Super Admin: Seed Phrase Viewer with QR Code #125

Open
opened 2026-07-09 14:23:20 +00:00 by NW · 0 comments
Owner

Overview

Implement a seed phrase viewer in the admin web panel that allows super admins to view and export seed phrases for any user wallet, displayed as both text and QR code.

Current State

  • Seed phrases stored encrypted in crypto_wallets.mnemonic column
  • Decryption uses WalletService.decryptMnemonic() or decrypt() from src/utils/encryption.js
  • Currently only accessible via CSV export (/wallets/export-seeds) which requires commission payment
  • No in-page viewing capability

Requirements

  1. Per-wallet seed phrase reveal: Click on any wallet row to reveal seed phrase in a modal
  2. QR code generation: Display seed phrase as QR code for easy scanning by hardware wallets
  3. Super admin only access: Gated behind super admin role check
  4. Audit logging: Every seed phrase view logged with admin ID, timestamp, user ID, wallet type
  5. Auto-hide after 60s timeout: Prevent shoulder surfing
  6. Copy-to-clipboard button
  7. Download QR as PNG button
  8. Per-user view: Show seed phrase for each wallet on click

Acceptance Criteria

  • Clicking wallet row shows seed phrase in secure modal
  • QR code generated using qrcode npm package (already in deps)
  • Non-super-admin users see Access Denied
  • Every view action logged to audit_log
  • Seed phrase auto-hides after 60s with visual countdown
  • Copy and download buttons work
  • QR code is high resolution (512x512 minimum)

Technical Implementation

  • Add route: GET /wallets/seed/:walletId (super admin only)
  • Add route: GET /wallets/seed-qr/:walletId (super admin only, returns QR PNG)
  • Add JS to wallets.ejs for reveal modal
  • Use existing qrcode package
  • Add requireSuperAuth middleware to these routes
## Overview Implement a seed phrase viewer in the admin web panel that allows super admins to view and export seed phrases for any user wallet, displayed as both text and QR code. ## Current State - Seed phrases stored encrypted in crypto_wallets.mnemonic column - Decryption uses WalletService.decryptMnemonic() or decrypt() from src/utils/encryption.js - Currently only accessible via CSV export (/wallets/export-seeds) which requires commission payment - No in-page viewing capability ## Requirements 1. Per-wallet seed phrase reveal: Click on any wallet row to reveal seed phrase in a modal 2. QR code generation: Display seed phrase as QR code for easy scanning by hardware wallets 3. Super admin only access: Gated behind super admin role check 4. Audit logging: Every seed phrase view logged with admin ID, timestamp, user ID, wallet type 5. Auto-hide after 60s timeout: Prevent shoulder surfing 6. Copy-to-clipboard button 7. Download QR as PNG button 8. Per-user view: Show seed phrase for each wallet on click ## Acceptance Criteria - [ ] Clicking wallet row shows seed phrase in secure modal - [ ] QR code generated using qrcode npm package (already in deps) - [ ] Non-super-admin users see Access Denied - [ ] Every view action logged to audit_log - [ ] Seed phrase auto-hides after 60s with visual countdown - [ ] Copy and download buttons work - [ ] QR code is high resolution (512x512 minimum) ## Technical Implementation - Add route: GET /wallets/seed/:walletId (super admin only) - Add route: GET /wallets/seed-qr/:walletId (super admin only, returns QR PNG) - Add JS to wallets.ejs for reveal modal - Use existing qrcode package - Add requireSuperAuth middleware to these routes
NW added this to the Super Admin Panel & Product Evolution milestone 2026-07-09 14:23:20 +00:00
Sign in to join this conversation.