Remove zero-address dev mode fallback and harden security: update JWT secret, enforce authentication, add SSL verification option, implement actual resource handlers with system metrics
Some checks failed
Blockchain Synchronization Verification / sync-verification (push) Waiting to run
Cross-Chain Functionality Tests / test-cross-chain-sync (push) Waiting to run
Cross-Chain Functionality Tests / test-cross-chain-transactions (push) Waiting to run
Cross-Chain Functionality Tests / test-multi-chain-consensus (push) Waiting to run
Cross-Chain Functionality Tests / aggregate-results (push) Blocked by required conditions
Multi-Chain Island Architecture Tests / test-multi-chain-island (push) Waiting to run
Multi-Node Blockchain Health Monitoring / health-check (push) Waiting to run
Node Failover Simulation / failover-test (push) Waiting to run
P2P Network Verification / p2p-verification (push) Waiting to run
API Endpoint Tests / test-api-endpoints (push) Has been cancelled
Coverage Phase 1 (70% Target) / test-coverage-70 (push) Has been cancelled
Coverage Phase 2 (85% Target) / test-coverage-85 (push) Has been cancelled
Cross-Node Transaction Testing / transaction-test (push) Has been cancelled
Deploy to Testnet / deploy-testnet (push) Has been cancelled
Integration Tests / test-service-integration (push) Has been cancelled
Multi-Node Stress Testing / stress-test (push) Has been cancelled
Production Tests / Production Integration Tests (push) Has been cancelled
Python Tests / test-python (push) Has been cancelled
Security Scanning / security-scan (push) Has been cancelled
CLI Tests / test-cli (push) Has been cancelled
Some checks failed
Blockchain Synchronization Verification / sync-verification (push) Waiting to run
Cross-Chain Functionality Tests / test-cross-chain-sync (push) Waiting to run
Cross-Chain Functionality Tests / test-cross-chain-transactions (push) Waiting to run
Cross-Chain Functionality Tests / test-multi-chain-consensus (push) Waiting to run
Cross-Chain Functionality Tests / aggregate-results (push) Blocked by required conditions
Multi-Chain Island Architecture Tests / test-multi-chain-island (push) Waiting to run
Multi-Node Blockchain Health Monitoring / health-check (push) Waiting to run
Node Failover Simulation / failover-test (push) Waiting to run
P2P Network Verification / p2p-verification (push) Waiting to run
API Endpoint Tests / test-api-endpoints (push) Has been cancelled
Coverage Phase 1 (70% Target) / test-coverage-70 (push) Has been cancelled
Coverage Phase 2 (85% Target) / test-coverage-85 (push) Has been cancelled
Cross-Node Transaction Testing / transaction-test (push) Has been cancelled
Deploy to Testnet / deploy-testnet (push) Has been cancelled
Integration Tests / test-service-integration (push) Has been cancelled
Multi-Node Stress Testing / stress-test (push) Has been cancelled
Production Tests / Production Integration Tests (push) Has been cancelled
Python Tests / test-python (push) Has been cancelled
Security Scanning / security-scan (push) Has been cancelled
CLI Tests / test-cli (push) Has been cancelled
This commit is contained in:
aitbc
@@ -12,7 +12,7 @@ Environment="BLOCKCHAIN_RPC_HOST=localhost"
|
||||
Environment="BLOCKCHAIN_RPC_PORT=8006"
|
||||
Environment="GPU_SERVICE_HOST=localhost"
|
||||
Environment="GPU_SERVICE_PORT=8101"
|
||||
Environment="JWT_SECRET_KEY=your-secret-key-change-in-production"
|
||||
Environment="JWT_SECRET_KEY=CQNLjrtnUVGzdO1skuLsxoiPEEmav2Vj3aA302cvo8I"
|
||||
Environment="API_PORT=8103"
|
||||
ExecStart=/opt/aitbc/venv/bin/python -m edge_api.main
|
||||
Restart=always
|
||||
|
||||
@@ -54,13 +54,14 @@ def get_authenticated_address(request: Request, credentials: Optional[HTTPAuthor
|
||||
detail="JWT authentication is not supported. Use X-Wallet-Address header with TRUST_X_WALLET_ADDRESS=true for trusted internal requests."
|
||||
)
|
||||
|
||||
# Development mode fallback
|
||||
# Development mode fallback - remove zero-address fallback for security
|
||||
if os.getenv("DEV_MODE", "false").lower() == "true":
|
||||
_logger.warning("Rejected unauthenticated request in development mode")
|
||||
_logger.warning("Development mode enabled but authentication still required")
|
||||
# Still require authentication even in dev mode for security
|
||||
|
||||
# No valid authentication found
|
||||
raise HTTPException(
|
||||
status_code=status.HTTP_401_UNAUTHORIZED,
|
||||
detail="Authentication required. Provide X-Wallet-Address header or valid JWT token.",
|
||||
detail="Authentication required. Provide X-Wallet-Address header with TRUST_X_WALLET_ADDRESS=true for trusted internal requests.",
|
||||
headers={"WWW-Authenticate": "Bearer"}
|
||||
)
|
||||
|
||||
@@ -3,6 +3,7 @@ Portfolio Aggregation Service
|
||||
Aggregates portfolio data from wallet, exchange, marketplace, trading, and AI services
|
||||
"""
|
||||
|
||||
import os
|
||||
from datetime import datetime, timezone
|
||||
from typing import Any, Dict
|
||||
import httpx
|
||||
@@ -22,7 +23,9 @@ class PortfolioAggregationService:
|
||||
self.trading_service_url = "http://localhost:8104"
|
||||
self.ai_service_url = "http://localhost:8005"
|
||||
|
||||
self.http_client = httpx.AsyncClient(timeout=10.0, verify=False)
|
||||
# Use SSL verification for security (disable only for localhost in dev)
|
||||
verify_ssl = os.getenv("VERIFY_SSL", "true").lower() == "true"
|
||||
self.http_client = httpx.AsyncClient(timeout=10.0, verify=verify_ssl)
|
||||
|
||||
async def get_unified_portfolio(self, agent_address: str | None = None) -> Dict[str, Any]:
|
||||
"""
|
||||
|
||||
Reference in New Issue
Block a user