improve signed reads, crypto hardening, and scraper transport

This commit is contained in:
k
2026-06-14 21:43:43 +08:00
parent 54884f3e24
commit 78fb63be8e
27 changed files with 1326 additions and 202 deletions
+6 -6
View File
@@ -25,7 +25,8 @@ from sqlalchemy.ext.asyncio import AsyncSession
from app.config import settings
from app.database import get_db
from app.models import TelegramBinding, Subscription
from app.services.signed_request import verify_signed_request
from app.services.signed_request import (
SignedReadCreds, optional_signed_read_creds, verify_signed_request)
from app.services.telegram import send_test_message
from app.services.telegram_bot import issue_binding_code, unbind_wallet
@@ -144,8 +145,7 @@ async def _build_status(
@router.get("/{wallet}/status", response_model=StatusResponse)
async def status(
wallet: str,
timestamp: Optional[int] = None,
signature: Optional[str] = None,
creds: Optional[SignedReadCreds] = Depends(optional_signed_read_creds),
db: AsyncSession = Depends(get_db),
) -> StatusResponse:
"""Wallet Telegram status.
@@ -162,14 +162,14 @@ async def status(
# Accepting view_user avoids requiring a separate wallet signature just to
# see Telegram status — the frontend reuses its cached view_user envelope.
authenticated = False
if timestamp is not None and signature:
if creds is not None:
for _action in ("view_telegram_status", "view_user"):
try:
verify_signed_request(
action=_action,
wallet=wallet,
timestamp_ms=timestamp,
signature=signature,
timestamp_ms=creds.ts,
signature=creds.sig,
body=None,
allow_replay=True,
)