mirror of
https://github.com/NoFxAiOS/nofx.git
synced 2026-07-07 21:12:00 +08:00
fix: division-by-zero guard, rate-limit wallet endpoints, safer JSON parse, Lighter HTTP checks
- Guard GridCount-1 division by zero in grid spacing calculation (both grid.go and grid_levels.go) - Rate-limit /wallet/validate and /wallet/generate endpoints (prevent DoS on key generation) - Wrap JSON.parse(localStorage) in try-catch in AuthContext (corrupted data → graceful re-login) - Wrap handleJSONResponse JSON.parse in try-catch with descriptive error - Add HTTP status code checks for Lighter GetActiveOrders and sendTx - Replace deprecated strings.Title with cases.Title (golang.org/x/text) - Reuse HTTP client in checkClaw402Health (was creating new client per call)
This commit is contained in:
@@ -144,8 +144,10 @@ func (s *Server) setupRoutes() {
|
||||
s.route(api, "GET", "/config", "Get system configuration", s.handleGetSystemConfig)
|
||||
|
||||
// Wallet validation (no authentication required — used by frontend config form)
|
||||
api.POST("/wallet/validate", s.handleWalletValidate)
|
||||
api.POST("/wallet/generate", s.handleWalletGenerate)
|
||||
// Rate-limited to prevent DoS (key generation is computationally expensive)
|
||||
walletLimited := api.Group("/", LoginRateLimitMiddleware(s.loginLimiter))
|
||||
walletLimited.POST("/wallet/validate", s.handleWalletValidate)
|
||||
walletLimited.POST("/wallet/generate", s.handleWalletGenerate)
|
||||
|
||||
// Crypto public key & config (needed by frontend before login for transport encryption)
|
||||
api.GET("/crypto/config", s.cryptoHandler.HandleGetCryptoConfig)
|
||||
|
||||
Reference in New Issue
Block a user