hailin
/
rwadurian
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
2,001 Commits 1 Branch 10 Tags 175 MiB
Commit Graph

7 Commits

Author SHA1 Message Date
hailin 55bb129477 feat(identity-service): 增强钱包生成可靠性,确保100%生成成功 
核心改进:
- 基于数据库扫描代替Redis扫描,防止状态丢失后无法重试
- 指数退避策略(1分钟→60分钟),无时间限制持续重试
- 分布式锁保护,防止多实例/并发重复触发
- getWalletStatus API 检测失败状态并自动触发重试

修改内容:
- RedisService: 添加 tryLock/unlock 分布式锁方法
- UserAccountRepository: 添加 findUsersWithIncompleteWallets 查询
- getWalletStatus: 增强状态检测,失败/超时时自动触发重试
- WalletRetryTask: 完全重写,基于数据库驱动+指数退避

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2025-12-27 09:40:51 -08:00
hailin b4c4239593 feat: 实现手机号+密码登录和账号恢复功能 
## 后端更改

### 新增功能
- 添加手机号+密码登录 API (`POST /user/login-with-password`)
  - 新增 LoginWithPasswordDto 验证手机号格式和密码长度
  - 实现 loginWithPassword 服务方法,使用 bcrypt 验证密码
  - 返回 JWT tokens(accessToken + refreshToken)

### 代码优化
- 修复 phone.validator.ts 中的 TypeScript 类型错误(Object -> object)

## 前端更改

### 新增功能
- 实现手机号+密码登录页面 (phone_login_page.dart)
  - 完整的表单验证(手机号格式、密码长度)
  - 集成 AccountService.loginWithPassword API
  - 登录成功后自动更新认证状态并跳转主页

### 账号服务优化
- 在 AccountService 中添加 loginWithPassword 方法
  - 调用后端 login-with-password API
  - 自动保存认证数据(tokens、用户信息)
  - 使用 _savePhoneAuthData 统一保存逻辑

### UI 文案更新
- 向导页文案修改:"创建账号" → "注册账号"
  - 更新标题、副标题和按钮文本
  - 添加"恢复账号"按钮,跳转到手机号密码登录页

## 已验证功能

 前端代码编译通过(0 errors, 仅有非关键警告)
 后端代码编译通过(0 errors, 仅有非关键警告)
 30天登录状态保持(JWT refresh token 已配置为30天)
 自动路由逻辑(有登录状态直接进入主页)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 2025-12-20 20:35:44 -08:00
hailin 959fe93092 feat(identity-service): 添加钱包生成自动重试机制 
功能:
- 新增 WalletRetryTask 定时任务,每分钟扫描一次
- 自动检测超过 60 秒仍在 generating/deriving 状态的钱包
- 自动检测状态为 failed 的钱包生成
- 幂等重试机制,最多 10 分钟内持续重试
- 记录重试次数和时间戳

技术实现:
- 使用 @nestjs/schedule 的 Cron 装饰器
- 在 UserAccount 聚合根中添加 createWalletGenerationEvent() 方法
- 在 RedisService 中添加 keys() 方法支持模式匹配扫描
- 通过重新发布 UserAccountCreatedEvent 触发幂等重试

相关需求:
- 用户手机号验证成功后立即创建账号
- 钱包生成在后台异步进行
- 失败后自动重试,无需用户感知

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 2025-12-20 19:20:55 -08:00
hailin 6b85401d5c fix(mnemonic): fix recovery-by-mnemonic using hash verification instead of address matching 
## Problem
MPC wallet addresses have no cryptographic relationship with recovery mnemonics,
so address-based verification always failed for account recovery.

## Solution
Changed mnemonic verification from address matching to hash-based verification:
- Mnemonic acts as identity credential, verified by hash stored in blockchain-service
- Uses accountSequence to lookup stored mnemonic hash for verification

## Changes

### blockchain-service
- recovery-mnemonic.adapter.ts:
  - generateMnemonic() now async, uses bcrypt (rounds=12) for secure hashing
  - verifyMnemonic() now async, supports both bcrypt and legacy SHA256 hashes
  - Added backward compatibility for existing SHA256 hashed mnemonics
- mnemonic-verification.service.ts:
  - await verifyMnemonic() for async bcrypt comparison
- address-derivation.service.ts:
  - await generateMnemonic() for async bcrypt hashing
- package.json: added bcrypt dependency

### identity-service
- user-application.service.ts:
  - Changed recoverByMnemonic() to use verifyMnemonicByAccount (hash verification)
  - Added rate limiting: 5 failed attempts per hour per accountSequence
  - Uses Redis to track failed verification attempts
- redis.service.ts:
  - Added incr() and expire() methods for rate limiting
  - Added updateKeygenStatusAtomic() with Lua script for atomic state transitions
- mpc-keygen-completed.handler.ts:
  - Uses atomic Redis update to prevent race conditions
- blockchain-wallet.handler.ts:
  - Uses atomic Redis update for completed status

## Security Improvements
- bcrypt with 12 rounds for mnemonic hashing (anti-brute-force)
- Rate limiting prevents brute force attacks on mnemonic recovery
- Atomic Redis operations prevent race conditions in wallet creation flow

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-12-08 09:02:24 -08:00
hailin 747e4ae8ef refactor(mpc-system): migrate to party-driven architecture with PartyID-based routing 
- Remove Address field from PartyEndpoint (parties connect to router themselves)
- Update K8s Discovery to only manage PartyID and Role labels
- Add Party registration and SessionEvent protobuf definitions
- Implement PartyRegistry and SessionEventBroadcaster domain logic
- Add RegisterParty and SubscribeSessionEvents gRPC handlers
- Prepare infrastructure for party-driven MPC coordination

This is the first phase of migrating from coordinator-driven to party-driven
architecture following international MPC system design patterns.
 2025-12-05 08:11:28 -08:00
hailin 44d2e2ad80 . 2025-11-24 06:58:46 +00:00
hailin c29c185a03 identity_service_context first commit 2025-11-24 06:09:06 +00:00