Security:
- Serve generated profiles at /api/profile/<random-token> instead of
/api/profile/<sequential-int>. Profiles carry Ki/OPc, so the enumerable id
scheme allowed anyone on the WiFi to harvest all subscriber keys. Unknown
tokens return a plain 404 so they can't be probed.
Robustness:
- Open5GS/free5gc adapters use short MongoDB timeouts so an unreachable core
fails provisioning fast instead of blocking ~30s on the default.
- Profile cache is now a size-capped LRU (OrderedDict) to prevent unbounded
memory growth.
- load_config rejects empty/non-mapping YAML and validates network.op_key is a
16-byte hex string.
Tests: +25 (test_app.py API coverage, test_utils.py); 78 pass.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Full working closed-loop eSIM provisioning stack (spec in claude.md / plan/):
Flask API, SQLite subscriber store, credential/profile generator, Open5GS
and free5gc core adapters, captive portal, operational scripts, systemd
units, network configs, and a 44-test suite.
Profile generation currently returns a mock JSON profile; real SGP.22
generation via pySim is the planned Phase-2 upgrade.
Fixes two bugs found while getting the suite green:
- generate_imsi hardcoded a 10-digit MSIN, producing 16-digit IMSIs for a
3-digit MNC; MSIN length is now 15 - len(mcc) - len(mnc).
- check_rate_limit compared timestamps as strings across mismatched formats
(SQLite CURRENT_TIMESTAMP vs Python isoformat); both sides now normalized
via SQLite datetime() so the window check is chronologically correct.
Add .gitignore for venv, caches, runtime config.yaml, and databases.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>