shoko/randebu
1
0
Fork 0
Code Issues 6 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Compare commits

merge into: shoko:fix/issue-3
Branches Tags
shoko:main shoko:fix/issue-60 shoko:fix/issue-59 shoko:fix/issue-63 shoko:fix/issue-57 shoko:fix/issue-56 shoko:pr-58 shoko:feat/conversational-agent-with-tools shoko:fix/crypto-randomuuid-fallback shoko:fix/chat-timeout-handling shoko:fix/display-user-messages shoko:fix/minimax-connector-model shoko:fix/minimax-endpoint-v2 shoko:fix/minimax-api-endpoint-v2 shoko:feat/41-return-token-on-register shoko:fix/bcrypt-compatibility shoko:fix/ai-agent-imports shoko:fix/issue-30 shoko:fix/issue-29 shoko:fix/issue-28 shoko:fix/issue-25 shoko:fix/issue-31 shoko:fix/issue-27 shoko:fix/issue-26 shoko:fix/issue-12 shoko:fix/issue-11 shoko:fix/issue-10 shoko:fix/issue-9 shoko:fix/issue-8 shoko:fix/issue-7 shoko:fix/issue-6 shoko:fix/issue-5 shoko:fix/issue-4 shoko:fix/issue-3 shoko:fix/issue-2
shoko:0.1.0
...
pull from: shoko:fix/issue-5
Branches Tags
shoko:main shoko:fix/issue-60 shoko:fix/issue-59 shoko:fix/issue-63 shoko:fix/issue-57 shoko:fix/issue-56 shoko:pr-58 shoko:feat/conversational-agent-with-tools shoko:fix/crypto-randomuuid-fallback shoko:fix/chat-timeout-handling shoko:fix/display-user-messages shoko:fix/minimax-connector-model shoko:fix/minimax-endpoint-v2 shoko:fix/minimax-api-endpoint-v2 shoko:feat/41-return-token-on-register shoko:fix/bcrypt-compatibility shoko:fix/ai-agent-imports shoko:fix/issue-30 shoko:fix/issue-29 shoko:fix/issue-28 shoko:fix/issue-25 shoko:fix/issue-31 shoko:fix/issue-27 shoko:fix/issue-26 shoko:fix/issue-12 shoko:fix/issue-11 shoko:fix/issue-10 shoko:fix/issue-9 shoko:fix/issue-8 shoko:fix/issue-7 shoko:fix/issue-6 shoko:fix/issue-5 shoko:fix/issue-4 shoko:fix/issue-3 shoko:fix/issue-2
shoko:0.1.0

4 Commits
fix/issue- ... fix/issue-

Author SHA1 Message Date
shokollm
429d46c6d0 feat: implement bot CRUD with 3-bot limit per user 2026-04-08 06:05:43 +00:00
shoko
a2f0c9a0e9 Merge pull request '[Backend] Auth System - JWT Authentication' (#15) from fix/issue-4 into main 2026-04-08 08:01:24 +02:00
shokollm
42640679c7 feat: implement JWT authentication system 
- Add register endpoint with bcrypt password hashing
- Add login endpoint returning JWT tokens
- Add logout endpoint with token blacklisting
- Add /me endpoint for current user info
- Add rate limiting (5/minute) for login attempts using slowapi
- Add user settings GET and PATCH endpoints
- Create auth middleware via get_current_user dependency
- Add UserSettings and UserSettingsUpdate schemas
 2026-04-08 05:48:38 +00:00
shoko
f59e595ffd Merge pull request '[Backend] Database Models - Add missing Pydantic schemas' (#14) from fix/issue-3 into main 2026-04-08 06:57:46 +02:00
6 changed files with 318 additions and 54 deletions
Expand all files Collapse all files

129
src/backend/app/api/auth.py
View File

@@ -1,7 +1,6 @@
from fastapi import APIRouter, Depends, HTTPException, status from fastapi import APIRouter, Depends, HTTPException, status, Request
from fastapi.security import OAuth2PasswordBearer, OAuth2PasswordRequestForm from fastapi.security import OAuth2PasswordBearer, OAuth2PasswordRequestForm
from sqlalchemy.orm import Session from sqlalchemy.orm import Session
from datetime import timedelta
from typing import Annotated from typing import Annotated
from ..core.database import get_db from ..core.database import get_db
@@ -12,41 +11,133 @@ from ..core.security import (
verify_token, verify_token,
) )
from ..core.config import get_settings from ..core.config import get_settings
from ..db.schemas import UserCreate, UserResponse, Token from ..core.limiter import limiter
from ..db.schemas import (
UserCreate,
UserResponse,
Token,
UserSettings,
UserSettingsUpdate,
)
from ..db.models import User
router = APIRouter() router = APIRouter()
settings = get_settings() settings = get_settings()
oauth2_scheme = OAuth2PasswordBearer(tokenUrl="/api/auth/token") oauth2_scheme = OAuth2PasswordBearer(tokenUrl="/api/auth/login")
TOKEN_BLACKLIST = set()
@router.post("/register", response_model=UserResponse) def get_current_user(
token: Annotated[str, Depends(oauth2_scheme)], db: Session = Depends(get_db)
) -> User:
if token in TOKEN_BLACKLIST:
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Token has been revoked",
)
payload = verify_token(token)
if payload is None:
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Invalid or expired token",
)
user_id = payload.get("sub")
if user_id is None:
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Invalid token payload",
)
user = db.query(User).filter(User.id == user_id).first()
if user is None:
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="User not found",
)
return user
@router.post(
"/register", response_model=UserResponse, status_code=status.HTTP_201_CREATED
)
def register(user: UserCreate, db: Session = Depends(get_db)): def register(user: UserCreate, db: Session = Depends(get_db)):
raise HTTPException( existing_user = db.query(User).filter(User.email == user.email).first()
status_code=status.HTTP_501_NOT_IMPLEMENTED, detail="Not implemented" if existing_user:
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail="Email already registered",
)
hashed_password = get_password_hash(user.password)
db_user = User(
email=user.email,
password_hash=hashed_password,
) )
db.add(db_user)
db.commit()
db.refresh(db_user)
return db_user
@router.post("/login") @router.post("/login", response_model=Token)
@limiter.limit("5/minute")
def login( def login(
request: Request,
form_data: Annotated[OAuth2PasswordRequestForm, Depends()], form_data: Annotated[OAuth2PasswordRequestForm, Depends()],
db: Session = Depends(get_db), db: Session = Depends(get_db),
): ):
raise HTTPException( user = db.query(User).filter(User.email == form_data.username).first()
status_code=status.HTTP_501_NOT_IMPLEMENTED, detail="Not implemented" if not user or not verify_password(form_data.password, user.password_hash):
) raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Incorrect email or password",
)
access_token = create_access_token(data={"sub": user.id})
return Token(access_token=access_token, token_type="bearer")
@router.post("/logout") @router.post("/logout")
def logout(token: Annotated[str, Depends(oauth2_scheme)]): def logout(
raise HTTPException( current_user: Annotated[User, Depends(get_current_user)],
status_code=status.HTTP_501_NOT_IMPLEMENTED, detail="Not implemented" token: Annotated[str, Depends(oauth2_scheme)],
) ):
TOKEN_BLACKLIST.add(token)
return {"message": "Successfully logged out"}
@router.get("/me", response_model=UserResponse) @router.get("/me", response_model=UserResponse)
def get_me( def get_me(
token: Annotated[str, Depends(oauth2_scheme)], db: Session = Depends(get_db) current_user: Annotated[User, Depends(get_current_user)],
): ):
raise HTTPException( return current_user
status_code=status.HTTP_501_NOT_IMPLEMENTED, detail="Not implemented"
)
@router.get("/settings", response_model=UserSettings)
def get_settings_endpoint(
current_user: Annotated[User, Depends(get_current_user)],
):
return UserSettings(email=current_user.email)
@router.patch("/settings", response_model=UserSettings)
def update_settings(
current_user: Annotated[User, Depends(get_current_user)],
settings_update: UserSettingsUpdate,
db: Session = Depends(get_db),
):
if settings_update.email:
existing = (
db.query(User)
.filter(User.email == settings_update.email, User.id != current_user.id)
.first()
)
if existing:
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail="Email already in use",
)
current_user.email = settings_update.email
if settings_update.password:
current_user.password_hash = get_password_hash(settings_update.password)
db.commit()
db.refresh(current_user)
return UserSettings(email=current_user.email)

224
src/backend/app/api/bots.py
View File

@@ -1,57 +1,211 @@
from fastapi import APIRouter, Depends, HTTPException, status from fastapi import APIRouter, Depends, HTTPException, status
from sqlalchemy.orm import Session from sqlalchemy.orm import Session
from typing import List from typing import List, Annotated
from .auth import get_current_user
from ..core.database import get_db from ..core.database import get_db
from ..db.schemas import BotCreate, BotUpdate, BotResponse from ..db.schemas import (
BotCreate,
BotUpdate,
BotResponse,
BotConversationCreate,
BotConversationResponse,
)
from ..db.models import Bot, BotConversation, User
router = APIRouter() router = APIRouter()
MAX_BOTS_PER_USER = 3
@router.get("", response_model=List[BotResponse]) @router.get("", response_model=List[BotResponse])
def list_bots(db: Session = Depends(get_db)): def list_bots(
raise HTTPException( current_user: Annotated[User, Depends(get_current_user)],
status_code=status.HTTP_501_NOT_IMPLEMENTED, detail="Not implemented" db: Session = Depends(get_db),
) ):
bots = db.query(Bot).filter(Bot.user_id == current_user.id).all()
return bots
@router.post("", response_model=BotResponse) @router.post("", response_model=BotResponse, status_code=status.HTTP_201_CREATED)
def create_bot(bot: BotCreate, db: Session = Depends(get_db)): def create_bot(
raise HTTPException( bot_data: BotCreate,
status_code=status.HTTP_501_NOT_IMPLEMENTED, detail="Not implemented" current_user: Annotated[User, Depends(get_current_user)],
db: Session = Depends(get_db),
):
user_bot_count = db.query(Bot).filter(Bot.user_id == current_user.id).count()
if user_bot_count >= MAX_BOTS_PER_USER:
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail=f"Maximum of {MAX_BOTS_PER_USER} bots per user exceeded",
)
existing_bot = (
db.query(Bot)
.filter(Bot.user_id == current_user.id, Bot.name == bot_data.name)
.first()
) )
if existing_bot:
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail="Bot name must be unique per user",
)
db_bot = Bot(
user_id=current_user.id,
name=bot_data.name,
description=bot_data.description,
strategy_config=bot_data.strategy_config,
llm_config=bot_data.llm_config,
)
db.add(db_bot)
db.commit()
db.refresh(db_bot)
return db_bot
@router.get("/{bot_id}", response_model=BotResponse) @router.get("/{bot_id}", response_model=BotResponse)
def get_bot(bot_id: str, db: Session = Depends(get_db)): def get_bot(
raise HTTPException( bot_id: str,
status_code=status.HTTP_501_NOT_IMPLEMENTED, detail="Not implemented" current_user: Annotated[User, Depends(get_current_user)],
) db: Session = Depends(get_db),
):
bot = db.query(Bot).filter(Bot.id == bot_id).first()
if not bot:
raise HTTPException(
status_code=status.HTTP_404_NOT_FOUND,
detail="Bot not found",
)
if bot.user_id != current_user.id:
raise HTTPException(
status_code=status.HTTP_403_FORBIDDEN,
detail="Not authorized to access this bot",
)
return bot
@router.put("/{bot_id}", response_model=BotResponse) @router.put("/{bot_id}", response_model=BotResponse)
def update_bot(bot_id: str, bot: BotUpdate, db: Session = Depends(get_db)): def update_bot(
raise HTTPException( bot_id: str,
status_code=status.HTTP_501_NOT_IMPLEMENTED, detail="Not implemented" bot_data: BotUpdate,
current_user: Annotated[User, Depends(get_current_user)],
db: Session = Depends(get_db),
):
bot = db.query(Bot).filter(Bot.id == bot_id).first()
if not bot:
raise HTTPException(
status_code=status.HTTP_404_NOT_FOUND,
detail="Bot not found",
)
if bot.user_id != current_user.id:
raise HTTPException(
status_code=status.HTTP_403_FORBIDDEN,
detail="Not authorized to update this bot",
)
if bot_data.name is not None:
existing_bot = (
db.query(Bot)
.filter(
Bot.user_id == current_user.id,
Bot.name == bot_data.name,
Bot.id != bot_id,
)
.first()
)
if existing_bot:
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail="Bot name must be unique per user",
)
bot.name = bot_data.name
if bot_data.description is not None:
bot.description = bot_data.description
if bot_data.strategy_config is not None:
bot.strategy_config = bot_data.strategy_config
if bot_data.llm_config is not None:
bot.llm_config = bot_data.llm_config
if bot_data.status is not None:
bot.status = bot_data.status
db.commit()
db.refresh(bot)
return bot
@router.delete("/{bot_id}", status_code=status.HTTP_204_NO_CONTENT)
def delete_bot(
bot_id: str,
current_user: Annotated[User, Depends(get_current_user)],
db: Session = Depends(get_db),
):
bot = db.query(Bot).filter(Bot.id == bot_id).first()
if not bot:
raise HTTPException(
status_code=status.HTTP_404_NOT_FOUND,
detail="Bot not found",
)
if bot.user_id != current_user.id:
raise HTTPException(
status_code=status.HTTP_403_FORBIDDEN,
detail="Not authorized to delete this bot",
)
db.delete(bot)
db.commit()
@router.post("/{bot_id}/chat", response_model=BotConversationResponse)
def chat(
bot_id: str,
message: BotConversationCreate,
current_user: Annotated[User, Depends(get_current_user)],
db: Session = Depends(get_db),
):
bot = db.query(Bot).filter(Bot.id == bot_id).first()
if not bot:
raise HTTPException(
status_code=status.HTTP_404_NOT_FOUND,
detail="Bot not found",
)
if bot.user_id != current_user.id:
raise HTTPException(
status_code=status.HTTP_403_FORBIDDEN,
detail="Not authorized to chat with this bot",
)
db_conversation = BotConversation(
bot_id=bot_id,
role=message.role,
content=message.content,
) )
db.add(db_conversation)
db.commit()
db.refresh(db_conversation)
return db_conversation
@router.delete("/{bot_id}") @router.get("/{bot_id}/history", response_model=List[BotConversationResponse])
def delete_bot(bot_id: str, db: Session = Depends(get_db)): def get_history(
raise HTTPException( bot_id: str,
status_code=status.HTTP_501_NOT_IMPLEMENTED, detail="Not implemented" current_user: Annotated[User, Depends(get_current_user)],
) db: Session = Depends(get_db),
):
bot = db.query(Bot).filter(Bot.id == bot_id).first()
@router.post("/{bot_id}/chat") if not bot:
def chat(bot_id: str, message: dict, db: Session = Depends(get_db)): raise HTTPException(
raise HTTPException( status_code=status.HTTP_404_NOT_FOUND,
status_code=status.HTTP_501_NOT_IMPLEMENTED, detail="Not implemented" detail="Bot not found",
) )
if bot.user_id != current_user.id:
raise HTTPException(
@router.get("/{bot_id}/history") status_code=status.HTTP_403_FORBIDDEN,
def get_history(bot_id: str, db: Session = Depends(get_db)): detail="Not authorized to access this bot's history",
raise HTTPException( )
status_code=status.HTTP_501_NOT_IMPLEMENTED, detail="Not implemented"
conversations = (
db.query(BotConversation)
.filter(BotConversation.bot_id == bot_id)
.order_by(BotConversation.created_at)
.all()
) )
return conversations

4
src/backend/app/core/limiter.py Normal file
View File

@@ -0,0 +1,4 @@
from slowapi import Limiter
from slowapi.util import get_remote_address
limiter = Limiter(key_func=get_remote_address)

9
src/backend/app/db/schemas.py
View File

@@ -23,6 +23,15 @@ class Token(BaseModel):
token_type: str token_type: str
class UserSettings(BaseModel):
email: EmailStr
class UserSettingsUpdate(BaseModel):
email: Optional[EmailStr] = None
password: Optional[str] = None
class BotCreate(BaseModel): class BotCreate(BaseModel):
name: str name: str
description: Optional[str] = None description: Optional[str] = None

5
src/backend/app/main.py
View File

@@ -1,6 +1,9 @@
from fastapi import FastAPI from fastapi import FastAPI
from fastapi.middleware.cors import CORSMiddleware from fastapi.middleware.cors import CORSMiddleware
from slowapi import Limiter
from slowapi.util import get_remote_address
from .api import auth, bots, backtest, simulate, config from .api import auth, bots, backtest, simulate, config
from .core.limiter import limiter
app = FastAPI( app = FastAPI(
title="Randebu Trading Bot API", title="Randebu Trading Bot API",
@@ -8,6 +11,8 @@ app = FastAPI(
version="0.1.0", version="0.1.0",
) )
app.state.limiter = limiter
app.add_middleware( app.add_middleware(
CORSMiddleware, CORSMiddleware,
allow_origins=["*"], allow_origins=["*"],

1
src/backend/requirements.txt
View File

@@ -10,3 +10,4 @@ crewai>=0.1.0
anthropic>=0.18.0 anthropic>=0.18.0
httpx>=0.26.0 httpx>=0.26.0
python-multipart>=0.0.6 python-multipart>=0.0.6
slowapi>=0.1.9