fix: resolve 13 important issues from code review

I1: Add graceful shutdown (SIGTERM/SIGINT) to all 5 background services I2: Fix Dockerfile healthcheck to use curl on /metrics endpoint I3: Fix StreamConsumer.ensure_group() to only catch BUSYGROUP errors I4: Fix SimulatedBroker to reject orders with insufficient cash/shares I5: Move ORM attribute access inside DB session context in trades routes I6: Add Redis-based rate limiting (10 req/min/IP) on all auth endpoints I8: Prevent backtest background task garbage collection I9: Use Numeric(16,6) instead of Float for financial columns in migration I10: Add index on trades.created_at for time-range queries I11: Bind infrastructure ports to 127.0.0.1 in docker-compose I12: Add migrations init service; all app services depend on it I13: Fix user enumeration in login_begin (return options for non-existent users)
2026-02-22 17:58:01 +00:00 · 2026-02-22 17:58:01 +00:00 · 5a6b20c8f1
commit 5a6b20c8f1
parent 2a56727267
13 changed files with 355 additions and 188 deletions
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -9,7 +9,7 @@ services:
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-trading}
      POSTGRES_DB: trading
    ports:
-      - "5432:5432"
+      - "127.0.0.1:5432:5432"
    volumes:
      - pgdata:/var/lib/postgresql/data
    healthcheck:
@ -21,7 +21,7 @@ services:
  redis:
    image: redis:7-alpine
    ports:
-      - "6379:6379"
+      - "127.0.0.1:6379:6379"
    volumes:
      - redisdata:/data
    healthcheck:
@ -33,10 +33,27 @@ services:
  ollama:
    image: ollama/ollama:latest
    ports:
-      - "11434:11434"
+      - "127.0.0.1:11434:11434"
    volumes:
      - ollama_models:/root/.ollama

+  # ---------------------------------------------------------------------------
+  # Database migrations — runs once before application services start
+  # ---------------------------------------------------------------------------
+  migrations:
+    build:
+      context: .
+      dockerfile: docker/Dockerfile.service
+      args:
+        EXTRAS: "dev"
+        SERVICE_MODULE: "api_gateway"
+    depends_on:
+      postgres:
+        condition: service_healthy
+    env_file: .env
+    command: python -m alembic upgrade head
+    restart: "no"
+
  # ---------------------------------------------------------------------------
  # Application services
  # ---------------------------------------------------------------------------
@ -52,6 +69,8 @@ services:
        condition: service_healthy
      redis:
        condition: service_healthy
+      migrations:
+        condition: service_completed_successfully
    env_file: .env
    restart: unless-stopped

@ -67,6 +86,8 @@ services:
        condition: service_healthy
      ollama:
        condition: service_started
+      migrations:
+        condition: service_completed_successfully
    env_file: .env
    restart: unless-stopped

@ -82,6 +103,8 @@ services:
        condition: service_healthy
      redis:
        condition: service_healthy
+      migrations:
+        condition: service_completed_successfully
    env_file: .env
    restart: unless-stopped

@ -97,6 +120,8 @@ services:
        condition: service_healthy
      redis:
        condition: service_healthy
+      migrations:
+        condition: service_completed_successfully
    env_file: .env
    restart: unless-stopped

@ -112,6 +137,8 @@ services:
        condition: service_healthy
      redis:
        condition: service_healthy
+      migrations:
+        condition: service_completed_successfully
    env_file: .env
    restart: unless-stopped

@ -127,6 +154,8 @@ services:
        condition: service_healthy
      redis:
        condition: service_healthy
+      migrations:
+        condition: service_completed_successfully
    ports:
      - "8000:8000"
    env_file: .env