mirror of
https://github.com/laoxong/nofx.git
synced 2026-06-04 09:58:22 +08:00
Icyoung
89085173f9
* feat: remove admin mode * feat: bugfix * feat(crypto): 添加RSA-OAEP + AES-GCM混合加密服务 - 实现CryptoService加密服务,支持RSA-OAEP-2048 + AES-256-GCM混合加密 - 集成数据库层加密,自动加密存储敏感字段(API密钥、私钥等) - 支持环境变量DATA_ENCRYPTION_KEY配置数据加密密钥 - 适配SQLite数据库加密存储(从PostgreSQL移植) - 保持Hyperliquid代理钱包处理兼容性 - 更新.gitignore以正确处理crypto模块代码 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: tinkle-community <tinklefund@gmail.com> * feat(scripts): 添加加密环境一键设置脚本 - setup_encryption.sh: 一键生成RSA密钥对+数据加密密钥+JWT密钥 - generate_rsa_keys.sh: 专业的RSA-2048密钥对生成工具 - generate_data_key.sh: 生成AES-256数据加密密钥和JWT认证密钥 - ENCRYPTION_README.md: 详细的加密系统说明文档 - 支持自动检测现有密钥并只生成缺失的密钥 - 完善的权限管理和安全验证 - 兼容macOS和Linux的跨平台支持 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: tinkle-community <tinklefund@gmail.com> * feat(api): 添加加密API端点和Gin框架集成 - 新增CryptoHandler处理加密相关API请求 - 提供/api/crypto/public-key端点获取RSA公钥 - 提供/api/crypto/decrypt端点解密敏感数据 - 适配Gin框架的HTTP处理器格式 - 集成CryptoService到API服务器 - 支持前端加密数据传输和解密 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: tinkle-community <tinklefund@gmail.com> * feat(web): 添加前端加密服务和两阶段密钥输入组件 - CryptoService: Web Crypto API集成,支持RSA-OAEP加密 - TwoStageKeyModal: 安全的两阶段私钥输入组件,支持剪贴板混淆 - 完善国际化翻译支持加密相关UI文本 - 修复TypeScript类型错误和编译问题 - 支持前端敏感数据加密传输到后端 - 增强用户隐私保护和数据安全 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: tinkle-community <tinklefund@gmail.com> * feat(auth): 增强JWT认证安全性 - 优先使用环境变量JWT_SECRET而不是数据库配置 - 支持通过.env文件安全配置JWT认证密钥 - 保留数据库配置作为回退机制 - 改进JWT密钥来源日志显示 - 增强系统启动时的安全配置检查 - 支持运行时动态JWT密钥切换 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: tinkle-community <tinklefund@gmail.com> * feat(docker): 集成加密环境变量到Docker部署 - 添加DATA_ENCRYPTION_KEY环境变量传递到容器 - 添加JWT_SECRET环境变量支持 - 挂载secrets目录使容器可访问RSA密钥文件 - 确保容器内加密服务正常工作 - 解决容器启动失败和加密初始化问题 - 完善Docker Compose加密环境配置 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: tinkle-community <tinklefund@gmail.com> * feat(start): 集成自动加密环境检测和设置 - 增强check_encryption()函数检测JWT_SECRET和DATA_ENCRYPTION_KEY - 自动运行setup_encryption.sh当检测到缺失密钥时 - 改进加密状态显示,包含RSA+AES+JWT全套加密信息 - 优化用户体验,提供清晰的加密配置反馈 - 支持一键设置完整加密环境 - 确保容器启动前加密环境就绪 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: tinkle-community <tinklefund@gmail.com> * feat: format fix * fix(security): 修复前端模型和交易所配置敏感数据明文传输 - 在handleSaveModelConfig中对API密钥进行RSA-OAEP加密 - 在handleSaveExchangeConfig中对API密钥、Secret密钥和Aster私钥进行加密 - 只有非空敏感数据才进行加密处理 - 添加加密失败错误处理和用户友好提示 - 增加encryptionFailed翻译键的中英文支持 - 使用用户ID和会话ID作为加密上下文增强安全性 这修复了之前敏感数据在网络传输中以明文形式发送的安全漏洞。 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: tinkle-community <tinklefund@gmail.com> * fix(crypto): 修复后端加密服务集成和缺失的加密端点 - 添加Server结构体缺少的cryptoService字段 - 实现handleUpdateModelConfigsEncrypted处理器用于模型配置加密传输 - 修复handleUpdateExchangeConfigsEncrypted中的函数调用 - 在前端API中添加updateModelConfigsEncrypted方法 - 统一RSA密钥路径从secrets/rsa_key改为keys/rsa_private.key - 确保前端可以使用加密端点安全传输敏感数据 - 兼容原有加密通信模式和二段输入私钥功能 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: tinkle-community <tinklefund@gmail.com> --------- Co-authored-by: icy <icyoung520@gmail.com> Co-authored-by: tinkle-community <tinklefund@gmail.com>
466 lines
16 KiB
Bash
Executable File
466 lines
16 KiB
Bash
Executable File
#!/bin/bash
|
||
|
||
# ═══════════════════════════════════════════════════════════════
|
||
# NOFX AI Trading System - Docker Quick Start Script
|
||
# Usage: ./start.sh [command]
|
||
# ═══════════════════════════════════════════════════════════════
|
||
|
||
set -e
|
||
|
||
# ------------------------------------------------------------------------
|
||
# Color Definitions
|
||
# ------------------------------------------------------------------------
|
||
RED='\033[0;31m'
|
||
GREEN='\033[0;32m'
|
||
YELLOW='\033[1;33m'
|
||
BLUE='\033[0;34m'
|
||
NC='\033[0m' # No Color
|
||
|
||
# ------------------------------------------------------------------------
|
||
# Utility Functions: Colored Output
|
||
# ------------------------------------------------------------------------
|
||
print_info() {
|
||
echo -e "${BLUE}[INFO]${NC} $1"
|
||
}
|
||
|
||
print_success() {
|
||
echo -e "${GREEN}[SUCCESS]${NC} $1"
|
||
}
|
||
|
||
print_warning() {
|
||
echo -e "${YELLOW}[WARNING]${NC} $1"
|
||
}
|
||
|
||
print_error() {
|
||
echo -e "${RED}[ERROR]${NC} $1"
|
||
}
|
||
|
||
# ------------------------------------------------------------------------
|
||
# Detection: Docker Compose Command (Backward Compatible)
|
||
# ------------------------------------------------------------------------
|
||
detect_compose_cmd() {
|
||
if command -v docker compose &> /dev/null; then
|
||
COMPOSE_CMD="docker compose"
|
||
elif command -v docker-compose &> /dev/null; then
|
||
COMPOSE_CMD="docker-compose"
|
||
else
|
||
print_error "Docker Compose 未安装!请先安装 Docker Compose"
|
||
exit 1
|
||
fi
|
||
print_info "使用 Docker Compose 命令: $COMPOSE_CMD"
|
||
}
|
||
|
||
# ------------------------------------------------------------------------
|
||
# Validation: Docker Installation
|
||
# ------------------------------------------------------------------------
|
||
check_docker() {
|
||
if ! command -v docker &> /dev/null; then
|
||
print_error "Docker 未安装!请先安装 Docker: https://docs.docker.com/get-docker/"
|
||
exit 1
|
||
fi
|
||
|
||
detect_compose_cmd
|
||
print_success "Docker 和 Docker Compose 已安装"
|
||
}
|
||
|
||
# ------------------------------------------------------------------------
|
||
# Validation: Environment File (.env)
|
||
# ------------------------------------------------------------------------
|
||
check_env() {
|
||
if [ ! -f ".env" ]; then
|
||
print_warning ".env 不存在,从模板复制..."
|
||
cp .env.example .env
|
||
print_info "✓ 已使用默认环境变量创建 .env"
|
||
print_info "💡 如需修改端口等设置,可编辑 .env 文件"
|
||
fi
|
||
print_success "环境变量文件存在"
|
||
}
|
||
|
||
# ------------------------------------------------------------------------
|
||
# Validation: Encryption Environment (RSA Keys + Data Encryption Key)
|
||
# ------------------------------------------------------------------------
|
||
check_encryption() {
|
||
local need_setup=false
|
||
|
||
print_info "检查加密环境..."
|
||
|
||
# 检查RSA密钥对
|
||
if [ ! -f "secrets/rsa_key" ] || [ ! -f "secrets/rsa_key.pub" ]; then
|
||
print_warning "RSA密钥对不存在"
|
||
need_setup=true
|
||
fi
|
||
|
||
# 检查数据加密密钥
|
||
if [ ! -f ".env" ] || ! grep -q "^DATA_ENCRYPTION_KEY=" .env; then
|
||
print_warning "数据加密密钥未配置"
|
||
need_setup=true
|
||
fi
|
||
|
||
# 检查JWT认证密钥
|
||
if [ ! -f ".env" ] || ! grep -q "^JWT_SECRET=" .env; then
|
||
print_warning "JWT认证密钥未配置"
|
||
need_setup=true
|
||
fi
|
||
|
||
# 如果需要设置加密环境
|
||
if [ "$need_setup" = "true" ]; then
|
||
print_info "🔐 需要设置加密环境"
|
||
print_info "加密环境用于保护敏感数据(API密钥、私钥等)"
|
||
echo ""
|
||
|
||
# 询问用户是否自动设置
|
||
read -p "是否自动设置加密环境?[Y/n]: " auto_setup
|
||
auto_setup=${auto_setup:-Y}
|
||
|
||
if [[ "$auto_setup" =~ ^[Yy]$ ]]; then
|
||
print_info "正在设置加密环境..."
|
||
|
||
# 检查加密设置脚本是否存在
|
||
if [ -f "scripts/setup_encryption.sh" ]; then
|
||
print_info "正在自动设置加密环境..."
|
||
print_info "加密系统将保护: API密钥、私钥、Hyperliquid代理钱包"
|
||
echo ""
|
||
|
||
# 自动运行加密设置脚本
|
||
# Y: 继续设置加密环境 | n: 保持现有RSA密钥 | n: 保持现有密钥配置
|
||
echo -e "Y\nn\nn" | bash scripts/setup_encryption.sh
|
||
if [ $? -eq 0 ]; then
|
||
echo ""
|
||
print_success "🔐 加密环境设置完成!"
|
||
print_info " • RSA-2048密钥对已生成"
|
||
print_info " • AES-256数据加密密钥已配置"
|
||
print_info " • JWT认证密钥已配置"
|
||
print_info " • 所有敏感数据现在都受加密保护"
|
||
echo ""
|
||
else
|
||
print_error "加密环境设置失败"
|
||
exit 1
|
||
fi
|
||
else
|
||
print_error "加密设置脚本不存在: scripts/setup_encryption.sh"
|
||
print_info "请手动运行: ./scripts/setup_encryption.sh"
|
||
exit 1
|
||
fi
|
||
else
|
||
print_warning "跳过加密环境设置"
|
||
print_info "手动设置命令: ./scripts/setup_encryption.sh"
|
||
print_info "系统将使用未加密模式运行(不推荐)"
|
||
fi
|
||
else
|
||
print_success "🔐 加密环境已配置"
|
||
print_info " • RSA密钥对: secrets/rsa_key + secrets/rsa_key.pub"
|
||
print_info " • 数据加密密钥: .env (DATA_ENCRYPTION_KEY)"
|
||
print_info " • JWT认证密钥: .env (JWT_SECRET)"
|
||
print_info " • 加密算法: RSA-OAEP-2048 + AES-256-GCM + HS256"
|
||
print_info " • 保护数据: API密钥、私钥、Hyperliquid代理钱包、用户认证"
|
||
|
||
# 验证密钥文件权限
|
||
if [ -f "secrets/rsa_key" ]; then
|
||
local perm=$(stat -f "%A" "secrets/rsa_key" 2>/dev/null || stat -c "%a" "secrets/rsa_key" 2>/dev/null)
|
||
if [ "$perm" != "600" ]; then
|
||
print_warning "修复RSA私钥权限..."
|
||
chmod 600 secrets/rsa_key
|
||
fi
|
||
fi
|
||
|
||
if [ -f ".env" ]; then
|
||
local perm=$(stat -f "%A" ".env" 2>/dev/null || stat -c "%a" ".env" 2>/dev/null)
|
||
if [ "$perm" != "600" ]; then
|
||
print_warning "修复环境文件权限..."
|
||
chmod 600 .env
|
||
fi
|
||
fi
|
||
fi
|
||
}
|
||
|
||
# ------------------------------------------------------------------------
|
||
# Validation: Configuration File (config.json) - BASIC SETTINGS ONLY
|
||
# ------------------------------------------------------------------------
|
||
check_config() {
|
||
if [ ! -f "config.json" ]; then
|
||
print_warning "config.json 不存在,从模板复制..."
|
||
cp config.json.example config.json
|
||
print_info "✓ 已使用默认配置创建 config.json"
|
||
print_info "💡 如需修改基础设置(杠杆大小、开仓币种、管理员模式、JWT密钥等),可编辑 config.json"
|
||
print_info "💡 模型/交易所/交易员配置请使用Web界面"
|
||
fi
|
||
print_success "配置文件存在"
|
||
}
|
||
|
||
# ------------------------------------------------------------------------
|
||
# Utility: Read Environment Variables
|
||
# ------------------------------------------------------------------------
|
||
read_env_vars() {
|
||
if [ -f ".env" ]; then
|
||
# 读取端口配置,设置默认值
|
||
NOFX_FRONTEND_PORT=$(grep "^NOFX_FRONTEND_PORT=" .env 2>/dev/null | cut -d'=' -f2 || echo "3000")
|
||
NOFX_BACKEND_PORT=$(grep "^NOFX_BACKEND_PORT=" .env 2>/dev/null | cut -d'=' -f2 || echo "8080")
|
||
|
||
# 去除可能的引号和空格
|
||
NOFX_FRONTEND_PORT=$(echo "$NOFX_FRONTEND_PORT" | tr -d '"'"'" | tr -d ' ')
|
||
NOFX_BACKEND_PORT=$(echo "$NOFX_BACKEND_PORT" | tr -d '"'"'" | tr -d ' ')
|
||
|
||
# 如果为空则使用默认值
|
||
NOFX_FRONTEND_PORT=${NOFX_FRONTEND_PORT:-3000}
|
||
NOFX_BACKEND_PORT=${NOFX_BACKEND_PORT:-8080}
|
||
else
|
||
# 如果.env不存在,使用默认端口
|
||
NOFX_FRONTEND_PORT=3000
|
||
NOFX_BACKEND_PORT=8080
|
||
fi
|
||
}
|
||
|
||
# ------------------------------------------------------------------------
|
||
# Validation: Database File (config.db)
|
||
# ------------------------------------------------------------------------
|
||
check_database() {
|
||
if [ -d "config.db" ]; then
|
||
# 如果存在的是目录,删除它
|
||
print_warning "config.db 是目录而非文件,正在删除目录..."
|
||
rm -rf config.db
|
||
print_info "✓ 已删除目录,现在创建文件..."
|
||
touch config.db
|
||
print_success "✓ 已创建空数据库文件,系统将在启动时初始化"
|
||
elif [ ! -f "config.db" ]; then
|
||
# 如果不存在文件,创建它
|
||
print_warning "数据库文件不存在,创建空数据库文件..."
|
||
# 创建空文件以避免Docker创建目录
|
||
touch config.db
|
||
print_info "✓ 已创建空数据库文件,系统将在启动时初始化"
|
||
else
|
||
# 文件存在
|
||
print_success "数据库文件存在"
|
||
fi
|
||
}
|
||
|
||
# ------------------------------------------------------------------------
|
||
# Build: Frontend (Node.js Based)
|
||
# ------------------------------------------------------------------------
|
||
# build_frontend() {
|
||
# print_info "检查前端构建环境..."
|
||
|
||
# if ! command -v node &> /dev/null; then
|
||
# print_error "Node.js 未安装!请先安装 Node.js"
|
||
# exit 1
|
||
# fi
|
||
|
||
# if ! command -v npm &> /dev/null; then
|
||
# print_error "npm 未安装!请先安装 npm"
|
||
# exit 1
|
||
# fi
|
||
|
||
# print_info "正在构建前端..."
|
||
# cd web
|
||
|
||
# print_info "安装 Node.js 依赖..."
|
||
# npm install
|
||
|
||
# print_info "构建前端应用..."
|
||
# npm run build
|
||
|
||
# cd ..
|
||
# print_success "前端构建完成"
|
||
# }
|
||
|
||
# ------------------------------------------------------------------------
|
||
# Service Management: Start
|
||
# ------------------------------------------------------------------------
|
||
start() {
|
||
print_info "正在启动 NOFX AI Trading System..."
|
||
|
||
# 读取环境变量
|
||
read_env_vars
|
||
|
||
# 确保必要的文件和目录存在(修复 Docker volume 挂载问题)
|
||
if [ ! -f "config.db" ]; then
|
||
print_info "创建数据库文件..."
|
||
touch config.db
|
||
fi
|
||
if [ ! -d "decision_logs" ]; then
|
||
print_info "创建日志目录..."
|
||
mkdir -p decision_logs
|
||
fi
|
||
|
||
# Auto-build frontend if missing or forced
|
||
# if [ ! -d "web/dist" ] || [ "$1" == "--build" ]; then
|
||
# build_frontend
|
||
# fi
|
||
|
||
# Rebuild images if flag set
|
||
if [ "$1" == "--build" ]; then
|
||
print_info "重新构建镜像..."
|
||
$COMPOSE_CMD up -d --build
|
||
else
|
||
print_info "启动容器..."
|
||
$COMPOSE_CMD up -d
|
||
fi
|
||
|
||
print_success "服务已启动!"
|
||
print_info "Web 界面: http://localhost:${NOFX_FRONTEND_PORT}"
|
||
print_info "API 端点: http://localhost:${NOFX_BACKEND_PORT}"
|
||
print_info ""
|
||
print_info "查看日志: ./start.sh logs"
|
||
print_info "停止服务: ./start.sh stop"
|
||
}
|
||
|
||
# ------------------------------------------------------------------------
|
||
# Service Management: Stop
|
||
# ------------------------------------------------------------------------
|
||
stop() {
|
||
print_info "正在停止服务..."
|
||
$COMPOSE_CMD stop
|
||
print_success "服务已停止"
|
||
}
|
||
|
||
# ------------------------------------------------------------------------
|
||
# Service Management: Restart
|
||
# ------------------------------------------------------------------------
|
||
restart() {
|
||
print_info "正在重启服务..."
|
||
$COMPOSE_CMD restart
|
||
print_success "服务已重启"
|
||
}
|
||
|
||
# ------------------------------------------------------------------------
|
||
# Monitoring: Logs
|
||
# ------------------------------------------------------------------------
|
||
logs() {
|
||
if [ -z "$2" ]; then
|
||
$COMPOSE_CMD logs -f
|
||
else
|
||
$COMPOSE_CMD logs -f "$2"
|
||
fi
|
||
}
|
||
|
||
# ------------------------------------------------------------------------
|
||
# Monitoring: Status
|
||
# ------------------------------------------------------------------------
|
||
status() {
|
||
# 读取环境变量
|
||
read_env_vars
|
||
|
||
print_info "服务状态:"
|
||
$COMPOSE_CMD ps
|
||
echo ""
|
||
print_info "健康检查:"
|
||
curl -s "http://localhost:${NOFX_BACKEND_PORT}/api/health" | jq '.' || echo "后端未响应"
|
||
}
|
||
|
||
# ------------------------------------------------------------------------
|
||
# Maintenance: Clean (Destructive)
|
||
# ------------------------------------------------------------------------
|
||
clean() {
|
||
print_warning "这将删除所有容器和数据!"
|
||
read -p "确认删除?(yes/no): " confirm
|
||
if [ "$confirm" == "yes" ]; then
|
||
print_info "正在清理..."
|
||
$COMPOSE_CMD down -v
|
||
print_success "清理完成"
|
||
else
|
||
print_info "已取消"
|
||
fi
|
||
}
|
||
|
||
# ------------------------------------------------------------------------
|
||
# Maintenance: Update
|
||
# ------------------------------------------------------------------------
|
||
update() {
|
||
print_info "正在更新..."
|
||
git pull
|
||
$COMPOSE_CMD up -d --build
|
||
print_success "更新完成"
|
||
}
|
||
|
||
# ------------------------------------------------------------------------
|
||
# Encryption: Manual Setup
|
||
# ------------------------------------------------------------------------
|
||
setup_encryption_manual() {
|
||
print_info "🔐 手动设置加密环境"
|
||
|
||
if [ -f "scripts/setup_encryption.sh" ]; then
|
||
bash scripts/setup_encryption.sh
|
||
else
|
||
print_error "加密设置脚本不存在: scripts/setup_encryption.sh"
|
||
print_info "请确保项目文件完整"
|
||
exit 1
|
||
fi
|
||
}
|
||
|
||
# ------------------------------------------------------------------------
|
||
# Help: Usage Information
|
||
# ------------------------------------------------------------------------
|
||
show_help() {
|
||
echo "NOFX AI Trading System - Docker 管理脚本"
|
||
echo ""
|
||
echo "用法: ./start.sh [command] [options]"
|
||
echo ""
|
||
echo "命令:"
|
||
echo " start [--build] 启动服务(可选:重新构建)"
|
||
echo " stop 停止服务"
|
||
echo " restart 重启服务"
|
||
echo " logs [service] 查看日志(可选:指定服务名 backend/frontend)"
|
||
echo " status 查看服务状态"
|
||
echo " clean 清理所有容器和数据"
|
||
echo " update 更新代码并重启"
|
||
echo " setup-encryption 设置加密环境(RSA密钥+数据加密)"
|
||
echo " help 显示此帮助信息"
|
||
echo ""
|
||
echo "示例:"
|
||
echo " ./start.sh start --build # 构建并启动"
|
||
echo " ./start.sh logs backend # 查看后端日志"
|
||
echo " ./start.sh status # 查看状态"
|
||
echo " ./start.sh setup-encryption # 手动设置加密环境"
|
||
echo ""
|
||
echo "🔐 关于加密:"
|
||
echo " 系统自动检测加密环境,首次运行时会自动设置"
|
||
echo " 手动设置: ./scripts/setup_encryption.sh"
|
||
}
|
||
|
||
# ------------------------------------------------------------------------
|
||
# Main: Command Dispatcher
|
||
# ------------------------------------------------------------------------
|
||
main() {
|
||
check_docker
|
||
|
||
case "${1:-start}" in
|
||
start)
|
||
check_env
|
||
check_encryption
|
||
check_config
|
||
check_database
|
||
start "$2"
|
||
;;
|
||
stop)
|
||
stop
|
||
;;
|
||
restart)
|
||
restart
|
||
;;
|
||
logs)
|
||
logs "$@"
|
||
;;
|
||
status)
|
||
status
|
||
;;
|
||
clean)
|
||
clean
|
||
;;
|
||
update)
|
||
update
|
||
;;
|
||
setup-encryption)
|
||
setup_encryption_manual
|
||
;;
|
||
help|--help|-h)
|
||
show_help
|
||
;;
|
||
*)
|
||
print_error "未知命令: $1"
|
||
show_help
|
||
exit 1
|
||
;;
|
||
esac
|
||
}
|
||
|
||
# Execute Main
|
||
main "$@" |