mirror of
https://github.com/NoFxAiOS/nofx.git
synced 2026-07-09 14:00:57 +08:00
fix: enhance Exchange configuration security and UI display
修复交易所配置的显示问题,并加强API接口安全性: 🎨 UI改进: - 优化交易所配置信息的编辑和显示逻辑 - 改进前端交易所配置组件的交互体验 🛡️ 安全加固: - 修复交易所配置接口中的敏感信息泄露漏洞 - handleGetExchangeConfigs: 清空返回数据中的敏感密钥 - handleGetSupportedExchanges: 加固无认证公开接口安全性 📋 密钥过滤策略: - aster: 清空 asterPrivateKey 私钥 - binance: 清空 secretKey API密钥 - hyperliquid: 清空 apiKey API密钥 🔒 影响范围: - GET /api/exchanges (需认证) - GET /api/supported-exchanges (公开接口) - 交易所配置前端组件 Co-Authored-By: tinkle-community <tinklefund@gmail.com>
This commit is contained in:
@@ -697,6 +697,21 @@ func (s *Server) handleGetExchangeConfigs(c *gin.Context) {
|
||||
}
|
||||
log.Printf("✅ 找到 %d 个交易所配置", len(exchanges))
|
||||
|
||||
// 🛡️ 安全过滤:根据交易所类型清空对应的敏感密钥字段
|
||||
for _, exchange := range exchanges {
|
||||
switch exchange.ID {
|
||||
case "aster":
|
||||
// Aster交易所:清空私钥
|
||||
exchange.AsterPrivateKey = ""
|
||||
case "binance":
|
||||
// Binance交易所:清空Secret Key
|
||||
exchange.SecretKey = ""
|
||||
case "hyperliquid":
|
||||
// Hyperliquid交易所:清空API Key
|
||||
exchange.APIKey = ""
|
||||
}
|
||||
}
|
||||
|
||||
c.JSON(http.StatusOK, exchanges)
|
||||
}
|
||||
|
||||
@@ -1458,6 +1473,21 @@ func (s *Server) handleGetSupportedExchanges(c *gin.Context) {
|
||||
return
|
||||
}
|
||||
|
||||
// 🛡️ 安全过滤:根据交易所类型清空对应的敏感密钥字段(此接口无需认证,风险更高)
|
||||
for _, exchange := range exchanges {
|
||||
switch exchange.ID {
|
||||
case "aster":
|
||||
// Aster交易所:清空私钥
|
||||
exchange.AsterPrivateKey = ""
|
||||
case "binance":
|
||||
// Binance交易所:清空Secret Key
|
||||
exchange.SecretKey = ""
|
||||
case "hyperliquid":
|
||||
// Hyperliquid交易所:清空API Key
|
||||
exchange.APIKey = ""
|
||||
}
|
||||
}
|
||||
|
||||
c.JSON(http.StatusOK, exchanges)
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user