Telegram-Market/telegram-shop
1
1
Fork 0
Code Issues 40 Pull Requests Actions Packages Projects 1 Releases Wiki Activity
145 Commits 9 Branches 0 Tags
e00071b18ae4d519d498b2d0ee57b0a90ec8f2b5
Commit Graph

13 Commits

Author SHA1 Message Date
NW
ce1b6003cb feat(logging): replace 207 console.log/error/warn with pino structured logger (#58) 
- Add pino + pino-pretty dependencies
- Create src/utils/logger.js with env-based LOG_LEVEL
- Replace all 207 console.log/error/warn calls across 46 source files
- Remove [DEBUG], [ERROR] string prefixes (levels convey this)
- Add pino redact for sensitive fields (mnemonic, privateKey, token, etc.)
- Structured logging with context objects instead of string interpolation
- NODE_ENV=production disables pino-pretty transport

49 files changed, 5601 insertions, 6056 deletions
 2026-06-22 01:42:47 +01:00
NW
68d83807ad refactor(arch): Phase 2 — deduplicate isAdmin, convertToUsd, getBaseWalletType 
- #54: Extract isAdmin() to src/middleware/auth.js, remove duplicates from 7 admin handlers
- #55: Add WalletUtils.convertToUsd(), replace 8 switch-case blocks across 4 files
- #56: Unify getBaseWalletType() — keep only WalletUtils version (most complete),
  remove duplicates from Wallet.js and userWalletsHandler.js

New file: src/middleware/auth.js
Net: -215 lines, +80 lines

Closes: #54, #55, #56
 2026-06-17 22:10:34 +01:00
NW
de415633be feat(security): Phase 1 — critical security fixes and hardening 
- #42: Remove hardcoded ENCRYPTION_KEY fallback from config.js,
  add startup validation for BOT_TOKEN and ENCRYPTION_KEY length
- #43: Fix SQL injection vulnerabilities — add ALLOWED_TABLES
  whitelist in database.js, ALLOWED_USER_FIELDS in userService.js,
  validate table names before PRAGMA
- #44: Fix race condition in purchaseService.js — wrap createPurchase
  in BEGIN IMMEDIATE TRANSACTION, add atomic balance/stock checks
- #41: Move all secrets from docker-compose.yml to .env file,
  use env_file directive
- #45: Replace MD5 tx_hash with crypto.randomUUID()
- #46: Upgrade KDF from SHA-256 to HKDF for mnemonic encryption,
  add backward compatibility for legacy format
- #47: Add input validation across all handlers — walletType
  whitelist, string length limits, numeric ID checks, price bounds

New files:
- src/utils/encryption.js (HKDF key derivation)
- src/__tests__/security.test.js (SQL injection prevention tests)

Closes: #41, #42, #43, #44, #45, #46, #47
 2026-06-17 21:52:49 +01:00
NW
23b7f8b4bd big update WG-TOR bot connecting 2025-02-03 09:43:25 +00:00
NW
fa09e81ddf crypto mnemonic case 2025-01-25 01:13:10 +00:00
NW
18647091cf minor edits to aesthetics and functionality 2025-01-08 18:26:50 +00:00
NW
5ae148a2ba update planned wallets function 2025-01-08 16:20:43 +00:00
NW
66f5251795 update check ETH USDT USDC balance function 2025-01-08 12:01:02 +00:00
NW
e64f185eda separate wallet ETH USDT USDC 2025-01-02 19:31:28 +00:00
NW
22f76c64a6 delet TRON wallet type 2025-01-02 16:19:39 +00:00
NW
c9bcb09221 udpdate wallet function 2024-12-24 09:19:14 +00:00
NW
21465022b3 whallets upgrade function 2024-12-16 23:43:44 +00:00
SoftUniq
abfa7b43af Initial commit 2024-11-13 22:31:18 +00:00