hardening(anchor): remove default Ergo API key and wallet password

Co-authored-by: liu971227-sys <248239659+liu971227-sys@users.noreply.github.com>

Author: liu971227-sys

ergo-anchor/ergo_miner_anchor.py

@@ -4,21 +4,31 @@
 from hashlib import blake2b
 
 ERGO_NODE = os.environ.get("ERGO_NODE", "http://localhost:9053")
-ERGO_API_KEY = os.environ.get("ERGO_API_KEY", "BE7YM1fYWrMQ9tSmxAc9jzLNw42nEXTX")
+ERGO_API_KEY = os.environ.get("ERGO_API_KEY", "")
+ERGO_WALLET_PASSWORD = os.environ.get("ERGO_WALLET_PASSWORD", "")
 DB_PATH = "/root/rustchain/rustchain_v2.db"
 ANCHOR_VALUE = 1000000  # 0.001 ERG min box size
 
 class ErgoMinerAnchor:
     def __init__(self):
         self.session = requests.Session()
-        self.session.headers["api_key"] = ERGO_API_KEY
+        if ERGO_API_KEY:
+            self.session.headers["api_key"] = ERGO_API_KEY
         self.session.headers["Content-Type"] = "application/json"
 
-    def unlock_wallet(self, password="rustchain123"):
+    def unlock_wallet(self, password=None):
         """Unlock wallet if needed."""
-        status = self.session.get(ERGO_NODE + "/wallet/status").json()
+        status_resp = self.session.get(ERGO_NODE + "/wallet/status")
+        if status_resp.status_code != 200:
+            return False
+        status = status_resp.json()
         if not status.get("isUnlocked"):
-            self.session.post(ERGO_NODE + "/wallet/unlock", json={"pass": password})
+            pwd = password if password is not None else ERGO_WALLET_PASSWORD
+            if not pwd:
+                return False
+            unlock_resp = self.session.post(ERGO_NODE + "/wallet/unlock", json={"pass": pwd})
+            return unlock_resp.status_code == 200
+        return True
 
     def get_recent_miners(self, limit=10):
         conn = sqlite3.connect(DB_PATH)
@@ -43,7 +53,10 @@ def get_rc_slot(self):
 
     def create_anchor_tx(self, miners):
         """Create zero-fee anchor TX with miner data in registers."""
-        self.unlock_wallet()
+        if not ERGO_API_KEY:
+            return {"success": False, "error": "ERGO_API_KEY not configured"}
+        if not self.unlock_wallet():
+            return {"success": False, "error": "Wallet locked or unlock failed"}
 
         commitment = self.compute_commitment(miners)
         rc_slot = self.get_rc_slot()

node/ergo_miner_anchor.py

@@ -4,21 +4,31 @@
 from hashlib import blake2b
 
 ERGO_NODE = os.environ.get("ERGO_NODE", "http://localhost:9053")
-ERGO_API_KEY = os.environ.get("ERGO_API_KEY", "BE7YM1fYWrMQ9tSmxAc9jzLNw42nEXTX")
+ERGO_API_KEY = os.environ.get("ERGO_API_KEY", "")
+ERGO_WALLET_PASSWORD = os.environ.get("ERGO_WALLET_PASSWORD", "")
 DB_PATH = "/root/rustchain/rustchain_v2.db"
 ANCHOR_VALUE = 1000000  # 0.001 ERG min box size
 
 class ErgoMinerAnchor:
     def __init__(self):
         self.session = requests.Session()
-        self.session.headers["api_key"] = ERGO_API_KEY
+        if ERGO_API_KEY:
+            self.session.headers["api_key"] = ERGO_API_KEY
         self.session.headers["Content-Type"] = "application/json"
 
-    def unlock_wallet(self, password="rustchain123"):
+    def unlock_wallet(self, password=None):
         """Unlock wallet if needed."""
-        status = self.session.get(ERGO_NODE + "/wallet/status").json()
+        status_resp = self.session.get(ERGO_NODE + "/wallet/status")
+        if status_resp.status_code != 200:
+            return False
+        status = status_resp.json()
         if not status.get("isUnlocked"):
-            self.session.post(ERGO_NODE + "/wallet/unlock", json={"pass": password})
+            pwd = password if password is not None else ERGO_WALLET_PASSWORD
+            if not pwd:
+                return False
+            unlock_resp = self.session.post(ERGO_NODE + "/wallet/unlock", json={"pass": pwd})
+            return unlock_resp.status_code == 200
+        return True
 
     def get_recent_miners(self, limit=10):
         conn = sqlite3.connect(DB_PATH)
@@ -43,7 +53,10 @@ def get_rc_slot(self):
 
     def create_anchor_tx(self, miners):
         """Create zero-fee anchor TX with miner data in registers."""
-        self.unlock_wallet()
+        if not ERGO_API_KEY:
+            return {"success": False, "error": "ERGO_API_KEY not configured"}
+        if not self.unlock_wallet():
+            return {"success": False, "error": "Wallet locked or unlock failed"}
 
         commitment = self.compute_commitment(miners)
         rc_slot = self.get_rc_slot()

node/ergo_raw_tx.py

@@ -4,7 +4,7 @@
 from hashlib import blake2b
 
 ERGO_NODE = "http://localhost:9053"
-ERGO_API_KEY = os.environ.get("ERGO_API_KEY", "BE7YM1fYWrMQ9tSmxAc9jzLNw42nEXTX")
+ERGO_API_KEY = os.environ.get("ERGO_API_KEY", "")
 DB_PATH = "/root/rustchain/rustchain_v2.db"
 
 def encode_coll_byte(hex_str):

node/run_anchor_service.py

@@ -4,13 +4,11 @@
 import sys
 import time
 
-# Set env vars
-os.environ["ERGO_NODE_URL"] = "http://localhost:9053"
-os.environ["ERGO_API_KEY"] = "hello"
-
 from rustchain_ergo_anchor import AnchorService, ErgoClient
 
-DB_PATH = "/root/rustchain/rustchain_v2.db"
+DB_PATH = os.environ.get("DB_PATH", "/root/rustchain/rustchain_v2.db")
+ERGO_NODE_URL = os.environ.get("ERGO_NODE_URL", "http://localhost:9053")
+ERGO_API_KEY = os.environ.get("ERGO_API_KEY", "")
 
 print("=" * 60)
 print("RustChain -> Ergo Anchor Service Starting")
@@ -20,11 +18,14 @@
 client = ErgoClient()
 info = client.get_info()
 if info:
-    print(f"Ergo height: {info.get(\"fullHeight\", \"N/A\")}")
+    print(f"Ergo height: {info.get('fullHeight', 'N/A')}")
 else:
     print("WARNING: Cannot connect to Ergo node")
     sys.exit(1)
 
+if not ERGO_API_KEY:
+    print("WARNING: ERGO_API_KEY is not set; wallet operations may fail.")
+
 service = AnchorService(
     db_path=DB_PATH,
     ergo_client=client,