Gateway: proxy route validation for upstream URLs/methods

[greatest0fallt1me]

Description

Harden parsing/validation for proxied requests: supported methods, URL safety, size limits where applicable.

Requirements and context

• Prevent SSRF classes of issues for operator-configured upstreams.
• Keep compatibility with existing clients.

Suggested execution

• Fork the repo and create a branch: git checkout -b feature/gateway-proxy-validation
• Work in Callora-Backend (TypeScript / Express).

Primary paths

src/routes/proxyRoutes.ts, src/routes/gatewayRoutes.ts, src/types/gateway.ts

• Run npm run lint, npm run typecheck, and npm test.

Deliverables

• Unit tests + any validation utilities.
• Security notes in PR.

Test and commit

• Add or extend unit and/or integration tests (src/**/*.test.ts, tests/integration/**).
• Paste summarized test output in the PR; call out security or data-integrity notes.

Example commit message

fix(gateway): strengthen proxy request validation

Guidelines

• Tests should cover new behavior and important edge cases.
• Keep changes focused; follow existing patterns in the codebase.
• Timeframe: 96 hours from assignment unless agreed otherwise.

[drips-wave]

This issue has been added to the Stellar Wave Program and is worth 200 Points.

🧑‍💻 Interested in contributing? Apply to work on this issue on Drips Wave, earn points, and receive rewards.

Warning

Only applications submitted via the apply link above will be considered. Please do not apply by commenting on the issue or opening a PR directly.

🤠 Repo maintainers: You can manage this issue's Points and Complexity on your Maintainer Dashboard here. Please keep an eye on applications and respond quickly 💙

ℹ️ Learn more about Drips Wave

[oreoluwa648]

@oreoluwa648 has applied to work on this issue as part of the Stellar Wave Program's 3rd wave.

Hi! I'd like to work on issue #112 to harden proxy route validation against SSRF and unsafe upstream configurations while maintaining existing client compatibility. I have experience with security-focused validation in Express and can add robust unit tests and security notes as required.

ℹ️ Repo Maintainers: To accept this application, review their application or assign @oreoluwa648 to this issue.

[drips-wave]

Congratulations, @oreoluwa648! 🎉 Your application was accepted by the repo's maintainers, and the issue is due on March 30, 2026.

🧑‍💻 @oreoluwa648: Please resolve the issue such that the repo's maintainers have enough time to review your contribution before the due date. You'll earn Points for completing the issue on-time, which will make you eligible for a share of the Stellar Wave Program's reward pool.

Warning

When opening a PR, please link it to this issue to ensure it gets tracked accurately. Points are awarded when this issue is marked as completed by the maintainer.

🤠 Repo maintainers: Please keep an eye on the contributor's progress and review their work before the due date. You can manage this issue, including adjusting its complexity and points, here.

🌊 Happy Wave 🌊