remove /api/vault endpoints

2026-05-11 18:36:44 +03:00
parent 64696b334c
commit 8d91dbeb14
10 changed files with 12 additions and 211 deletions
--- a/apps/api/src/app.ts
+++ b/apps/api/src/app.ts
@@ -11,7 +11,6 @@ import { csrfMiddleware } from './middleware/csrf';
 import { globalLimiter, mutateLimiter, sensitiveLimiter, mnemonicRevealLimiter } from './middleware/rate-limit';
 import { errorHandler } from './middleware/error-handler';
 import walletRoutes from './routes/wallet.routes';
-import vaultRoutes from './routes/vault.routes';
 import relayProxyRoutes from './routes/relay-proxy.routes';
 import tronProxyRoutes from './routes/tron-proxy.routes';
 import solSwapProxyRoutes from './routes/sol-swap-proxy.routes';
@@ -55,7 +54,6 @@ const protect = [authMiddleware, csrfMiddleware];
 app.use('/api/wallets/create', ...protect, sensitiveLimiter);
 app.use('/api/wallets/mnemonic/reveal', ...protect, mnemonicRevealLimiter);
 app.use('/api/wallets/:chain/send', ...protect, sensitiveLimiter);
-app.use('/api/vault', ...protect, sensitiveLimiter, vaultRoutes);

 // Mutating (proxy + read endpoints) — повышенный лимит
 app.use('/api/wallets', ...protect, mutateLimiter, walletRoutes);
--- a/apps/api/src/controllers/vault.controller.ts
+++ b/apps/api/src/controllers/vault.controller.ts
@@ -1,70 +0,0 @@
-import { Request, Response } from 'express';
-import { UserModel } from '../models/user.model';
-import { logger } from '../lib/logger';
-
-const MAX_VAULT_SIZE = 8192; // base64 encrypted blob upper limit
-const MAX_SALT_LEN = 128;
-
-/**
- * Encrypted vault — opaque blob (зашифрованный mnemonic, AES-GCM на клиенте).
- * Сервис хранит как есть; никогда не расшифровывает. Ключ только у клиента
- * (PBKDF2(password+pin) или аналог).
- */
-export const VaultController = {
-  /**
-   * GET /api/vault — вернуть encrypted_vault + vault_salt пользователя.
-   */
-  async getVault(req: Request, res: Response) {
-    const userId = req.auth!.userId;
-    try {
-      const row = await UserModel.getVault(userId);
-      if (!row || !row.encrypted_vault || !row.vault_salt) {
-        res.status(404).json({ success: false, error: 'Vault not found' });
-        return;
-      }
-      res.json({
-        success: true,
-        data: {
-          encryptedVault: row.encrypted_vault,
-          vaultSalt: row.vault_salt,
-        },
-      });
-    } catch (err: any) {
-      logger.error(`getVault failed for user ${userId}: ${err.stack || err.message}`);
-      res.status(500).json({ success: false, error: 'Internal error' });
-    }
-  },
-
-  /**
-   * PUT /api/vault — сохранить новый encrypted_vault + vault_salt.
-   * Создаёт user-row если её ещё нет.
-   */
-  async putVault(req: Request, res: Response) {
-    const userId = req.auth!.userId;
-    const { encryptedVault, vaultSalt } = req.body ?? {};
-
-    if (typeof encryptedVault !== 'string' || encryptedVault.length === 0 || encryptedVault.length > MAX_VAULT_SIZE) {
-      res.status(400).json({
-        success: false,
-        error: `encryptedVault must be a non-empty string (max ${MAX_VAULT_SIZE} chars)`,
-      });
-      return;
-    }
-    if (typeof vaultSalt !== 'string' || vaultSalt.length === 0 || vaultSalt.length > MAX_SALT_LEN) {
-      res.status(400).json({
-        success: false,
-        error: `vaultSalt must be a non-empty string (max ${MAX_SALT_LEN} chars)`,
-      });
-      return;
-    }
-
-    try {
-      await UserModel.ensureExists(userId);
-      await UserModel.setVault(userId, encryptedVault, vaultSalt);
-      res.json({ success: true });
-    } catch (err: any) {
-      logger.error(`putVault failed for user ${userId}: ${err.stack || err.message}`);
-      res.status(500).json({ success: false, error: 'Internal error' });
-    }
-  },
-};
--- a/apps/api/src/models/user.model.ts
+++ b/apps/api/src/models/user.model.ts
@@ -61,23 +61,6 @@ export const UserModel = {
    return user;
  },

-  async setVault(id: string, encryptedVault: string, vaultSalt: string): Promise<void> {
-    await db('users')
-      .where({ id })
-      .update({
-        encrypted_vault: encryptedVault,
-        vault_salt: vaultSalt,
-        updated_at: db.fn.now(),
-      });
-  },
-
-  async getVault(id: string): Promise<{ encrypted_vault: string | null; vault_salt: string | null } | undefined> {
-    return db('users')
-      .where({ id, is_deleted: false })
-      .select('encrypted_vault', 'vault_salt')
-      .first();
-  },
-
  /**
   * Custodial: атомарно записать зашифрованную мнемонику.
   * Используется set-once семантика: UPDATE WHERE encrypted_mnemonic IS NULL,
--- a/apps/api/src/routes/vault.routes.ts
+++ b/apps/api/src/routes/vault.routes.ts
@@ -1,9 +0,0 @@
-import { Router } from 'express';
-import { VaultController } from '../controllers/vault.controller';
-
-const router = Router();
-
-router.get('/', VaultController.getVault);
-router.put('/', VaultController.putVault);
-
-export default router;