fix: resolve 13 important issues from code review

I1: Add graceful shutdown (SIGTERM/SIGINT) to all 5 background services I2: Fix Dockerfile healthcheck to use curl on /metrics endpoint I3: Fix StreamConsumer.ensure_group() to only catch BUSYGROUP errors I4: Fix SimulatedBroker to reject orders with insufficient cash/shares I5: Move ORM attribute access inside DB session context in trades routes I6: Add Redis-based rate limiting (10 req/min/IP) on all auth endpoints I8: Prevent backtest background task garbage collection I9: Use Numeric(16,6) instead of Float for financial columns in migration I10: Add index on trades.created_at for time-range queries I11: Bind infrastructure ports to 127.0.0.1 in docker-compose I12: Add migrations init service; all app services depend on it I13: Fix user enumeration in login_begin (return options for non-existent users)
2026-02-22 17:58:01 +00:00 · 2026-02-22 17:58:01 +00:00 · 5a6b20c8f1
commit 5a6b20c8f1
parent 2a56727267
13 changed files with 355 additions and 188 deletions
--- a/alembic/versions/a1b2c3d4e5f6_initial_schema.py
+++ b/alembic/versions/a1b2c3d4e5f6_initial_schema.py
@ -66,8 +66,8 @@ def upgrade() -> None:
            sa.Enum("BUY", "SELL", name="tradeside"),
            nullable=False,
        ),
-        sa.Column("qty", sa.Float, nullable=False),
-        sa.Column("price", sa.Float, nullable=False),
+        sa.Column("qty", sa.Numeric(16, 6), nullable=False),
+        sa.Column("price", sa.Numeric(16, 6), nullable=False),
        sa.Column("timestamp", sa.String, nullable=True),
        sa.Column(
            "strategy_id",
@ -87,8 +87,8 @@ def upgrade() -> None:
            nullable=False,
            server_default="PENDING",
        ),
-        sa.Column("pnl", sa.Float, nullable=True),
-        sa.Column("created_at", sa.DateTime(timezone=True), server_default=sa.func.now()),
+        sa.Column("pnl", sa.Numeric(16, 6), nullable=True),
+        sa.Column("created_at", sa.DateTime(timezone=True), server_default=sa.func.now(), index=True),
        sa.Column("updated_at", sa.DateTime(timezone=True), server_default=sa.func.now()),
    )

@ -96,11 +96,11 @@ def upgrade() -> None:
        "positions",
        sa.Column("id", postgresql.UUID(as_uuid=True), primary_key=True),
        sa.Column("ticker", sa.String(20), unique=True, nullable=False),
-        sa.Column("qty", sa.Float, nullable=False),
-        sa.Column("avg_entry", sa.Float, nullable=False),
-        sa.Column("unrealized_pnl", sa.Float, nullable=True),
-        sa.Column("stop_loss", sa.Float, nullable=True),
-        sa.Column("take_profit", sa.Float, nullable=True),
+        sa.Column("qty", sa.Numeric(16, 6), nullable=False),
+        sa.Column("avg_entry", sa.Numeric(16, 6), nullable=False),
+        sa.Column("unrealized_pnl", sa.Numeric(16, 6), nullable=True),
+        sa.Column("stop_loss", sa.Numeric(16, 6), nullable=True),
+        sa.Column("take_profit", sa.Numeric(16, 6), nullable=True),
        sa.Column("created_at", sa.DateTime(timezone=True), server_default=sa.func.now()),
        sa.Column("updated_at", sa.DateTime(timezone=True), server_default=sa.func.now()),
    )