Alias TTL renews only on authenticated actions (sending messages)

- Sending a message includes `from` fingerprint - Server renews alias TTL on send (proves identity: you encrypted it) - Polling/receiving does NOT renew (anyone can spam messages to you) - Key registration does NOT renew (separate concern) This prevents alias keepalive attacks where someone spams a user just to keep their alias from expiring. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-27 07:39:15 +04:00
parent bf67566b0c
commit 7fe6de0ba1
4 changed files with 32 additions and 3 deletions
--- a/warzone/crates/warzone-client/src/cli/send.rs
+++ b/warzone/crates/warzone-client/src/cli/send.rs
@@ -82,7 +82,7 @@ pub async fn run(recipient_fp: &str, message: &str, server_url: &str) -> Result<
    let encoded = bincode::serialize(&wire_msg)
        .context("failed to serialize wire message")?;

-    client.send_message(recipient_fp, &encoded).await?;
+    client.send_message(recipient_fp, Some(&our_pub.fingerprint.to_string()), &encoded).await?;

    println!("Message sent to {}", recipient_fp);
    Ok(())