damanukyan/cryptowallet
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

revert: non-custodial — client supplies addresses+paths to POST /wallets/create

Browse Source
This commit is contained in:
ZOMBIIIIIII
2026-05-11 19:51:10 +03:00
parent 8d91dbeb14
commit c8bc40af97
20 changed files with 122 additions and 1475 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
apps/api/src/middleware/rate-limit.ts
View File

@@ -31,7 +31,7 @@ export const mutateLimiter = rateLimit({
message: { success: false, error: 'Too many mutating requests' },
});
// Самый строгий — для send / vault PUT / wallet create (anti-abuse / spam tx prevention)
// Самый строгий — для send / wallet create (anti-abuse / spam tx prevention)
export const sensitiveLimiter = rateLimit({
windowMs: 60 * 1000,
limit: 10,
@@ -40,14 +40,3 @@ export const sensitiveLimiter = rateLimit({
keyGenerator: keyByUserOrIp,
message: { success: false, error: 'Too many sensitive requests' },
});
// Экстремально строгий — для GET /api/wallets/mnemonic.
// Reveal seed phrase — критическая операция: 5 запросов в час per-user.
export const mnemonicRevealLimiter = rateLimit({
windowMs: 60 * 60 * 1000, // 1 hour
limit: 5,
standardHeaders: 'draft-7',
legacyHeaders: false,
keyGenerator: keyByUserOrIp,
message: { success: false, error: 'Too many mnemonic reveal requests' },
});