Coder Social home page Coder Social logo

aelf-web-wallet's Introduction

AElf Web Wallet

0.Dependencies

  • Start up AElf Chain, aelf-block-scan, aelf-block-api at first

  • important call the API[POST:api/nodes/info] of aelf-block-api to insert the AElf Node information.

  • NodeJS: You can see the JS dependencies in pakage.json, we use egg.js(Node.js & Koa).

  • Correct config.

  • optional Nginx (or others) // SSL for Secure, Proxy for cross-origin.

1.Change config

config/config.default.js

config/config.node.js
# set you own apiServerProvider // api from aelf-block-api
# set your own default mainTokenName & mainTokenContract

database/config.json
# set your sql config for sequelize

2.Install Webpack & compile front files

npm install -g webpack
npm install -g webpack-cli

npm run build
# npm run build:dev
# npm run build:dev:w

3.Operate mysql by sequelize

npm run create-db
# npm run create-db:dev
npm run migrate
# npm run migrate:dev
# npm run undo-all
# npm run undo-all:dev

3.Start the node server

npm install
# If meet permisson problem.
# sudo npm install --unsafe-perm=true --allow-root

# dev
npm run dev
# pro
npm start

default port: 7001

Nginx(For Your Information)

How to open gizp.

How to config https.(We do not config https server in nodejs.)

How to proxy in nginx instead of proxy in nodejs.

  • nginx.conf

    • see how to open gizp

  • servsers/wallet.online.conf & servsers/wallet.conf

    • set your own RPC URL.
    • set your own server_name.
    • when use online(https)set your own ssl_certificate and ssl_certificate_key.

And please use plugin.nginx.js & demo.config.default.nginx.js instead of plugin.js & demo.config.defalut.js

FAQ

permission denied, open '/home/zhengyue/github/aelf-web-wallet/.travis.yml'

no such file or directory, scandir '/opt/aelf/app/aelf-web-wallet/node_modules/node-sass/vendor'

eggjs/egg#2442 (comment)

sudo npm install --unsafe-perm=true --allow-root
# Then
bash build.sh pro # or npm start

How to deal with int64

Use Long.js

https://www.npmjs.com/package/long

Docker[TODO]

aelf-web-wallet's People

Contributors

atom-yang avatar bikedawuwang avatar hzz780 avatar mason-hz avatar potter-sun avatar rosona avatar

Stargazers

avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

bikedawuwang zmsoft ukasdread hani4125 msgpo potter-sun yaoqingguui rocremer

aelf-web-wallet's Issues

TODO

Components

  • Fee select [done] Using Feeselect components under component

  • Modal [done] Using Pursecipher components under component

Pages

  • Transactions List [done] Whether the value of legal tender is displayed remains to be confirmed

  • Address Book [done]

  • New Contact Address Page [done]

  • Add Token Page [done] Transaction list page and token search logic modification

Internationalization

  • react i18n [done] To be repaired: antd-mobile internationalization

  • Do a representation: How the i18n work. (Code & Logic -> PPT || Blog) [done] langConfig -> README

[wallet] Some feature issue of web-wallet

  • 1. call the API[POST:api/nodes/info] of aelf-block-api to insert the AElf Node information. when the
    rpc_domain: " ", send transaction will get error message: {"message":"Validation Failed"}
    image

  • 2. When two chain's symbol is same, cannot display transaction information on the second chain

image
image

  • 3. Failed to import wallet with private key.

  • 4. Can't display the failed transaction on transaction list.

  • 5. When the password is simple, it will get message "The passwords confirmed error." need add the other passwords error message.

  • 6. In Create wallet, can't disabled the align
    image

  • 7. In Chinese system, the Amount converted money display USD

[wallet]Some UI issue of web-wallet

  • 1. The font is wrong and some opacity is wrong.

  • 2.The transaction record doesn't display the transaction time and the transaction money
    image
    expected results:
    image

  • 3.When the window is small, such as in iPhone, the address in Qr code display out of range
    image

  • 4. The clear button in Transaction Search is ugly
    image

  • 5. Some information is displayed in a different language than the system language
    1)In English, the amount of transfer display in Chinese
    image
    2) In Chinese, the password error message is in English
    image

  • 6. In some display screen, there is a white line between two Tokens
    image

  • 7. In Backup Mnemonic, resize the window , the background is wrong
    image

Suggestions to ELF wallet

1、The transaction fee for every tacsaction is charged the same amount(0.1ELF)regardless the tranfer amount.
Suggestion: What about setting up a minimum commission fee for limited tansfer amount, and charging additional fee based on setted rules for the exceeding amount.
2、The commision fee for transaction is charged from the balance in wallet, which means the wallet must have TOKEN left.
Suggestion: What about charging the commision fee from the amount transferred.
3、Is it suitable to show the information of transaction failed in the receiving account as well?

proxy API -> plugin???

aelf-web-wallet/config/demo.config.default.nginx.js

Lines 19 to 24 in d7edff3

// DISCUSS & TODO: proxy API -> plugin???
// 如果不使用Nginx来代理,请使用这段node代码
// For dev: you can use these codes instead of the config in nginx.
// config.proxy = [{
// serviceName: 'AElf Node RPC', // never use
// host: 'http://127.0.0.1:7250', // target host that matched path will be proxy to

This issue was generated by todo based on a TODO comment in d7edff3. It's been assigned to @hzz780 because they committed the code.

Modifying search logic

Modifying search logic

  • Transactions List Modifying search logic [done]
  • add Token Page Modifying search logic

use api at first

aelf-web-wallet/app/web/js/utils/crossChain.js

Lines 166 to 171 in 55ce713

// TODO use api at first
// http://127.0.0.1:7000/api/cross-chain/is-ready-to-receive?
// send=http://54.199.254.157:8000
// &receive=http://3.112.250.87:8000
// &main_chain_id=9992731&issue_chain_id=9992731
// &cross_transfer_tx_id=841988ce167d5c6ae6a791c0113ef95dd57840b32275e5854a056af40eb13608

This issue was generated by todo based on a TODO comment in 55ce713 when #56 was merged. cc @AElfProject.

Backup

Can't backup my wallet using private key only

[Community Bug] + Wallet is Vulnerable to MiTM

Vulnerability: Wallet is Vulnerable to MiTM Attack/SSLStrip Attack (Hacking HTTPS)

Description: It was observed that the wallet is vulnerable to a MiTM (Man in The Middle) Attack. This means an attacker can intercept the connection between a web browser and a trusted wallet by forcing the wallet to load without utilizing SSL/TLS.

Vulnerable Application: Wallet https://wallet-test.aelf.io

Severity: High

Steps to Reproduce:
1- Enter the below command in a Linux command prompt: iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 8080
2- Now use the below command to enable forwarding: echo 1 > /proc/sys/net/ipv4/ip_forward
3- Now use arpspoofing for the target victim: arpspoof -i eth0 -t victim ip gateway ip
4- You should now see that arpsoof is running. Now in a separate terminal window type the following command: sslstrip -l 8080
5- When the victim tries to access wallet-test.aelf.io it will load over HTTP.

Or

check the HSTS Presence in the response header.

Impact: An attacker can force the wallet to utilize HTTP. Once the wallet is over HTTP then an attacker can sniff the communication.

Fix: The following are recommendations to protect against SSLStrip and similar attacks:
1- Enable HSTS
2- Enable HTTPS throughout the website

Screenshot: Shows wallet is NOW accessible over HTTP

Wallet over HTTPS in Latest Chrome

Connection not secured

Attack Reference: Reference link to understand more about this issue:
https://www.cybrary.it/0p3n/sslstrip-in-man-in-the-middle-attack/

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.