Do not open a public issue for security vulnerabilities.
Email: o4bit@protonmail.com Or use GitHub's private vulnerability reporting.
Include: description, reproduction steps, potential impact, and suggested fix if any.
Response timeline: acknowledgement within 48 hours, triage within 7 days.
| Layer | Control |
|---|---|
| Rate limiting | Per-IP, 100 req/hour via D1 (enforced before upstream calls) |
| SSRF protection | Hard-coded api.nasa.gov host allowlist + defense-in-depth re-parse |
| Input validation | Strict date format, known-param allowlist, range bounds |
| API key isolation | Server-side only; never echoed in responses, logs, or errors |
| Security headers | X-Content-Type-Options: nosniff, Cache-Control |
| Error sanitization | Upstream error bodies are never forwarded to clients |
- No authentication — this is a public proxy; anyone can call it within the rate limit.
- Upstream trust — we trust
api.nasa.gov; if it were compromised, responses would be affected. - D1 availability — if D1 is down, the rate limiter fails open (allows traffic) to avoid a full outage.
- Set
NASA_API_KEYas a Cloudflare secret (wrangler secret put NASA_API_KEY), never inwrangler.toml. - Monitor D1 metrics and Cloudflare Worker logs for unusual traffic.
- Keep dependencies updated; run
cargo auditregularly.