improve signed reads, crypto hardening, and scraper transport

This commit is contained in:
k
2026-06-14 21:43:43 +08:00
parent 54884f3e24
commit 78fb63be8e
27 changed files with 1326 additions and 202 deletions
+5 -5
View File
@@ -16,7 +16,8 @@ from app.schemas import (
)
from app.services.crypto import encrypt_api_key
from app.services.hyperliquid import HyperliquidTrader
from app.services.signed_request import verify_signed_request
from app.services.signed_request import (
SignedReadCreds, signed_read_creds, verify_signed_request)
router = APIRouter()
logger = logging.getLogger(__name__)
@@ -132,8 +133,7 @@ async def get_user_public(wallet: str, db: AsyncSession = Depends(get_db)):
@router.get("/user/{wallet}", response_model=UserResponse)
async def get_user(
wallet: str,
ts: int = Query(..., description="Signed timestamp (ms)"),
sig: str = Query(..., description="EIP-191 signature"),
creds: SignedReadCreds = Depends(signed_read_creds),
db: AsyncSession = Depends(get_db),
):
wallet = wallet.lower().strip()
@@ -143,8 +143,8 @@ async def get_user(
verify_signed_request(
action=ACTION_VIEW_USER,
wallet=wallet,
timestamp_ms=ts,
signature=sig,
timestamp_ms=creds.ts,
signature=creds.sig,
body=None,
allow_replay=True, # idempotent GET — allow sessionStorage caching for UX
)