NW
ce1b6003cb
feat(logging): replace 207 console.log/error/warn with pino structured logger ( #58 )
...
- Add pino + pino-pretty dependencies
- Create src/utils/logger.js with env-based LOG_LEVEL
- Replace all 207 console.log/error/warn calls across 46 source files
- Remove [DEBUG], [ERROR] string prefixes (levels convey this)
- Add pino redact for sensitive fields (mnemonic, privateKey, token, etc.)
- Structured logging with context objects instead of string interpolation
- NODE_ENV=production disables pino-pretty transport
49 files changed, 5601 insertions, 6056 deletions
2026-06-22 01:42:47 +01:00
NW
ba80784ae7
security(docker): remove privileged mode, SYS_MODULE; harden WireGuard ( #49 #50 )
...
- Removed privileged: true from docker-compose.yml
- Removed SYS_MODULE cap_add (kept NET_ADMIN for WireGuard)
- Removed source code bind mounts (./src, package.json)
- Removed wg0.conf and resolv.conf bind mounts (now generated from env)
- Added resource limits: mem_limit 512m, cpus 1.0
- Added healthcheck with curl
- Added non-root user appuser:appgroup in Dockerfile
- wg0.conf now generated from env vars at container startup (WG_PRIVATE_KEY, etc.)
- resolv.conf generated from WG_DNS env var
- Rotated wg0.conf — private key removed from file
- Added WG_ALLOWED_IPS to .env.example
SECURITY: Rotate WireGuard keys on server if previously used in production
2026-06-22 01:26:35 +01:00
NW
d0b26dae25
refactor(arch): replace if/else router with Map-based dispatcher ( #53 )
...
- index.js: 394→69 lines (82% reduction)
- callbackRouter.js (36 lines): Map-based dispatch with exact + prefix matching
- Longest-prefix-first for specificity
- Logs warning for unregistered callbacks
- messageRouter.js (27 lines): Ordered input handlers + text command Map
- routes.js (345 lines): All 59 callback routes + 9 text commands + 7 input handlers
- Exact routes: 19 (add_wallet, back_to_balance, etc.)
- Prefix routes: 40 (generate_wallet_, view_product_, etc.)
- Admin text commands with isAdmin guard
- Special cases: view_transaction_history_ page extraction
- Input handler order preserved (location → category → import → edit → dump → bonus)
2026-06-22 01:16:34 +01:00
NW
f8123e42bb
refactor(arch): split userWalletsHandler.js into 7 modular files ( #52 )
...
- 747-line monolith → 8 files (all ≤108 lines)
- balanceHandler (96 lines): showBalance, handleBackToBalance
- historyHandler (107 lines): handleTransactionHistory, handleWalletHistory
- refreshHandler (75 lines): handleRefreshBalance with balance refresh
- createHandler (94 lines): handleAddWallet, handleGenerateWallet
- topUpHandler (60 lines): handleTopUpWallet
- archiveHandler (86 lines): handleViewArchivedWallets
- helpers (19 lines): getNetworkName, getWalletAddress
- index.js (20 lines): re-exports all 11 handler methods
- Removed duplicate getBaseWalletType (now uses WalletUtils)
- Removed duplicate getNetworkName (now in helpers.js)
2026-06-22 01:11:53 +01:00
NW
4b7ed0c251
refactor(arch): split adminProductHandler.js into 13 modular files ( #51 )
...
- 1093-line monolith → 13 files (all ≤97 lines)
- navigationHandler: product management entry + country selection
- districtHandler: city + district selection
- categoryAddHandler: add category input + handler
- categoryEditHandler: edit category input + handler
- categorySelectionHandler: category selection display
- createHandler: add product prompt
- importHandler: product import (JSON/text/file)
- editStartHandler: product edit prompt
- editImportHandler: product edit import
- deleteHandler: product delete + confirm
- viewHandler: product detail view
- listHandler: product list with pagination
- productValidator: shared validation utilities
- index.js: router re-exporting all 17 handler methods
- Removed duplicate handleCategorySelection (subcategories table doesn't exist)
- Removed handleSubcategoryInput/handleAddSubcategory (references non-existent subcategories table)
2026-06-17 22:41:04 +01:00
NW
4b8144ac40
refactor(arch): split database.js into migrations + connection module ( #57 )
...
- database.js: 292→42 lines (connection + async helpers only)
- 001_initial_schema.js: 7 CREATE TABLE statements in transaction
- 002_add_columns.js: 5 ALTER TABLE checks with checkColumnExists
- 003_add_indexes.js: 6 CREATE INDEX statements
- runner.js: versioned migration runner with _meta table
- index.js: calls runMigrations() + cleanUpInvalidForeignKeys()
- ALLOWED_TABLES whitelist preserved in runner.js
- Schema version tracked in _meta table for idempotent runs
2026-06-17 22:28:11 +01:00
NW
2e8b6b5659
fix: add isAdmin delegate method to AdminHandler, fix exportCSV call in adminWalletsHandler
...
- AdminHandler.isAdmin() static method delegates to middleware/auth.js
(index.js calls adminHandler.isAdmin() which needs a class method)
- adminWalletsHandler: this.exportCSV() → this.handleExportCSV(callbackQuery)
(exportCSV doesn't exist, handleExportCSV is the correct method)
2026-06-17 22:19:40 +01:00
NW
68d83807ad
refactor(arch): Phase 2 — deduplicate isAdmin, convertToUsd, getBaseWalletType
...
- #54 : Extract isAdmin() to src/middleware/auth.js, remove duplicates from 7 admin handlers
- #55 : Add WalletUtils.convertToUsd(), replace 8 switch-case blocks across 4 files
- #56 : Unify getBaseWalletType() — keep only WalletUtils version (most complete),
remove duplicates from Wallet.js and userWalletsHandler.js
New file: src/middleware/auth.js
Net: -215 lines, +80 lines
Closes : #54 , #55 , #56
2026-06-17 22:10:34 +01:00
NW
de415633be
feat(security): Phase 1 — critical security fixes and hardening
...
- #42 : Remove hardcoded ENCRYPTION_KEY fallback from config.js,
add startup validation for BOT_TOKEN and ENCRYPTION_KEY length
- #43 : Fix SQL injection vulnerabilities — add ALLOWED_TABLES
whitelist in database.js, ALLOWED_USER_FIELDS in userService.js,
validate table names before PRAGMA
- #44 : Fix race condition in purchaseService.js — wrap createPurchase
in BEGIN IMMEDIATE TRANSACTION, add atomic balance/stock checks
- #41 : Move all secrets from docker-compose.yml to .env file,
use env_file directive
- #45 : Replace MD5 tx_hash with crypto.randomUUID()
- #46 : Upgrade KDF from SHA-256 to HKDF for mnemonic encryption,
add backward compatibility for legacy format
- #47 : Add input validation across all handlers — walletType
whitelist, string length limits, numeric ID checks, price bounds
New files:
- src/utils/encryption.js (HKDF key derivation)
- src/__tests__/security.test.js (SQL injection prevention tests)
Closes : #41 , #42 , #43 , #44 , #45 , #46 , #47
2026-06-17 21:52:49 +01:00
NW
d1503a0180
chore: ignore entire .kilo/ directory and all APAW config files
...
- Replace partial .kilo/ entries with single .kilo/ rule (180 files)
- Keep kilo-meta.json, kilo.jsonc, AGENTS.md ignored
- Keep .architect/ and .work/ ignored
- Remove duplicate .architect/maps/.work/ entry
2026-06-17 21:12:44 +01:00
NW
e56326fdd6
chore: add Kilo Code files to .gitignore
...
- Add .kilo/worktrees/, .kilo/milestone-*, .kilo/session-handoff.md
- Add .kilo/evolution-test-issue.md, .kilo/node_modules/
- Add kilo-meta.json, kilo.jsonc, AGENTS.md (project-level Kilo files)
- Add .architect/ directory (except state.json and project.json)
- Keep existing .kilo/logs/, .kilo/reports/ entries
2026-06-17 21:10:38 +01:00
NW
7e0839d8cd
chore: add .env.example template and expand .gitignore for secrets
...
- Add .env.example with all config vars (no real secrets)
- Exclude .env, .env.*, docker-compose.override.yml
- Exclude wg/ (WireGuard configs with private keys)
- Exclude dump/, dump.zip, *.csv (sensitive exports)
- Keep .env.example tracked (!.env.example exception)
2026-06-17 20:32:26 +01:00
2f3459b670
mart litle update
2025-03-06 16:13:11 +00:00
0c10772261
Update Start Process
2025-03-02 11:21:35 +00:00
c8b6e3ceb3
litle update
2025-02-05 16:40:00 +00:00
23b7f8b4bd
big update WG-TOR bot connecting
2025-02-03 09:43:25 +00:00
633a27164b
upgrade comission wallet function
2025-01-26 22:21:13 +00:00
25c74342f9
package lock file recreate
2025-01-25 13:37:03 +00:00
ae1cd45aea
create functional commission
2025-01-25 13:35:22 +00:00
5ec8267253
Удалить package-lock.json
2025-01-25 13:34:33 +00:00
79ee8b90f0
Добавить package-lock.json
2025-01-25 13:27:14 +00:00
3a58b73112
update package
2025-01-25 09:31:56 +00:00
fa09e81ddf
crypto mnemonic case
2025-01-25 01:13:10 +00:00
24aebd0bcf
update packege file
2025-01-24 18:45:35 +00:00
fcd89bc345
update calculate user balance in admin section
2025-01-09 20:13:45 +00:00
dd18e74529
update calculate user balance
2025-01-09 20:07:44 +00:00
f9356c6bbe
update user purchase list
2025-01-09 13:25:35 +00:00
18647091cf
minor edits to aesthetics and functionality
2025-01-08 18:26:50 +00:00
5ae148a2ba
update planned wallets function
2025-01-08 16:20:43 +00:00
66f5251795
update check ETH USDT USDC balance function
2025-01-08 12:01:02 +00:00
e64f185eda
separate wallet ETH USDT USDC
2025-01-02 19:31:28 +00:00
22f76c64a6
delet TRON wallet type
2025-01-02 16:19:39 +00:00
c9bcb09221
udpdate wallet function
2024-12-24 09:19:14 +00:00
3129525a1e
update user and admin wallet function
2024-12-23 20:44:56 +00:00
a970a188db
new user registration function
2024-12-18 19:46:29 +00:00
b224b3f331
update UserService
2024-12-18 16:16:41 +00:00
bfb9a55e36
update viev balance
2024-12-17 00:19:53 +00:00
4aebb4e41b
update user info page
2024-12-17 00:05:59 +00:00
a575f75faf
user catalog navigation upgrade
2024-12-16 23:56:09 +00:00
21465022b3
whallets upgrade function
2024-12-16 23:43:44 +00:00
d51bc9f0b9
User start registration update function
2024-12-16 12:37:44 +00:00
2cfa37ea86
fix bug back navigation
2024-12-15 02:04:43 +00:00
9d9e0e80ad
Bug update function
2024-12-14 23:12:36 +00:00
682246675e
update handleProductSelection
2024-12-14 15:06:22 +00:00
2aea225e2e
update back category
2024-12-14 15:02:50 +00:00
d918de0386
docker file update
2024-12-14 13:46:03 +00:00
12d29c66b9
Update DistrictSelection back button
2024-12-14 13:16:22 +00:00
207b9a829c
delet subcatecory viev line
2024-12-14 13:10:23 +00:00
3843dcb094
Update handleBuyProduct
2024-12-14 13:07:46 +00:00
eea5d9b9e7
revert 99137e4e97
...
revert Update Detailed Product Viev
2024-12-14 12:54:50 +00:00
