added robinhood#8050
Conversation
Summary by CodeRabbit
WalkthroughThe Ape Store adapter broadens its HTTP utility imports and updates Base, Ethereum, and Robinhood fetch implementations to return only ChangesApe Store volume adapter
Estimated code review effort: 2 (Simple) | ~10 minutes Suggested labels: 🚥 Pre-merge checks | ✅ 11 | ❌ 4❌ Failed checks (4 warnings)
✅ Passed checks (11 passed)
✨ Finishing Touches✨ Simplify code
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@dexs/apestore/index.ts`:
- Around line 47-51: Replace the hardcoded Authorization value in the httpPost
call with a securely sourced environment variable or secret-store value, and
validate that it is configured before making the request; do not add a comment
to justify retaining the secret in source.
- Around line 53-57: Update the affected fetch return object to include only
dailyVolume; remove timestamp and deprecated totalVolume. Also inspect the
existing base and eth adapters in the same file and remove those fields from
their fetch results to keep all adapters consistent.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: ASSERTIVE
Plan: Pro
Run ID: 19a24b61-2585-4932-9385-40f5269bb1bf
📒 Files selected for processing (1)
dexs/apestore/index.ts
| const volumeData: VolumeInfo = await httpPost('https://api.ape.store/robinhood/volume', { date: options.startOfDay }, { | ||
| headers: { | ||
| "Authorization": "92ff54fa-80b7-4f2c-bae1-f862ea7525ae" | ||
| }, | ||
| }); |
There was a problem hiding this comment.
🔒 Security & Privacy | 🟠 Major | ⚡ Quick win
Hardcoded API key in source code without comment.
The Authorization header value "92ff54fa-80b7-4f2c-bae1-f862ea7525ae" is a secret hardcoded directly in source. Per coding guidelines, hardcoded values should have a comment and source link so maintainers can verify them. More importantly, embedding API keys in source code is a security risk — consider using an environment variable or secret store.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@dexs/apestore/index.ts` around lines 47 - 51, Replace the hardcoded
Authorization value in the httpPost call with a securely sourced environment
variable or secret-store value, and validate that it is configured before making
the request; do not add a comment to justify retaining the secret in source.
Source: Coding guidelines
There was a problem hiding this comment.
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (2)
dexs/apestore/index.ts (2)
17-17: 🔒 Security & Privacy | 🟠 Major | ⚡ Quick winHardcoded API key remains unaddressed.
The
Authorizationheader value"92ff54fa-80b7-4f2c-bae1-f862ea7525ae"is still hardcoded across all three adapters (lines 17, 31, 45). This was previously flagged and has not been addressed. Per coding guidelines, hardcoded values should have a comment and source link. More importantly, embedding API keys in source is a security risk.Also applies to: 31-31, 45-45
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@dexs/apestore/index.ts` at line 17, Remove the hardcoded Authorization value from all three adapters using the affected request definitions, and load it from a secure configuration source such as an environment variable or secret manager. Validate that the configured credential exists before making requests and update each Authorization header consistently.
15-15: 🎯 Functional Correctness | 🟡 Minor | ⚡ Quick winSwitch this adapter to
version: 1. These endpoints take a dailydateand return daily volume, so hourly v2 polling will just repeat the same request. If it stays v2, addpullHourly: trueand drive the request fromstartTimestamp/fromTimestampinstead ofstartOfDay.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@dexs/apestore/index.ts` at line 15, Update the ape.store adapter request around VolumeInfo to use version: 1, since the endpoint is daily and keyed by options.startOfDay; alternatively, retain version 2 only by setting pullHourly: true and changing the request parameters to use startTimestamp/fromTimestamp.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Outside diff comments:
In `@dexs/apestore/index.ts`:
- Line 17: Remove the hardcoded Authorization value from all three adapters
using the affected request definitions, and load it from a secure configuration
source such as an environment variable or secret manager. Validate that the
configured credential exists before making requests and update each
Authorization header consistently.
- Line 15: Update the ape.store adapter request around VolumeInfo to use
version: 1, since the endpoint is daily and keyed by options.startOfDay;
alternatively, retain version 2 only by setting pullHourly: true and changing
the request parameters to use startTimestamp/fromTimestamp.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: ASSERTIVE
Plan: Pro
Run ID: f14addb2-3d0f-491e-a67e-8100a5e03c45
📒 Files selected for processing (1)
dexs/apestore/index.ts
|
@mrben1 thanks for the PR |
NOTE
Please enable "Allow edits by maintainers" while putting up the PR.
package.json/package-lock.jsonfile as part of your changesName (to be shown on DefiLlama):
Twitter Link:
List of audit links if any:
Website Link:
Logo (High resolution, will be shown with rounded borders):
Current TVL:
Treasury Addresses (if the protocol has treasury)
Chain:
Coingecko ID (so your TVL can appear on Coingecko, leave empty if not listed): (https://api.coingecko.com/api/v3/coins/list)
Coinmarketcap ID (so your TVL can appear on Coinmarketcap, leave empty if not listed): (https://api.coinmarketcap.com/data-api/v3/map/all?listing_status=active,inactive,untracked&start=1&limit=10000)
Short Description (to be shown on DefiLlama):
Token address and ticker if any:
Category (full list at https://defillama.com/categories) *Please choose only one:
Oracle Provider(s): Specify the oracle(s) used (e.g., Chainlink, Band, API3, TWAP, etc.):
Implementation Details: Briefly describe how the oracle is integrated into your project:
Documentation/Proof: Provide links to documentation or any other resources that verify the oracle's usage:
forkedFrom (Does your project originate from another project):
methodology (what is being counted as tvl, how is tvl being calculated):
Github org/user (Optional, if your code is open source, we can track activity):
Does this project have a referral program?