mirror of
https://github.com/NoFxAiOS/nofx.git
synced 2026-07-10 14:27:00 +08:00
Refactor/trading actions (#1169)
* refactor: 简化交易动作,移除 update_stop_loss/update_take_profit/partial_close - 移除 Decision 结构体中的 NewStopLoss, NewTakeProfit, ClosePercentage 字段 - 删除 executeUpdateStopLossWithRecord, executeUpdateTakeProfitWithRecord, executePartialCloseWithRecord 函数 - 简化 logger 中的 partial_close 聚合逻辑 - 更新 AI prompt 和验证逻辑,只保留 6 个核心动作 - 清理相关测试代码 保留的交易动作: open_long, open_short, close_long, close_short, hold, wait * refactor: 移除 AI学习与反思 模块 - 删除前端 AILearning.tsx 组件和相关引用 - 删除后端 /performance API 接口 - 删除 logger 中 AnalyzePerformance、calculateSharpeRatio 等函数 - 删除 PerformanceAnalysis、TradeOutcome、SymbolPerformance 等结构体 - 删除 Context 中的 Performance 字段 - 移除 AI prompt 中夏普比率自我进化相关内容 - 清理 i18n 翻译文件中的相关条目 该模块基于磁盘存储计算,经常出错,做减法移除 * refactor: 将数据库操作统一迁移到 store 包 - 新增 store/ 包,统一管理所有数据库操作 - store.go: 主 Store 结构,懒加载各子模块 - user.go, ai_model.go, exchange.go, trader.go 等子模块 - 支持加密/解密函数注入 (SetCryptoFuncs) - 更新 main.go 使用 store.New() 替代 config.NewDatabase() - 更新 api/server.go 使用 *store.Store 替代 *config.Database - 更新 manager/trader_manager.go: - 新增 LoadTradersFromStore, LoadUserTradersFromStore 方法 - 删除旧版 LoadUserTraders, LoadTraderByID, loadSingleTrader 等方法 - 移除 nofx/config 依赖 - 删除 config/database.go 和 config/database_test.go - 更新 api/server_test.go 使用 store.Trader 类型 - 清理 logger/ 包中未使用的 telegram 相关代码 * refactor: unify encryption key management via .env - Remove redundant EncryptionManager and SecureStorage - Simplify CryptoService to load keys from environment variables only - RSA_PRIVATE_KEY: RSA private key for client-server encryption - DATA_ENCRYPTION_KEY: AES-256 key for database encryption - JWT_SECRET: JWT signing key for authentication - Update start.sh to auto-generate missing keys on first run - Remove secrets/ directory and file-based key storage - Delete obsolete encryption setup scripts - Update .env.example with all required keys * refactor: unify logger usage across mcp package - Add MCPLogger adapter in logger package to implement mcp.Logger interface - Update mcp/config.go to use global logger by default - Remove redundant defaultLogger from mcp/logger.go - Keep noopLogger for testing purposes * chore: remove leftover test RSA key file * chore: remove unused bootstrap package * refactor: unify logging to use logger package instead of fmt/log - Replace all fmt.Print/log.Print calls with logger package - Add auto-initialization in logger package init() for test compatibility - Update main.go to initialize logger at startup - Migrate all packages: api, backtest, config, decision, manager, market, store, trader * refactor: rename database file from config.db to data.db - Update main.go, start.sh, docker-compose.yml - Update migration script and documentation - Update .gitignore and translations * fix: add RSA_PRIVATE_KEY to docker-compose environment * fix: add registration_enabled to /api/config response * fix: Fix navigation between login and register pages Use window.location.href instead of react-router's navigate() to fix the issue where URL changes but the page doesn't reload due to App.tsx using custom route state management. * fix: Switch SQLite from WAL to DELETE mode for Docker compatibility WAL mode causes data sync issues with Docker bind mounts on macOS due to incompatible file locking mechanisms between the container and host. DELETE mode (traditional journaling) ensures data is written directly to the main database file. * refactor: Remove default user from database initialization The default user was a legacy placeholder that is no longer needed now that proper user registration is in place. * feat: Add order tracking system with centralized status sync - Add trader_orders table for tracking all order lifecycle - Implement GetOrderStatus interface for all exchanges (Binance, Bybit, Hyperliquid, Aster, Lighter) - Create OrderSyncManager for centralized order status polling - Add trading statistics (Sharpe ratio, win rate, profit factor) to AI context - Include recent completed orders in AI decision input - Remove per-order goroutine polling in favor of global sync manager * feat: Add TradingView K-line chart to dashboard - Create TradingViewChart component with exchange/symbol selectors - Support Binance, Bybit, OKX, Coinbase, Kraken, KuCoin exchanges - Add popular symbols quick selection - Support multiple timeframes (1m to 1W) - Add fullscreen mode - Integrate with Dashboard page below equity chart - Add i18n translations for zh/en * refactor: Replace separate charts with tabbed ChartTabs component - Create ChartTabs component with tab switching between equity curve and K-line - Add embedded mode support for EquityChart and TradingViewChart - User can now switch between account equity and market chart in same area * fix: Use ChartTabs in App.tsx and fix embedded mode in EquityChart - Replace EquityChart with ChartTabs in App.tsx (the actual dashboard renderer) - Fix EquityChart embedded mode for error and empty data states - Rename interval state to timeInterval to avoid shadowing window.setInterval - Add debug logging to ChartTabs component * feat: Add position tracking system for accurate trade history - Add trader_positions table to track complete open/close trades - Add PositionSyncManager to detect manual closes via polling - Record position on open, update on close with PnL calculation - Use positions table for trading stats and recent trades (replacing orders table) - Fix TradingView chart symbol format (add .P suffix for futures) - Fix DecisionCard wait/hold action color (gray instead of red) - Auto-append USDT suffix for custom symbol input * update ---------
This commit is contained in:
@@ -203,7 +203,7 @@ spec:
|
||||
./scripts/generate_data_key.sh
|
||||
|
||||
# 2. 备份旧数据库
|
||||
cp config.db config.db.backup
|
||||
cp data.db data.db.backup
|
||||
|
||||
# 3. 重启服务 (会自动处理密钥迁移)
|
||||
source .env && ./mars
|
||||
|
||||
@@ -1,143 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
# 数据加密密钥生成脚本 - 用于Mars AI交易系统数据库加密
|
||||
# 生成用于AES-256-GCM数据库加密的随机密钥
|
||||
|
||||
set -e # 遇到错误立即退出
|
||||
|
||||
# 颜色定义
|
||||
RED='\033[0;31m'
|
||||
GREEN='\033[0;32m'
|
||||
YELLOW='\033[1;33m'
|
||||
BLUE='\033[0;34m'
|
||||
PURPLE='\033[0;35m'
|
||||
NC='\033[0m' # No Color
|
||||
|
||||
echo -e "${BLUE}╔══════════════════════════════════════════════════════════════════╗${NC}"
|
||||
echo -e "${BLUE}║ Mars AI交易系统 安全密钥生成器 ║${NC}"
|
||||
echo -e "${BLUE}║ AES-256-GCM数据密钥 + JWT认证密钥 ║${NC}"
|
||||
echo -e "${BLUE}╚══════════════════════════════════════════════════════════════════╝${NC}"
|
||||
echo
|
||||
|
||||
# 检查是否安装了 OpenSSL
|
||||
if ! command -v openssl &> /dev/null; then
|
||||
echo -e "${RED}❌ 错误: 系统中未安装 OpenSSL${NC}"
|
||||
echo -e "请安装 OpenSSL:"
|
||||
echo -e " macOS: ${YELLOW}brew install openssl${NC}"
|
||||
echo -e " Ubuntu/Debian: ${YELLOW}sudo apt-get install openssl${NC}"
|
||||
echo -e " CentOS/RHEL: ${YELLOW}sudo yum install openssl${NC}"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo -e "${GREEN}✓ OpenSSL 已安装: $(openssl version)${NC}"
|
||||
|
||||
# 生成安全密钥
|
||||
echo -e "${BLUE}🔐 生成安全密钥...${NC}"
|
||||
echo
|
||||
|
||||
# 生成 AES-256 数据加密密钥
|
||||
echo -e "${YELLOW}1/2: 生成 AES-256 数据加密密钥...${NC}"
|
||||
DATA_KEY=$(openssl rand -base64 32)
|
||||
if [ $? -eq 0 ]; then
|
||||
echo -e "${GREEN} ✓ 数据加密密钥生成成功${NC}"
|
||||
else
|
||||
echo -e "${RED} ❌ 数据加密密钥生成失败${NC}"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# 生成 JWT 认证密钥
|
||||
echo -e "${YELLOW}2/2: 生成 JWT 认证密钥...${NC}"
|
||||
JWT_KEY=$(openssl rand -base64 64)
|
||||
if [ $? -eq 0 ]; then
|
||||
echo -e "${GREEN} ✓ JWT认证密钥生成成功${NC}"
|
||||
else
|
||||
echo -e "${RED} ❌ JWT认证密钥生成失败${NC}"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# 显示密钥
|
||||
echo
|
||||
echo -e "${GREEN}🎉 安全密钥生成完成!${NC}"
|
||||
echo
|
||||
echo -e "${BLUE}📋 生成的密钥:${NC}"
|
||||
echo -e "${PURPLE}1. 数据加密密钥 (AES-256):${NC}"
|
||||
echo -e "${YELLOW}$DATA_KEY${NC}"
|
||||
echo
|
||||
echo -e "${PURPLE}2. JWT认证密钥 (512-bit):${NC}"
|
||||
echo -e "${YELLOW}$JWT_KEY${NC}"
|
||||
echo
|
||||
|
||||
# 显示使用方法
|
||||
echo -e "${YELLOW}📋 使用方法:${NC}"
|
||||
echo
|
||||
echo -e "${BLUE}1. 环境变量设置:${NC}"
|
||||
echo -e " export DATA_ENCRYPTION_KEY=\"$DATA_KEY\""
|
||||
echo -e " export JWT_SECRET=\"$JWT_KEY\""
|
||||
echo
|
||||
echo -e "${BLUE}2. .env 文件设置:${NC}"
|
||||
echo -e " DATA_ENCRYPTION_KEY=$DATA_KEY"
|
||||
echo -e " JWT_SECRET=$JWT_KEY"
|
||||
echo
|
||||
echo -e "${BLUE}3. Docker环境设置:${NC}"
|
||||
echo -e " docker run -e DATA_ENCRYPTION_KEY=\"$DATA_KEY\" -e JWT_SECRET=\"$JWT_KEY\" ..."
|
||||
echo
|
||||
echo -e "${BLUE}4. Kubernetes Secret:${NC}"
|
||||
echo -e " kubectl create secret generic mars-crypto-key \\"
|
||||
echo -e " --from-literal=DATA_ENCRYPTION_KEY=\"$DATA_KEY\" \\"
|
||||
echo -e " --from-literal=JWT_SECRET=\"$JWT_KEY\""
|
||||
echo
|
||||
|
||||
# 显示密钥特性
|
||||
echo -e "${BLUE}🔍 密钥特性:${NC}"
|
||||
echo -e " • 数据加密: ${YELLOW}AES-256-GCM (256 bits)${NC}"
|
||||
echo -e " • JWT认证: ${YELLOW}HS256 (512 bits)${NC}"
|
||||
echo -e " • 格式: ${YELLOW}Base64 编码${NC}"
|
||||
echo -e " • 用途: ${YELLOW}数据库加密 + 用户认证${NC}"
|
||||
|
||||
# 安全提醒
|
||||
echo
|
||||
echo -e "${RED}⚠️ 安全提醒:${NC}"
|
||||
echo -e " • 请妥善保管此密钥,丢失后无法恢复加密的数据"
|
||||
echo -e " • 不要将密钥提交到版本控制系统"
|
||||
echo -e " • 建议在不同环境使用不同的密钥"
|
||||
echo -e " • 定期更换密钥并重新加密数据"
|
||||
echo -e " • 在生产环境中,建议使用密钥管理服务"
|
||||
|
||||
echo
|
||||
echo -e "${GREEN}✅ 数据加密密钥生成完成!${NC}"
|
||||
|
||||
# 可选:保存到 .env 文件
|
||||
echo
|
||||
read -p "是否将密钥保存到 .env 文件? [y/N]: " -n 1 -r
|
||||
echo
|
||||
if [[ $REPLY =~ ^[Yy]$ ]]; then
|
||||
if [ -f ".env" ]; then
|
||||
# 检查是否已存在 DATA_ENCRYPTION_KEY
|
||||
if grep -q "^DATA_ENCRYPTION_KEY=" .env; then
|
||||
echo -e "${YELLOW}⚠️ .env 文件中已存在 DATA_ENCRYPTION_KEY${NC}"
|
||||
read -p "是否覆盖现有密钥? [y/N]: " -n 1 -r
|
||||
echo
|
||||
if [[ $REPLY =~ ^[Yy]$ ]]; then
|
||||
# 替换现有密钥
|
||||
if [[ "$OSTYPE" == "darwin"* ]]; then
|
||||
# macOS
|
||||
sed -i '' "s/^DATA_ENCRYPTION_KEY=.*/DATA_ENCRYPTION_KEY=$RAW_KEY/" .env
|
||||
else
|
||||
# Linux
|
||||
sed -i "s/^DATA_ENCRYPTION_KEY=.*/DATA_ENCRYPTION_KEY=$RAW_KEY/" .env
|
||||
fi
|
||||
echo -e "${GREEN}✓ .env 文件中的密钥已更新${NC}"
|
||||
else
|
||||
echo -e "${BLUE}ℹ️ 保持现有密钥不变${NC}"
|
||||
fi
|
||||
else
|
||||
# 追加新密钥
|
||||
echo "DATA_ENCRYPTION_KEY=$RAW_KEY" >> .env
|
||||
echo -e "${GREEN}✓ 密钥已保存到 .env 文件${NC}"
|
||||
fi
|
||||
else
|
||||
# 创建新的 .env 文件
|
||||
echo "DATA_ENCRYPTION_KEY=$RAW_KEY" > .env
|
||||
echo -e "${GREEN}✓ 密钥已保存到 .env 文件${NC}"
|
||||
fi
|
||||
fi
|
||||
@@ -1,149 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
# RSA密钥对生成脚本 - 用于Mars AI交易系统加密服务
|
||||
# 生成用于混合加密的RSA-2048密钥对
|
||||
|
||||
set -e # 遇到错误立即退出
|
||||
|
||||
# 颜色定义
|
||||
RED='\033[0;31m'
|
||||
GREEN='\033[0;32m'
|
||||
YELLOW='\033[1;33m'
|
||||
BLUE='\033[0;34m'
|
||||
NC='\033[0m' # No Color
|
||||
|
||||
# 配置
|
||||
RSA_KEY_SIZE=2048
|
||||
SECRETS_DIR="secrets"
|
||||
PRIVATE_KEY_FILE="$SECRETS_DIR/rsa_key"
|
||||
PUBLIC_KEY_FILE="$SECRETS_DIR/rsa_key.pub"
|
||||
|
||||
echo -e "${BLUE}╔══════════════════════════════════════════════════════════════════╗${NC}"
|
||||
echo -e "${BLUE}║ Mars AI交易系统 RSA密钥生成器 ║${NC}"
|
||||
echo -e "${BLUE}║ RSA-2048 混合加密密钥对 ║${NC}"
|
||||
echo -e "${BLUE}╚══════════════════════════════════════════════════════════════════╝${NC}"
|
||||
echo
|
||||
|
||||
# 检查是否安装了 OpenSSL
|
||||
if ! command -v openssl &> /dev/null; then
|
||||
echo -e "${RED}❌ 错误: 系统中未安装 OpenSSL${NC}"
|
||||
echo -e "请安装 OpenSSL:"
|
||||
echo -e " macOS: ${YELLOW}brew install openssl${NC}"
|
||||
echo -e " Ubuntu/Debian: ${YELLOW}sudo apt-get install openssl${NC}"
|
||||
echo -e " CentOS/RHEL: ${YELLOW}sudo yum install openssl${NC}"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo -e "${GREEN}✓ OpenSSL 已安装: $(openssl version)${NC}"
|
||||
|
||||
# 创建 secrets 目录
|
||||
if [ ! -d "$SECRETS_DIR" ]; then
|
||||
echo -e "${YELLOW}📁 创建 $SECRETS_DIR 目录...${NC}"
|
||||
mkdir -p "$SECRETS_DIR"
|
||||
chmod 700 "$SECRETS_DIR"
|
||||
echo -e "${GREEN}✓ 目录创建成功${NC}"
|
||||
else
|
||||
echo -e "${GREEN}✓ $SECRETS_DIR 目录已存在${NC}"
|
||||
fi
|
||||
|
||||
# 检查现有密钥
|
||||
if [ -f "$PRIVATE_KEY_FILE" ] || [ -f "$PUBLIC_KEY_FILE" ]; then
|
||||
echo
|
||||
echo -e "${YELLOW}⚠️ 检测到现有的RSA密钥文件:${NC}"
|
||||
[ -f "$PRIVATE_KEY_FILE" ] && echo -e " • $PRIVATE_KEY_FILE"
|
||||
[ -f "$PUBLIC_KEY_FILE" ] && echo -e " • $PUBLIC_KEY_FILE"
|
||||
echo
|
||||
read -p "是否覆盖现有密钥? [y/N]: " -n 1 -r
|
||||
echo
|
||||
if [[ ! $REPLY =~ ^[Yy]$ ]]; then
|
||||
echo -e "${BLUE}ℹ️ 操作已取消${NC}"
|
||||
exit 0
|
||||
fi
|
||||
echo -e "${YELLOW}🗑️ 删除现有密钥文件...${NC}"
|
||||
rm -f "$PRIVATE_KEY_FILE" "$PUBLIC_KEY_FILE"
|
||||
fi
|
||||
|
||||
echo
|
||||
echo -e "${BLUE}🔐 开始生成 RSA-$RSA_KEY_SIZE 密钥对...${NC}"
|
||||
|
||||
# 生成私钥
|
||||
echo -e "${YELLOW}📝 步骤 1/3: 生成 RSA 私钥 ($RSA_KEY_SIZE bits)...${NC}"
|
||||
if openssl genrsa -out "$PRIVATE_KEY_FILE" $RSA_KEY_SIZE 2>/dev/null; then
|
||||
echo -e "${GREEN}✓ 私钥生成成功${NC}"
|
||||
else
|
||||
echo -e "${RED}❌ 私钥生成失败${NC}"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# 设置私钥权限
|
||||
chmod 600 "$PRIVATE_KEY_FILE"
|
||||
echo -e "${GREEN}✓ 私钥权限设置为 600${NC}"
|
||||
|
||||
# 生成公钥
|
||||
echo -e "${YELLOW}📝 步骤 2/3: 从私钥提取公钥...${NC}"
|
||||
if openssl rsa -in "$PRIVATE_KEY_FILE" -pubout -out "$PUBLIC_KEY_FILE" 2>/dev/null; then
|
||||
echo -e "${GREEN}✓ 公钥生成成功${NC}"
|
||||
else
|
||||
echo -e "${RED}❌ 公钥生成失败${NC}"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# 设置公钥权限
|
||||
chmod 644 "$PUBLIC_KEY_FILE"
|
||||
echo -e "${GREEN}✓ 公钥权限设置为 644${NC}"
|
||||
|
||||
# 验证密钥
|
||||
echo -e "${YELLOW}📝 步骤 3/3: 验证密钥对...${NC}"
|
||||
if openssl rsa -in "$PRIVATE_KEY_FILE" -check -noout 2>/dev/null; then
|
||||
echo -e "${GREEN}✓ 私钥验证通过${NC}"
|
||||
else
|
||||
echo -e "${RED}❌ 私钥验证失败${NC}"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if openssl rsa -in "$PUBLIC_KEY_FILE" -pubin -text -noout &>/dev/null; then
|
||||
echo -e "${GREEN}✓ 公钥验证通过${NC}"
|
||||
else
|
||||
echo -e "${RED}❌ 公钥验证失败${NC}"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# 显示密钥信息
|
||||
echo
|
||||
echo -e "${GREEN}🎉 RSA密钥对生成成功!${NC}"
|
||||
echo
|
||||
echo -e "${BLUE}📋 密钥信息:${NC}"
|
||||
echo -e " 私钥文件: ${YELLOW}$PRIVATE_KEY_FILE${NC}"
|
||||
echo -e " 公钥文件: ${YELLOW}$PUBLIC_KEY_FILE${NC}"
|
||||
echo -e " 密钥大小: ${YELLOW}$RSA_KEY_SIZE bits${NC}"
|
||||
echo
|
||||
|
||||
# 显示文件大小
|
||||
PRIVATE_SIZE=$(stat -f%z "$PRIVATE_KEY_FILE" 2>/dev/null || stat -c%s "$PRIVATE_KEY_FILE" 2>/dev/null || echo "未知")
|
||||
PUBLIC_SIZE=$(stat -f%z "$PUBLIC_KEY_FILE" 2>/dev/null || stat -c%s "$PUBLIC_KEY_FILE" 2>/dev/null || echo "未知")
|
||||
|
||||
echo -e "${BLUE}📏 文件大小:${NC}"
|
||||
echo -e " 私钥: ${YELLOW}$PRIVATE_SIZE bytes${NC}"
|
||||
echo -e " 公钥: ${YELLOW}$PUBLIC_SIZE bytes${NC}"
|
||||
|
||||
# 显示公钥内容预览
|
||||
echo
|
||||
echo -e "${BLUE}🔍 公钥内容预览:${NC}"
|
||||
head -n 5 "$PUBLIC_KEY_FILE" | sed 's/^/ /'
|
||||
echo -e " ${YELLOW}...${NC}"
|
||||
tail -n 2 "$PUBLIC_KEY_FILE" | sed 's/^/ /'
|
||||
|
||||
echo
|
||||
echo -e "${GREEN}✅ RSA密钥对生成完成!${NC}"
|
||||
echo
|
||||
echo -e "${YELLOW}📋 使用说明:${NC}"
|
||||
echo -e " 1. 私钥文件 ($PRIVATE_KEY_FILE) 用于服务器端解密"
|
||||
echo -e " 2. 公钥文件 ($PUBLIC_KEY_FILE) 可以分发给客户端用于加密"
|
||||
echo -e " 3. 确保私钥文件的安全性,不要泄露给第三方"
|
||||
echo -e " 4. 在生产环境中,建议将私钥存储在安全的密钥管理服务中"
|
||||
echo
|
||||
echo -e "${RED}⚠️ 安全提醒:${NC}"
|
||||
echo -e " • 私钥文件权限已设置为 600 (仅所有者可读写)"
|
||||
echo -e " • 请定期备份密钥文件"
|
||||
echo -e " • 建议在不同环境使用不同的密钥对"
|
||||
echo
|
||||
@@ -12,71 +12,71 @@ import (
|
||||
)
|
||||
|
||||
func main() {
|
||||
log.Println("🔄 開始遷移數據庫到加密格式...")
|
||||
log.Println("🔄 开始迁移数据库到加密格式...")
|
||||
|
||||
// 1. 檢查數據庫檔案
|
||||
dbPath := "config.db"
|
||||
// 1. 检查数据库文件
|
||||
dbPath := "data.db"
|
||||
if len(os.Args) > 1 {
|
||||
dbPath = os.Args[1]
|
||||
}
|
||||
|
||||
if _, err := os.Stat(dbPath); os.IsNotExist(err) {
|
||||
log.Fatalf("❌ 數據庫檔案不存在: %s", dbPath)
|
||||
log.Fatalf("❌ 数据库文件不存在: %s", dbPath)
|
||||
}
|
||||
|
||||
// 2. 備份數據庫
|
||||
// 2. 备份数据库
|
||||
backupPath := fmt.Sprintf("%s.pre_encryption_backup", dbPath)
|
||||
log.Printf("📦 備份數據庫到: %s", backupPath)
|
||||
log.Printf("📦 备份数据库到: %s", backupPath)
|
||||
|
||||
input, err := os.ReadFile(dbPath)
|
||||
if err != nil {
|
||||
log.Fatalf("❌ 讀取數據庫失敗: %v", err)
|
||||
log.Fatalf("❌ 读取数据库失败: %v", err)
|
||||
}
|
||||
|
||||
if err := os.WriteFile(backupPath, input, 0600); err != nil {
|
||||
log.Fatalf("❌ 備份失敗: %v", err)
|
||||
log.Fatalf("❌ 备份失败: %v", err)
|
||||
}
|
||||
|
||||
// 3. 打開數據庫
|
||||
// 3. 打开数据库
|
||||
db, err := sql.Open("sqlite", dbPath)
|
||||
if err != nil {
|
||||
log.Fatalf("❌ 打開數據庫失敗: %v", err)
|
||||
log.Fatalf("❌ 打开数据库失败: %v", err)
|
||||
}
|
||||
defer db.Close()
|
||||
|
||||
// 4. 初始化加密管理器
|
||||
em, err := crypto.GetEncryptionManager()
|
||||
// 4. 初始化 CryptoService(从环境变量加载密钥)
|
||||
cs, err := crypto.NewCryptoService()
|
||||
if err != nil {
|
||||
log.Fatalf("❌ 初始化加密管理器失敗: %v", err)
|
||||
log.Fatalf("❌ 初始化加密服务失败: %v", err)
|
||||
}
|
||||
|
||||
// 5. 遷移交易所配置
|
||||
if err := migrateExchanges(db, em); err != nil {
|
||||
log.Fatalf("❌ 遷移交易所配置失敗: %v", err)
|
||||
// 5. 迁移交易所配置
|
||||
if err := migrateExchanges(db, cs); err != nil {
|
||||
log.Fatalf("❌ 迁移交易所配置失败: %v", err)
|
||||
}
|
||||
|
||||
// 6. 遷移 AI 模型配置
|
||||
if err := migrateAIModels(db, em); err != nil {
|
||||
log.Fatalf("❌ 遷移 AI 模型配置失敗: %v", err)
|
||||
// 6. 迁移 AI 模型配置
|
||||
if err := migrateAIModels(db, cs); err != nil {
|
||||
log.Fatalf("❌ 迁移 AI 模型配置失败: %v", err)
|
||||
}
|
||||
|
||||
log.Println("✅ 數據遷移完成!")
|
||||
log.Printf("📝 原始數據備份位於: %s", backupPath)
|
||||
log.Println("⚠️ 請驗證系統功能正常後,手動刪除備份檔案")
|
||||
log.Println("✅ 数据迁移完成!")
|
||||
log.Printf("📝 原始数据备份位于: %s", backupPath)
|
||||
log.Println("⚠️ 请验证系统功能正常后,手动删除备份文件")
|
||||
}
|
||||
|
||||
// migrateExchanges 遷移交易所配置
|
||||
func migrateExchanges(db *sql.DB, em *crypto.EncryptionManager) error {
|
||||
log.Println("🔄 遷移交易所配置...")
|
||||
// migrateExchanges 迁移交易所配置
|
||||
func migrateExchanges(db *sql.DB, cs *crypto.CryptoService) error {
|
||||
log.Println("🔄 迁移交易所配置...")
|
||||
|
||||
// 查詢所有未加密的記錄(假設加密數據都包含 '==' Base64 特徵)
|
||||
// 查询所有未加密的记录(加密数据以 ENC:v1: 开头)
|
||||
rows, err := db.Query(`
|
||||
SELECT user_id, id, api_key, secret_key,
|
||||
COALESCE(hyperliquid_private_key, ''),
|
||||
COALESCE(aster_private_key, '')
|
||||
FROM exchanges
|
||||
WHERE (api_key != '' AND api_key NOT LIKE '%==%')
|
||||
OR (secret_key != '' AND secret_key NOT LIKE '%==%')
|
||||
WHERE (api_key != '' AND api_key NOT LIKE 'ENC:v1:%')
|
||||
OR (secret_key != '' AND secret_key NOT LIKE 'ENC:v1:%')
|
||||
`)
|
||||
if err != nil {
|
||||
return err
|
||||
@@ -96,34 +96,34 @@ func migrateExchanges(db *sql.DB, em *crypto.EncryptionManager) error {
|
||||
return err
|
||||
}
|
||||
|
||||
// 加密每個字段
|
||||
encAPIKey, err := em.EncryptForDatabase(apiKey)
|
||||
// 加密每个字段
|
||||
encAPIKey, err := cs.EncryptForStorage(apiKey)
|
||||
if err != nil {
|
||||
return fmt.Errorf("加密 API Key 失敗: %w", err)
|
||||
return fmt.Errorf("加密 API Key 失败: %w", err)
|
||||
}
|
||||
|
||||
encSecretKey, err := em.EncryptForDatabase(secretKey)
|
||||
encSecretKey, err := cs.EncryptForStorage(secretKey)
|
||||
if err != nil {
|
||||
return fmt.Errorf("加密 Secret Key 失敗: %w", err)
|
||||
return fmt.Errorf("加密 Secret Key 失败: %w", err)
|
||||
}
|
||||
|
||||
encHLPrivateKey := ""
|
||||
if hlPrivateKey != "" {
|
||||
encHLPrivateKey, err = em.EncryptForDatabase(hlPrivateKey)
|
||||
encHLPrivateKey, err = cs.EncryptForStorage(hlPrivateKey)
|
||||
if err != nil {
|
||||
return fmt.Errorf("加密 Hyperliquid Private Key 失敗: %w", err)
|
||||
return fmt.Errorf("加密 Hyperliquid Private Key 失败: %w", err)
|
||||
}
|
||||
}
|
||||
|
||||
encAsterPrivateKey := ""
|
||||
if asterPrivateKey != "" {
|
||||
encAsterPrivateKey, err = em.EncryptForDatabase(asterPrivateKey)
|
||||
encAsterPrivateKey, err = cs.EncryptForStorage(asterPrivateKey)
|
||||
if err != nil {
|
||||
return fmt.Errorf("加密 Aster Private Key 失敗: %w", err)
|
||||
return fmt.Errorf("加密 Aster Private Key 失败: %w", err)
|
||||
}
|
||||
}
|
||||
|
||||
// 更新數據庫
|
||||
// 更新数据库
|
||||
_, err = tx.Exec(`
|
||||
UPDATE exchanges
|
||||
SET api_key = ?, secret_key = ?,
|
||||
@@ -132,7 +132,7 @@ func migrateExchanges(db *sql.DB, em *crypto.EncryptionManager) error {
|
||||
`, encAPIKey, encSecretKey, encHLPrivateKey, encAsterPrivateKey, userID, exchangeID)
|
||||
|
||||
if err != nil {
|
||||
return fmt.Errorf("更新數據庫失敗: %w", err)
|
||||
return fmt.Errorf("更新数据库失败: %w", err)
|
||||
}
|
||||
|
||||
log.Printf(" ✓ 已加密: [%s] %s", userID, exchangeID)
|
||||
@@ -143,18 +143,18 @@ func migrateExchanges(db *sql.DB, em *crypto.EncryptionManager) error {
|
||||
return err
|
||||
}
|
||||
|
||||
log.Printf("✅ 已遷移 %d 個交易所配置", count)
|
||||
log.Printf("✅ 已迁移 %d 个交易所配置", count)
|
||||
return nil
|
||||
}
|
||||
|
||||
// migrateAIModels 遷移 AI 模型配置
|
||||
func migrateAIModels(db *sql.DB, em *crypto.EncryptionManager) error {
|
||||
log.Println("🔄 遷移 AI 模型配置...")
|
||||
// migrateAIModels 迁移 AI 模型配置
|
||||
func migrateAIModels(db *sql.DB, cs *crypto.CryptoService) error {
|
||||
log.Println("🔄 迁移 AI 模型配置...")
|
||||
|
||||
rows, err := db.Query(`
|
||||
SELECT user_id, id, api_key
|
||||
FROM ai_models
|
||||
WHERE api_key != '' AND api_key NOT LIKE '%==%'
|
||||
WHERE api_key != '' AND api_key NOT LIKE 'ENC:v1:%'
|
||||
`)
|
||||
if err != nil {
|
||||
return err
|
||||
@@ -174,9 +174,9 @@ func migrateAIModels(db *sql.DB, em *crypto.EncryptionManager) error {
|
||||
return err
|
||||
}
|
||||
|
||||
encAPIKey, err := em.EncryptForDatabase(apiKey)
|
||||
encAPIKey, err := cs.EncryptForStorage(apiKey)
|
||||
if err != nil {
|
||||
return fmt.Errorf("加密 API Key 失敗: %w", err)
|
||||
return fmt.Errorf("加密 API Key 失败: %w", err)
|
||||
}
|
||||
|
||||
_, err = tx.Exec(`
|
||||
@@ -184,7 +184,7 @@ func migrateAIModels(db *sql.DB, em *crypto.EncryptionManager) error {
|
||||
`, encAPIKey, userID, modelID)
|
||||
|
||||
if err != nil {
|
||||
return fmt.Errorf("更新數據庫失敗: %w", err)
|
||||
return fmt.Errorf("更新数据库失败: %w", err)
|
||||
}
|
||||
|
||||
log.Printf(" ✓ 已加密: [%s] %s", userID, modelID)
|
||||
@@ -195,6 +195,6 @@ func migrateAIModels(db *sql.DB, em *crypto.EncryptionManager) error {
|
||||
return err
|
||||
}
|
||||
|
||||
log.Printf("✅ 已遷移 %d 個 AI 模型配置", count)
|
||||
log.Printf("✅ 已迁移 %d 个 AI 模型配置", count)
|
||||
return nil
|
||||
}
|
||||
|
||||
@@ -1,319 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Mars AI交易系统加密环境设置脚本
|
||||
# 一键生成RSA密钥对和数据加密密钥,完整设置加密环境
|
||||
|
||||
set -e # 遇到错误立即退出
|
||||
|
||||
# 颜色定义
|
||||
RED='\033[0;31m'
|
||||
GREEN='\033[0;32m'
|
||||
YELLOW='\033[1;33m'
|
||||
BLUE='\033[0;34m'
|
||||
PURPLE='\033[0;35m'
|
||||
CYAN='\033[0;36m'
|
||||
NC='\033[0m' # No Color
|
||||
|
||||
# 获取脚本所在目录
|
||||
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
||||
PROJECT_ROOT="$(dirname "$SCRIPT_DIR")"
|
||||
|
||||
echo -e "${PURPLE}╔════════════════════════════════════════════════════════════════════════╗${NC}"
|
||||
echo -e "${PURPLE}║ Mars AI交易系统 ║${NC}"
|
||||
echo -e "${PURPLE}║ 🔐 加密环境一键设置工具 ║${NC}"
|
||||
echo -e "${PURPLE}║ ║${NC}"
|
||||
echo -e "${PURPLE}║ 功能: 生成RSA密钥对 + 数据加密密钥 + 配置环境变量 ║${NC}"
|
||||
echo -e "${PURPLE}╚════════════════════════════════════════════════════════════════════════╝${NC}"
|
||||
echo
|
||||
|
||||
# 检查依赖
|
||||
echo -e "${CYAN}🔍 检查系统依赖...${NC}"
|
||||
|
||||
# 检查 OpenSSL
|
||||
if ! command -v openssl &> /dev/null; then
|
||||
echo -e "${RED}❌ 错误: 系统中未安装 OpenSSL${NC}"
|
||||
echo -e "请安装 OpenSSL:"
|
||||
echo -e " macOS: ${YELLOW}brew install openssl${NC}"
|
||||
echo -e " Ubuntu/Debian: ${YELLOW}sudo apt-get install openssl${NC}"
|
||||
echo -e " CentOS/RHEL: ${YELLOW}sudo yum install openssl${NC}"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo -e "${GREEN}✓ OpenSSL: $(openssl version)${NC}"
|
||||
|
||||
# 进入项目根目录
|
||||
cd "$PROJECT_ROOT"
|
||||
echo -e "${GREEN}✓ 工作目录: $(pwd)${NC}"
|
||||
|
||||
# 配置参数
|
||||
RSA_KEY_SIZE=2048
|
||||
SECRETS_DIR="secrets"
|
||||
PRIVATE_KEY_FILE="$SECRETS_DIR/rsa_key"
|
||||
PUBLIC_KEY_FILE="$SECRETS_DIR/rsa_key.pub"
|
||||
|
||||
echo
|
||||
echo -e "${BLUE}📋 配置参数:${NC}"
|
||||
echo -e " • RSA密钥大小: ${YELLOW}$RSA_KEY_SIZE bits${NC}"
|
||||
echo -e " • 私钥文件: ${YELLOW}$PRIVATE_KEY_FILE${NC}"
|
||||
echo -e " • 公钥文件: ${YELLOW}$PUBLIC_KEY_FILE${NC}"
|
||||
echo -e " • AES密钥: ${YELLOW}256 bits (自动生成)${NC}"
|
||||
|
||||
# 询问用户确认
|
||||
echo
|
||||
read -p "是否继续设置加密环境? [Y/n]: " -n 1 -r
|
||||
echo
|
||||
if [[ $REPLY =~ ^[Nn]$ ]]; then
|
||||
echo -e "${BLUE}ℹ️ 操作已取消${NC}"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
echo
|
||||
echo -e "${CYAN}🚀 开始设置加密环境...${NC}"
|
||||
|
||||
# ============= 步骤1: 创建目录 =============
|
||||
echo
|
||||
echo -e "${YELLOW}📁 步骤 1/4: 创建必要目录...${NC}"
|
||||
|
||||
if [ ! -d "$SECRETS_DIR" ]; then
|
||||
mkdir -p "$SECRETS_DIR"
|
||||
chmod 700 "$SECRETS_DIR"
|
||||
echo -e "${GREEN}✓ 创建 $SECRETS_DIR 目录${NC}"
|
||||
else
|
||||
echo -e "${GREEN}✓ $SECRETS_DIR 目录已存在${NC}"
|
||||
fi
|
||||
|
||||
if [ ! -d "scripts" ]; then
|
||||
mkdir -p "scripts"
|
||||
echo -e "${GREEN}✓ 创建 scripts 目录${NC}"
|
||||
else
|
||||
echo -e "${GREEN}✓ scripts 目录已存在${NC}"
|
||||
fi
|
||||
|
||||
# ============= 步骤2: 生成RSA密钥对 =============
|
||||
echo
|
||||
echo -e "${YELLOW}🔐 步骤 2/4: 生成 RSA-$RSA_KEY_SIZE 密钥对...${NC}"
|
||||
|
||||
# 检查现有RSA密钥
|
||||
if [ -f "$PRIVATE_KEY_FILE" ] || [ -f "$PUBLIC_KEY_FILE" ]; then
|
||||
echo -e "${YELLOW}⚠️ 检测到现有的RSA密钥文件${NC}"
|
||||
read -p "是否重新生成RSA密钥? [y/N]: " -n 1 -r
|
||||
echo
|
||||
if [[ $REPLY =~ ^[Yy]$ ]]; then
|
||||
rm -f "$PRIVATE_KEY_FILE" "$PUBLIC_KEY_FILE"
|
||||
echo -e "${YELLOW}🗑️ 删除旧密钥${NC}"
|
||||
else
|
||||
echo -e "${BLUE}ℹ️ 保持现有RSA密钥${NC}"
|
||||
RSA_SKIPPED=true
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ "$RSA_SKIPPED" != "true" ]; then
|
||||
# 生成私钥
|
||||
echo -e " ${CYAN}生成RSA私钥...${NC}"
|
||||
openssl genrsa -out "$PRIVATE_KEY_FILE" $RSA_KEY_SIZE 2>/dev/null
|
||||
chmod 600 "$PRIVATE_KEY_FILE"
|
||||
echo -e "${GREEN} ✓ 私钥生成完成${NC}"
|
||||
|
||||
# 生成公钥
|
||||
echo -e " ${CYAN}提取RSA公钥...${NC}"
|
||||
openssl rsa -in "$PRIVATE_KEY_FILE" -pubout -out "$PUBLIC_KEY_FILE" 2>/dev/null
|
||||
chmod 644 "$PUBLIC_KEY_FILE"
|
||||
echo -e "${GREEN} ✓ 公钥生成完成${NC}"
|
||||
|
||||
# 验证密钥
|
||||
echo -e " ${CYAN}验证密钥对...${NC}"
|
||||
openssl rsa -in "$PRIVATE_KEY_FILE" -check -noout 2>/dev/null
|
||||
echo -e "${GREEN} ✓ 密钥验证通过${NC}"
|
||||
fi
|
||||
|
||||
# ============= 步骤3: 生成数据加密密钥和JWT密钥 =============
|
||||
echo
|
||||
echo -e "${YELLOW}🔑 步骤 3/4: 生成 AES-256 数据加密密钥和JWT认证密钥...${NC}"
|
||||
|
||||
# 检查现有密钥
|
||||
DATA_KEY_EXISTS=false
|
||||
JWT_KEY_EXISTS=false
|
||||
|
||||
if [ -f ".env" ]; then
|
||||
if grep -q "^DATA_ENCRYPTION_KEY=" .env; then
|
||||
DATA_KEY_EXISTS=true
|
||||
fi
|
||||
if grep -q "^JWT_SECRET=" .env; then
|
||||
JWT_KEY_EXISTS=true
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ "$DATA_KEY_EXISTS" = "true" ] || [ "$JWT_KEY_EXISTS" = "true" ]; then
|
||||
echo -e "${YELLOW}⚠️ 检测到现有的密钥配置${NC}"
|
||||
if [ "$DATA_KEY_EXISTS" = "true" ]; then
|
||||
echo -e " • 数据加密密钥已存在"
|
||||
fi
|
||||
if [ "$JWT_KEY_EXISTS" = "true" ]; then
|
||||
echo -e " • JWT认证密钥已存在"
|
||||
fi
|
||||
read -p "是否重新生成所有密钥? [y/N]: " -n 1 -r
|
||||
echo
|
||||
if [[ ! $REPLY =~ ^[Yy]$ ]]; then
|
||||
echo -e "${BLUE}ℹ️ 保持现有密钥${NC}"
|
||||
KEY_SKIPPED=true
|
||||
# 读取现有密钥
|
||||
if [ "$DATA_KEY_EXISTS" = "true" ]; then
|
||||
DATA_KEY=$(grep "^DATA_ENCRYPTION_KEY=" .env | cut -d'=' -f2)
|
||||
fi
|
||||
if [ "$JWT_KEY_EXISTS" = "true" ]; then
|
||||
JWT_KEY=$(grep "^JWT_SECRET=" .env | cut -d'=' -f2)
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ "$KEY_SKIPPED" != "true" ]; then
|
||||
# 生成新的密钥
|
||||
echo -e " ${CYAN}生成AES-256数据加密密钥...${NC}"
|
||||
DATA_KEY=$(openssl rand -base64 32)
|
||||
echo -e "${GREEN} ✓ 数据加密密钥生成完成${NC}"
|
||||
|
||||
echo -e " ${CYAN}生成JWT认证密钥...${NC}"
|
||||
JWT_KEY=$(openssl rand -base64 64)
|
||||
echo -e "${GREEN} ✓ JWT认证密钥生成完成${NC}"
|
||||
|
||||
# 保存到.env文件
|
||||
if [ -f ".env" ]; then
|
||||
# 更新现有文件
|
||||
if grep -q "^DATA_ENCRYPTION_KEY=" .env; then
|
||||
if [[ "$OSTYPE" == "darwin"* ]]; then
|
||||
sed -i '' "s/^DATA_ENCRYPTION_KEY=.*/DATA_ENCRYPTION_KEY=$DATA_KEY/" .env
|
||||
else
|
||||
sed -i "s/^DATA_ENCRYPTION_KEY=.*/DATA_ENCRYPTION_KEY=$DATA_KEY/" .env
|
||||
fi
|
||||
else
|
||||
echo "DATA_ENCRYPTION_KEY=$DATA_KEY" >> .env
|
||||
fi
|
||||
|
||||
if grep -q "^JWT_SECRET=" .env; then
|
||||
# 使用替代分隔符避免 / 字符冲突,并用引号保护值
|
||||
if [[ "$OSTYPE" == "darwin"* ]]; then
|
||||
sed -i '' "s|^JWT_SECRET=.*|JWT_SECRET=\"$JWT_KEY\"|" .env
|
||||
else
|
||||
sed -i "s|^JWT_SECRET=.*|JWT_SECRET=\"$JWT_KEY\"|" .env
|
||||
fi
|
||||
else
|
||||
# 使用引号确保值在同一行
|
||||
printf "JWT_SECRET=\"%s\"\n" "$JWT_KEY" >> .env
|
||||
fi
|
||||
else
|
||||
# 创建新文件
|
||||
echo "DATA_ENCRYPTION_KEY=$DATA_KEY" > .env
|
||||
printf "JWT_SECRET=\"%s\"\n" "$JWT_KEY" >> .env
|
||||
fi
|
||||
chmod 600 .env
|
||||
echo -e "${GREEN} ✓ 密钥已保存到 .env 文件${NC}"
|
||||
elif [ "$DATA_KEY_EXISTS" != "true" ] || [ "$JWT_KEY_EXISTS" != "true" ]; then
|
||||
# 生成缺失的密钥
|
||||
if [ "$DATA_KEY_EXISTS" != "true" ]; then
|
||||
echo -e " ${CYAN}生成缺失的AES-256数据加密密钥...${NC}"
|
||||
DATA_KEY=$(openssl rand -base64 32)
|
||||
echo "DATA_ENCRYPTION_KEY=$DATA_KEY" >> .env
|
||||
echo -e "${GREEN} ✓ 数据加密密钥生成完成${NC}"
|
||||
fi
|
||||
|
||||
if [ "$JWT_KEY_EXISTS" != "true" ]; then
|
||||
echo -e " ${CYAN}生成缺失的JWT认证密钥...${NC}"
|
||||
JWT_KEY=$(openssl rand -base64 64)
|
||||
printf "JWT_SECRET=\"%s\"\n" "$JWT_KEY" >> .env
|
||||
echo -e "${GREEN} ✓ JWT认证密钥生成完成${NC}"
|
||||
fi
|
||||
|
||||
chmod 600 .env
|
||||
echo -e "${GREEN} ✓ 密钥已保存到 .env 文件${NC}"
|
||||
fi
|
||||
|
||||
# ============= 步骤4: 验证和总结 =============
|
||||
echo
|
||||
echo -e "${YELLOW}✅ 步骤 4/4: 环境验证和总结...${NC}"
|
||||
|
||||
# 验证文件存在性和权限
|
||||
echo -e " ${CYAN}验证文件和权限...${NC}"
|
||||
|
||||
if [ -f "$PRIVATE_KEY_FILE" ]; then
|
||||
PRIVATE_PERM=$(stat -f "%A" "$PRIVATE_KEY_FILE" 2>/dev/null || stat -c "%a" "$PRIVATE_KEY_FILE" 2>/dev/null)
|
||||
echo -e "${GREEN} ✓ 私钥文件: $PRIVATE_KEY_FILE (权限: $PRIVATE_PERM)${NC}"
|
||||
else
|
||||
echo -e "${RED} ❌ 私钥文件不存在${NC}"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ -f "$PUBLIC_KEY_FILE" ]; then
|
||||
PUBLIC_PERM=$(stat -f "%A" "$PUBLIC_KEY_FILE" 2>/dev/null || stat -c "%a" "$PUBLIC_KEY_FILE" 2>/dev/null)
|
||||
echo -e "${GREEN} ✓ 公钥文件: $PUBLIC_KEY_FILE (权限: $PUBLIC_PERM)${NC}"
|
||||
else
|
||||
echo -e "${RED} ❌ 公钥文件不存在${NC}"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ -f ".env" ] && grep -q "^DATA_ENCRYPTION_KEY=" .env && grep -q "^JWT_SECRET=" .env; then
|
||||
ENV_PERM=$(stat -f "%A" ".env" 2>/dev/null || stat -c "%a" ".env" 2>/dev/null)
|
||||
echo -e "${GREEN} ✓ 环境文件: .env (权限: $ENV_PERM)${NC}"
|
||||
echo -e "${GREEN} 包含: DATA_ENCRYPTION_KEY, JWT_SECRET${NC}"
|
||||
else
|
||||
echo -e "${RED} ❌ 环境文件不存在或缺少必要密钥${NC}"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# 测试密钥功能
|
||||
echo -e " ${CYAN}测试密钥功能...${NC}"
|
||||
TEST_DATA="Hello Mars AI Trading System"
|
||||
ENCRYPTED=$(echo "$TEST_DATA" | openssl rsautl -encrypt -pubin -inkey "$PUBLIC_KEY_FILE" | base64)
|
||||
DECRYPTED=$(echo "$ENCRYPTED" | base64 -d | openssl rsautl -decrypt -inkey "$PRIVATE_KEY_FILE")
|
||||
|
||||
if [ "$DECRYPTED" = "$TEST_DATA" ]; then
|
||||
echo -e "${GREEN} ✓ RSA加密/解密测试通过${NC}"
|
||||
else
|
||||
echo -e "${RED} ❌ RSA加密/解密测试失败${NC}"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# 显示最终结果
|
||||
echo
|
||||
echo -e "${GREEN}🎉 加密环境设置完成!${NC}"
|
||||
echo
|
||||
echo -e "${PURPLE}╔════════════════════════════════════════════════════════════════════════╗${NC}"
|
||||
echo -e "${PURPLE}║ 设置完成摘要 ║${NC}"
|
||||
echo -e "${PURPLE}╠════════════════════════════════════════════════════════════════════════╣${NC}"
|
||||
echo -e "${PURPLE}║${NC} ${BLUE}RSA密钥对:${NC} ${PURPLE}║${NC}"
|
||||
echo -e "${PURPLE}║${NC} 私钥: ${YELLOW}$PRIVATE_KEY_FILE${NC} ${PURPLE}║${NC}"
|
||||
echo -e "${PURPLE}║${NC} 公钥: ${YELLOW}$PUBLIC_KEY_FILE${NC} ${PURPLE}║${NC}"
|
||||
echo -e "${PURPLE}║${NC} 大小: ${YELLOW}$RSA_KEY_SIZE bits${NC} ${PURPLE}║${NC}"
|
||||
echo -e "${PURPLE}║${NC} ${PURPLE}║${NC}"
|
||||
echo -e "${PURPLE}║${NC} ${BLUE}安全密钥配置:${NC} ${PURPLE}║${NC}"
|
||||
echo -e "${PURPLE}║${NC} 文件: ${YELLOW}.env${NC} ${PURPLE}║${NC}"
|
||||
echo -e "${PURPLE}║${NC} 数据加密: ${YELLOW}DATA_ENCRYPTION_KEY (AES-256-GCM)${NC} ${PURPLE}║${NC}"
|
||||
echo -e "${PURPLE}║${NC} JWT认证: ${YELLOW}JWT_SECRET (HS256)${NC} ${PURPLE}║${NC}"
|
||||
echo -e "${PURPLE}╚════════════════════════════════════════════════════════════════════════╝${NC}"
|
||||
|
||||
# 使用指南
|
||||
echo
|
||||
echo -e "${BLUE}📋 使用指南:${NC}"
|
||||
echo
|
||||
echo -e "${YELLOW}1. 启动Mars AI交易系统:${NC}"
|
||||
echo -e " source .env && ./mars"
|
||||
echo
|
||||
echo -e "${YELLOW}2. Docker部署:${NC}"
|
||||
echo -e " docker run --env-file .env mars-ai-trading"
|
||||
echo
|
||||
echo -e "${YELLOW}3. 查看公钥内容:${NC}"
|
||||
echo -e " cat $PUBLIC_KEY_FILE"
|
||||
echo
|
||||
echo -e "${YELLOW}4. 测试加密API:${NC}"
|
||||
echo -e " curl http://localhost:8080/api/crypto/public-key"
|
||||
|
||||
# 安全提醒
|
||||
echo
|
||||
echo -e "${RED}🔒 安全提醒:${NC}"
|
||||
echo -e " • 私钥文件 ($PRIVATE_KEY_FILE) 权限已设置为 600"
|
||||
echo -e " • 环境文件 (.env) 权限已设置为 600"
|
||||
echo -e " • 请勿将私钥和数据密钥提交到版本控制系统"
|
||||
echo -e " • 建议在生产环境中使用密钥管理服务"
|
||||
echo -e " • 定期备份密钥文件"
|
||||
|
||||
echo
|
||||
echo -e "${GREEN}✅ Mars AI交易系统加密环境设置完成!${NC}"
|
||||
Reference in New Issue
Block a user