Commit Graph

26 Commits

Author SHA1 Message Date
Icyoung
f270bc3fee Dev remove admin mode (#723)
* feat: remove admin mode

* feat: bugfix

---------

Co-authored-by: icy <icyoung520@gmail.com>
2025-11-07 23:37:23 +08:00
0xYYBB | ZYY | Bobo
26fd9c261b feat(hyperliquid): enhance Agent Wallet security model (#717)
## Background

Hyperliquid official documentation recommends using Agent Wallet pattern for API trading:
- Agent Wallet is used for signing only
- Main Wallet Address is used for querying account data
- Agent Wallet should not hold significant funds

Reference: https://hyperliquid.gitbook.io/hyperliquid-docs/for-developers/api/nonces-and-api-wallets

## Current Implementation

Current implementation allows auto-generating wallet address from private key,
which simplifies user configuration but may lead to potential security concerns
if users accidentally use their main wallet private key.

## Enhancement

Following the proven pattern already used in Aster exchange implementation
(which uses dual-address mode), this enhancement upgrades Hyperliquid to
Agent Wallet mode:

### Core Changes

1. **Mandatory dual-address configuration**
   - Agent Private Key (for signing)
   - Main Wallet Address (holds funds)

2. **Multi-layer security checks**
   - Detect if user accidentally uses main wallet private key
   - Validate Agent wallet balance (reject if > 100 USDC)
   - Provide detailed configuration guidance

3. **Design consistency**
   - Align with Aster's dual-address pattern
   - Follow Hyperliquid official best practices

### Code Changes

**config/database.go**:
- Add inline comments clarifying Agent Wallet security model

**trader/hyperliquid_trader.go**:
- Require explicit main wallet address (no auto-generation)
- Check if agent address matches main wallet address (security risk indicator)
- Query agent wallet balance and block if excessive
- Display both agent and main wallet addresses for transparency

**web/src/components/AITradersPage.tsx**:
- Add security alert banner explaining Agent Wallet mode
- Separate required inputs for Agent Private Key and Main Wallet Address
- Add field descriptions and validation

### Benefits

-  Aligns with Hyperliquid official security recommendations
-  Maintains design consistency with Aster implementation
-  Multi-layer protection against configuration mistakes
-  Detailed logging for troubleshooting

### Breaking Change

Users must now explicitly provide main wallet address (hyperliquid_wallet_addr).
Old configurations will receive clear error messages with migration guidance.

### Migration Guide

**Before** (single private key):
```json
{
  "hyperliquid_private_key": "0x..."
}
```

**After** (Agent Wallet mode):
```json
{
  "hyperliquid_private_key": "0x...",  // Agent Wallet private key
  "hyperliquid_wallet_addr": "0x..."   // Main Wallet address
}
```

Users can create Agent Wallet on Hyperliquid official website:
https://app.hyperliquid.xyz/ → Settings → API Wallets

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: tinkle-community <tinklefund@gmail.com>
2025-11-07 23:26:56 +08:00
Sue
87a834c4f5 feat(auth): implement password reset with Google Authenticator verification (#537)
实现忘记密码功能,用户可以通过邮箱和Google Authenticator验证码重置密码。

**后端改动:**
- 添加 `/api/reset-password` 接口
- 实现 `UpdateUserPassword` 数据库方法
- 验证邮箱、OTP和新密码

**前端改动:**
- 新增 `ResetPasswordPage` 组件
- 在登录页面添加"忘记密码"链接
- 实现密码重置表单(新密码、确认密码、OTP验证)
- 添加密码可见性切换功能
- 支持中英文国际化

**安全特性:**
- 要求Google Authenticator验证
- 密码强度验证(最少6位)
- 密码确认匹配检查
- 密码哈希存储

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: tinkle-community <tinklefund@gmail.com>
2025-11-05 21:01:18 +08:00
PoorThoth
ad4e75db5d Change SQLite driver in database configuration (#441)
* Change SQLite driver in database configuration

Replace SQLite driver from 'github.com/mattn/go-sqlite3' to 'modernc.org/sqlite'.

* Update go.mod

---------

Co-authored-by: tinkle-community <tinklefund@gmail.com>
2025-11-05 17:34:29 +08:00
Icyoung
197a0bb695 Merge branch 'dev' into feat/auto-balance-sync 2025-11-05 16:01:57 +08:00
Icyoung
10c9b678bd Merge pull request #428 from zhouyongyou/fix/initial-balance-sync
fix(api): add balance sync endpoint with smart detection
2025-11-05 15:58:45 +08:00
ZhouYongyou
09d88f01d3 feat(trader): add automatic balance sync every 10 minutes
## 功能说明
自动检测交易所余额变化,无需用户手动操作

## 核心改动
1. AutoTrader 新增字段:
   - lastBalanceSyncTime: 上次余额同步时间
   - database: 数据库引用(用于自动更新)
   - userID: 用户ID

2. 新增方法 autoSyncBalanceIfNeeded():
   - 每10分钟检查一次(避免与3分钟扫描周期重叠)
   - 余额变化>5%才更新数据库
   - 智能失败重试(避免频繁查询)
   - 完整日志记录

3. 集成到交易循环:
   - 在 runCycle() 中第3步自动调用
   - 先同步余额,再获取交易上下文
   - 不影响现有交易逻辑

4. TraderManager 更新:
   - addTraderFromDB(), AddTraderFromDB(), loadSingleTrader()
   - 新增 database 和 userID 参数
   - 正确传递到 NewAutoTrader()

5. Database 新增方法:
   - UpdateTraderInitialBalance(userID, id, newBalance)
   - 安全更新初始余额

## 为什么选择10分钟?
1. 避免与3分钟扫描周期重叠(每30分钟仅重叠1次)
2. API开销最小化:每小时仅6次额外调用
3. 充值延迟可接受:最多10分钟自动同步
4. API占用率:0.2%(远低于币安2400次/分钟限制)

## API开销
- GetBalance() 轻量级查询(权重5-10)
- 每小时仅6次额外调用
- 总调用:26次/小时(runCycle:20 + autoSync:6)
- 占用率:(10/2400)/60 = 0.2% 

## 用户体验
- 充值后最多10分钟自动同步
- 完全自动化,无需手动干预
- 前端数据实时准确

## 日志示例
- 🔄 开始自动检查余额变化...
- 🔔 检测到余额大幅变化: 693.00 → 3693.00 USDT (433.19%)
-  已自动同步余额到数据库
- ✓ 余额变化不大 (2.3%),无需更新
2025-11-04 20:51:14 +08:00
ZhouYongyou
70a6ca777e fix(api): add balance sync endpoint with smart detection
## Summary
- Add POST /traders/:id/sync-balance endpoint (Option B)
- Add smart detection showing balance change percentage (Option C)
- Fix balance display bug caused by commit 2b9c4d2

## Changes

### api/server.go
- Add handleSyncBalance() handler
- Query actual exchange balance via trader.GetBalance()
- Calculate change percentage for smart detection
- Update initial_balance in database
- Reload trader into memory after update

### config/database.go
- Add UpdateTraderInitialBalance() method
- Update traders.initial_balance field

## Root Cause
Commit 2b9c4d2 auto-queries exchange balance at trader creation time,
but never updates after user deposits more funds, causing:
- Wrong initial_balance (400 USDT vs actual 3000 USDT)
- Wrong P&L calculations (-2598.55 USDT instead of actual)

## Solution
Provides manual sync API + smart detection to update initial_balance
when user deposits funds after trader creation.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: tinkle-community <tinklefund@gmail.com>
2025-11-04 19:55:16 +08:00
ZhouYongyou
b92a1d68ac chore: run go fmt to fix formatting issues 2025-11-04 17:39:00 +08:00
tinkle-community
3843ed4842 Merge pull request #389 from NoFxAiOS/beta
Fix:fix the main branch history issue from November 3rd.
2025-11-04 11:22:10 +08:00
ZhouYongyou
540ed9c6b4 fix: GetTraderConfig missing critical fields in SELECT/Scan
**Problem**:
- GetTraderConfig was missing 9 critical fields in SELECT statement
- Missing corresponding Scan variables
- Caused trader edit UI to show 0 for leverage and empty trading_symbols

**Root Cause**:
Database query only selected basic fields (id, name, balance, etc.)
but missed leverage, trading_symbols, prompts, and all custom configs

**Fix**:
- Added missing fields to SELECT:
  * btc_eth_leverage, altcoin_leverage
  * trading_symbols
  * use_coin_pool, use_oi_top
  * custom_prompt, override_base_prompt
  * system_prompt_template
  * is_cross_margin
  * AI model custom_api_url, custom_model_name

- Added corresponding Scan variables to match SELECT order

**Impact**:
 Trader edit modal now displays correct leverage values
 Trading symbols list properly populated
 All custom configurations preserved and displayed
 API endpoint /traders/:id/config returns complete data

**Testing**:
-  Go compilation successful
-  All fields aligned (31 SELECT = 31 Scan)
-  API layer verified (api/server.go:887-904)

Reported by: 寒江孤影
Issue: Trader config edit modal showing 0 leverage and empty symbols

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: tinkle-community <tinklefund@gmail.com>
2025-11-04 00:00:05 +08:00
icy
78b3ce69da Merge branch 'dev' into beta
# Conflicts:
#	config/database.go
#	main.go
2025-11-02 22:11:07 +08:00
yuanshi2016
a3d6113dd1 K线获取方式改为websocket组合流. 带重拨机制
流程为下:
1. 启动时使用所有交易员设置的币种(去重) 如果交易员未配置,则使用系统默认
2. 在决策获取K线时 如果没有缓存 则先实时获取后再添加订阅. ps: 适用于Api方式的币种列表
2025-11-02 14:03:13 +08:00
icy
e444cbbbc8 Add beta mode 2025-11-02 02:31:19 +08:00
icy
1fdf227f38 Merge branch 'dev' of https://github.com/tinkle-community/nofx 2025-11-01 20:09:17 +08:00
SkywalkerJi
5afbd9a3c3 Supports custom system prompts and custom models. 2025-11-01 19:45:54 +08:00
icy
a404725379 Resolve merge conflicts in AITradersPage.tsx
- Fixed import statement conflict (using 'type Language')
- Merged exchange configuration logic preserving support for multiple exchange types
- Kept comprehensive form handling for Binance, Hyperliquid, Aster, and OKX exchanges
- Updated security warning messages to use proper translation keys

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: tinkle-community <tinklefund@gmail.com>
2025-11-01 19:01:44 +08:00
icy
7674ce1da7 Fixed health check; Fixed dex config; Add rank trader info view; 2025-11-01 18:58:32 +08:00
SkywalkerJi
6efdc47379 * Fixed the custom model URL.
*   Added functionality for custom model names.
2025-11-01 16:09:15 +08:00
icy
ccd4938857 竞赛fix、交易员新增参数 2025-11-01 02:17:11 +08:00
icy
a3f2706ec8 Sync config.json to config.db for manual modify admin_mode and other configs 2025-10-31 15:24:18 +08:00
icy
b1f4e78393 admin_mode config 2025-10-31 14:34:53 +08:00
icy
56a6d7e5a7 Add MarginMode configration 2025-10-31 13:14:24 +08:00
icy
7ce0e5d0cb rename fix 2025-10-31 04:07:14 +08:00
icy
d3e7b7dbb1 account system、custom prompt 2025-10-31 03:42:01 +08:00
icy
c64727ffd0 sync fork 2025-10-30 20:51:22 +08:00