feat(api): don't strike users from /geoblock*, raise 403 (backport #3158)#3284
Merged
UnbornAztecKing merged 1 commit intorelease/indexer/v9.4.xfrom Dec 15, 2025
Conversation
Compliance Controller /geoblock* endpoint changes: - If a connection is whitelisted by ip or chain address, proceed. - Then, if a connection is restricted, raise a 403 geo-blocking error, but don't change compliance status in the database. - If the connection was not restricted, return the compliance status for the address in the database. - If the address has no current compliance status, query the compliance provider to classify the address and set the compliance status, and then return the new compliance status. - The VALID_SURVEY/INVALID_SURVEY api no longer modifies compliance status. (cherry picked from commit d227095)
Contributor
|
Important Review skippedBot user detected. To trigger a single review, invoke the You can disable this status message by setting the Note Free review on us!CodeRabbit is offering free reviews until Wed Dec 17 2025 to showcase some of the refinements we've made. Comment |
UnbornAztecKing
approved these changes
Dec 15, 2025
UnbornAztecKing
deleted the
mergify/bp/release/indexer/v9.4.x/pr-3158
branch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
COMPLIANT→FIRST_STRIKE_CLOSE_ONLY→CLOSE_ONLY→BLOCKEDbased on connection attempts and surveys.403 Forbiddenimmediately, regardless of existing compliance status or action type.COMPLIANT; existing non-COMPLIANTstatuses are returned as-is.Details
API behavior changes
CONNECT,VALID_SURVEY,INVALID_SURVEY) from restricted geolocations now return403with error codeBlockedCode.GEOBLOCKEDand payloadINDEXER_GEOBLOCKED_PAYLOAD, before any database lookups or mutations.COMPLIANTstatus created in DB,200returned.200returned (includingBLOCKED,FIRST_STRIKE,FIRST_STRIKE_CLOSE_ONLY,CLOSE_ONLY).Risk & Impact
Breaking change: High impact on compliance enforcement.
FIRST_STRIKE,FIRST_STRIKE_CLOSE_ONLY, andCLOSE_ONLYrecords in the database are preserved but no longer updated by this controller.Testing
compliance-v2-controller.test.ts:403response for all actions (CONNECT,VALID_SURVEY,INVALID_SURVEY) from restricted countries, regardless of pre-existing status (COMPLIANT,FIRST_STRIKE,FIRST_STRIKE_CLOSE_ONLY,CLOSE_ONLY, or none).it.each) verifies non-restricted requests return existingFIRST_STRIKE/FIRST_STRIKE_CLOSE_ONLYstatuses unchanged.BLOCKEDstatus persists for non-restricted requests.COMPLIANT→FIRST_STRIKE_CLOSE_ONLY, survey-based transitions).Reviewer Notes
upsertComplianceStatus()is now effectively a no-op for existing addresses; all mutation logic removed.compliance_status_changedmetrics are no longer emitted for geoblocked requests (verified in tests).This is an automatic backport of pull request #3158 done by [Mergify](https://mergify.com).