[WIP] Enhance Cryptocurrency Task Funding and Coin Details API

[SoYan500]

Enhance Cryptocurrency Task Funding and Coin Details API

Description

Summary of Work

This pull request consolidates recent improvements to our cryptocurrency task funding and coin details API:

Key Enhancements:

• Implemented secure Slack request verification with timestamp and signature checks
• Added flexible task funding mechanism supporting both standard and KPL (Koii Pocket Liquidity) token types
• Created a robust coin details route with input validation and caching
• Improved error handling for coin lookup and task funding

The changes focus on:

1. Security: Preventing replay and tampering of Slack webhook requests
2. Flexibility: Supporting multiple token funding mechanisms
3. Performance: Implementing caching for coin details
4. Error Handling: Comprehensive error responses for different scenarios

Changes Made

1. Slack Request Verification:

• Added verifySlackRequest() function with timestamp and HMAC signature validation
• Implemented constant-time comparison to prevent timing attacks

2. Task Funding Improvements:

• Created generic_fund_task() to handle both standard and KPL token funding
• Added support for different token types in task funding
• Implemented error handling and Slack response notifications

3. Coin Details Route:

• Added coinDetailsRouter with GET endpoint for cryptocurrency details
• Implemented input validation with validateCoinId() function
• Created caching mechanism using node-cache with 10-minute TTL
• Developed comprehensive error handling middleware

4. Environment and Configuration:

• Utilized environment variables for sensitive information
• Supported dynamic user ID whitelisting

Tests and Verification

Verification Steps:

1. Slack Request Verification:

• Test invalid timestamp scenarios
• Verify HMAC signature validation
• Check replay attack prevention

2. Task Funding:

• Test funding for standard and KPL token types
• Verify error handling for invalid task IDs
• Check Slack response notifications

3. Coin Details Endpoint:

• Test successful coin retrieval
• Verify caching mechanism
• Check error handling for:
  • Missing coin ID
  • Non-existent coin
  • Invalid input formats

4. User Authorization:

• Validate user ID whitelisting
• Test unauthorized user funding attempts

PRs Merged

The following pull requests have been merged:

Signatures

Staking Key

Hi85KVXFxw53EPtx9aU3JKWcUn9tJerXEX8vkPivdGYZ: 295SFQC2jw2QAmtH6z3F6SciU2TcUzFWk2o4aVFe7q6Z5GagFvuPD2EJrJuJgYaQcKRqjbXCYb1pZJhkoQDsqg3mM7pQBFXerGdiV7egmEMFEmnaARPzBYgLg21jqf7LGAaZX1VxFiUKHcj5GD7qC1PzbLHRvvV4hj8YBDiCGsfddn32o9qSBEjtD2asWroiURY76EniytYJcK937mUWJZkTVFNUFcPwbcJKvVaWaGR6T1fraLEYAiGwbduX5WiXRNg51RZM3FRGcnggxgPsKPyBtemvrdAskHcuGD8azEU8kW4b7GdrDabdaP4R2gUBJzjNRgjKbD9in7uqc49yC8ekHSgJYLT9dPFKeeGXyASJmSdxGu3SDm8TmA8VRP9cXPjnWvDQ7Xk1WHRAcoink2NYVWNmTtLTN

Public Key

3EHUVFpx8xQCU8AdKG7vneVy5eTeeM6p8tXohn7RFoav: 9AznfmCVXdDRYKVQCHSy4R7seoCimeocoDSpSi9F5YNuRyosL6tsPsqQeePvrxDux7ni2oWC34LXoKUdijtXTYDe8Yj154PtodNeAWmv96SPrXVrTgZ6QwUqjMhvrWZqBwBTKQ9eXGSaTSzWmejyHXqkLBT1busfpakjzvcagUEZmeTasmuT4qRxTwCs4LqFCj2tHfrdHq4o49VL63uV37D9ahJTf4QHGcmtwWRk7TAqD55QzWrvNQQyTSuPufbLdJ29Lan3aYixXxkBgGTwwRewqyjfeCjqgBck45xsg6p32FFsaoGgYVVQCUMvsBXbVteTGntiWWBLVmPD6K24iPosfb7ABxPQtw4KD6RgFphovLxdHKL1e3B1j5octvGvPgsbFBFTNQxEoDhGMf5cQRuDynsyyBLtt