improve signed reads, crypto hardening, and scraper transport
This commit is contained in:
+5
-5
@@ -16,7 +16,8 @@ from app.schemas import (
|
||||
)
|
||||
from app.services.crypto import encrypt_api_key
|
||||
from app.services.hyperliquid import HyperliquidTrader
|
||||
from app.services.signed_request import verify_signed_request
|
||||
from app.services.signed_request import (
|
||||
SignedReadCreds, signed_read_creds, verify_signed_request)
|
||||
|
||||
router = APIRouter()
|
||||
logger = logging.getLogger(__name__)
|
||||
@@ -132,8 +133,7 @@ async def get_user_public(wallet: str, db: AsyncSession = Depends(get_db)):
|
||||
@router.get("/user/{wallet}", response_model=UserResponse)
|
||||
async def get_user(
|
||||
wallet: str,
|
||||
ts: int = Query(..., description="Signed timestamp (ms)"),
|
||||
sig: str = Query(..., description="EIP-191 signature"),
|
||||
creds: SignedReadCreds = Depends(signed_read_creds),
|
||||
db: AsyncSession = Depends(get_db),
|
||||
):
|
||||
wallet = wallet.lower().strip()
|
||||
@@ -143,8 +143,8 @@ async def get_user(
|
||||
verify_signed_request(
|
||||
action=ACTION_VIEW_USER,
|
||||
wallet=wallet,
|
||||
timestamp_ms=ts,
|
||||
signature=sig,
|
||||
timestamp_ms=creds.ts,
|
||||
signature=creds.sig,
|
||||
body=None,
|
||||
allow_replay=True, # idempotent GET — allow sessionStorage caching for UX
|
||||
)
|
||||
|
||||
Reference in New Issue
Block a user