Backend de trading-platform - Workspace V2
86e6303847
BLOCKER-001: Token Refresh Improvements (4 phases) - FASE 1: Rate limiting específico para /auth/refresh (15 req/15min per token) - FASE 2: Token rotation con SHA-256 hash y reuse detection - FASE 3: Session validation con cache de 30s (95% menos queries) - FASE 4: Proactive refresh con X-Token-Expires-At header E2E Tests: Video Upload Module (backend - 91 tests) - Suite 4: Controller tests (22 tests) - REST API endpoints validation - Suite 5: Service tests (29 tests) - Business logic and database operations - Suite 6: Storage tests (35 tests) - S3/R2 multipart upload integration - Suite 7: Full E2E flow (5 tests) - Complete pipeline validation Changes: - auth.middleware.ts: Session validation + token expiry header - rate-limiter.ts: Specific rate limiter for refresh endpoint - token.service.ts: Token rotation logic + session validation - session-cache.service.ts (NEW): 30s TTL cache for session validation - auth.types.ts: Extended types for session validation - auth.routes.ts: Applied refreshTokenRateLimiter - index.ts: Updated CORS to expose X-Token-Expires-At Tests created: - auth-token-refresh.test.ts (15 tests) - E2E token refresh flow - video-controller.test.ts (22 tests) - REST API validation - video-service.test.ts (29 tests) - Business logic validation - storage-service.test.ts (35 tests) - S3/R2 integration - video-upload-flow.test.ts (5 tests) - Complete pipeline Database migration executed: - Added refresh_token_hash and refresh_token_issued_at columns - Created index on refresh_token_hash for performance Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> |
||
|---|---|---|
| src | ||
| .env.example | ||
| .gitignore | ||
| Dockerfile | ||
| ENDPOINT-ROUTING.md | ||
| eslint.config.js | ||
| jest.config.ts | ||
| package-lock.json | ||
| package.json | ||
| README.md | ||
| service.descriptor.yml | ||
| swagger.yml | ||
| test-websocket.html | ||
| test-websocket.js | ||
| tsconfig.json | ||
| WEBSOCKET_IMPLEMENTATION_REPORT.md | ||
| WEBSOCKET_TESTING.md | ||
Trading Platform Backend API
Backend API para la plataforma Trading Platform.
Stack Tecnologico
- Runtime: Node.js >= 18.0.0
- Framework: Express.js 5.x
- Lenguaje: TypeScript 5.x
- Base de Datos: PostgreSQL 16 (pg driver)
- Autenticacion: JWT + Passport.js (OAuth2)
- Validacion: class-validator + zod
- Documentacion API: Swagger (OpenAPI 3.0)
Estructura del Proyecto
src/
├── config/ # Configuracion (env, swagger, database)
├── middleware/ # Middleware Express (auth, rate-limit, cors)
├── modules/ # Modulos de negocio
│ ├── admin/ # Administracion del sistema
│ ├── agents/ # Agentes de trading
│ ├── auth/ # Autenticacion y autorizacion
│ ├── education/ # Modulo educativo (gamificacion, quizzes)
│ ├── investment/ # Gestion de inversiones
│ ├── llm/ # Integracion LLM (Anthropic, OpenAI)
│ ├── ml/ # Senales ML y predicciones
│ ├── payments/ # Pagos y suscripciones (Stripe)
│ ├── portfolio/ # Gestion de portafolios
│ ├── trading/ # Operaciones de trading
│ └── users/ # Gestion de usuarios
├── services/ # Servicios compartidos
├── types/ # Tipos TypeScript
├── utils/ # Utilidades
└── index.ts # Entry point
Instalacion
# Instalar dependencias
npm install
# Copiar variables de entorno
cp .env.example .env
# Editar .env con credenciales
Variables de Entorno
# Server
PORT=3000
NODE_ENV=development
# Database
DATABASE_URL=postgresql://user:pass@localhost:5432/trading_platform
# JWT
JWT_SECRET=your-secret-key
JWT_EXPIRES_IN=7d
# OAuth (opcional)
GOOGLE_CLIENT_ID=
GOOGLE_CLIENT_SECRET=
# Stripe
STRIPE_SECRET_KEY=
STRIPE_WEBHOOK_SECRET=
# Redis (cache)
REDIS_URL=redis://localhost:6379
Scripts Disponibles
| Script | Descripcion |
|---|---|
npm run dev |
Desarrollo con hot-reload (tsx watch) |
npm run build |
Compilar TypeScript |
npm start |
Ejecutar build de produccion |
npm run lint |
Verificar codigo con ESLint |
npm run test |
Ejecutar tests con Jest |
npm run typecheck |
Verificar tipos TypeScript |
API Documentation
Swagger UI disponible en desarrollo:
http://localhost:3000/api/v1/docs
Modulos Principales
Auth (/api/v1/auth)
- Login/Register con email
- OAuth2 (Google, Apple, Facebook, GitHub)
- 2FA (TOTP + SMS)
- Refresh tokens
Trading (/api/v1/trading)
- Ordenes de compra/venta
- Historial de operaciones
- WebSocket para datos en tiempo real
ML Signals (/api/v1/ml)
- Predicciones de mercado
- Senales de trading
- Metricas de modelos
Payments (/api/v1/payments)
- Suscripciones con Stripe
- Facturacion
- Historial de pagos
WebSocket
Endpoint WebSocket para datos en tiempo real:
ws://localhost:3000/ws
Eventos soportados:
market:ticker- Precios en tiempo realsignals:update- Nuevas senales MLorders:update- Actualizaciones de ordenes
Testing
# Ejecutar todos los tests
npm test
# Tests con coverage
npm run test:coverage
# Tests en modo watch
npm run test:watch
Docker
# Build imagen
docker build -t trading-backend .
# Ejecutar contenedor
docker run -p 3000:3000 --env-file .env trading-backend
Documentacion Relacionada
Proyecto: Trading Platform Version: 0.1.0 Actualizado: 2026-01-07