Backend de trading-platform - Workspace V2
274ac85501
Comprehensive E2E tests validating PCI-DSS SAQ-A compliance for payment flows. New Files: - src/__tests__/e2e/payments-pci-dss.test.ts (600+ lines) - 7 test suites, 25+ test cases - Payment Intent flow (wallet deposit) - Checkout Session flow (hosted page) - Webhook signature verification - Payment Methods (tokenization) - Database schema validation (no sensitive columns) - API request validation (block sensitive data) - Stripe Elements integration contract - src/__tests__/e2e/README.md (350+ lines) - Test execution guide - PCI-DSS compliance checklist - Common test scenarios - Debugging guide - Coverage goals Test Coverage: ✅ NO card data ever touches our servers ✅ Payment Intents used (server-side processing) ✅ Stripe Elements used (client-side tokenization) ✅ Webhook signature verification ✅ Database schema has NO sensitive fields ✅ API blocks sensitive data in requests PCI-DSS Validation: - Wallet deposit flow (Payment Intent) - Checkout session (Stripe hosted) - Webhook handling (signature verification) - Payment method attachment (tokens only) - Database schema (no PAN/CVV columns) - Request validation (reject card data) Mock Infrastructure: - Stripe SDK fully mocked - Payment Intents creation - Checkout Sessions - Webhook signature verification - PaymentMethod attachment All tests validate that: 1. NO cardNumber, cvv, expiryDate ever sent to backend 2. Only Stripe tokens/IDs stored in database 3. Webhooks verified with Stripe signature 4. Payment confirmation happens via Stripe (not our code) Status: BLOCKER-002 (ST4.2) - Tests complete Task: #3 ST4.2.3 - Tests E2E flujos de pago PCI-DSS Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> |
||
|---|---|---|
| src | ||
| .env.example | ||
| .gitignore | ||
| Dockerfile | ||
| ENDPOINT-ROUTING.md | ||
| eslint.config.js | ||
| jest.config.ts | ||
| package-lock.json | ||
| package.json | ||
| README.md | ||
| service.descriptor.yml | ||
| swagger.yml | ||
| test-websocket.html | ||
| test-websocket.js | ||
| tsconfig.json | ||
| WEBSOCKET_IMPLEMENTATION_REPORT.md | ||
| WEBSOCKET_TESTING.md | ||
Trading Platform Backend API
Backend API para la plataforma Trading Platform.
Stack Tecnologico
- Runtime: Node.js >= 18.0.0
- Framework: Express.js 5.x
- Lenguaje: TypeScript 5.x
- Base de Datos: PostgreSQL 16 (pg driver)
- Autenticacion: JWT + Passport.js (OAuth2)
- Validacion: class-validator + zod
- Documentacion API: Swagger (OpenAPI 3.0)
Estructura del Proyecto
src/
├── config/ # Configuracion (env, swagger, database)
├── middleware/ # Middleware Express (auth, rate-limit, cors)
├── modules/ # Modulos de negocio
│ ├── admin/ # Administracion del sistema
│ ├── agents/ # Agentes de trading
│ ├── auth/ # Autenticacion y autorizacion
│ ├── education/ # Modulo educativo (gamificacion, quizzes)
│ ├── investment/ # Gestion de inversiones
│ ├── llm/ # Integracion LLM (Anthropic, OpenAI)
│ ├── ml/ # Senales ML y predicciones
│ ├── payments/ # Pagos y suscripciones (Stripe)
│ ├── portfolio/ # Gestion de portafolios
│ ├── trading/ # Operaciones de trading
│ └── users/ # Gestion de usuarios
├── services/ # Servicios compartidos
├── types/ # Tipos TypeScript
├── utils/ # Utilidades
└── index.ts # Entry point
Instalacion
# Instalar dependencias
npm install
# Copiar variables de entorno
cp .env.example .env
# Editar .env con credenciales
Variables de Entorno
# Server
PORT=3000
NODE_ENV=development
# Database
DATABASE_URL=postgresql://user:pass@localhost:5432/trading_platform
# JWT
JWT_SECRET=your-secret-key
JWT_EXPIRES_IN=7d
# OAuth (opcional)
GOOGLE_CLIENT_ID=
GOOGLE_CLIENT_SECRET=
# Stripe
STRIPE_SECRET_KEY=
STRIPE_WEBHOOK_SECRET=
# Redis (cache)
REDIS_URL=redis://localhost:6379
Scripts Disponibles
| Script | Descripcion |
|---|---|
npm run dev |
Desarrollo con hot-reload (tsx watch) |
npm run build |
Compilar TypeScript |
npm start |
Ejecutar build de produccion |
npm run lint |
Verificar codigo con ESLint |
npm run test |
Ejecutar tests con Jest |
npm run typecheck |
Verificar tipos TypeScript |
API Documentation
Swagger UI disponible en desarrollo:
http://localhost:3000/api/v1/docs
Modulos Principales
Auth (/api/v1/auth)
- Login/Register con email
- OAuth2 (Google, Apple, Facebook, GitHub)
- 2FA (TOTP + SMS)
- Refresh tokens
Trading (/api/v1/trading)
- Ordenes de compra/venta
- Historial de operaciones
- WebSocket para datos en tiempo real
ML Signals (/api/v1/ml)
- Predicciones de mercado
- Senales de trading
- Metricas de modelos
Payments (/api/v1/payments)
- Suscripciones con Stripe
- Facturacion
- Historial de pagos
WebSocket
Endpoint WebSocket para datos en tiempo real:
ws://localhost:3000/ws
Eventos soportados:
market:ticker- Precios en tiempo realsignals:update- Nuevas senales MLorders:update- Actualizaciones de ordenes
Testing
# Ejecutar todos los tests
npm test
# Tests con coverage
npm run test:coverage
# Tests en modo watch
npm run test:watch
Docker
# Build imagen
docker build -t trading-backend .
# Ejecutar contenedor
docker run -p 3000:3000 --env-file .env trading-backend
Documentacion Relacionada
Proyecto: Trading Platform Version: 0.1.0 Actualizado: 2026-01-07