mirror of
https://github.com/NoFxAiOS/nofx.git
synced 2026-07-07 13:00:59 +08:00
fix: division-by-zero guard, rate-limit wallet endpoints, safer JSON parse, Lighter HTTP checks
- Guard GridCount-1 division by zero in grid spacing calculation (both grid.go and grid_levels.go) - Rate-limit /wallet/validate and /wallet/generate endpoints (prevent DoS on key generation) - Wrap JSON.parse(localStorage) in try-catch in AuthContext (corrupted data → graceful re-login) - Wrap handleJSONResponse JSON.parse in try-catch with descriptive error - Add HTTP status code checks for Lighter GetActiveOrders and sendTx - Replace deprecated strings.Title with cases.Title (golang.org/x/text) - Reuse HTTP client in checkClaw402Health (was creating new client per call)
This commit is contained in:
@@ -52,8 +52,14 @@ export function AuthProvider({ children }: { children: React.ReactNode }) {
|
||||
const savedToken = localStorage.getItem('auth_token')
|
||||
const savedUser = localStorage.getItem('auth_user')
|
||||
if (savedToken && savedUser) {
|
||||
setToken(savedToken)
|
||||
setUser(JSON.parse(savedUser))
|
||||
try {
|
||||
setToken(savedToken)
|
||||
setUser(JSON.parse(savedUser))
|
||||
} catch {
|
||||
// Corrupted localStorage data — clear and force re-login
|
||||
localStorage.removeItem('auth_token')
|
||||
localStorage.removeItem('auth_user')
|
||||
}
|
||||
}
|
||||
|
||||
setIsLoading(false)
|
||||
@@ -65,8 +71,13 @@ export function AuthProvider({ children }: { children: React.ReactNode }) {
|
||||
const savedUser = localStorage.getItem('auth_user')
|
||||
|
||||
if (savedToken && savedUser) {
|
||||
setToken(savedToken)
|
||||
setUser(JSON.parse(savedUser))
|
||||
try {
|
||||
setToken(savedToken)
|
||||
setUser(JSON.parse(savedUser))
|
||||
} catch {
|
||||
localStorage.removeItem('auth_token')
|
||||
localStorage.removeItem('auth_user')
|
||||
}
|
||||
}
|
||||
setIsLoading(false)
|
||||
})
|
||||
|
||||
@@ -36,5 +36,9 @@ export async function handleJSONResponse<T>(res: Response): Promise<T> {
|
||||
if (!text) {
|
||||
return {} as T
|
||||
}
|
||||
return JSON.parse(text) as T
|
||||
try {
|
||||
return JSON.parse(text) as T
|
||||
} catch {
|
||||
throw new Error(`Invalid JSON response: ${text.slice(0, 200)}`)
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user