hailin 6b85401d5c fix(mnemonic): fix recovery-by-mnemonic using hash verification instead of address matching ... ## Problem MPC wallet addresses have no cryptographic relationship with recovery mnemonics, so address-based verification always failed for account recovery. ## Solution Changed mnemonic verification from address matching to hash-based verification: - Mnemonic acts as identity credential, verified by hash stored in blockchain-service - Uses accountSequence to lookup stored mnemonic hash for verification ## Changes ### blockchain-service - recovery-mnemonic.adapter.ts: - generateMnemonic() now async, uses bcrypt (rounds=12) for secure hashing - verifyMnemonic() now async, supports both bcrypt and legacy SHA256 hashes - Added backward compatibility for existing SHA256 hashed mnemonics - mnemonic-verification.service.ts: - await verifyMnemonic() for async bcrypt comparison - address-derivation.service.ts: - await generateMnemonic() for async bcrypt hashing - package.json: added bcrypt dependency ### identity-service - user-application.service.ts: - Changed recoverByMnemonic() to use verifyMnemonicByAccount (hash verification) - Added rate limiting: 5 failed attempts per hour per accountSequence - Uses Redis to track failed verification attempts - redis.service.ts: - Added incr() and expire() methods for rate limiting - Added updateKeygenStatusAtomic() with Lua script for atomic state transitions - mpc-keygen-completed.handler.ts: - Uses atomic Redis update to prevent race conditions - blockchain-wallet.handler.ts: - Uses atomic Redis update for completed status ## Security Improvements - bcrypt with 12 rounds for mnemonic hashing (anti-brute-force) - Rate limiting prevents brute force attacks on mnemonic recovery - Atomic Redis operations prevent race conditions in wallet creation flow 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>		2025-12-08 09:02:24 -08:00
..
.claude	fix(mobile-app): update share link domain to rwaapi.szaiai.com	2025-12-06 21:15:55 -08:00
prisma	refactor(mnemonic): move recovery_mnemonics to blockchain-service (DDD)	2025-12-08 00:54:25 -08:00
scripts	feat(blockchain-service): implement complete blockchain service with DDD + Hexagonal architecture	2025-12-06 20:54:58 -08:00
src	fix(mnemonic): fix recovery-by-mnemonic using hash verification instead of address matching	2025-12-08 09:02:24 -08:00
.dockerignore	feat(blockchain-service): implement complete blockchain service with DDD + Hexagonal architecture	2025-12-06 20:54:58 -08:00
.env.example	docs(config): update .env.example files for production deployment	2025-12-07 04:55:21 -08:00
.eslintrc.js	feat(blockchain-service): implement complete blockchain service with DDD + Hexagonal architecture	2025-12-06 20:54:58 -08:00
.gitignore	feat(blockchain-service): implement complete blockchain service with DDD + Hexagonal architecture	2025-12-06 20:54:58 -08:00
.prettierrc	feat(blockchain-service): implement complete blockchain service with DDD + Hexagonal architecture	2025-12-06 20:54:58 -08:00
DEVELOPMENT_GUIDE.md	docs: update blockchain-service guide with address derivation responsibilities	2025-12-06 20:02:50 -08:00
Dockerfile	fix(wallet): resolve account creation and wallet status query issues	2025-12-08 07:57:17 -08:00
deploy.sh	.	2025-12-07 00:40:19 -08:00
docker-compose.yml	refactor: unify docker-compose configs to use shared infrastructure	2025-12-07 00:35:56 -08:00
nest-cli.json	feat(blockchain-service): implement complete blockchain service with DDD + Hexagonal architecture	2025-12-06 20:54:58 -08:00
package-lock.json	fix(mnemonic): fix recovery-by-mnemonic using hash verification instead of address matching	2025-12-08 09:02:24 -08:00
package.json	fix(mnemonic): fix recovery-by-mnemonic using hash verification instead of address matching	2025-12-08 09:02:24 -08:00
tsconfig.json	feat(blockchain-service): implement complete blockchain service with DDD + Hexagonal architecture	2025-12-06 20:54:58 -08:00