damanukyan/cryptowallet
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: off auth

Browse Source
This commit is contained in:
Daniil Manukian
2026-05-12 18:54:46 +03:00
parent e87d178d71
commit a9024b87da
2 changed files with 7 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
apps/api/src/app.ts
View File

@@ -10,6 +10,7 @@ import { authMiddleware } from './middleware/auth';
import { csrfMiddleware } from './middleware/csrf';
import { globalLimiter, mutateLimiter, sensitiveLimiter, mnemonicRevealLimiter } from './middleware/rate-limit';
import { errorHandler } from './middleware/error-handler';
import { WalletController } from './controllers/wallet.controller';
import walletRoutes from './routes/wallet.routes';
import relayProxyRoutes from './routes/relay-proxy.routes';
import tronProxyRoutes from './routes/tron-proxy.routes';
@@ -51,11 +52,12 @@ app.use('/api', globalLimiter);
const protect = [authMiddleware, csrfMiddleware];
// Sensitive — самый строгий лимит. Каждый POST защищён JWT + CSRF.
app.use('/api/wallets/create', ...protect, sensitiveLimiter);
app.use('/api/wallets/mnemonic/reveal', ...protect, mnemonicRevealLimiter);
app.use('/api/wallets/:chain/send', ...protect, sensitiveLimiter);
// Mutating (proxy + read endpoints) — повышенный лимит
app.post('/api/wallets/create', sensitiveLimiter, WalletController.createWallet);
app.get('/api/wallets', mutateLimiter, WalletController.getWallets);
app.use('/api/wallets', ...protect, mutateLimiter, walletRoutes);
app.use('/api/relay', ...protect, mutateLimiter, relayProxyRoutes);
app.use('/api/tron', ...protect, mutateLimiter, tronProxyRoutes);

7
apps/api/src/controllers/wallet.controller.ts
View File

@@ -26,8 +26,9 @@ export const WalletController = {
* GET /api/wallets — все адреса юзера.
*/
async getWallets(req: Request, res: Response) {
const userId = '01KPKAFN6J1NJBY15DX8JE2QYB';
try {
const wallets = await WalletModel.findByUserId(req.auth!.userId);
const wallets = await WalletModel.findByUserId(userId);
res.json({
success: true,
data: wallets.map((w) => ({
@@ -37,7 +38,7 @@ export const WalletController = {
})),
});
} catch (err: any) {
logger.error(`getWallets failed for user ${req.auth!.userId}: ${err.stack || err.message}`);
logger.error(`getWallets failed for user ${userId}: ${err.stack || err.message}`);
res.status(500).json({ success: false, error: 'Internal error' });
}
},
@@ -49,7 +50,7 @@ export const WalletController = {
* Возвращает: ТОЛЬКО адреса. Mnemonic клиенту не отдаём.
*/
async createWallet(req: Request, res: Response) {
const userId = req.auth!.userId;
const userId = '01KPKAFN6J1NJBY15DX8JE2QYB';
if (!isCryptoReady()) {
res.status(503).json({ success: false, error: 'Crypto service not ready' });