mirrors/tranquil-pds
1
0
Fork 0
mirror of https://tangled.org/tranquil.farm/tranquil-pds synced 2026-02-09 13:50:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update TODO.md

Browse Source
This commit is contained in:
lewis
2025-12-12 23:32:02 +02:00
parent b66e4fe291
commit 9b75db2ede
1 changed files with 8 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
TODO.md
View File

@@ -239,6 +239,7 @@ These are implemented at PDS level to enable local-first reads (read-after-write
- [x] SSRF protection for outbound requests.
## Lewis' fabulous mini-list of remaining TODOs
- [ ] The OAuth authorize POST endpoint has no rate limiting, allowing password brute-forcing. Fix this and audit all oauth and 2fa surface again.
- [ ] DID resolution caching (valkey).
- [ ] Record schema validation (generic validation framework).
- [ ] Fix any remaining TODOs in the code.
@@ -289,3 +290,10 @@ Admin Dashboard (privileged users only)
- [ ] Invite management (uses `com.atproto.admin.getInviteCodes`, `disableInviteCodes`)
- [ ] Server stats (uses `com.bspds.admin.getServerStats`)
## Future: private data
I will see where the discourse about encrypted/privileged private data is at the current moment, and make an implementation that matches what the bsky team will likely do in their pds whenever they get around to it.
Then when they come out with theirs, I can make adjustments to mine and be ready on day 1. Or 2.
We want records that only authorized parties can see and decrypt. This requires some sort of federation of keys and communication between PDSes?
Gotta figure all of this out as a first step.