netlify[bot]
commented
1 year ago Deploy Preview for ubiquibot-staging ready!
| Name | Link |
|---|---|
| Latest commit | 9c587460af1b92cadaa2d50ca524e3c1c652dc14 |
| Latest deploy log | https://app.netlify.com/sites/ubiquibot-staging/deploys/652dbc4b88ad590008f3ffb0 |
| Deploy Preview | https://deploy-preview-858--ubiquibot-staging.netlify.app |
| Preview on mobile | Toggle QR Code...Use your smartphone camera to open QR code link. |
To edit notification comments on pull requests, go to your Netlify site configuration.
This PR refactors the code so that partner's wallet private key is decrypted only when the payment permit is about to be generated.
Rationale
We're about to expose the bot's logs to the public. Right now partners' wallets private keys are decrypted on github webhook event. It is pretty easy to leak those PKs via smlth like
logger.info(JSON.stringify(bot.config)). So this PR makes sure that partners' PKs are encrypted in the initial bot config and decrypted only when necessary (i.e. before the permit generation).QA issue run with the bot instance from the current PR's branch: https://github.com/rndquu-org/test-repo/issues/48