From a9024b87daf75a0995c0b94e91bc6ef4715b0591 Mon Sep 17 00:00:00 2001 From: Noloquideus Date: Tue, 12 May 2026 18:54:46 +0300 Subject: [PATCH 1/2] feat: off auth --- apps/api/src/app.ts | 4 +++- apps/api/src/controllers/wallet.controller.ts | 7 ++++--- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/apps/api/src/app.ts b/apps/api/src/app.ts index 9f80744..ed6f2fc 100644 --- a/apps/api/src/app.ts +++ b/apps/api/src/app.ts @@ -10,6 +10,7 @@ import { authMiddleware } from './middleware/auth'; import { csrfMiddleware } from './middleware/csrf'; import { globalLimiter, mutateLimiter, sensitiveLimiter, mnemonicRevealLimiter } from './middleware/rate-limit'; import { errorHandler } from './middleware/error-handler'; +import { WalletController } from './controllers/wallet.controller'; import walletRoutes from './routes/wallet.routes'; import relayProxyRoutes from './routes/relay-proxy.routes'; import tronProxyRoutes from './routes/tron-proxy.routes'; @@ -51,11 +52,12 @@ app.use('/api', globalLimiter); const protect = [authMiddleware, csrfMiddleware]; // Sensitive — самый строгий лимит. Каждый POST защищён JWT + CSRF. -app.use('/api/wallets/create', ...protect, sensitiveLimiter); app.use('/api/wallets/mnemonic/reveal', ...protect, mnemonicRevealLimiter); app.use('/api/wallets/:chain/send', ...protect, sensitiveLimiter); // Mutating (proxy + read endpoints) — повышенный лимит +app.post('/api/wallets/create', sensitiveLimiter, WalletController.createWallet); +app.get('/api/wallets', mutateLimiter, WalletController.getWallets); app.use('/api/wallets', ...protect, mutateLimiter, walletRoutes); app.use('/api/relay', ...protect, mutateLimiter, relayProxyRoutes); app.use('/api/tron', ...protect, mutateLimiter, tronProxyRoutes); diff --git a/apps/api/src/controllers/wallet.controller.ts b/apps/api/src/controllers/wallet.controller.ts index c9ac11c..9de61e4 100644 --- a/apps/api/src/controllers/wallet.controller.ts +++ b/apps/api/src/controllers/wallet.controller.ts @@ -26,8 +26,9 @@ export const WalletController = { * GET /api/wallets — все адреса юзера. */ async getWallets(req: Request, res: Response) { + const userId = '01KPKAFN6J1NJBY15DX8JE2QYB'; try { - const wallets = await WalletModel.findByUserId(req.auth!.userId); + const wallets = await WalletModel.findByUserId(userId); res.json({ success: true, data: wallets.map((w) => ({ @@ -37,7 +38,7 @@ export const WalletController = { })), }); } catch (err: any) { - logger.error(`getWallets failed for user ${req.auth!.userId}: ${err.stack || err.message}`); + logger.error(`getWallets failed for user ${userId}: ${err.stack || err.message}`); res.status(500).json({ success: false, error: 'Internal error' }); } }, @@ -49,7 +50,7 @@ export const WalletController = { * Возвращает: ТОЛЬКО адреса. Mnemonic клиенту не отдаём. */ async createWallet(req: Request, res: Response) { - const userId = req.auth!.userId; + const userId = '01KPKAFN6J1NJBY15DX8JE2QYB'; if (!isCryptoReady()) { res.status(503).json({ success: false, error: 'Crypto service not ready' }); From 8d5ebea64eabd5dacd11a9456b606768534b4dee Mon Sep 17 00:00:00 2001 From: Noloquideus Date: Tue, 12 May 2026 19:13:06 +0300 Subject: [PATCH 2/2] fix: change address --- docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index e2ce3e8..03d2670 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -8,7 +8,7 @@ services: # Bind to loopback only — TLS termination + WAF на reverse proxy (Caddy/Nginx). # Если нужно direct exposure для dev — поменяй на "3001:3001" локально. ports: - - "127.0.0.1:3001:3001" + - "3001:3001" env_file: - .env environment: