NW
|
4657b1dfb5
|
feat: web admin panel + better-sqlite3 migration + Docker fixes
- Added Express.js admin panel on port 3001 (ADMIN_PORT env)
- Dashboard: stats (users, products, purchases, revenue)
- Users: list, details, ban/unban toggle
- Products: CRUD by category
- Wallets: list with balances
- Purchases: history with filters
- Audit log: view audit trail
- Auth: token-based login with ADMIN_SECRET env var
- Migrated sqlite3 → better-sqlite3
- database.js: async adapter (runAsync/allAsync/getAsync)
- purchaseService.js: lastID → lastInsertRowid
- userService.js: lastID → lastInsertRowid
- Removed sqlite3 from package.json
- Fixed: dotenv/config import added to index.js
- Fixed: ENCRYPTION_KEY validation (32+ char hex)
- Fixed: Dockerfile multi-stage build (no python needed)
- Fixed: Docker DNS (network: host in build)
- Fixed: docker-compose port 3001, healthcheck on 3001
- Added express, cookie-parser, pino-pretty, better-sqlite3 deps
|
2026-06-22 10:54:01 +01:00 |
|
NW
|
ce1b6003cb
|
feat(logging): replace 207 console.log/error/warn with pino structured logger (#58)
- Add pino + pino-pretty dependencies
- Create src/utils/logger.js with env-based LOG_LEVEL
- Replace all 207 console.log/error/warn calls across 46 source files
- Remove [DEBUG], [ERROR] string prefixes (levels convey this)
- Add pino redact for sensitive fields (mnemonic, privateKey, token, etc.)
- Structured logging with context objects instead of string interpolation
- NODE_ENV=production disables pino-pretty transport
49 files changed, 5601 insertions, 6056 deletions
|
2026-06-22 01:42:47 +01:00 |
|
NW
|
68d83807ad
|
refactor(arch): Phase 2 — deduplicate isAdmin, convertToUsd, getBaseWalletType
- #54: Extract isAdmin() to src/middleware/auth.js, remove duplicates from 7 admin handlers
- #55: Add WalletUtils.convertToUsd(), replace 8 switch-case blocks across 4 files
- #56: Unify getBaseWalletType() — keep only WalletUtils version (most complete),
remove duplicates from Wallet.js and userWalletsHandler.js
New file: src/middleware/auth.js
Net: -215 lines, +80 lines
Closes: #54, #55, #56
|
2026-06-17 22:10:34 +01:00 |
|
NW
|
de415633be
|
feat(security): Phase 1 — critical security fixes and hardening
- #42: Remove hardcoded ENCRYPTION_KEY fallback from config.js,
add startup validation for BOT_TOKEN and ENCRYPTION_KEY length
- #43: Fix SQL injection vulnerabilities — add ALLOWED_TABLES
whitelist in database.js, ALLOWED_USER_FIELDS in userService.js,
validate table names before PRAGMA
- #44: Fix race condition in purchaseService.js — wrap createPurchase
in BEGIN IMMEDIATE TRANSACTION, add atomic balance/stock checks
- #41: Move all secrets from docker-compose.yml to .env file,
use env_file directive
- #45: Replace MD5 tx_hash with crypto.randomUUID()
- #46: Upgrade KDF from SHA-256 to HKDF for mnemonic encryption,
add backward compatibility for legacy format
- #47: Add input validation across all handlers — walletType
whitelist, string length limits, numeric ID checks, price bounds
New files:
- src/utils/encryption.js (HKDF key derivation)
- src/__tests__/security.test.js (SQL injection prevention tests)
Closes: #41, #42, #43, #44, #45, #46, #47
|
2026-06-17 21:52:49 +01:00 |
|
|
|
dd18e74529
|
update calculate user balance
|
2025-01-09 20:07:44 +00:00 |
|
|
|
66f5251795
|
update check ETH USDT USDC balance function
|
2025-01-08 12:01:02 +00:00 |
|
|
|
a970a188db
|
new user registration function
|
2024-12-18 19:46:29 +00:00 |
|
|
|
b224b3f331
|
update UserService
|
2024-12-18 16:16:41 +00:00 |
|
|
|
4aebb4e41b
|
update user info page
|
2024-12-17 00:05:59 +00:00 |
|
|
|
d51bc9f0b9
|
User start registration update function
|
2024-12-16 12:37:44 +00:00 |
|
|
|
9d9e0e80ad
|
Bug update function
|
2024-12-14 23:12:36 +00:00 |
|
Artyom Ashirov
|
5d4f56e265
|
refactoring
|
2024-11-23 05:03:30 +03:00 |
|
