95fa1263f5
merge dev
2025-11-12 23:40:58 +08:00
9933e3164d
Merge branch 'dev' into beta
...
# Conflicts:
# .github/workflows/docker-build.yml
# .gitignore
# api/server.go
# config/config.go
# config/database.go
# decision/engine.go
# docker-compose.yml
# go.mod
# go.sum
# logger/telegram_sender.go
# main.go
# mcp/client.go
# prompts/adaptive.txt
# prompts/default.txt
# prompts/nof1.txt
# start.sh
# trader/aster_trader.go
# trader/auto_trader.go
# trader/binance_futures.go
# trader/hyperliquid_trader.go
# web/package-lock.json
# web/package.json
# web/src/App.tsx
# web/src/components/AILearning.tsx
# web/src/components/AITradersPage.tsx
# web/src/components/CompetitionPage.tsx
# web/src/components/EquityChart.tsx
# web/src/components/Header.tsx
# web/src/components/LoginPage.tsx
# web/src/components/RegisterPage.tsx
# web/src/components/TraderConfigModal.tsx
# web/src/components/TraderConfigViewModal.tsx
# web/src/components/landing/FooterSection.tsx
# web/src/components/landing/HeaderBar.tsx
# web/src/contexts/AuthContext.tsx
# web/src/i18n/translations.ts
# web/src/lib/api.ts
# web/src/lib/config.ts
# web/src/types.ts
2025-11-12 23:20:25 +08:00
bfb409e8a1
fix(web): unify password validation logic in RegisterPage ( #943 )
...
Remove duplicate password validation logic to ensure consistency.
Changes:
- Remove custom isStrongPassword function (RegisterPage.tsx:569-576)
- Use PasswordChecklist validation result (passwordValid state) instead
- Add comprehensive test suite with 28 test cases
- Configure Vitest with jsdom environment and setup file
Test Coverage:
- Password validation rules (length, uppercase, lowercase, number, special chars)
- Special character consistency (/[@#$%!&*?]/)
- Edge cases and boundary conditions
- Refactoring consistency verification
All 78 tests passing (25 + 25 + 28).
Co-authored-by: tinkle-community <tinklefund@gmail.com >
2025-11-12 21:54:54 +08:00
9e5688609e
fix: improve two-stage private key input UX (32+32 → 58+6 split) ( #942 )
...
## Problem
Users reported that the 32+32 character split design is not user-friendly:
1. ❌ Second stage still requires entering 32 characters - hard to count
2. ❌ Need to count many characters in both stages
3. ❌ Easy to make mistakes when counting
## Solution
Change the split from 32+32 to **58+6**
**Stage 1**: 58 characters
- Enter the majority of the key (90%)
- Easy to copy/paste the prefix
**Stage 2**: 6 characters
- ✅ Only need to count last 6 chars (very easy)
- ✅ Quick verification of key suffix
- ✅ Reduces user errors
## Changes
```typescript
// Old: Equal split
const expectedPart1Length = Math.ceil(expectedLength / 2) // 32
const expectedPart2Length = expectedLength - expectedPart1Length // 32
// New: Most of key + last 6 chars
const expectedPart1Length = expectedLength - 6 // 58
const expectedPart2Length = 6 // Last 6 characters
```
## Test plan
✅ Frontend builds successfully (npm run build)
✅ User-friendly: Only need to count 6 characters
✅ Maintains security: Two-stage input logic unchanged
Co-authored-by: the-dev-z <the-dev-z@users.noreply.github.com >
2025-11-12 21:37:55 +08:00
a8c87125fa
fix(web): fix button disabled validation to normalize 0x prefix ( #937 )
...
## Problem
PR #917 fixed the validation logic but missed fixing the button disabled state:
**Issue:**
- Button enabled/disabled check uses raw input length (includes "0x")
- Validation logic uses normalized length (excludes "0x")
- **Result:** Button can be enabled with insufficient hex characters
**Example scenario:**
1. User inputs: `0x` + 30 hex chars = 32 total chars
2. Button check: `32 < 32` → false → ✅ Button enabled
3. User clicks button
4. Validation: normalized to 30 hex chars → `30 < 32` → ❌ Error
5. Error message: "需要至少 32 個字符" (confusing!)
## Root Cause
**Lines 230 & 301**: Button disabled conditions don't normalize input
```typescript
// ❌ Before: Checks raw length including "0x"
disabled={part1.length < expectedPart1Length || processing}
disabled={part2.length < expectedPart2Length}
```
## Solution
Normalize input before checking length in disabled conditions:
```typescript
// ✅ After: Normalize before checking
disabled={
(part1.startsWith('0x') ? part1.slice(2) : part1).length <
expectedPart1Length || processing
}
disabled={
(part2.startsWith('0x') ? part2.slice(2) : part2).length <
expectedPart2Length
}
```
## Testing
| Input | Total Length | Normalized Length | Button (Before) | Button (After) | Click Result |
|-------|--------------|-------------------|-----------------|----------------|--------------|
| `0x` + 30 hex | 32 | 30 | ✅ Enabled (bug) | ❌ Disabled | N/A |
| `0x` + 32 hex | 34 | 32 | ✅ Enabled | ✅ Enabled | ✅ Valid |
| 32 hex | 32 | 32 | ✅ Enabled | ✅ Enabled | ✅ Valid |
## Impact
- ✅ Button state now consistent with validation logic
- ✅ Users won't see confusing "need 32 chars" errors when button is enabled
- ✅ Better UX - button only enabled when input is truly valid
**Related:** Follow-up to PR #917
Co-authored-by: the-dev-z <the-dev-z@users.noreply.github.com >
Co-authored-by: tinkle-community <tinklefund@gmail.com >
2025-11-12 19:43:00 +08:00
5fec086434
fix(web): add auth guards to prevent unauthorized API calls ( #934 )
...
Add `user && token` guard to all authenticated SWR calls to prevent
requests with `Authorization: Bearer null` when users refresh the page
before AuthContext finishes loading the token from localStorage.
## Problem
When users refresh the page:
1. React components mount immediately
2. SWR hooks fire API requests
3. AuthContext is still loading token from localStorage
4. Requests sent with `Authorization: Bearer null`
5. Backend returns 401 errors
This causes:
- Unnecessary 401 errors in backend logs
- Error messages in browser console
- Poor user experience on page refresh
## Solution
Add auth check to SWR key conditions using pattern:
```typescript
user && token && condition ? key : null
```
When `user` or `token` is null, SWR key becomes `null`, preventing the request.
Once AuthContext loads, SWR automatically revalidates and fetches data.
## Changes
**TraderDashboard.tsx** (5 auth guards added):
- status: `user && token && selectedTraderId ? 'status-...' : null`
- account: `user && token && selectedTraderId ? 'account-...' : null`
- positions: `user && token && selectedTraderId ? 'positions-...' : null`
- decisions: `user && token && selectedTraderId ? 'decisions/...' : null`
- stats: `user && token && selectedTraderId ? 'statistics-...' : null`
**EquityChart.tsx** (2 auth guards added + useAuth import):
- Import `useAuth` from '../contexts/AuthContext'
- Add `const { user, token } = useAuth()`
- history: `user && token && traderId ? 'equity-history-...' : null`
- account: `user && token && traderId ? 'account-...' : null`
**apiGuard.test.ts** (new file, 370 lines):
- Comprehensive unit tests covering all auth guard scenarios
- Tests for null user, null token, valid auth states
- Tests for all 7 SWR calls (5 in TraderDashboard + 2 in EquityChart)
## Testing
- ✅ TypeScript compilation passed
- ✅ Vite build passed (2.81s)
- ✅ All modifications are additive (no logic changes)
- ✅ SWR auto-revalidation ensures data loads after auth completes
## Benefits
1. **No more 401 errors on refresh**: Auth guards prevent premature requests
2. **Cleaner logs**: Backend no longer receives invalid Bearer null requests
3. **Better UX**: No error flashes in console on page load
4. **Consistent pattern**: All authenticated endpoints use same guard logic
## Context
This PR supersedes closed PR #881 , which had conflicts due to PR #872
(frontend refactor with React Router). This implementation is based on
the latest upstream/dev with the new architecture.
Related: PR #881 (closed), PR #872 (Frontend Refactor)
Co-authored-by: the-dev-z <the-dev-z@users.noreply.github.com >
Co-authored-by: tinkle-community <tinklefund@gmail.com >
2025-11-12 17:56:36 +08:00
dbb05f7fde
feat(ui): Add an automated Web Crypto environment check ( #908 )
...
* feat: add web crypto environment check
* fix: auto check env
* refactor: WebCryptoEnvironmentCheck swtich to map
2025-11-11 21:22:55 -05:00
7afe1f1bad
improve(web): improve UX messages for empty states and error feedback ( #918 )
...
## Problem
User-facing messages were too generic and uninformative:
1. **Dashboard empty state**:
- Title: "No Traders Configured" (cold, technical)
- Description: Generic message with no action guidance
- Button: "Go to Traders Page" (unclear what happens next)
2. **Login error messages**:
- "Login failed" (too vague - why did it fail?)
- "Registration failed" (no guidance on what to do)
- "OTP verification failed" (users don't know how to fix)
**Impact**: Users felt confused and frustrated, no clear next steps.
## Solution
### 1. Improve Dashboard Empty State
**File**: `web/src/i18n/translations.ts`
**Before**:
```typescript
dashboardEmptyTitle: 'No Traders Configured'
dashboardEmptyDescription: "You haven't created any AI traders yet..."
goToTradersPage: 'Go to Traders Page'
```
**After**:
```typescript
dashboardEmptyTitle: "Let's Get Started!" // ✅ Welcoming, encouraging
dashboardEmptyDescription: 'Create your first AI trader to automate your trading strategy. Connect an exchange, choose an AI model, and start trading in minutes!' // ✅ Clear steps
goToTradersPage: 'Create Your First Trader' // ✅ Clear action
```
**Changes**:
- ✅ More welcoming tone ("Let's Get Started!")
- ✅ Specific action steps (connect → choose → trade)
- ✅ Time expectation ("in minutes")
- ✅ Clear call-to-action button
---
### 2. Improve Error Messages
**File**: `web/src/i18n/translations.ts`
**Before**:
```typescript
loginFailed: 'Login failed' // ❌ No guidance
registrationFailed: 'Registration failed' // ❌ No guidance
verificationFailed: 'OTP verification failed' // ❌ No guidance
```
**After**:
```typescript
loginFailed: 'Login failed. Please check your email and password.' // ✅ Clear hint
registrationFailed: 'Registration failed. Please try again.' // ✅ Clear action
verificationFailed: 'OTP verification failed. Please check the code and try again.' // ✅ Clear steps
```
**Changes**:
- ✅ Specific error hints (check email/password)
- ✅ Clear remediation steps (try again, check code)
- ✅ User-friendly tone
---
### 3. Chinese Translations
All improvements mirrored in Chinese:
**Dashboard**:
- Title: "开始使用吧!" (Let's get started!)
- Description: Clear 3-step guidance
- Button: "创建您的第一个交易员" (Create your first trader)
**Errors**:
- "登录失败,请检查您的邮箱和密码。"
- "注册失败,请重试。"
- "OTP 验证失败,请检查验证码后重试。"
---
## Impact
### User Experience Improvements
| Message Type | Before | After | Benefit |
|--------------|--------|-------|---------|
| **Empty dashboard** | Cold, technical | Welcoming, actionable | ✅ Reduces confusion |
| **Login errors** | Vague | Specific hints | ✅ Faster problem resolution |
| **Registration errors** | No guidance | Clear next steps | ✅ Lower support burden |
| **OTP errors** | Confusing | Actionable | ✅ Higher success rate |
### Tone Shift
**Before**: Technical, system-centric
- "No Traders Configured"
- "Login failed"
**After**: User-centric, helpful
- "Let's Get Started!"
- "Login failed. Please check your email and password."
---
## Testing
**Manual Testing**:
- [x] Empty dashboard displays new messages correctly
- [x] Login error shows improved message
- [x] Registration error shows improved message
- [x] OTP error shows improved message
- [x] Chinese translations display correctly
- [x] Button text updated appropriately
**Language Coverage**:
- [x] English ✅
- [x] Chinese ✅
---
## Files Changed
**1 frontend file**:
- `web/src/i18n/translations.ts` (+12 lines, -6 lines)
**Lines affected**:
- English: Lines 149-152, 461-464
- Chinese: Lines 950-953, 1227-1229
---
**By submitting this PR, I confirm:**
- [x] I have read the Contributing Guidelines
- [x] I agree to the Code of Conduct
- [x] My contribution is licensed under AGPL-3.0
---
🌟 **Thank you for reviewing!**
This PR improves user experience with clearer, more helpful messages.
Co-authored-by: the-dev-z <the-dev-z@users.noreply.github.com >
Co-authored-by: tinkle-community <tinklefund@gmail.com >
2025-11-11 21:21:07 -05:00
79f625ace2
fix(web): restore missing system_prompt_template field in trader edit request ( #922 )
...
* fix(web): restore missing system_prompt_template in handleSaveEditTrader
修復編輯交易員時策略模板無法保存的問題。
Issue:
- 用戶編輯交易員時,選擇的策略模板(system_prompt_template)沒有被保存
- 重新打開編輯窗口,總是顯示默認值
- 用戶困惑為什麼策略模板無法持久化
Root Cause:
- PR #872 在 UI 重構時遺漏了 system_prompt_template 字段
- handleSaveEditTrader 的 request 對象缺少 system_prompt_template
- 導致更新請求不包含策略模板信息
Fix:
- 在 handleSaveEditTrader 的 request 對象中添加 system_prompt_template 字段
- 位置:override_base_prompt 之後,is_cross_margin 之前
- 與後端 API 和 TraderConfigModal 保持一致
Result:
- 編輯交易員時,策略模板正確保存
- 重新打開編輯窗口,顯示正確的已保存值
- 用戶可以成功切換和保存不同的策略模板
Technical Details:
- web/src/types.ts TraderConfigData 接口已有 system_prompt_template ✓
- Backend handleUpdateTrader 接收並保存 SystemPromptTemplate ✓
- Frontend TraderConfigModal 表單提交包含 system_prompt_template ✓
- Frontend handleSaveEditTrader request 缺失此字段 ✗ → ✓ (已修復)
Related:
- PR #872 : UI 重構時遺漏
- commit c1f080f5: 原始添加 system_prompt_template 支持
- commit e58fc3c2: 修復 types.ts 缺失字段
Co-Authored-By: tinkle-community <tinklefund@gmail.com >
* fix(types): add missing system_prompt_template field to TraderConfigData
補充完整修復:確保 TypeScript 類型定義與 API 使用一致。
Issue:
- AITradersPage.tsx 提交時包含 system_prompt_template 字段
- 但 TraderConfigData 接口缺少此字段定義
- TypeScript 類型不匹配
Fix:
- 在 TraderConfigData 接口添加 system_prompt_template: string
- 位置:override_base_prompt 之後,is_cross_margin 之前
- 與 CreateTraderRequest 保持一致
Result:
- TypeScript 類型完整
- 編輯交易員時正確加載和保存策略模板
- 無類型錯誤
Technical:
- web/src/types.ts Line 200
- 與後端 SystemPromptTemplate 字段對應
Co-Authored-By: tinkle-community <tinklefund@gmail.com >
---------
Co-authored-by: the-dev-z <the-dev-z@users.noreply.github.com >
Co-authored-by: tinkle-community <tinklefund@gmail.com >
2025-11-11 21:00:42 -05:00
70a6218704
fix(ui): remove duplicate exchange configuration fields (Aster & Hyperliquid) ( #921 )
...
* fix(ui): remove duplicate Aster exchange form rendering
修復 Aster 交易所配置表單重複渲染問題。
Issue:
- Aster 表單代碼在 AITradersPage.tsx 中出現兩次(lines 2334 和 2559)
- 導致用戶界面顯示 6 個輸入欄位(應該是 3 個)
- 用戶體驗混亂
Fix:
- 刪除重複的 Aster 表單代碼塊(lines 2559-2710,共 153 行)
- 保留第一個表單塊(lines 2334-2419)
- 修復 prettier 格式問題
Result:
- Aster 配置現在正確顯示 3 個欄位:user, signer, private key
- Lint 檢查通過
- Hyperliquid Agent Wallet 翻譯已存在無需修改
Technical:
- 刪除了完全重複的 JSX 條件渲染塊
- 移除空白行以符合 prettier 規範
Co-Authored-By: tinkle-community <tinklefund@gmail.com >
* fix(ui): remove legacy Hyperliquid single private key field
修復 Hyperliquid 配置頁面顯示舊版私鑰欄位的問題。
Issue:
- Hyperliquid 配置同時顯示舊版和新版欄位
- 舊版:單一「私钥」欄位(不安全,已廢棄)
- 新版:「代理私钥」+「主钱包地址」(Agent Wallet 安全模式)
- 用戶看到重複的欄位配置,造成混淆
Root Cause:
- AITradersPage.tsx 存在兩個 Hyperliquid 條件渲染塊
- Lines 2302-2332: 舊版單私鑰模式(應刪除)
- Lines 2424-2557: 新版 Agent Wallet 模式(正確)
Fix:
- 刪除舊版 Hyperliquid 單私鑰欄位代碼塊(lines 2302-2332,共 32 行)
- 保留新版 Agent Wallet 配置(代理私鑰 + 主錢包地址)
- 移除 `t('privateKey')` 和 `t('hyperliquidPrivateKeyDesc')` 舊版翻譯引用
Result:
- Hyperliquid 配置現在只顯示正確的 Agent Wallet 欄位
- 安全提示 banner 正確顯示
- 用戶體驗改善,不再混淆
Technical Details:
- 新版使用 `apiKey` 儲存 Agent Private Key
- 新版使用 `hyperliquidWalletAddr` 儲存 Main Wallet Address
- 符合 Hyperliquid Agent Wallet 最佳安全實踐
Related:
- 之前已修復 Aster 重複渲染問題(commit 5462eba0)
- Hyperliquid 翻譯 key 已存在於 translations.ts (lines 206-216, 1017-1027)
Co-Authored-By: tinkle-community <tinklefund@gmail.com >
* fix(i18n): add missing Hyperliquid Agent Wallet translation keys
補充 Hyperliquid 代理錢包配置的翻譯文本,修復前端顯示 key 名稱的問題。
Changes:
- 新增 8 個英文翻譯 key (Agent Wallet 配置說明)
- 新增 8 個中文翻譯 key (代理錢包配置說明)
- 修正 Hyperliquid 配置頁面顯示問題(從顯示 key 名稱改為顯示翻譯文本)
Technical Details:
- hyperliquidAgentWalletTitle: Banner 標題
- hyperliquidAgentWalletDesc: 安全說明文字
- hyperliquidAgentPrivateKey: 代理私鑰欄位標籤
- hyperliquidMainWalletAddress: 主錢包地址欄位標籤
- 相應的 placeholder 和 description 文本
Related Issue: 用戶反饋前端顯示 key 名稱而非翻譯文本
Co-Authored-By: tinkle-community <tinklefund@gmail.com >
---------
Co-authored-by: the-dev-z <the-dev-z@users.noreply.github.com >
Co-authored-by: tinkle-community <tinklefund@gmail.com >
2025-11-11 20:59:57 -05:00
1e0da2ee39
fix(web): fix two-stage private key input validation to support 0x prefix ( #917 )
...
## Problem
Users entering private keys with "0x" prefix failed validation incorrectly:
**Scenario:**
- User inputs: `0x1234...` (34 characters including "0x")
- Expected part1 length: 32 characters
- **Bug**: Code checks `part1.length < 32` → `34 < 32` → ❌ FALSE → "Key too long" error
- **Actual**: Should normalize to `1234...` (32 chars) → ✅ Valid
**Impact:**
- Users cannot paste keys from wallets (most include "0x")
- Confusing UX - valid keys rejected
- Forces manual "0x" removal
## Root Cause
**File**: `web/src/components/TwoStageKeyModal.tsx`
**Lines 77-84** (handleStage1Next):
```typescript
// ❌ Bug: Checks length before normalizing
if (part1.length < expectedPart1Length) {
// Fails for "0x..." inputs
}
```
**Lines 132-143** (handleStage2Complete):
```typescript
// ❌ Bug: Same issue
if (part2.length < expectedPart2Length) {
// Fails for "0x..." inputs
}
// ❌ Bug: Concatenates without normalizing part1
const fullKey = part1 + part2 // May have double "0x"
```
## Solution
### Fix 1: Normalize before validation
**Lines 77-79**:
```typescript
// ✅ Normalize first, then validate
const normalized1 = part1.startsWith('0x') ? part1.slice(2) : part1
if (normalized1.length < expectedPart1Length) {
// Now correctly handles both "0x..." and "1234..."
}
```
**Lines 134-136**:
```typescript
// ✅ Same for part2
const normalized2 = part2.startsWith('0x') ? part2.slice(2) : part2
if (normalized2.length < expectedPart2Length) {
// ...
}
```
### Fix 2: Normalize before concatenation
**Lines 145-147**:
```typescript
// ✅ Remove "0x" from both parts before concatenating
const normalized1 = part1.startsWith('0x') ? part1.slice(2) : part1
const fullKey = normalized1 + normalized2
// Result: Always 64 characters without "0x"
```
## Testing
**Manual Test Cases:**
| Input Type | Part 1 | Part 2 | Before | After |
|------------|--------|--------|--------|-------|
| **No prefix** | `1234...` (32) | `5678...` (32) | ✅ Pass | ✅ Pass |
| **With prefix** | `0x1234...` (34) | `0x5678...` (34) | ❌ Fail | ✅ Pass |
| **Mixed** | `0x1234...` (34) | `5678...` (32) | ❌ Fail | ✅ Pass |
| **Both prefixed** | `0x1234...` (34) | `0x5678...` (34) | ❌ Fail | ✅ Pass |
**Validation consistency:**
- Before: `validatePrivateKeyFormat` normalizes, but input checks don't ❌
- After: Both normalize the same way ✅
## Impact
- ✅ Users can paste keys directly from wallets
- ✅ Supports both `0x1234...` and `1234...` formats
- ✅ Consistent with `validatePrivateKeyFormat` logic
- ✅ Better UX - no manual "0x" removal needed
**Files changed**: 1 frontend file
- web/src/components/TwoStageKeyModal.tsx (+6 lines, -2 lines)
Co-authored-by: the-dev-z <the-dev-z@users.noreply.github.com >
Co-authored-by: tinkle-community <tinklefund@gmail.com >
2025-11-11 20:52:14 -05:00
9d721621f2
feat: Add decision limit selector with 5/10/20/50 options ( #638 )
...
## Summary
Allow users to select the number of decision records to display (5/10/20/50)
in the Web UI, with persistent storage in localStorage.
## Changes
### Backend
- api/server.go: Add 'limit' query parameter support to /api/decisions/latest
- Default: 5 (maintains current behavior)
- Max: 50 (prevents excessive data loading)
- Fully backward compatible
### Frontend
- web/src/lib/api.ts: Update getLatestDecisions() to accept limit parameter
- web/src/pages/TraderDashboard.tsx:
- Add decisionLimit state management with localStorage persistence
- Add dropdown selector UI (5/10/20/50 options)
- Pass limit to API calls and update SWR cache key
## Time Coverage
- 5 records = 15 minutes (default, quick check)
- 10 records = 30 minutes (short-term review)
- 20 records = 1 hour (medium-term analysis)
- 50 records = 2.5 hours (deep pattern analysis)
2025-11-11 20:34:29 -05:00
4920c28cc6
fix: fix build error ( #895 )
2025-11-11 15:36:12 +08:00
3bf69b758b
Refactor(UI) : Refactor Frontend: Unified Toasts with Sonner, Introduced Layout System, and Integrated React Router ( #872 )
2025-11-10 23:19:17 -05:00
ddc4cdeb60
fix: 修复小屏幕设备上对话框高度过高无法滚动的问题 ( #681 )
2025-11-10 23:17:12 -05:00
e49aa09de1
fix: 修复币安白名单IP复制功能失效问题 ( #680 )
...
## 🐛 问题描述
币安交易所配置页面中的服务器IP复制功能无法正常工作
## 🔍 根因分析
原始实现仅使用 navigator.clipboard.writeText() API:
- 在某些浏览器环境下不可用或被阻止
- 需要 HTTPS 或 localhost 环境
- 缺少错误处理和用户反馈
## ✅ 修复方案
1. **双重降级机制**:
- 优先使用现代 Clipboard API
- 降级到传统 execCommand 方法
2. **错误处理**:
- 添加 try-catch 错误捕获
- 失败时显示友好的错误提示
- 提供IP地址供用户手动复制
3. **多语言支持**:
- 添加 copyIPFailed 翻译键(中英文)
## 📝 修改文件
- web/src/components/AITradersPage.tsx
- handleCopyIP 函数重构为异步函数
- 添加双重复制机制和错误处理
- web/src/i18n/translations.ts
- 添加 copyIPFailed 错误提示翻译
## 🧪 测试验证
✅ TypeScript 编译通过
✅ Vite 构建成功
✅ 支持现代和传统浏览器环境
Co-authored-by: tinkle-community <tinklefund@gmail.com >
2025-11-10 20:34:22 -05:00
e6689eeb5b
fix(web): display '—' for missing data instead of NaN% or 0% ( #678 )
...
* fix(web): display '—' for missing data instead of NaN% or 0% (#633 )
- Add hasValidData validation for null/undefined/NaN
- Display '—' for invalid trader.total_pnl_pct
- Only show gap calculations when both values are valid
- Prevents misleading users with 0% when data is missing
Fixes #633
* test(web): add comprehensive unit tests for CompetitionPage NaN handling
- Test data validation logic (null/undefined/NaN detection)
- Test gap calculation with valid and invalid data
- Test display formatting (shows '—' instead of 'NaN%')
- Test leading/trailing message display conditions
- Test edge cases (Infinity, very small/large numbers)
All 25 test cases passed, covering:
1. hasValidData check (7 cases): valid/null/undefined/NaN/zero/negative
2. gap calculation (3 cases): valid data, invalid data, negative gap
3. display formatting (6 cases): positive/negative/null/undefined/NaN/zero
4. leading/trailing messages (5 cases): conditional display logic
5. edge cases (4 cases): Infinity, -Infinity, very small/large numbers
Related to PR #678 - ensures missing data displays as '—' instead of 'NaN%'.
Co-Authored-By: tinkle-community <tinklefund@gmail.com >
---------
Co-authored-by: ZhouYongyou <128128010+zhouyongyou@users.noreply.github.com >
Co-authored-by: tinkle-community <tinklefund@gmail.com >
2025-11-10 20:30:03 -05:00
e06f7517a6
fix(auth): 修复TraderConfigModal使用错误的token key ( #882 )
2025-11-10 12:44:34 -05:00
c8684bc6e7
fix(auth): align PasswordChecklist special chars with validation logic ( #860 )
...
修复密码验证UI组件与验证逻辑之间的特殊字符不一致问题。
问题描述:
- PasswordChecklist组件默认接受所有特殊字符(如^_-~等)
- 实际验证函数isStrongPassword()仅接受@#$%!&*?共8个特殊字符
- 导致用户输入包含其他特殊字符时,UI显示绿色勾选但注册按钮仍禁用
修改内容:
- 在RegisterPage.tsx的PasswordChecklist组件添加specialCharsRegex属性
- 限制特殊字符为/[@#$%!&*?]/,与isStrongPassword()保持一致
影响范围:
- 仅影响注册页面的密码验证UI显示
- 不影响后端验证逻辑
- 提升用户体验,避免误导性的UI反馈
Closes #859
Co-authored-by: tinkle-community <tinklefund@gmail.com >
2025-11-10 08:08:52 -07:00
0008c9e188
fix(web): remove circular dependency causing trading symbols input bug ( #632 ) ( #671 )
...
**Problem:**
Unable to type comma-separated trading symbols in the input field.
When typing "BTCUSDT," → comma immediately disappears → cannot add more symbols.
**Root Cause:**
Circular state dependency between `useEffect` and `handleInputChange`:
```typescript
// ❌ Lines 146-149: useEffect syncs selectedCoins → formData
useEffect(() => {
const symbolsString = selectedCoins.join(',')
setFormData(prev => ({ ...prev, trading_symbols: symbolsString }))
}, [selectedCoins])
// Lines 150-153: handleInputChange syncs formData → selectedCoins
if (field === 'trading_symbols') {
const coins = value.split(',').map(...).filter(...)
setSelectedCoins(coins)
}
```
**Execution Flow:**
1. User types: `"BTCUSDT,"`
2. `handleInputChange` fires → splits by comma → filters empty → `selectedCoins = ["BTCUSDT"]`
3. `useEffect` fires → joins → overwrites input to `"BTCUSDT"` ❌ **Trailing comma removed!**
4. User cannot continue typing
**Solution:**
Remove the redundant `useEffect` (lines 146-149) and update `handleCoinToggle` to directly sync both states:
```typescript
// ✅ handleCoinToggle now updates both states
const handleCoinToggle = (coin: string) => {
setSelectedCoins(prev => {
const newCoins = prev.includes(coin) ? ... : ...
// Directly update formData.trading_symbols
const symbolsString = newCoins.join(',')
setFormData(current => ({ ...current, trading_symbols: symbolsString }))
return newCoins
})
}
```
**Why This Works:**
- **Quick selector buttons** (`handleCoinToggle`): Now updates both states ✅
- **Manual input** (`handleInputChange`): Already updates both states ✅
- **No useEffect interference**: User can type freely ✅
**Impact:**
- ✅ Manual typing of comma-separated symbols now works
- ✅ Quick selector buttons still work correctly
- ✅ No circular dependency
- ✅ Cleaner unidirectional data flow
Fixes #632
Co-authored-by: tinkle-community <tinklefund@gmail.com >
2025-11-10 11:57:55 +08:00
a1f015d45c
feat(web): improve trader config UX for initial balance and prompt templates ( #629 #630 ) ( #673 )
...
- Add onBlur validation for initial_balance input to enforce minimum of 100
- Add detailed prompt template descriptions with i18n support
- Fix Traditional Chinese to Simplified Chinese
- Extract hardcoded Chinese text to i18n translation system
- Add translation keys for all prompt templates and descriptions
Fixes #629 , Fixes #630
2025-11-10 11:55:40 +08:00
576dd26b8b
bugfix dashboard empty state ( #709 )
2025-11-09 14:44:42 +08:00
594116f141
fix: 修复token过期未重新登录的问题 ( #803 )
...
* fix: 修复token过期未重新登录的问题
实现统一的401错误处理机制:
- 创建httpClient封装fetch API,添加响应拦截器
- 401时自动清理localStorage和React状态
- 显示"请先登录"提示并延迟1.5秒后跳转登录页
- 保存当前URL到sessionStorage用于登录后返回
- 改造所有API调用使用httpClient统一处理
Co-Authored-By: tinkle-community <tinklefund@gmail.com >
* fix: 添加401处理的单例保护防止并发竞态
问题:
- 多个API同时返回401会导致多个通知叠加
- 多个style元素被添加到DOM造成内存泄漏
- 可能触发多次登录页跳转
解决方案:
- 添加静态标志位 isHandling401 防止重复处理
- 第一个401触发完整处理流程
- 后续401直接抛出错误,避免重复操作
- 确保只显示一次通知和一次跳转
Co-Authored-By: tinkle-community <tinklefund@gmail.com >
* fix: 修复isHandling401标志永不重置的问题
问题:
- isHandling401标志在401处理后永不重置
- 导致用户重新登录后,后续401会被静默忽略
- 页面刷新或取消重定向后标志仍为true
解决方案:
- 在HttpClient中添加reset401Flag()公开方法
- 登录成功后调用reset401Flag()重置标志
- 页面加载时调用reset401Flag()确保新会话正常
影响范围:
- web/src/lib/httpClient.ts: 添加reset方法和导出函数
- web/src/contexts/AuthContext.tsx: 在登录和页面加载时重置
Co-Authored-By: tinkle-community <tinklefund@gmail.com >
* fix(auth): consume returnUrl after successful login (BLOCKING-1)
修复登录后未跳转回原页面的问题。
问题:
- httpClient在401时保存returnUrl到sessionStorage
- 但登录成功后没有读取和使用returnUrl
- 导致用户登录后停留在登录页,无法回到原页面
修复:
- 在loginAdmin、verifyOTP、completeRegistration三个登录方法中
- 添加returnUrl检查和跳转逻辑
- 登录成功后优先跳转到returnUrl,如果没有则使用默认页面
影响:
- 用户token过期后重新登录,会自动返回之前访问的页面
- 提升用户体验,避免手动导航
测试场景:
1. 用户访问/traders → token过期 → 登录 → 自动回到/traders ✅
2. 用户直接访问/login → 登录 → 跳转到默认页面(/dashboard或/traders) ✅
Related: BLOCKING-1 in PR #803 code review
---------
Co-authored-by: sue <177699783@qq.com >
Co-authored-by: tinkle-community <tinklefund@gmail.com >
2025-11-09 12:18:47 +08:00
4667c3bf00
feat(ui): add password strength validation and toggle visibility in registration and reset password forms ( #773 )
...
Co-authored-by: tinkle-community <tinklefund@gmail.com >
2025-11-09 00:36:28 +08:00
8b3ab331d0
Dev api bugfix ( #740 )
...
* feat: remove admin mode
* feat: bugfix
* feat(crypto): 添加RSA-OAEP + AES-GCM混合加密服务
- 实现CryptoService加密服务,支持RSA-OAEP-2048 + AES-256-GCM混合加密
- 集成数据库层加密,自动加密存储敏感字段(API密钥、私钥等)
- 支持环境变量DATA_ENCRYPTION_KEY配置数据加密密钥
- 适配SQLite数据库加密存储(从PostgreSQL移植)
- 保持Hyperliquid代理钱包处理兼容性
- 更新.gitignore以正确处理crypto模块代码
🤖 Generated with [Claude Code](https://claude.ai/code )
Co-Authored-By: tinkle-community <tinklefund@gmail.com >
* feat(scripts): 添加加密环境一键设置脚本
- setup_encryption.sh: 一键生成RSA密钥对+数据加密密钥+JWT密钥
- generate_rsa_keys.sh: 专业的RSA-2048密钥对生成工具
- generate_data_key.sh: 生成AES-256数据加密密钥和JWT认证密钥
- ENCRYPTION_README.md: 详细的加密系统说明文档
- 支持自动检测现有密钥并只生成缺失的密钥
- 完善的权限管理和安全验证
- 兼容macOS和Linux的跨平台支持
🤖 Generated with [Claude Code](https://claude.ai/code )
Co-Authored-By: tinkle-community <tinklefund@gmail.com >
* feat(api): 添加加密API端点和Gin框架集成
- 新增CryptoHandler处理加密相关API请求
- 提供/api/crypto/public-key端点获取RSA公钥
- 提供/api/crypto/decrypt端点解密敏感数据
- 适配Gin框架的HTTP处理器格式
- 集成CryptoService到API服务器
- 支持前端加密数据传输和解密
🤖 Generated with [Claude Code](https://claude.ai/code )
Co-Authored-By: tinkle-community <tinklefund@gmail.com >
* feat(web): 添加前端加密服务和两阶段密钥输入组件
- CryptoService: Web Crypto API集成,支持RSA-OAEP加密
- TwoStageKeyModal: 安全的两阶段私钥输入组件,支持剪贴板混淆
- 完善国际化翻译支持加密相关UI文本
- 修复TypeScript类型错误和编译问题
- 支持前端敏感数据加密传输到后端
- 增强用户隐私保护和数据安全
🤖 Generated with [Claude Code](https://claude.ai/code )
Co-Authored-By: tinkle-community <tinklefund@gmail.com >
* feat(auth): 增强JWT认证安全性
- 优先使用环境变量JWT_SECRET而不是数据库配置
- 支持通过.env文件安全配置JWT认证密钥
- 保留数据库配置作为回退机制
- 改进JWT密钥来源日志显示
- 增强系统启动时的安全配置检查
- 支持运行时动态JWT密钥切换
🤖 Generated with [Claude Code](https://claude.ai/code )
Co-Authored-By: tinkle-community <tinklefund@gmail.com >
* feat(docker): 集成加密环境变量到Docker部署
- 添加DATA_ENCRYPTION_KEY环境变量传递到容器
- 添加JWT_SECRET环境变量支持
- 挂载secrets目录使容器可访问RSA密钥文件
- 确保容器内加密服务正常工作
- 解决容器启动失败和加密初始化问题
- 完善Docker Compose加密环境配置
🤖 Generated with [Claude Code](https://claude.ai/code )
Co-Authored-By: tinkle-community <tinklefund@gmail.com >
* feat(start): 集成自动加密环境检测和设置
- 增强check_encryption()函数检测JWT_SECRET和DATA_ENCRYPTION_KEY
- 自动运行setup_encryption.sh当检测到缺失密钥时
- 改进加密状态显示,包含RSA+AES+JWT全套加密信息
- 优化用户体验,提供清晰的加密配置反馈
- 支持一键设置完整加密环境
- 确保容器启动前加密环境就绪
🤖 Generated with [Claude Code](https://claude.ai/code )
Co-Authored-By: tinkle-community <tinklefund@gmail.com >
* feat: format fix
* fix(security): 修复前端模型和交易所配置敏感数据明文传输
- 在handleSaveModelConfig中对API密钥进行RSA-OAEP加密
- 在handleSaveExchangeConfig中对API密钥、Secret密钥和Aster私钥进行加密
- 只有非空敏感数据才进行加密处理
- 添加加密失败错误处理和用户友好提示
- 增加encryptionFailed翻译键的中英文支持
- 使用用户ID和会话ID作为加密上下文增强安全性
这修复了之前敏感数据在网络传输中以明文形式发送的安全漏洞。
🤖 Generated with [Claude Code](https://claude.ai/code )
Co-Authored-By: tinkle-community <tinklefund@gmail.com >
* fix(crypto): 修复后端加密服务集成和缺失的加密端点
- 添加Server结构体缺少的cryptoService字段
- 实现handleUpdateModelConfigsEncrypted处理器用于模型配置加密传输
- 修复handleUpdateExchangeConfigsEncrypted中的函数调用
- 在前端API中添加updateModelConfigsEncrypted方法
- 统一RSA密钥路径从secrets/rsa_key改为keys/rsa_private.key
- 确保前端可以使用加密端点安全传输敏感数据
- 兼容原有加密通信模式和二段输入私钥功能
🤖 Generated with [Claude Code](https://claude.ai/code )
Co-Authored-By: tinkle-community <tinklefund@gmail.com >
* fix(crypto): 完善加密端点配置,简化API结构
- 移除多余的/models/encrypted端点,模型配置暂不加密
- 确认/exchanges端点已强制要求加密传输
- 统一前端使用标准端点,自动使用加密传输
- 修复前端API调用,移除不存在的updateModelConfigsEncrypted引用
- 确保后端和前端编译成功,加密功能正常工作
🤖 Generated with [Claude Code](https://claude.ai/code )
Co-Authored-By: tinkle-community <tinklefund@gmail.com >
* fix(crypto): 为模型配置端点添加加密传输支持
- 前端updateModelConfigs方法现在使用加密传输
- 后端/api/models端点已强制要求加密载荷
- 模型配置界面保持普通输入,在提交时自动加密
- 确保API密钥等敏感数据通过RSA+AES混合加密传输
- 前端后端编译测试通过,加密功能正常工作
🤖 Generated with [Claude Code](https://claude.ai/code )
Co-Authored-By: tinkle-community <tinklefund@gmail.com >
---------
Co-authored-by: icy <icyoung520@gmail.com >
Co-authored-by: tinkle-community <tinklefund@gmail.com >
2025-11-08 11:28:51 +08:00
f73b4771b2
Fix(encryption)/aiconfig, exchange config and the encryption setup ( #735 )
2025-11-08 08:41:28 +08:00
89085173f9
Dev Crypto ( #730 )
...
* feat: remove admin mode
* feat: bugfix
* feat(crypto): 添加RSA-OAEP + AES-GCM混合加密服务
- 实现CryptoService加密服务,支持RSA-OAEP-2048 + AES-256-GCM混合加密
- 集成数据库层加密,自动加密存储敏感字段(API密钥、私钥等)
- 支持环境变量DATA_ENCRYPTION_KEY配置数据加密密钥
- 适配SQLite数据库加密存储(从PostgreSQL移植)
- 保持Hyperliquid代理钱包处理兼容性
- 更新.gitignore以正确处理crypto模块代码
🤖 Generated with [Claude Code](https://claude.ai/code )
Co-Authored-By: tinkle-community <tinklefund@gmail.com >
* feat(scripts): 添加加密环境一键设置脚本
- setup_encryption.sh: 一键生成RSA密钥对+数据加密密钥+JWT密钥
- generate_rsa_keys.sh: 专业的RSA-2048密钥对生成工具
- generate_data_key.sh: 生成AES-256数据加密密钥和JWT认证密钥
- ENCRYPTION_README.md: 详细的加密系统说明文档
- 支持自动检测现有密钥并只生成缺失的密钥
- 完善的权限管理和安全验证
- 兼容macOS和Linux的跨平台支持
🤖 Generated with [Claude Code](https://claude.ai/code )
Co-Authored-By: tinkle-community <tinklefund@gmail.com >
* feat(api): 添加加密API端点和Gin框架集成
- 新增CryptoHandler处理加密相关API请求
- 提供/api/crypto/public-key端点获取RSA公钥
- 提供/api/crypto/decrypt端点解密敏感数据
- 适配Gin框架的HTTP处理器格式
- 集成CryptoService到API服务器
- 支持前端加密数据传输和解密
🤖 Generated with [Claude Code](https://claude.ai/code )
Co-Authored-By: tinkle-community <tinklefund@gmail.com >
* feat(web): 添加前端加密服务和两阶段密钥输入组件
- CryptoService: Web Crypto API集成,支持RSA-OAEP加密
- TwoStageKeyModal: 安全的两阶段私钥输入组件,支持剪贴板混淆
- 完善国际化翻译支持加密相关UI文本
- 修复TypeScript类型错误和编译问题
- 支持前端敏感数据加密传输到后端
- 增强用户隐私保护和数据安全
🤖 Generated with [Claude Code](https://claude.ai/code )
Co-Authored-By: tinkle-community <tinklefund@gmail.com >
* feat(auth): 增强JWT认证安全性
- 优先使用环境变量JWT_SECRET而不是数据库配置
- 支持通过.env文件安全配置JWT认证密钥
- 保留数据库配置作为回退机制
- 改进JWT密钥来源日志显示
- 增强系统启动时的安全配置检查
- 支持运行时动态JWT密钥切换
🤖 Generated with [Claude Code](https://claude.ai/code )
Co-Authored-By: tinkle-community <tinklefund@gmail.com >
* feat(docker): 集成加密环境变量到Docker部署
- 添加DATA_ENCRYPTION_KEY环境变量传递到容器
- 添加JWT_SECRET环境变量支持
- 挂载secrets目录使容器可访问RSA密钥文件
- 确保容器内加密服务正常工作
- 解决容器启动失败和加密初始化问题
- 完善Docker Compose加密环境配置
🤖 Generated with [Claude Code](https://claude.ai/code )
Co-Authored-By: tinkle-community <tinklefund@gmail.com >
* feat(start): 集成自动加密环境检测和设置
- 增强check_encryption()函数检测JWT_SECRET和DATA_ENCRYPTION_KEY
- 自动运行setup_encryption.sh当检测到缺失密钥时
- 改进加密状态显示,包含RSA+AES+JWT全套加密信息
- 优化用户体验,提供清晰的加密配置反馈
- 支持一键设置完整加密环境
- 确保容器启动前加密环境就绪
🤖 Generated with [Claude Code](https://claude.ai/code )
Co-Authored-By: tinkle-community <tinklefund@gmail.com >
* feat: format fix
* fix(security): 修复前端模型和交易所配置敏感数据明文传输
- 在handleSaveModelConfig中对API密钥进行RSA-OAEP加密
- 在handleSaveExchangeConfig中对API密钥、Secret密钥和Aster私钥进行加密
- 只有非空敏感数据才进行加密处理
- 添加加密失败错误处理和用户友好提示
- 增加encryptionFailed翻译键的中英文支持
- 使用用户ID和会话ID作为加密上下文增强安全性
这修复了之前敏感数据在网络传输中以明文形式发送的安全漏洞。
🤖 Generated with [Claude Code](https://claude.ai/code )
Co-Authored-By: tinkle-community <tinklefund@gmail.com >
* fix(crypto): 修复后端加密服务集成和缺失的加密端点
- 添加Server结构体缺少的cryptoService字段
- 实现handleUpdateModelConfigsEncrypted处理器用于模型配置加密传输
- 修复handleUpdateExchangeConfigsEncrypted中的函数调用
- 在前端API中添加updateModelConfigsEncrypted方法
- 统一RSA密钥路径从secrets/rsa_key改为keys/rsa_private.key
- 确保前端可以使用加密端点安全传输敏感数据
- 兼容原有加密通信模式和二段输入私钥功能
🤖 Generated with [Claude Code](https://claude.ai/code )
Co-Authored-By: tinkle-community <tinklefund@gmail.com >
---------
Co-authored-by: icy <icyoung520@gmail.com >
Co-authored-by: tinkle-community <tinklefund@gmail.com >
2025-11-08 02:03:09 +08:00
7c26e10121
refactor(AITradersPage): update model and exchange configuration checks ( #728 )
...
- Simplified the logic for determining configured models and exchanges by removing reliance on sensitive fields like apiKey.
- Enhanced filtering criteria to check for enabled status and non-sensitive fields, improving clarity and security.
- Updated UI class bindings to reflect the new configuration checks without compromising functionality.
This refactor aims to streamline the configuration process while ensuring sensitive information is not exposed.
2025-11-08 01:17:16 +08:00
062184054d
Dev remove admin mode ( #723 )
...
* feat: remove admin mode
* feat: bugfix
---------
Co-authored-by: icy <icyoung520@gmail.com >
2025-11-07 23:37:23 +08:00
9ad3e99645
feat(hyperliquid): enhance Agent Wallet security model ( #717 )
...
## Background
Hyperliquid official documentation recommends using Agent Wallet pattern for API trading:
- Agent Wallet is used for signing only
- Main Wallet Address is used for querying account data
- Agent Wallet should not hold significant funds
Reference: https://hyperliquid.gitbook.io/hyperliquid-docs/for-developers/api/nonces-and-api-wallets
## Current Implementation
Current implementation allows auto-generating wallet address from private key,
which simplifies user configuration but may lead to potential security concerns
if users accidentally use their main wallet private key.
## Enhancement
Following the proven pattern already used in Aster exchange implementation
(which uses dual-address mode), this enhancement upgrades Hyperliquid to
Agent Wallet mode:
### Core Changes
1. **Mandatory dual-address configuration**
- Agent Private Key (for signing)
- Main Wallet Address (holds funds)
2. **Multi-layer security checks**
- Detect if user accidentally uses main wallet private key
- Validate Agent wallet balance (reject if > 100 USDC)
- Provide detailed configuration guidance
3. **Design consistency**
- Align with Aster's dual-address pattern
- Follow Hyperliquid official best practices
### Code Changes
**config/database.go**:
- Add inline comments clarifying Agent Wallet security model
**trader/hyperliquid_trader.go**:
- Require explicit main wallet address (no auto-generation)
- Check if agent address matches main wallet address (security risk indicator)
- Query agent wallet balance and block if excessive
- Display both agent and main wallet addresses for transparency
**web/src/components/AITradersPage.tsx**:
- Add security alert banner explaining Agent Wallet mode
- Separate required inputs for Agent Private Key and Main Wallet Address
- Add field descriptions and validation
### Benefits
- ✅ Aligns with Hyperliquid official security recommendations
- ✅ Maintains design consistency with Aster implementation
- ✅ Multi-layer protection against configuration mistakes
- ✅ Detailed logging for troubleshooting
### Breaking Change
Users must now explicitly provide main wallet address (hyperliquid_wallet_addr).
Old configurations will receive clear error messages with migration guidance.
### Migration Guide
**Before** (single private key):
```json
{
"hyperliquid_private_key": "0x..."
}
```
**After** (Agent Wallet mode):
```json
{
"hyperliquid_private_key": "0x...", // Agent Wallet private key
"hyperliquid_wallet_addr": "0x..." // Main Wallet address
}
```
Users can create Agent Wallet on Hyperliquid official website:
https://app.hyperliquid.xyz/ → Settings → API Wallets
Co-authored-by: tinkle-community <tinklefund@gmail.com >
2025-11-07 23:26:56 +08:00
a723cafbc7
fix: admin logout button visibility ( #650 )
2025-11-07 22:52:03 +08:00
daa404ec4a
feat: exchange scroll
2025-11-07 18:34:59 +08:00
9e50946a28
Merge branch 'origin/beta' into nofxos/test
...
# Conflicts:
# config/database_pg.go
2025-11-07 16:37:21 +08:00
75aa20b36b
feat: exchange api security handle
2025-11-07 16:22:56 +08:00
95af12e3a2
Revert "fix(web): prevent NaN% display in competition gap calculation ( #633 ) …" ( #676 )
...
This reverts commit 8db6dc3b061bd044abb7e3bdb995c01a2bc6c78f.
2025-11-06 20:58:13 -05:00
b98a438843
fix(web): prevent NaN% display in competition gap calculation ( #633 ) ( #670 )
...
**Problem:**
Competition page shows "NaN%" for gap difference when trader P&L
percentages are null/undefined.
**Root Cause:**
Line 227: `const gap = trader.total_pnl_pct - opponent.total_pnl_pct`
- If either value is `undefined` or `null`, result is `NaN`
- Display shows "领先 NaN%" or "落后 NaN%"
**Solution:**
Add null coalescing to default undefined/null values to 0:
```typescript
const gap = (trader.total_pnl_pct ?? 0) - (opponent.total_pnl_pct ?? 0)
```
**Impact:**
- ✅ Gap calculation returns 0 when data is missing (shows 0.00%)
- ✅ Prevents confusing "NaN%" display
- ✅ Graceful degradation for incomplete data
Fixes #633
Co-authored-by: tinkle-community <tinklefund@gmail.com >
2025-11-06 20:35:58 -05:00
deac456703
fix: Fixed go vet issues. ( #658 )
...
* Fixed vet ./... errors.
* Fixed ESLint issues.
2025-11-07 02:28:01 +08:00
3a23167d31
fix(web): restore ESLint, Prettier, and Husky code quality tools ( #648 )
...
## Problem
PR #647 accidentally removed all code quality tools when adding test dependencies:
- ❌ ESLint (9 packages) - code linting
- ❌ Prettier - code formatting
- ❌ Husky - Git hooks
- ❌ lint-staged - pre-commit checks
- ❌ Related scripts (lint, format, prepare)
This significantly impacts code quality and team collaboration.
## Root Cause
When adding test dependencies (vitest, @testing-library/react), the package.json
was incorrectly edited, removing all existing devDependencies.
## Solution
Restore all code quality tools while keeping the new test dependencies:
### ✅ Restored packages:
- @eslint/js
- @typescript-eslint/eslint-plugin
- @typescript-eslint/parser
- eslint + plugins (prettier, react, react-hooks, react-refresh)
- prettier
- husky
- lint-staged
### ✅ Kept test packages:
- @testing-library/jest-dom
- @testing-library/react
- jsdom
- vitest
### ✅ Restored scripts:
```json
{
"lint": "eslint . --ext ts,tsx --report-unused-disable-directives --max-warnings 0",
"lint:fix": "eslint . --ext ts,tsx --fix",
"format": "prettier --write \"src/**/*.{ts,tsx,css,json}\"",
"format:check": "prettier --check \"src/**/*.{ts,tsx,css,json}\"",
"test": "vitest run",
"prepare": "husky"
}
```
### ✅ Restored lint-staged config
## Impact
This fix restores:
- Automated code style enforcement
- Pre-commit quality checks
- Consistent code formatting
- Team collaboration standards
## Testing
- [x] npm install succeeds
- [x] npm run build succeeds
- [x] All scripts are functional
Related-To: PR #647
Co-authored-by: tinkle-community <tinklefund@gmail.com >
2025-11-07 01:30:13 +08:00
03313fffda
update link
2025-11-07 01:26:18 +08:00
e73e427e35
feat: crypto for key
2025-11-07 01:25:18 +08:00
43561a4ad7
fix(web): resolve TypeScript type error in crypto.ts and add missing test dependencies ( #647 )
...
```
src/lib/crypto.ts(66,32): error TS2345: Argument of type 'Uint8Array<ArrayBuffer>'
is not assignable to parameter of type 'ArrayBuffer'.
```
`arrayBufferToBase64` function expected `ArrayBuffer` but received `Uint8Array.buffer`.
TypeScript strict type checking flagged the mismatch.
1. Update `arrayBufferToBase64` signature to accept `ArrayBuffer | Uint8Array`
2. Pass `result` directly instead of `result.buffer` (more accurate)
3. Add runtime type check with instanceof
```
error TS2307: Cannot find module 'vitest'
error TS2307: Cannot find module '@testing-library/react'
```
Install missing devDependencies:
- vitest
- @testing-library/react
- @testing-library/jest-dom
✅ Frontend builds successfully
✅ TypeScript compilation passes
✅ No type errors
Related-To: Docker frontend build failures
2025-11-07 01:19:48 +08:00
feeaa14050
feat(security): add end-to-end encryption for sensitive data
...
## Summary
Add comprehensive encryption system to protect private keys and API secrets.
## Core Components
- `crypto/encryption.go`: RSA-4096 + AES-256-GCM encryption manager
- `crypto/secure_storage.go`: Database encryption layer + audit logs
- `crypto/aliyun_kms.go`: Optional Aliyun KMS integration
- `api/crypto_handler.go`: Encryption API endpoints
- `web/src/lib/crypto.ts`: Frontend two-stage encryption
- `scripts/migrate_encryption.go`: Data migration tool
- `deploy_encryption.sh`: One-click deployment
## Security Architecture
```
Frontend: Two-stage input + clipboard obfuscation
↓
Transport: RSA-4096 + AES-256-GCM hybrid encryption
↓
Storage: Database encryption + audit logs
```
## Features
✅ Zero breaking changes (backward compatible)
✅ Automatic migration of existing data
✅ <25ms overhead per operation
✅ Complete audit trail
✅ Optional cloud KMS support
## Migration
```bash
./deploy_encryption.sh # 5 minutes, zero downtime
```
## Testing
```bash
go test ./crypto -v
```
Related-To: security-enhancement
2025-11-06 23:55:33 +08:00
7ce7c64fa8
feat: improve model/exchange deletion and selection logic
...
- Add soft delete support for AI models
* Add deleted field to ai_models table
* Implement soft delete with sensitive data cleanup
* Filter deleted records in queries
- Replace browser confirm dialogs with custom styled modals
* Create DeleteConfirmModal component with Binance theme
* Add proper warning messages and icons
* Improve user experience with consistent styling
- Fix duplicate model/exchange display in selection dropdowns
* Use supportedModels/supportedExchanges for modal selectors
* Use configuredModels/configuredExchanges for panel display
* Remove redundant selectableModels/selectableExchanges logic
- Enhance data management
* Refresh data after deletion operations
* Proper state cleanup after modal operations
* Clear sensitive data during soft delete
🤖 Generated with [Claude Code](https://claude.ai/code )
Co-Authored-By: tinkle-community <tinklefund@gmail.com >
2025-11-06 22:21:43 +08:00
bbf34e70c2
feat: improve model/exchange deletion and selection logic
...
- Add soft delete support for AI models
* Add deleted field to ai_models table
* Implement soft delete with sensitive data cleanup
* Filter deleted records in queries
- Replace browser confirm dialogs with custom styled modals
* Create DeleteConfirmModal component with Binance theme
* Add proper warning messages and icons
* Improve user experience with consistent styling
- Fix duplicate model/exchange display in selection dropdowns
* Use supportedModels/supportedExchanges for modal selectors
* Use configuredModels/configuredExchanges for panel display
* Remove redundant selectableModels/selectableExchanges logic
- Enhance data management
* Refresh data after deletion operations
* Proper state cleanup after modal operations
* Clear sensitive data during soft delete
🤖 Generated with [Claude Code](https://claude.ai/code )
Co-Authored-By: tinkle-community <tinklefund@gmail.com >
2025-11-06 22:05:21 +08:00
8dc543b1cf
fix(web): 修正 FAQ 翻译文件中的错误信息 ( #552 )
...
- 删除 OKX 虚假支持声明(后端未实现)
- 补充 Aster DEX 的 API 配置说明
- 修正测试网说明为暂时不支持
2025-11-06 21:59:10 +08:00
08f57fe5c9
feat: soft deleted exchange add
2025-11-06 20:39:46 +08:00
75db4c01e3
feat: supported models and exchange fix
2025-11-06 20:39:20 +08:00
6fa30b6d40
fix: show supported models/exchanges in selection modals
2025-11-06 19:30:37 +08:00
096ed0fd6e
ui: enlarge NOFX watermark overlays
2025-11-06 18:18:04 +08:00
98515c525d
fix: remove duplicate secret input for Binance
2025-11-06 18:08:26 +08:00
Icy
Ember
0xYYBB | ZYY | Bobo
Lawrence Liu
Sue
Deloz
CoderMageFox
0xYYBB | ZYY | Bobo
Icyoung
Diego
web3gaoyutang
0xbigtang
icy
Shui
SkywalkerJi
tinkle-community