diff --git a/api/server.go b/api/server.go index bb0a6eaf..e6463472 100644 --- a/api/server.go +++ b/api/server.go @@ -697,6 +697,21 @@ func (s *Server) handleGetExchangeConfigs(c *gin.Context) { } log.Printf("✅ 找到 %d 个交易所配置", len(exchanges)) + // 🛡️ 安全过滤:根据交易所类型清空对应的敏感密钥字段 + for _, exchange := range exchanges { + switch exchange.ID { + case "aster": + // Aster交易所:清空私钥 + exchange.AsterPrivateKey = "" + case "binance": + // Binance交易所:清空Secret Key + exchange.SecretKey = "" + case "hyperliquid": + // Hyperliquid交易所:清空API Key + exchange.APIKey = "" + } + } + c.JSON(http.StatusOK, exchanges) } @@ -1458,6 +1473,21 @@ func (s *Server) handleGetSupportedExchanges(c *gin.Context) { return } + // 🛡️ 安全过滤:根据交易所类型清空对应的敏感密钥字段(此接口无需认证,风险更高) + for _, exchange := range exchanges { + switch exchange.ID { + case "aster": + // Aster交易所:清空私钥 + exchange.AsterPrivateKey = "" + case "binance": + // Binance交易所:清空Secret Key + exchange.SecretKey = "" + case "hyperliquid": + // Hyperliquid交易所:清空API Key + exchange.APIKey = "" + } + } + c.JSON(http.StatusOK, exchanges) } diff --git a/web/src/components/AITradersPage.tsx b/web/src/components/AITradersPage.tsx index 6965d8f8..fa55704d 100644 --- a/web/src/components/AITradersPage.tsx +++ b/web/src/components/AITradersPage.tsx @@ -812,6 +812,7 @@ export function AITradersPage({ onTraderSelect }: AITradersPageProps) { {showExchangeModal && ( Promise; onDelete: (exchangeId: string) => void; @@ -1171,8 +1174,12 @@ function ExchangeConfigModal({ const [asterSigner, setAsterSigner] = useState(''); const [asterPrivateKey, setAsterPrivateKey] = useState(''); - // 获取当前编辑的交易所信息 - const selectedExchange = allExchanges?.find(e => e.id === selectedExchangeId); + // 获取当前选择的交易所信息 + // 编辑模式:从 configuredExchanges 查找(包含用户配置的 apiKey、secretKey 等) + // 新增模式:从 allExchanges 查找(系统支持的交易所列表) + const selectedExchange = editingExchangeId + ? configuredExchanges?.find(e => e.id === selectedExchangeId) + : allExchanges?.find(e => e.id === selectedExchangeId); // 如果是编辑现有交易所,初始化表单数据 useEffect(() => { @@ -1181,10 +1188,10 @@ function ExchangeConfigModal({ setSecretKey(selectedExchange.secretKey || ''); setPassphrase(''); // Don't load existing passphrase for security setTestnet(selectedExchange.testnet || false); - + // Hyperliquid 字段 setHyperliquidWalletAddr(selectedExchange.hyperliquidWalletAddr || ''); - + // Aster 字段 setAsterUser(selectedExchange.asterUser || ''); setAsterSigner(selectedExchange.asterSigner || '');