, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
After PR254 and PR257, this should fix all the issues encountered so far with priotised txs feature.
Fixes issue 255
Abstract
Require a dedicated API_TX_TOKEN bearer credential before POST /api/tx/{tx} can submit and prioritize transactions through bitcoind. Treat the token as part of the prioritizing-txs configuration gate, so the endpoint is available only when RPC_URL, RPC_USER, RPC_PWD, RPC_FEE_DELTA, and API_TX_TOKEN are all set.
Keep disabled prioritization returning the existing 503 response, and reject missing or invalid endpoint credentials with 401 before any Bitcoin RPC is attempted. Store the API token alongside the BitcoindRpc state used by the API server instead of leaving the write path unauthenticated.
When prioritized transactions disappear from new templates, check bitcoind mempool state in the background before reporting an error. Remove txids that are no longer in the mempool, warn on mempool-check failures, and only log a template error when bitcoind still reports the transaction as mempool-resident.
Add regression coverage for disabled prioritization config, unauthorized tx requests, bearer-token acceptance, missing API_TX_TOKEN config, and bitcoind not-in-mempool error classification.