damanukyan/cryptowallet
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: off auth

Browse Source
This commit is contained in:
Daniil Manukian
2026-05-12 18:54:46 +03:00
parent e87d178d71
commit a9024b87da
2 changed files with 7 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
apps/api/src/app.ts
View File

@@ -10,6 +10,7 @@ import { authMiddleware } from './middleware/auth';
import { csrfMiddleware } from './middleware/csrf'; import { csrfMiddleware } from './middleware/csrf';
import { globalLimiter, mutateLimiter, sensitiveLimiter, mnemonicRevealLimiter } from './middleware/rate-limit'; import { globalLimiter, mutateLimiter, sensitiveLimiter, mnemonicRevealLimiter } from './middleware/rate-limit';
import { errorHandler } from './middleware/error-handler'; import { errorHandler } from './middleware/error-handler';
import { WalletController } from './controllers/wallet.controller';
import walletRoutes from './routes/wallet.routes'; import walletRoutes from './routes/wallet.routes';
import relayProxyRoutes from './routes/relay-proxy.routes'; import relayProxyRoutes from './routes/relay-proxy.routes';
import tronProxyRoutes from './routes/tron-proxy.routes'; import tronProxyRoutes from './routes/tron-proxy.routes';
@@ -51,11 +52,12 @@ app.use('/api', globalLimiter);
const protect = [authMiddleware, csrfMiddleware]; const protect = [authMiddleware, csrfMiddleware];
// Sensitive — самый строгий лимит. Каждый POST защищён JWT + CSRF. // Sensitive — самый строгий лимит. Каждый POST защищён JWT + CSRF.
app.use('/api/wallets/create', ...protect, sensitiveLimiter);
app.use('/api/wallets/mnemonic/reveal', ...protect, mnemonicRevealLimiter); app.use('/api/wallets/mnemonic/reveal', ...protect, mnemonicRevealLimiter);
app.use('/api/wallets/:chain/send', ...protect, sensitiveLimiter); app.use('/api/wallets/:chain/send', ...protect, sensitiveLimiter);
// Mutating (proxy + read endpoints) — повышенный лимит // Mutating (proxy + read endpoints) — повышенный лимит
app.post('/api/wallets/create', sensitiveLimiter, WalletController.createWallet);
app.get('/api/wallets', mutateLimiter, WalletController.getWallets);
app.use('/api/wallets', ...protect, mutateLimiter, walletRoutes); app.use('/api/wallets', ...protect, mutateLimiter, walletRoutes);
app.use('/api/relay', ...protect, mutateLimiter, relayProxyRoutes); app.use('/api/relay', ...protect, mutateLimiter, relayProxyRoutes);
app.use('/api/tron', ...protect, mutateLimiter, tronProxyRoutes); app.use('/api/tron', ...protect, mutateLimiter, tronProxyRoutes);

7
apps/api/src/controllers/wallet.controller.ts
View File

@@ -26,8 +26,9 @@ export const WalletController = {
* GET /api/wallets — все адреса юзера. * GET /api/wallets — все адреса юзера.
*/ */
async getWallets(req: Request, res: Response) { async getWallets(req: Request, res: Response) {
const userId = '01KPKAFN6J1NJBY15DX8JE2QYB';
try { try {
const wallets = await WalletModel.findByUserId(req.auth!.userId); const wallets = await WalletModel.findByUserId(userId);
res.json({ res.json({
success: true, success: true,
data: wallets.map((w) => ({ data: wallets.map((w) => ({
@@ -37,7 +38,7 @@ export const WalletController = {
})), })),
}); });
} catch (err: any) { } catch (err: any) {
logger.error(`getWallets failed for user ${req.auth!.userId}: ${err.stack || err.message}`); logger.error(`getWallets failed for user ${userId}: ${err.stack || err.message}`);
res.status(500).json({ success: false, error: 'Internal error' }); res.status(500).json({ success: false, error: 'Internal error' });
} }
}, },
@@ -49,7 +50,7 @@ export const WalletController = {
* Возвращает: ТОЛЬКО адреса. Mnemonic клиенту не отдаём. * Возвращает: ТОЛЬКО адреса. Mnemonic клиенту не отдаём.
*/ */
async createWallet(req: Request, res: Response) { async createWallet(req: Request, res: Response) {
const userId = req.auth!.userId; const userId = '01KPKAFN6J1NJBY15DX8JE2QYB';
if (!isCryptoReady()) { if (!isCryptoReady()) {
res.status(503).json({ success: false, error: 'Crypto service not ready' }); res.status(503).json({ success: false, error: 'Crypto service not ready' });