mirror of
https://github.com/NoFxAiOS/nofx.git
synced 2026-06-06 05:51:19 +08:00
2bb4f9ec99
* fix(database): prevent empty values from overwriting exchange private keys Fixes #781 ## Problem - Empty values were overwriting existing private keys during exchange config updates - INSERT operations were storing plaintext instead of encrypted values - Caused data loss when users edited exchange configurations via web UI ## Solution 1. **Dynamic UPDATE**: Only update sensitive fields (api_key, secret_key, aster_private_key) when non-empty 2. **Encrypted INSERT**: Use encrypted values for all sensitive fields during INSERT 3. **Comprehensive tests**: Added 9 unit tests with 90.2% coverage ## Changes - config/database.go (UpdateExchange): Refactored to use dynamic SQL building - config/database_test.go (new): Added comprehensive test suite ## Test Results ✅ All 9 tests pass ✅ Coverage: 90.2% of UpdateExchange function (100% of normal paths) ✅ Verified empty values no longer overwrite existing keys ✅ Verified INSERT uses encrypted storage ## Impact - 🔒 Protects user's exchange API keys and private keys from accidental deletion - 🔒 Ensures all sensitive data is encrypted at rest - ✅ Backward compatible: non-empty updates work as before * revert: remove incorrect INSERT encryption fix - out of scope