fix: Add username validation to avatar endpoints

gandalf_automationrequested to merge
improve-avatar-endpoint into develop

Summary

  • Add Hive account name validation to avatar proxy endpoints in both blog and wallet apps
  • Invalid usernames now return 400 Bad Request instead of being passed to the image host
  • Validation uses wax library with regex fallback for thread-safety
  • Centralize validation logic in @hive/transaction package

Changes

  • packages/transaction/lib/validate-hive-account.ts - New shared validation module
  • packages/transaction/index.ts - Export validation functions
  • apps/blog/app/api/avatar/route.ts - Add validation
  • apps/wallet/pages/api/avatar.ts - Add validation
  • apps/blog/utils/validate-links.ts - Import from shared module

Test plan

  • Request avatar with valid username: /api/avatar?username=alice → 200 with image
  • Request avatar with invalid username: /api/avatar?username=../etc/passwd → 400 error
  • Request avatar with valid edge case: /api/avatar?username=a--a → 200 with image

Merge request reports