fix: resolve all remaining TODOs, add dev mode auth bypass
Some checks failed
ci/woodpecker/push/woodpecker Pipeline failed
Some checks failed
ci/woodpecker/push/woodpecker Pipeline failed
- Learning engine: expand default weights from 3 to all 9 strategies - Learning engine: resolve placeholder strategy_id with DB lookup - Learning engine: pass strategy_sources from trade execution - Trade executor: respect trading:paused Redis flag in RiskManager - Portfolio sync: compute actual daily P&L from day-start snapshot - Portfolio API: cumulative P&L from first snapshot, read pause flag - Portfolio metrics: compute max drawdown and avg hold duration - Add strategy_sources field to TradeExecution schema - Add dev_mode config (TRADING_DEV_MODE) to bypass auth for local dev - Dashboard: VITE_DEV_MODE bypasses ProtectedRoute and 401 redirects - Vite proxy target configurable via VITE_API_TARGET - Add top-level README.md and remaining-work-plan.md - Update CLAUDE.md with correct counts and remove stale TODOs - 404 tests passing Made-with: Cursor
This commit is contained in:
Viktor Barzin
parent
4094e4b10f
commit
a3cdd0f1a5
16 changed files with 511 additions and 45 deletions
|
|
@ -24,6 +24,13 @@ def get_config() -> ApiGatewayConfig:
|
|||
return _config
|
||||
|
||||
|
||||
_DEV_USER = {
|
||||
"sub": "00000000-0000-0000-0000-000000000000",
|
||||
"username": "dev",
|
||||
"type": "access",
|
||||
}
|
||||
|
||||
|
||||
async def get_current_user(
|
||||
credentials: HTTPAuthorizationCredentials | None = Depends(security),
|
||||
config: ApiGatewayConfig = Depends(get_config),
|
||||
|
|
@ -33,7 +40,13 @@ async def get_current_user(
|
|||
Returns the decoded token payload (contains ``sub``, ``username``, etc.)
|
||||
on success. Raises a 401 ``HTTPException`` for missing, expired, or
|
||||
invalid tokens.
|
||||
|
||||
When ``config.dev_mode`` is ``True``, authentication is bypassed and a
|
||||
synthetic dev user is returned.
|
||||
"""
|
||||
if config.dev_mode:
|
||||
return _DEV_USER
|
||||
|
||||
if credentials is None:
|
||||
raise HTTPException(
|
||||
status_code=status.HTTP_401_UNAUTHORIZED,
|
||||
|
|
@ -57,7 +70,6 @@ async def get_current_user(
|
|||
headers={"WWW-Authenticate": "Bearer"},
|
||||
)
|
||||
|
||||
# Ensure it is an access token, not a refresh token
|
||||
if payload.get("type") != "access":
|
||||
raise HTTPException(
|
||||
status_code=status.HTTP_401_UNAUTHORIZED,
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue