Expand description
API handlers for the persisted notification feed.
GET /notifications- list notifications (keyset pagination, wallet query)POST /notifications/mark-read- mark specific ids read (signed)POST /notifications/mark-all-read- mark every unread notification read (signed)
Reads follow the same unsigned-with-wallet-query pattern as /fills and
/profile so the frontend bell doesn’t need to sign on every page load.
Writes stay behind EIP-712 signature auth; the wallet is extracted from
the verified signature, not the body.
Structs§
- Mark
AllRead Response - Mark
Read Request - Mark
Read Response - Notification
Dto - Notifications
List Query - Notifications
List Response
Functions§
- decode_
payload 🔒 - Decode a stored msgpack payload. A decode failure indicates persisted
data corruption (schema mismatch, truncation, etc.), so we surface it
loudly (log::error) so operators see it, but return
nullfor the payload instead of failing the whole list — a single poisoned row shouldn’t take down the bell for the wallet’s entire history. The fail-loud log + null payload is the compromise between AGENTS.md’s fail-fast-on-invariant rule and read-path availability. - list_
notifications - mark_
all_ read - mark_
read - parse_
wallet 🔒 - Parse+lowercase the wallet query string, rejecting anything that isn’t a
valid 0x-prefixed address. Parsing at the handler boundary keeps the
rate limiter’s wallet-based path reachable (it only kicks in when the
query parses as
WalletAddress) and blocks a trivially-crafted 404-ish DB-load vector against the notifications endpoint. - to_dto 🔒