gahusb/web-page-backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
497 Commits 8 Branches 1 Tag
d382f2ba9956ba34c935b8fc8b38c2043042cc3a
Commit Graph

7 Commits

Author SHA1 Message Date
gahusb
6053e69afc fix(stock): admin API auth hardening — ADMIN_API_KEY 빈 값 시 503 거부 (CODE_REVIEW F2) 
운영 .env에 ADMIN_API_KEY가 누락되면 verify_admin이 무조건 통과해서
/api/trade/balance, /api/trade/order 인증이 무력화되던 문제 차단.

- ADMIN_API_KEY 설정 + 올바른 키 → 통과 (기존 동작)
- ADMIN_API_KEY 설정 + 잘못된 키 → 401 (기존 동작)
- ADMIN_API_KEY 미설정 + ALLOW_UNAUTHENTICATED_ADMIN=true → 통과 (dev mode)
- ADMIN_API_KEY 미설정 + dev flag 없음 → 503 (신규, 운영 보호)

.env.example에 신규 ALLOW_UNAUTHENTICATED_ADMIN=false 안내 추가.
stock/pytest.ini 신규 (pythonpath=. 설정으로 tests 모듈 import 가능).
test_admin_auth.py 4 케이스 (RED → GREEN 검증, regression 포함).
 2026-05-17 13:53:50 +09:00
gahusb
6062445c12 fix(stock-webai): final review notes — env default + 1-time auth error log 
(1) docker-compose: ${WEBAI_API_KEY} → ${WEBAI_API_KEY:-} matches
project convention, avoids "variable not set" warning when NAS .env
lacks the key during initial deploy.

(2) auth.py: ERROR log when WEBAI_API_KEY env unset fires only on
first miss, then silent (module-level _WEBAI_AUTH_WARNED flag).
Flag resets when env becomes configured, so future regressions log
again. Eliminates log spam under web-ai polling (~3/min).

All 102 tests still pass.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-15 08:56:03 +09:00
gahusb
eb75d692f5 test(stock-webai): edge cases — 401 no leak, 503 env missing, unknown date 
Verifies auth failure responses contain no portfolio/sentiment data,
503 when WEBAI_API_KEY env unset (existing endpoints unaffected),
news-sentiment unknown date returns empty result.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-15 08:44:17 +09:00
gahusb
d1b2b6a4ba feat(stock-webai): /api/webai/news-sentiment daily dump 
JOINs news_sentiment with krx_master for name fallback. Sorted by
score DESC. Date param defaults to latest. Empty table returns
{date: null, count: 0, items: []}. 4 integration tests pass.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-15 08:40:49 +09:00
gahusb
2abfa5cb23 feat(stock-webai): /api/webai/portfolio + pnl_pct augment 
Reuses get_portfolio() and adds pnl_pct (ratio, profit_rate/100) to
each holding plus total_pnl_pct to summary. 4 integration tests pass.
verify_webai_key dependency enforced.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-15 08:36:27 +09:00
gahusb
227e294bd3 feat(stock-webai): add X-WebAI-Key auth dependency + tests 
verify_webai_key FastAPI dependency: 401 on missing/wrong key,
503 when WEBAI_API_KEY env unset. 4 unit tests pass.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-15 08:33:07 +09:00
gahusb
ace0339d33 refactor: rename stock-lab → stock (graduation) 
- git mv stock-lab/ → stock/
- docker-compose.yml: 서비스 키 + container_name + build.context +
  frontend.depends_on + agent-office STOCK_LAB_URL → STOCK_URL
- agent-office/app: config.py, service_proxy.py, agents/stock.py, tests/
  STOCK_LAB_URL → STOCK_URL
- nginx/default.conf: proxy_pass http://stock-labhttp://stock (3 lines)
- CLAUDE.md / README.md / STATUS.md / scripts/ 문구 갱신
- stock/ 내부 자기 참조 갱신

lab 네이밍 정책 (feedback_lab_naming.md) graduation.
API URL / Python import / DB 파일명 변경 없음.
 2026-05-15 01:45:44 +09:00