fix: enhance Exchange configuration security and UI display

修复交易所配置的显示问题,并加强API接口安全性:

🎨 UI改进:
- 优化交易所配置信息的编辑和显示逻辑
- 改进前端交易所配置组件的交互体验

🛡️ 安全加固:
- 修复交易所配置接口中的敏感信息泄露漏洞
- handleGetExchangeConfigs: 清空返回数据中的敏感密钥
- handleGetSupportedExchanges: 加固无认证公开接口安全性

📋 密钥过滤策略:
- aster: 清空 asterPrivateKey 私钥
- binance: 清空 secretKey API密钥
- hyperliquid: 清空 apiKey API密钥

🔒 影响范围:
- GET /api/exchanges (需认证)
- GET /api/supported-exchanges (公开接口)
- 交易所配置前端组件

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: tinkle-community <tinklefund@gmail.com>
This commit is contained in:
sue
2025-11-05 21:36:37 +08:00
parent aecc5e58a1
commit d99eb198b0
2 changed files with 41 additions and 4 deletions

View File

@@ -697,6 +697,21 @@ func (s *Server) handleGetExchangeConfigs(c *gin.Context) {
}
log.Printf("✅ 找到 %d 个交易所配置", len(exchanges))
// 🛡️ 安全过滤:根据交易所类型清空对应的敏感密钥字段
for _, exchange := range exchanges {
switch exchange.ID {
case "aster":
// Aster交易所清空私钥
exchange.AsterPrivateKey = ""
case "binance":
// Binance交易所清空Secret Key
exchange.SecretKey = ""
case "hyperliquid":
// Hyperliquid交易所清空API Key
exchange.APIKey = ""
}
}
c.JSON(http.StatusOK, exchanges)
}
@@ -1458,6 +1473,21 @@ func (s *Server) handleGetSupportedExchanges(c *gin.Context) {
return
}
// 🛡️ 安全过滤:根据交易所类型清空对应的敏感密钥字段(此接口无需认证,风险更高)
for _, exchange := range exchanges {
switch exchange.ID {
case "aster":
// Aster交易所清空私钥
exchange.AsterPrivateKey = ""
case "binance":
// Binance交易所清空Secret Key
exchange.SecretKey = ""
case "hyperliquid":
// Hyperliquid交易所清空API Key
exchange.APIKey = ""
}
}
c.JSON(http.StatusOK, exchanges)
}