✨ Objective
Redesign the user creation and wallet generation flow to enhance security and control. Currently, wallets are created at the time the admin registers a user, and the private key is encrypted using a generic password ("1234"). This issue aims to:
- Delay wallet creation until the user completes their signup process.
- Encrypt the private key using the actual password chosen by the user.
- Implement an email-based OTP (One-Time Password) to verify email ownership before setting the password and creating the wallet.
🛠 Tasks
📬 1. Initial Admin User Creation
- The admin creates a new user with an email.
- No wallet is generated at this stage.
- Backend sends an email to the user notifying that an account was created and prompting them to complete signup.
🔐 2. Email Verification + Signup
- Implement a new frontend page:
Frontend/app/sign-up/verify.tsx
- User accesses the page via a link with a secure token (sent by email).
Page asks the user to:
- Input the OTP sent to their email.
- Set a new password.
- Upon OTP validation, the user can proceed.
🧠 3. Wallet Generation with Password-Based Encryption
Once the password is set:
- Generate the wallet.
- Encrypt the wallet's private key using the password the user provided.
- Notify core team to store the encrypted private key in the database.
- Associate it with the user account.
🔄 4. Remove Generic "1234" Encryption Logic
- Eliminate or refactor any code that automatically encrypts private keys with "1234" during initial user creation.
💻 Files to Modify
Frontend
Frontend/app/api/users/route.ts — Remove wallet creation from this route.Frontend/app/sign-up/verify.tsx — New signup screen for password + OTP.Frontend/app/auth/ — Adjust logic for password setup and encryption trigger.
Backend
Backend/routes/user.js — Update user creation logic.- Add a secure OTP flow for email verification.
- Add logic to generate and encrypt wallet with user password.
- Ensure secure encryption method is used.
✅ Acceptance Criteria
- User receives an email with OTP and signup link.
- User verifies email and sets a password.
- Wallet is generated and private key is encrypted with the user's password.
- Encrypted private key is stored securely in the database.
- No default or hardcoded password encryption is used.
📦 Resources
User Creation Logic: Frontend/app/api/users/route.ts
✨ Objective
Redesign the user creation and wallet generation flow to enhance security and control. Currently, wallets are created at the time the admin registers a user, and the private key is encrypted using a generic password ("1234"). This issue aims to:
🛠 Tasks
📬 1. Initial Admin User Creation
🔐 2. Email Verification + Signup
Frontend/app/sign-up/verify.tsxPage asks the user to:
🧠 3. Wallet Generation with Password-Based Encryption
Once the password is set:
🔄 4. Remove Generic "1234" Encryption Logic
💻 Files to Modify
Frontend
Frontend/app/api/users/route.ts— Remove wallet creation from this route.Frontend/app/sign-up/verify.tsx— New signup screen for password + OTP.Frontend/app/auth/— Adjust logic for password setup and encryption trigger.Backend
Backend/routes/user.js— Update user creation logic.✅ Acceptance Criteria
📦 Resources
User Creation Logic:
Frontend/app/api/users/route.ts