Input sanitation. Minimum amount fix. Debug log updated.

backend/src/api/donations.ts

@@ -61,7 +61,7 @@ class Donations {
       this.notifyDonationStatusCallback(data.id);
     }
 
-    if (parseFloat(response.btcPaid) < 0.001) {
+    if (parseFloat(response.btcPaid) < 0.01) {
       return;
     }
 

backend/src/api/mempool.ts

@@ -88,7 +88,7 @@ class Mempool {
         firstSeen: Math.round((new Date().getTime() / 1000)),
       }, transaction);
     } catch (e) {
-      logger.warn(txId + ' not found');
+      logger.debug(txId + ' not found');
       return false;
     }
   }
@@ -125,7 +125,7 @@ class Mempool {
             }
             newTransactions.push(transaction);
           } else {
-            logger.err('Error finding transaction in mempool.');
+            logger.debug('Error finding transaction in mempool.');
           }
         }
 
@@ -138,7 +138,7 @@ class Mempool {
       if (this.mempoolProtection === 0 && transactions.length / currentMempoolSize <= 0.80) {
         this.mempoolProtection = 1;
         this.inSync = false;
-        logger.warn('Mempool clear protection triggered.');
+        logger.warn(`Mempool clear protection triggered because transactions.length: ${transactions.length} and currentMempoolSize: ${currentMempoolSize}.`);
         setTimeout(() => {
           this.mempoolProtection = 2;
           logger.warn('Mempool clear protection resumed.');

backend/src/routes.ts

@@ -118,11 +118,21 @@ class Routes {
       return;
     }
 
+    if (p.orderId !== '' && !/^(@|)[a-zA-Z0-9_]{1,15}$/.test(p.orderId)) {
+      res.status(400).send('Invalid Twitter handle');
+      return;
+    }
+
     if (p.amount < 0.001) {
       res.status(400).send('Amount needs to be at least 0.001');
       return;
     }
 
+    if (p.amount > 1000) {
+      res.status(400).send('Amount too large');
+      return;
+    }
+
     try {
       const result = await donations.createRequest(p.amount, p.orderId);
       res.json(result);