feat: wallet private key export API with password verification

2026-03-23 10:52:27 +09:00
parent 10a3f0156b
commit 0cd0d2a402
5 changed files with 75 additions and 8 deletions
--- a/internal/chain/handler.go
+++ b/internal/chain/handler.go
@@ -3,6 +3,7 @@ package chain
 import (
 	"errors"
 	"log"
+	"log/slog"
 	"strconv"
 	"strings"

@@ -620,6 +621,39 @@ func (h *Handler) RegisterTemplate(c *fiber.Ctx) error {
 	return c.Status(fiber.StatusCreated).JSON(result)
 }

+// ExportWallet godoc
+// @Summary      개인키 내보내기
+// @Description  비밀번호 확인 후 현재 유저의 지갑 개인키를 반환합니다
+// @Tags         Chain
+// @Accept       json
+// @Produce      json
+// @Security     BearerAuth
+// @Param        body  body  exportRequest  true  "비밀번호"
+// @Success      200  {object}  map[string]string
+// @Failure      400  {object}  docs.ErrorResponse
+// @Failure      401  {object}  docs.ErrorResponse
+// @Router       /api/chain/wallet/export [post]
+type exportRequest struct {
+	Password string `json:"password"`
+}
+
+func (h *Handler) ExportWallet(c *fiber.Ctx) error {
+	userID, err := getUserID(c)
+	if err != nil {
+		return err
+	}
+	var req exportRequest
+	if err := c.BodyParser(&req); err != nil || req.Password == "" {
+		return c.Status(400).JSON(fiber.Map{"error": "password is required"})
+	}
+	slog.Warn("wallet export requested", "userID", userID, "ip", c.IP())
+	privKeyHex, err := h.svc.ExportPrivKey(userID, req.Password)
+	if err != nil {
+		return c.Status(401).JSON(fiber.Map{"error": "invalid password"})
+	}
+	return c.JSON(fiber.Map{"privateKey": privKeyHex})
+}
+
 // ---- Internal Handlers (game server, username-based) ----

 // InternalGrantReward godoc
--- a/internal/chain/service.go
+++ b/internal/chain/service.go
@@ -21,14 +21,15 @@ import (
 )

 type Service struct {
-	repo           *Repository
-	client         *Client
-	chainID        string
-	operatorWallet *wallet.Wallet
-	encKeyBytes    []byte // 32-byte AES-256 key
-	userResolver   func(username string) (uint, error)
-	operatorMu     sync.Mutex // serialises operator-nonce transactions
-	userMu         sync.Map   // per-user mutex (keyed by userID uint)
+	repo             *Repository
+	client           *Client
+	chainID          string
+	operatorWallet   *wallet.Wallet
+	encKeyBytes      []byte // 32-byte AES-256 key
+	userResolver     func(username string) (uint, error)
+	passwordVerifier func(userID uint, password string) error
+	operatorMu       sync.Mutex // serialises operator-nonce transactions
+	userMu           sync.Map   // per-user mutex (keyed by userID uint)
 }

 // SetUserResolver sets the callback that resolves username → userID.
@@ -36,6 +37,24 @@ func (s *Service) SetUserResolver(fn func(username string) (uint, error)) {
 	s.userResolver = fn
 }

+func (s *Service) SetPasswordVerifier(fn func(userID uint, password string) error) {
+	s.passwordVerifier = fn
+}
+
+func (s *Service) ExportPrivKey(userID uint, password string) (string, error) {
+	if s.passwordVerifier == nil {
+		return "", fmt.Errorf("password verifier not configured")
+	}
+	if err := s.passwordVerifier(userID, password); err != nil {
+		return "", err
+	}
+	w, _, err := s.loadUserWallet(userID)
+	if err != nil {
+		return "", err
+	}
+	return w.PrivKey().Hex(), nil
+}
+
 // resolveUsername converts a username to the user's on-chain pubKeyHex.
 // If the user exists but has no wallet (e.g. legacy user or failed creation),
 // a wallet is auto-created on the fly.