Conversation
…was dropped) Follow-up to #1262. In production the structured provider context added by mapProviderFailure never appeared in the logs: the app logger (config/logger.ts) formats only `{ timestamp, level, message, label }` via a printf and discards any metadata object passed as the second argument. So `logger.error("Error registering ramp", { ...logContext })` logged only the bare message — we still could not tell which Avenia call failed (e.g. POST /v2/account/tickets) from the logs. Add `formatProviderContext(logContext)` which renders the provider/call/status/body as a message suffix, and append it to the register/update/start error logs. Non-provider failures get an empty suffix, so their log line is unchanged. The response body stays truncated to 300 chars and is server-side only (never returned to the caller). Removed the now-misleading `...logContext` spread into the (dropped) metadata object. Verified live after the #1262 rollout: register now returns 422 as intended, but the "Error registering ramp" line carried no provider fields — this restores the "where did it fail" diagnostic that was the point of the logging half of #1262. Tests: formatProviderContext unit tests (provider suffix contents + empty for non-provider). Security spec updated to note the logger drops metadata objects.
Brazilian clients care about the Binance USDT/BRL spot price more than the official fiat FX rate. Make getUsdToFiatExchangeRate try Binance first for currencies with a mapped USDT symbol (currently BRL via USDTBRL), then fall back to fastforex, then CoinGecko. - Add getBinanceUsdtToFiatRate() hitting the public /api/v3/ticker/price endpoint (no API key) and BINANCE_API_URL config (defaults to https://api.binance.com). - Generalize the sanity-band guard (assertFastforexRateWithinSanityBand -> assertRateWithinSanityBand) so the Binance rate is checked against the same CoinGecko reference and per-currency spread limits as fastforex. - Add verifyBinanceReachability() run at startup so a geo-block (HTTP 451) or outage logs loudly instead of silently degrading to the fiat fallback. - Update security spec (new binance.md, fastforex.md/README provider order). - Rewrite the price-priority test suite for the new order + Binance tests.
Address PR review: the provider response body is external input echoed from the provider's HTTP response, so embedding it verbatim in the log message allowed CR/LF to split the line or forge a fake log entry (CWE-117), and an ESC could inject terminal color codes. Add sanitizeProviderBody() to collapse control characters (0x00-0x1F, 0x7F) to a single space before the (already truncated) body is stored in the log context. The other embedded fields (provider, endpoint, method, numeric status) are code-defined constants and need no escaping. Test: a provider body containing \r\n and an ESC sequence is stripped so neither the logged body nor the formatted suffix can span multiple lines.
…robe - getBinanceUsdtToFiatRate now rejects a response whose `symbol` differs from the requested one, so a misconfigured BINANCE_API_URL or proxy returning a different market can't be accepted as a valid-but-wrong price. - verifyBinanceReachability is now fire-and-forget at startup so a blocked or hanging Binance call (up to the 30s fetch timeout) can't delay boot. - Add a symbol-mismatch fallback test; update Binance security spec.
…ource feat(api): use Binance USDT/BRL spot as primary USD<>BRL rate source
…ng-message fix(api): embed provider error context in ramp log message (metadata was dropped)
✅ Deploy Preview for vortex-sandbox ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
✅ Deploy Preview for vortexfi ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.