feat: add TRANSPORT_ENCRYPTION toggle for easier deployment

- Add TRANSPORT_ENCRYPTION env config (default: false)
- Allow HTTP/IP access when transport encryption is disabled
- Add /api/crypto/config endpoint to expose encryption status
- Update WebCryptoEnvironmentCheck with 'disabled' status
- Update ExchangeConfigModal and AITradersPage to allow form submission when disabled
- Add i18n translations for disabled status (EN/CN)
- Update README with two deployment modes documentation
This commit is contained in:
tinkle-community
2025-12-09 18:04:42 +08:00
parent 5f3797e255
commit c720d663f1
11 changed files with 225 additions and 13 deletions

View File

@@ -7,6 +7,10 @@ export interface EncryptedPayload {
ts?: number // 可选unix 秒,用于重放保护
}
export interface CryptoConfig {
transport_encryption: boolean
}
export interface WebCryptoEnvironmentInfo {
isBrowser: boolean
isSecureContext: boolean
@@ -20,6 +24,11 @@ export interface WebCryptoEnvironmentInfo {
export class CryptoService {
private static publicKey: CryptoKey | null = null
private static publicKeyPEM: string | null = null
private static _transportEncryption: boolean | null = null
static get transportEncryption(): boolean {
return this._transportEncryption === true
}
static async initialize(publicKeyPEM: string) {
if (this.publicKey && this.publicKeyPEM === publicKeyPEM) {
@@ -29,6 +38,16 @@ export class CryptoService {
this.publicKey = await this.importPublicKey(publicKeyPEM)
}
static async fetchCryptoConfig(): Promise<CryptoConfig> {
const response = await fetch('/api/crypto/config')
if (!response.ok) {
throw new Error(`Failed to fetch crypto config: ${response.statusText}`)
}
const data = await response.json()
this._transportEncryption = data.transport_encryption
return data
}
private static async importPublicKey(pem: string): Promise<CryptoKey> {
const pemHeader = '-----BEGIN PUBLIC KEY-----'
const pemFooter = '-----END PUBLIC KEY-----'
@@ -153,7 +172,11 @@ export class CryptoService {
throw new Error(`Failed to fetch public key: ${response.statusText}`)
}
const data = await response.json()
return data.public_key
// Update transport encryption flag from server response
if (typeof data.transport_encryption === 'boolean') {
this._transportEncryption = data.transport_encryption
}
return data.public_key || ''
}
static async decryptSensitiveData(