update project

apps/api/src/config/env.ts

@@ -1,22 +1,16 @@
 import dotenv from 'dotenv';
 import path from 'path';
+import { fetchVaultSecrets } from './vault';
 
 dotenv.config({ path: path.resolve(__dirname, '../../../../.env') });
 
-export const env = {
+export let env = {
   db: {
     host: process.env.DB_HOST || 'localhost',
     port: parseInt(process.env.DB_PORT || '5432'),
     user: process.env.DB_USER || 'postgres',
     password: process.env.DB_PASSWORD || 'postgres',
-    name: process.env.DB_NAME || 'cryptowallet_v2',
-  },
-  jwt: {
-    jwksUrl: process.env.JWT_JWKS_URL || '',
-    publicKey: process.env.JWT_PUBLIC_KEY || '',
-    algorithm: process.env.JWT_ALGORITHM || 'RS256',
-    issuer: process.env.JWT_ISSUER || '',
-    audience: process.env.JWT_AUDIENCE || '',
+    name: process.env.DB_NAME || 'cryptowallet',
   },
   port: parseInt(process.env.API_PORT || '3001'),
   frontendUrl: process.env.FRONTEND_URL || 'http://localhost:3000',
@@ -24,5 +18,38 @@ export const env = {
   tronApiKey: process.env.TRON_API_KEY || null,
   jupiterApiKey: process.env.JUPITER_API_KEY || null,
   jupiterReferralAccount: process.env.JUPITER_REFERRAL_ACCOUNT || null,
-  jupiterFeeBps: parseInt(process.env.JUPITER_FEE_BPS || '70'),
+  jupiterFeeBps: parseInt(process.env.JUPITER_FEE_BPS || '70'), // 0.7%
+
+  // BITOK auth service
+  bitokJwksUrl: process.env.BITOK_JWKS_URL || 'http://localhost:8000/.well-known/jwks.json',
+  bitokIssuer: process.env.BITOK_ISSUER || 'auth-service',
+  bitokAudience: process.env.BITOK_AUDIENCE || 'wallet-service',
+
+  // RabbitMQ
+  rabbitmqUrl: process.env.RABBITMQ_URL || 'amqp://guest:guest@localhost:5672/',
+  rabbitmqExchange: process.env.RABBITMQ_EXCHANGE || 'bitok.events',
+  rabbitmqWalletQueue: process.env.RABBITMQ_WALLET_QUEUE || 'wallet.user_events',
 };
+
+export async function initEnv(): Promise<void> {
+  const secrets = await fetchVaultSecrets();
+
+  if (secrets) {
+    console.log('[ENV] Loaded secrets from Vault');
+    env = {
+      ...env,
+      db: {
+        host: secrets.db_host,
+        port: parseInt(secrets.db_port),
+        user: secrets.db_user,
+        password: secrets.db_password,
+        name: secrets.db_name,
+      },
+      relayApiKey: secrets.relay_api_key || null,
+      tronApiKey: secrets.tron_api_key || env.tronApiKey,
+      jupiterApiKey: secrets.jupiter_api_key || env.jupiterApiKey,
+    };
+  } else {
+    console.log('[ENV] Vault not available, using env vars');
+  }
+}

apps/api/src/config/swagger.ts

@@ -1,5 +0,0 @@
-import fs from 'fs';
-import path from 'path';
-
-const swaggerPath = path.resolve(__dirname, '../../swagger.json');
-export const swaggerSpec = JSON.parse(fs.readFileSync(swaggerPath, 'utf-8'));

apps/api/src/config/vault.ts

@@ -0,0 +1,30 @@
+interface VaultSecrets {
+  db_host: string;
+  db_port: string;
+  db_user: string;
+  db_password: string;
+  db_name: string;
+  relay_api_key: string;
+  tron_api_key: string;
+  jupiter_api_key: string;
+}
+
+export async function fetchVaultSecrets(): Promise<VaultSecrets | null> {
+  const vaultAddr = process.env.VAULT_ADDR;
+  const vaultToken = process.env.VAULT_TOKEN;
+
+  if (!vaultAddr || !vaultToken) return null;
+
+  try {
+    const res = await fetch(`${vaultAddr}/v1/kv/data/cryptowallet`, {
+      headers: { 'X-Vault-Token': vaultToken },
+    });
+
+    if (!res.ok) return null;
+
+    const body = (await res.json()) as { data: { data: VaultSecrets } };
+    return body.data.data;
+  } catch {
+    return null;
+  }
+}