Closed zed-wong closed 3 months ago
The latest updates on your projects. Learn more about Vercel for Git โ๏ธ
Name | Status | Preview | Comments | Updated (UTC) |
---|---|---|---|---|
mr-market | โ Ready (Inspect) | Visit Preview | ๐ฌ Add feedback | Jun 22, 2024 6:13am |
๐ Previously deployed to Railway in the quiet-desk project. Environment has been deleted.
โฑ๏ธ Estimated effort to review [1-5] | 4 |
๐งช Relevant tests | Yes |
๐ Security concerns |
- Sensitive Information Exposure: Storing JWT tokens in the database as plain text in `mixin-user.entity.ts` can expose sensitive information if the database access is compromised. |
โก Key issues to review |
Possible Bug: The error handling in the getOauth function in auth.ts does not specify what happens after logging the error. It should ideally handle the error gracefully or propagate it to the caller. |
Security Concern: Storing JWT tokens in the database without any form of encryption or hashing could lead to security vulnerabilities if the database is compromised. | |
Code Quality: The mixinAuthWrapper function in mixin.ts has a complex flow with nested conditions and callbacks, which could be simplified for better maintainability. | |
Redundancy: The authorize function's URL handling in mixin-oauth.ts seems redundant as it constructs a URL that is never altered or conditionally changed. |
Category | Suggestion | Score |
Security |
Encode URL parameters to enhance security and reliability___ **It's recommended to encode thecode parameter to handle special characters and prevent potential security issues.** [interface/src/lib/helpers/hufi/auth.ts [5]](https://github.com/Hu-Fi/Mr.Market/pull/196/files#diff-75bfdc281703d0fd42b0947595aef50bd80a5d1dc74fd56ac76b5ef4aa8ec00eR5-R5) ```diff -const response = await fetch(`${HUFI_BACKEND_URL}/auth/oauth?code=${code}`); +const response = await fetch(`${HUFI_BACKEND_URL}/auth/oauth?code=${encodeURIComponent(code)}`); ``` Suggestion importance[1-10]: 10Why: Encoding the `code` parameter is crucial for preventing potential security issues such as injection attacks. This suggestion directly addresses a security concern. | 10 |
Remove console logging of sensitive data to enhance security___ **Remove the console logging of sensitive data such as hashed passwords to avoid potentialsecurity risks and exposure of sensitive information in the browser's console.** [interface/src/lib/components/admin/login.svelte [14]](https://github.com/Hu-Fi/Mr.Market/pull/196/files#diff-7755e80262efe6164fbaf4735da93fec7a0be5fa871982016ef1dbac24d493fcR14-R14) ```diff -console.log('hashedAdminPassword:', hashedAdminPassword) +// Removed for security reasons ``` Suggestion importance[1-10]: 10Why: Logging sensitive data such as hashed passwords poses a significant security risk. Removing this logging is crucial for protecting sensitive information. | 10 | |
Enhancement |
Correct a typo in the environment variable name for clarity and consistency___ **Correct the typo in the environment variable name fromRUN_STARTEGY_FOR_MIXIN_ORDERS to RUN_STRATEGY_FOR_MIXIN_ORDERS to ensure consistency and avoid potential misconfigurations due to spelling errors.** [server/.env.example [38]](https://github.com/Hu-Fi/Mr.Market/pull/196/files#diff-fc96f2f1bbacb040ddac600e209d0de9ce16d436be88d3995e3f72f159adc21bR38-R38) ```diff -RUN_STARTEGY_FOR_MIXIN_ORDERS= +RUN_STRATEGY_FOR_MIXIN_ORDERS= ``` Suggestion importance[1-10]: 10Why: Correcting the typo in the environment variable name is essential for preventing configuration errors and ensuring clarity and consistency in the environment settings. | 10 |
Refactor the
___
**Use async/await consistently in the | 9 | |
Improve error messages for better clarity and debugging___ **Replace the generic error message with a more specific one to improve error tracking anduser feedback.** [interface/src/lib/helpers/hufi/auth.ts [12]](https://github.com/Hu-Fi/Mr.Market/pull/196/files#diff-75bfdc281703d0fd42b0947595aef50bd80a5d1dc74fd56ac76b5ef4aa8ec00eR12-R12) ```diff -console.error('Error fetching orders by user:', error); +console.error('Error in OAuth token fetching:', error); ``` Suggestion importance[1-10]: 7Why: Improving the specificity of error messages enhances debugging and user feedback, although it is not critical for functionality. | 7 | |
Robustness |
Add error handling for the authentication process to improve robustness___ **Ensure that themixinAuthWrapper function properly handles both success and error scenarios by implementing error handling within the function or in the calling context to improve the robustness of the authentication process.** [interface/src/lib/components/common/connectWalletBtn.svelte [13]](https://github.com/Hu-Fi/Mr.Market/pull/196/files#diff-e4c4aabcf6a4083502cddfbd41e4ba22bff0ecf35ece70283f5c287ad7ed8b78R13-R13) ```diff -await mixinAuthWrapper(false); +try { + await mixinAuthWrapper(false); +} catch (error) { + console.error('Authentication failed:', error); +} ``` Suggestion importance[1-10]: 9Why: Adding error handling improves the robustness and reliability of the authentication process, ensuring that failures are properly managed and logged. | 9 |
Possible issue |
Add error handling for OAuth token fetching to improve robustness___ **Consider checking theresponse.ok status after fetching the OAuth token to handle possible errors.** [interface/src/lib/helpers/mixin.ts [241]](https://github.com/Hu-Fi/Mr.Market/pull/196/files#diff-acf423272bdc878982f8a993563883c5ac16fcef547cb0e7a09972c785a5e839R241-R241) ```diff const result = await getOauth(token); +if (!result.ok) { + throw new Error('Failed to fetch OAuth token'); +} ``` Suggestion importance[1-10]: 8Why: Adding error handling for the OAuth token fetching process improves robustness and ensures that potential issues are caught early. | 8 |
Maintainability |
Encapsulate password hashing in a utility function for better maintainability___ **Replace the direct usage ofCryptoJS.SHA3 with a dedicated utility function for password hashing. This encapsulates the hashing logic, making the code cleaner and more maintainable. It also allows easy updates to the hashing mechanism in one place without modifying the component code.** [interface/src/lib/components/admin/login.svelte [13]](https://github.com/Hu-Fi/Mr.Market/pull/196/files#diff-7755e80262efe6164fbaf4735da93fec7a0be5fa871982016ef1dbac24d493fcR13-R13) ```diff -const hashedAdminPassword = CryptoJS.SHA3(pass, { outputLength: 256 }).toString(CryptoJS.enc.Hex); +const hashedAdminPassword = hashPassword(pass); ``` Suggestion importance[1-10]: 8Why: Encapsulating the hashing logic in a utility function improves maintainability and readability, and allows for easier updates to the hashing mechanism in the future. | 8 |
Persistent review updated to latest commit https://github.com/Hu-Fi/Mr.Market/commit/6b7a33dae357b80a4e01cb73af51db8d60dc7ad7
Persistent review updated to latest commit https://github.com/Hu-Fi/Mr.Market/commit/6b7a33dae357b80a4e01cb73af51db8d60dc7ad7
Category | Suggestion | Score |
Error handling |
Add error handling for login attempts to improve user feedback and error management___ **Add error handling for thecheckPassword function to manage failed login attempts gracefully.** [interface/src/lib/components/admin/login.svelte [15-18]](https://github.com/Hu-Fi/Mr.Market/pull/196/files#diff-7755e80262efe6164fbaf4735da93fec7a0be5fa871982016ef1dbac24d493fcR15-R18) ```diff -const accessToken = await checkPassword(hashedAdminPassword); -if (accessToken) { - submitted.set(true); - checked.set(true); +try { + const accessToken = await checkPassword(hashedAdminPassword); + if (accessToken) { + submitted.set(true); + checked.set(true); + } else { + throw new Error('Invalid password'); + } +} catch (error) { + console.error('Login failed:', error); +} ``` Suggestion importance[1-10]: 10Why: Adding error handling is crucial for improving user experience and debugging. This suggestion addresses a major issue by ensuring that failed login attempts are managed gracefully. | 10 |
Possible bug |
Add a check to ensure the response content type is JSON before parsing it___ **Consider handling the case where the response from the OAuth endpoint does not contain aJSON body as expected. This can prevent runtime errors when calling response.json() on a response that does not have a JSON body.** [interface/src/lib/helpers/hufi/auth.ts [5-9]](https://github.com/Hu-Fi/Mr.Market/pull/196/files#diff-75bfdc281703d0fd42b0947595aef50bd80a5d1dc74fd56ac76b5ef4aa8ec00eR5-R9) ```diff const response = await fetch(`${HUFI_BACKEND_URL}/auth/oauth?code=${code}`); if (!response.ok) { throw new Error(`HTTP error! status: ${response.status}`); } +if (!response.headers.get('content-type')?.includes('application/json')) { + throw new Error('Response is not JSON'); +} const data = await response.json(); ``` Suggestion importance[1-10]: 9Why: This suggestion addresses a potential runtime error by ensuring the response is JSON before parsing it, which is crucial for robust error handling. | 9 |
Add checks for undefined or null token values in the OAuth result___ **Ensure that themixinAuthWrapper function handles the case where result.token is undefined or null before attempting to use it. This can prevent potential runtime errors in scenarios where the token is not properly retrieved or is invalid.** [interface/src/lib/helpers/mixin.ts [240-246]](https://github.com/Hu-Fi/Mr.Market/pull/196/files#diff-acf423272bdc878982f8a993563883c5ac16fcef547cb0e7a09972c785a5e839R240-R246) ```diff if (!pkce) { const result = await getOauth(token); - if (result.token) { - token = result.token - } else { + if (!result || !result.token) { + console.error('Failed to retrieve token'); return; } + token = result.token; } ``` Suggestion importance[1-10]: 8Why: Adding checks for undefined or null token values prevents potential runtime errors, making the function more robust and reliable. | 8 | |
Testability |
Enhance the flexibility of the mock configuration service in tests___ **Replace the hardcoded return value in 'mockConfigService.get' with a more dynamic approachto allow different test scenarios.** [server/src/modules/mixin/rebalance/rebalance.service.spec.ts [9-12]](https://github.com/Hu-Fi/Mr.Market/pull/196/files#diff-036b1e1d0fa810a13c6f8d36d083e1e296e3c855fb9c2a0a274369ea0446dd22R9-R12) ```diff const mockConfigService = { - get: jest.fn((key: string) => { - if (key === 'rebalance.run') return 'true'; // Adjust based on the test case - }), + get: jest.fn((key: string) => testConfig[key]), }; ``` Suggestion importance[1-10]: 9Why: This suggestion significantly improves test flexibility and maintainability by allowing different configurations to be tested dynamically, which is crucial for comprehensive testing. | 9 |
Enhancement |
Improve the condition check for disabling the rebalance process to be more explicit___ **Consider checking for a more specific condition than just 'false' for the 'rebalance.run'configuration. This will ensure that the rebalance process only skips when explicitly disabled.** [server/src/modules/mixin/rebalance/rebalance.service.ts [63-65]](https://github.com/Hu-Fi/Mr.Market/pull/196/files#diff-b4be66a193644b9e3594919648875ca3f2bfe709433b125a55c4d405b9f33dedR63-R65) ```diff const enabled = this.configService.get Suggestion importance[1-10]: 8Why: This suggestion improves the robustness of the condition check, ensuring that the rebalance process is only skipped when explicitly disabled, which enhances code reliability. | 8 |
Improve error logging to include specific error messages___ **Refactor the error handling in thegetOauth function to ensure that the error message is more descriptive and includes the error type. This can help in debugging by providing more context about the error.** [interface/src/lib/helpers/hufi/auth.ts [12-13]](https://github.com/Hu-Fi/Mr.Market/pull/196/files#diff-75bfdc281703d0fd42b0947595aef50bd80a5d1dc74fd56ac76b5ef4aa8ec00eR12-R13) ```diff } catch (error) { - console.error('Error fetching orders by user:', error); + console.error(`Error in getOauth: ${error instanceof Error ? error.message : error}`); } ``` Suggestion importance[1-10]: 7Why: Improving error logging to include specific error messages enhances debugging and provides more context, which is beneficial for maintenance. | 7 | |
Enhance error handling in the authentication wrapper to improve user feedback___ **Refactor themixinAuthWrapper function to handle errors more gracefully by not only logging them but also potentially notifying the user interface or retrying the operation, depending on the application's requirements.** [interface/src/lib/helpers/mixin.ts [234-238]](https://github.com/Hu-Fi/Mr.Market/pull/196/files#diff-acf423272bdc878982f8a993563883c5ac16fcef547cb0e7a09972c785a5e839R234-R238) ```diff onError: (error: Error) => { - console.error(error); + console.error('Authentication error:', error.message); + alert('Authentication failed, please try again.'); mixinConnectLoading.set(false); - return; }, ``` Suggestion importance[1-10]: 6Why: Enhancing error handling to improve user feedback is a good practice, but the specific implementation (e.g., using `alert`) may not be ideal for all applications. | 6 | |
Maintainability |
Refactor the user token update logic to separate concerns and simplify the method___ **Refactor thecheckAndUpdateUserToken method to separate concerns for checking user existence and updating user details.** [server/src/modules/mixin/user/user.service.ts [103-107]](https://github.com/Hu-Fi/Mr.Market/pull/196/files#diff-537368cd1f4b8ed89954ffec0e9dc97d2c9fd6a338dcf9d1dd18d81152a0a536R103-R107) ```diff const userExists = await this.checkUserExist(user_id); -if (userExists) { - await this.updateUserToken(user_id, jwt_token); -} else { - await this.addUser(mappedUser); -} +const action = userExists ? this.updateUserToken(user_id, jwt_token) : this.addUser(mappedUser); +await action; ``` Suggestion importance[1-10]: 7Why: This refactor improves code readability and maintainability by simplifying the method and separating concerns, although it does not address a critical issue. | 7 |
Persistent review updated to latest commit https://github.com/Hu-Fi/Mr.Market/commit/6b7a33dae357b80a4e01cb73af51db8d60dc7ad7
Category | Suggestion | Score |
Security |
Use environment variables for cryptographic settings to enhance security and flexibility___ **Consider using environment variables for the hashing algorithm and output length toenhance security and flexibility.** [interface/src/lib/components/admin/login.svelte [13]](https://github.com/Hu-Fi/Mr.Market/pull/196/files#diff-7755e80262efe6164fbaf4735da93fec7a0be5fa871982016ef1dbac24d493fcR13-R13) ```diff -const hashedAdminPassword = CryptoJS.SHA3(pass, { outputLength: 256 }).toString(CryptoJS.enc.Hex); +const hashAlgorithm = import.meta.env.VITE_HASH_ALGORITHM || 'SHA3'; +const outputLength = parseInt(import.meta.env.VITE_HASH_OUTPUT_LENGTH || '256'); +const hashedAdminPassword = CryptoJS[hashAlgorithm](pass, { outputLength }).toString(CryptoJS.enc.Hex); ``` Suggestion importance[1-10]: 10Why: Using environment variables for cryptographic settings enhances security by allowing easy updates to the algorithm and output length without code changes, and increases flexibility for different environments. | 10 |
Use environment variables for OAuth credentials to enhance security___ **Use environment variables for client_id and client_secret in the OAuth handler to avoidhardcoding sensitive information in the source code.** [server/src/modules/auth/auth.service.ts [59-61]](https://github.com/Hu-Fi/Mr.Market/pull/196/files#diff-eab35d13c5ac358d201e1aa04e568c972b43247760dfb4928be546c494f46e6fR59-R61) ```diff const body = { - client_id: this.configService.get Suggestion importance[1-10]: 7Why: The suggestion improves security by using environment variables for sensitive information, reducing the risk of exposing credentials in the source code. | 7 | |
Error handling |
Add error handling in the
___
**Add error handling for the | 9 |
Add null checks and error handling to the API response processing___ **Add null checks and proper error handling for the response from theaxios.get call to ensure the application can gracefully handle cases where the API does not return expected results.** [server/src/common/helpers/mixin/user.ts [6-14]](https://github.com/Hu-Fi/Mr.Market/pull/196/files#diff-4be3042e3bb93af4870edef2f9435f888a8ed734651d40c65e3c44c53ddc26ffR6-R14) ```diff const response = await axios.get('https://api.mixin.one/me', { headers: { 'Content-Type': 'application/json', Authorization: `Bearer ${token}`, }, }); +if (!response || !response.data) { + throw new Error('Failed to fetch user data'); +} return response.data; ``` Suggestion importance[1-10]: 8Why: The suggestion enhances error handling by adding null checks, which ensures that the application can handle unexpected API responses gracefully, improving reliability. | 8 | |
Enhancement |
Add logging when the rebalance operation is skipped due to configuration settings___ **Consider adding a log statement or an error handling mechanism when theenabled check fails, to provide clarity on why the rebalance operation was skipped.** [server/src/modules/mixin/rebalance/rebalance.service.ts [64-66]](https://github.com/Hu-Fi/Mr.Market/pull/196/files#diff-b4be66a193644b9e3594919648875ca3f2bfe709433b125a55c4d405b9f33dedR64-R66) ```diff if (enabled === 'false') { + this.logger.warn('Rebalance operation skipped as it is disabled in the configuration.'); return; } ``` Suggestion importance[1-10]: 9Why: Adding a log statement when the rebalance operation is skipped provides valuable information for debugging and monitoring, enhancing the maintainability and observability of the code. | 9 |
Make the mock configuration service more flexible for various test scenarios___ **Replace the hardcoded return value inmockConfigService.get with a more flexible setup that allows different test cases to specify their own configurations.** [server/src/modules/mixin/rebalance/rebalance.service.spec.ts [10-12]](https://github.com/Hu-Fi/Mr.Market/pull/196/files#diff-036b1e1d0fa810a13c6f8d36d083e1e296e3c855fb9c2a0a274369ea0446dd22R10-R12) ```diff -get: jest.fn((key: string) => { - if (key === 'rebalance.run') return 'true'; // Adjust based on the test case -}), +get: jest.fn((key: string) => testConfig[key]), ``` Suggestion importance[1-10]: 8Why: This suggestion improves the flexibility and reusability of the test setup, allowing for more comprehensive and varied test cases, which is beneficial for robust testing. | 8 | |
Maintainability |
Use a constant for the URL and improve the fetch request by specifying method, headers, and body___ **Replace the hardcoded URL in the fetch request with a constant from the configuration fileto make the codebase more maintainable and to avoid potential errors when the base URL changes.** [interface/src/lib/helpers/hufi/auth.ts [5]](https://github.com/Hu-Fi/Mr.Market/pull/196/files#diff-75bfdc281703d0fd42b0947595aef50bd80a5d1dc74fd56ac76b5ef4aa8ec00eR5-R5) ```diff -const response = await fetch(`${HUFI_BACKEND_URL}/auth/oauth?code=${code}`); +const response = await fetch(`${HUFI_BACKEND_URL}/auth/oauth`, { + method: 'POST', + headers: { + 'Content-Type': 'application/json' + }, + body: JSON.stringify({ code }) +}); ``` Suggestion importance[1-10]: 8Why: The suggestion improves maintainability and security by using a constant and specifying method, headers, and body for the fetch request. This makes the code more robust and easier to update if the URL changes. | 8 |
Refactor the user token update logic to improve code clarity and separation of concerns___ **Refactor thecheckAndUpdateUserToken method to separate concerns, improving readability and maintainability.** [server/src/modules/mixin/user/user.service.ts [96-114]](https://github.com/Hu-Fi/Mr.Market/pull/196/files#diff-537368cd1f4b8ed89954ffec0e9dc97d2c9fd6a338dcf9d1dd18d81152a0a536R96-R114) ```diff -const mappedUser = mapApiResponseToMixinUser(user, jwt_token); try { const userExists = await this.checkUserExist(user_id); if (userExists) { await this.updateUserToken(user_id, jwt_token); } else { + const mappedUser = mapApiResponseToMixinUser(user, jwt_token); await this.addUser(mappedUser); } } catch (error) { this.logger.error( `Failed to check and update user with ID ${user_id}`, error, ); throw error; } ``` Suggestion importance[1-10]: 7Why: The refactor improves code readability and maintainability by separating the mapping logic from the main flow, making the code easier to understand and modify in the future. | 7 |
Category | Suggestion | Score |
Security |
Enhance security by adding
___
**To ensure that the | 10 |
Remove console log statement to enhance security___ **Remove the console log statement after hashing the admin password to avoid exposingpotentially sensitive information in the browser's console, which could be a security risk.** [interface/src/lib/components/admin/login.svelte [13-14]](https://github.com/Hu-Fi/Mr.Market/pull/196/files#diff-7755e80262efe6164fbaf4735da93fec7a0be5fa871982016ef1dbac24d493fcR13-R14) ```diff const hashedAdminPassword = CryptoJS.SHA3(pass, { outputLength: 256 }).toString(CryptoJS.enc.Hex); -console.log('hashedAdminPassword:', hashedAdminPassword) ``` Suggestion importance[1-10]: 10Why: Removing the console log statement enhances security by preventing potentially sensitive information from being exposed in the browser's console. | 10 | |
Possible bug |
Add content type checking before parsing the response as JSON to prevent runtime errors___ **It's recommended to handle the case where the response from the server is not in theexpected JSON format. This can prevent runtime errors when calling response.json() on a response that doesn't contain JSON data.** [interface/src/lib/helpers/hufi/auth.ts [5-9]](https://github.com/Hu-Fi/Mr.Market/pull/196/files#diff-75bfdc281703d0fd42b0947595aef50bd80a5d1dc74fd56ac76b5ef4aa8ec00eR5-R9) ```diff const response = await fetch(`${HUFI_BACKEND_URL}/auth/oauth?code=${code}`); if (!response.ok) { throw new Error(`HTTP error! status: ${response.status}`); } +const contentType = response.headers.get('content-type'); +if (!contentType || !contentType.includes('application/json')) { + throw new TypeError("Oops, we haven't got JSON!"); +} const data = await response.json(); ``` Suggestion importance[1-10]: 9Why: This suggestion addresses a potential runtime error by ensuring the response is in JSON format before parsing it, which is crucial for robust error handling. | 9 |
Best practice |
Improve the condition check for rebalance functionality to use boolean comparison___ **Replace the string comparison for enabling the rebalance functionality with a booleancheck. This approach avoids potential issues with string case sensitivity and improves the readability and robustness of the condition.** [server/src/modules/mixin/rebalance/rebalance.service.ts [63-66]](https://github.com/Hu-Fi/Mr.Market/pull/196/files#diff-b4be66a193644b9e3594919648875ca3f2bfe709433b125a55c4d405b9f33dedR63-R66) ```diff -const enabled = this.configService.get Suggestion importance[1-10]: 9Why: This suggestion improves the robustness and readability of the code by using a boolean check instead of a string comparison, which is less error-prone and more appropriate for the intended functionality. | 9 |
Modify the mock
___
**Ensure that the mock for | 8 | |
Enhancement |
Use
___
**Consider using | 8 |
Enhance error logging for better context and easier debugging___ **Improve error logging by including more context about the operation that failed. This canhelp in debugging issues by providing more specific information about the error source.** [interface/src/lib/helpers/hufi/auth.ts [12]](https://github.com/Hu-Fi/Mr.Market/pull/196/files#diff-75bfdc281703d0fd42b0947595aef50bd80a5d1dc74fd56ac76b5ef4aa8ec00eR12-R12) ```diff -console.error('Error fetching orders by user:', error); +console.error('Error during OAuth token fetching:', error); ``` Suggestion importance[1-10]: 7Why: The improved error message provides better context, aiding in debugging, but it is a minor enhancement rather than a critical fix. | 7 | |
Maintainability |
Refactor
___
**Refactor the method | 7 |
User description
Description
Updated auth flow, disabled pkce and store jwt token in DB
Summary of changes
We need an auth layer for protected endpoints. This is the first step.
How to test the changes
Through an authorization process
Related issues
https://github.com/Hu-Fi/Mr.Market/issues/67
PR Type
Enhancement, Bug fix, Tests
Description
mixinAuthWrapper
function to handle OAuth flow and integrated it into various components.getOauth
function to fetch OAuth token from backend.jwt_token
column toMixinUser
entity and updated related services and repositories.mixinOauthHandler
andvalidateUser
methods.Changes walkthrough ๐
15 files
auth.ts
Add OAuth token fetching utility function.
interface/src/lib/helpers/hufi/auth.ts
getOauth
function to fetch OAuth token from backend.mixin.ts
Add mixinAuthWrapper function for OAuth flow.
interface/src/lib/helpers/mixin.ts
mixinAuthWrapper
function to handle OAuth flow.getOauth
function to fetch token.AfterMixinOauth
to handle token and user data.constants.ts
Add MIXIN_OAUTH_URL constant.
server/src/common/constants/constants.ts - Added `MIXIN_OAUTH_URL` constant.
mixin-user.entity.ts
Add jwt_token column to MixinUser entity.
server/src/common/entities/mixin-user.entity.ts
jwt_token
column toMixinUser
entity.type
column nullable.user.ts
Add user profile fetching and mapping functions.
server/src/common/helpers/mixin/user.ts
getUserMe
function to fetch user profile.mapApiResponseToMixinUser
function to map API response toMixinUser
.auth.controller.ts
Add OAuth endpoint to auth controller.
server/src/modules/auth/auth.controller.ts - Added `oauth` endpoint to handle OAuth requests.
auth.module.ts
Import UserModule in auth module.
server/src/modules/auth/auth.module.ts - Imported `UserModule` and added it to imports.
auth.service.ts
Add OAuth handler method in auth service.
server/src/modules/auth/auth.service.ts
mixinOauthHandler
method to handle OAuth logic.rebalance.service.ts
Integrate ConfigService for rebalance control.
server/src/modules/mixin/rebalance/rebalance.service.ts - Integrated `ConfigService` to control rebalance execution.
user.repository.ts
Add updateUser method in user repository.
server/src/modules/mixin/user/user.repository.ts - Added `updateUser` method to update user data.
user.service.ts
Add methods to update and check user token.
server/src/modules/mixin/user/user.service.ts - Added methods to update user token and check/update user token.
login.svelte
Hash admin password before validation.
interface/src/lib/components/admin/login.svelte - Added hashing of admin password before sending it for validation.
connectWalletBtn.svelte
Use mixinAuthWrapper for OAuth flow.
interface/src/lib/components/common/connectWalletBtn.svelte - Replaced direct OAuth call with `mixinAuthWrapper`.
username.svelte
Use mixinAuthWrapper for OAuth flow.
interface/src/lib/components/home/user/username.svelte - Replaced direct OAuth call with `mixinAuthWrapper`.
inputs.svelte
Use mixinAuthWrapper for OAuth flow.
interface/src/lib/components/spot/bids/inputs.svelte - Replaced direct OAuth call with `mixinAuthWrapper`.
2 files
mixin-oauth.ts
Remove commented-out URL string.
interface/src/lib/helpers/mixin-oauth.ts - Removed commented-out URL string.
health.service.spec.ts
Remove console log statements from health service tests.
server/src/modules/health/health.service.spec.ts - Removed unnecessary console log statements.
3 files
configuration.ts
Add OAuth secret and run flags to configuration.
server/src/config/configuration.ts
oauth_secret
to Mixin configuration.run
flags for rebalance and strategy configurations.rebalance.module.ts
Add ConfigModule to rebalance module.
server/src/modules/mixin/rebalance/rebalance.module.ts - Added `ConfigModule` to imports.
.env.example
Add OAuth secret and rebalance run flag to env example.
server/.env.example
MIXIN_OAUTH_SECRET
andRUN_REBALANCE
environment variables.2 files
auth.service.spec.ts
Add tests for OAuth handler and user validation.
server/src/modules/auth/auth.service.spec.ts
mixinOauthHandler
andvalidateUser
methods.rebalance.service.spec.ts
Add tests for rebalance service with mocked ConfigService.
server/src/modules/mixin/rebalance/rebalance.service.spec.ts
ConfigService
for rebalance service tests.1 files
message.module.ts
Reformat imports in message module.
server/src/modules/mixin/message/message.module.ts - Reformatted imports for consistency.
1 files
rebalance.repository.ts
Update import path for DEFAULT_MINIMUM_BALANCE.
server/src/modules/mixin/rebalance/rebalance.repository.ts - Updated import path for `DEFAULT_MINIMUM_BALANCE`.
1 files
README.md
Update README with MIXIN_OAUTH_SECRET environment variable.
README.md - Added `MIXIN_OAUTH_SECRET` to server environment variables.