improve signed reads, crypto hardening, and scraper transport
This commit is contained in:
@@ -8,7 +8,8 @@ from sqlalchemy.ext.asyncio import AsyncSession
|
||||
from app.database import get_db
|
||||
from app.models import BotTrade
|
||||
from app.schemas import BotPerformance
|
||||
from app.services.signed_request import verify_signed_request_any
|
||||
from app.services.signed_request import (
|
||||
SignedReadCreds, signed_read_creds, verify_signed_request_any)
|
||||
|
||||
router = APIRouter()
|
||||
logger = logging.getLogger(__name__)
|
||||
@@ -21,8 +22,7 @@ ACTION_VIEW_USER = "view_user"
|
||||
@router.get("/performance", response_model=BotPerformance)
|
||||
async def get_performance(
|
||||
wallet: str = Query(..., description="Wallet address (lower-cased internally)"),
|
||||
ts: int = Query(..., description="Signed timestamp (ms)"),
|
||||
sig: str = Query(..., description="EIP-191 signature"),
|
||||
creds: SignedReadCreds = Depends(signed_read_creds),
|
||||
include_paper: bool = Query(
|
||||
False,
|
||||
description="Include paper (simulated) trades. Default false — this "
|
||||
@@ -35,8 +35,8 @@ async def get_performance(
|
||||
verify_signed_request_any(
|
||||
actions=[ACTION_VIEW_PERFORMANCE, ACTION_VIEW_USER],
|
||||
wallet=wallet,
|
||||
timestamp_ms=ts,
|
||||
signature=sig,
|
||||
timestamp_ms=creds.ts,
|
||||
signature=creds.sig,
|
||||
body=None,
|
||||
allow_replay=True,
|
||||
)
|
||||
|
||||
+12
-13
@@ -35,7 +35,9 @@ from app.database import get_db
|
||||
from app.models import BotTrade, Subscription, iso_utc
|
||||
from app.services.crypto import decrypt_api_key
|
||||
from app.services.price_store import price_store
|
||||
from app.services.signed_request import verify_signed_request, verify_signed_request_any
|
||||
from app.services.signed_request import (
|
||||
SignedReadCreds, signed_read_creds,
|
||||
verify_signed_request, verify_signed_request_any)
|
||||
|
||||
router = APIRouter()
|
||||
logger = logging.getLogger(__name__)
|
||||
@@ -144,8 +146,7 @@ def _enrich(trade: BotTrade) -> OpenPosition:
|
||||
@router.get("/positions/open", response_model=OpenPositionsResponse)
|
||||
async def get_open_positions(
|
||||
wallet: str = Query(..., description="Wallet address (lower-cased internally)"),
|
||||
ts: int = Query(..., description="Signed timestamp (ms)"),
|
||||
sig: str = Query(..., description="EIP-191 signature"),
|
||||
creds: SignedReadCreds = Depends(signed_read_creds),
|
||||
db: AsyncSession = Depends(get_db),
|
||||
):
|
||||
"""Live open positions for the wallet, with mark-to-market PnL."""
|
||||
@@ -153,8 +154,8 @@ async def get_open_positions(
|
||||
verify_signed_request_any(
|
||||
actions=[ACTION_VIEW_POSITIONS, ACTION_VIEW_USER],
|
||||
wallet=wallet,
|
||||
timestamp_ms=ts,
|
||||
signature=sig,
|
||||
timestamp_ms=creds.ts,
|
||||
signature=creds.sig,
|
||||
body=None,
|
||||
allow_replay=True,
|
||||
)
|
||||
@@ -177,8 +178,7 @@ async def get_open_positions(
|
||||
@router.get("/positions/today", response_model=TodayStatsResponse)
|
||||
async def get_today_stats(
|
||||
wallet: str = Query(...),
|
||||
ts: int = Query(..., description="Signed timestamp (ms)"),
|
||||
sig: str = Query(..., description="EIP-191 signature"),
|
||||
creds: SignedReadCreds = Depends(signed_read_creds),
|
||||
db: AsyncSession = Depends(get_db),
|
||||
):
|
||||
"""Today's realized P&L (since UTC midnight) + open count.
|
||||
@@ -190,8 +190,8 @@ async def get_today_stats(
|
||||
verify_signed_request_any(
|
||||
actions=[ACTION_VIEW_POSITIONS, ACTION_VIEW_USER],
|
||||
wallet=wallet,
|
||||
timestamp_ms=ts,
|
||||
signature=sig,
|
||||
timestamp_ms=creds.ts,
|
||||
signature=creds.sig,
|
||||
body=None,
|
||||
allow_replay=True,
|
||||
)
|
||||
@@ -453,8 +453,7 @@ class HLPositionsResponse(BaseModel):
|
||||
@router.get("/positions/hl/{wallet}", response_model=HLPositionsResponse)
|
||||
async def list_hl_positions_endpoint(
|
||||
wallet: str,
|
||||
ts: int = Query(..., description="Signed timestamp (ms)"),
|
||||
sig: str = Query(..., description="EIP-191 signature"),
|
||||
creds: SignedReadCreds = Depends(signed_read_creds),
|
||||
):
|
||||
"""Read the wallet's CURRENT Hyperliquid open positions, annotated with
|
||||
'already adopted' flag. Used by the Adopt picker on the frontend.
|
||||
@@ -469,8 +468,8 @@ async def list_hl_positions_endpoint(
|
||||
verify_signed_request_any(
|
||||
actions=[ACTION_VIEW_POSITIONS, ACTION_VIEW_USER],
|
||||
wallet=wallet,
|
||||
timestamp_ms=ts,
|
||||
signature=sig,
|
||||
timestamp_ms=creds.ts,
|
||||
signature=creds.sig,
|
||||
body=None,
|
||||
allow_replay=True,
|
||||
)
|
||||
|
||||
+3
-4
@@ -1,7 +1,6 @@
|
||||
import logging
|
||||
from typing import List
|
||||
|
||||
import httpx
|
||||
from fastapi import APIRouter, HTTPException, Query, Request
|
||||
from fastapi.responses import Response
|
||||
|
||||
@@ -33,9 +32,9 @@ async def fetch_binance_candles(asset: str, tf: str, limit: int) -> List[Candle]
|
||||
symbol = SYMBOL_MAP[asset]
|
||||
interval = BINANCE_INTERVAL[tf]
|
||||
url = f"{settings.binance_rest_url}/api/v3/klines?symbol={symbol}&interval={interval}&limit={limit}"
|
||||
async with httpx.AsyncClient(timeout=15) as client:
|
||||
resp = await client.get(url)
|
||||
resp.raise_for_status()
|
||||
from app.services.http_client import get_client
|
||||
resp = await get_client().get(url, timeout=15)
|
||||
resp.raise_for_status()
|
||||
rows = resp.json()
|
||||
return [
|
||||
Candle(
|
||||
|
||||
+6
-6
@@ -25,7 +25,8 @@ from sqlalchemy.ext.asyncio import AsyncSession
|
||||
from app.config import settings
|
||||
from app.database import get_db
|
||||
from app.models import TelegramBinding, Subscription
|
||||
from app.services.signed_request import verify_signed_request
|
||||
from app.services.signed_request import (
|
||||
SignedReadCreds, optional_signed_read_creds, verify_signed_request)
|
||||
from app.services.telegram import send_test_message
|
||||
from app.services.telegram_bot import issue_binding_code, unbind_wallet
|
||||
|
||||
@@ -144,8 +145,7 @@ async def _build_status(
|
||||
@router.get("/{wallet}/status", response_model=StatusResponse)
|
||||
async def status(
|
||||
wallet: str,
|
||||
timestamp: Optional[int] = None,
|
||||
signature: Optional[str] = None,
|
||||
creds: Optional[SignedReadCreds] = Depends(optional_signed_read_creds),
|
||||
db: AsyncSession = Depends(get_db),
|
||||
) -> StatusResponse:
|
||||
"""Wallet Telegram status.
|
||||
@@ -162,14 +162,14 @@ async def status(
|
||||
# Accepting view_user avoids requiring a separate wallet signature just to
|
||||
# see Telegram status — the frontend reuses its cached view_user envelope.
|
||||
authenticated = False
|
||||
if timestamp is not None and signature:
|
||||
if creds is not None:
|
||||
for _action in ("view_telegram_status", "view_user"):
|
||||
try:
|
||||
verify_signed_request(
|
||||
action=_action,
|
||||
wallet=wallet,
|
||||
timestamp_ms=timestamp,
|
||||
signature=signature,
|
||||
timestamp_ms=creds.ts,
|
||||
signature=creds.sig,
|
||||
body=None,
|
||||
allow_replay=True,
|
||||
)
|
||||
|
||||
+5
-5
@@ -9,7 +9,8 @@ from sqlalchemy.ext.asyncio import AsyncSession
|
||||
from app.database import get_db
|
||||
from app.models import BotTrade, iso_utc
|
||||
from app.schemas import BotTrade as BotTradeSchema
|
||||
from app.services.signed_request import verify_signed_request_any
|
||||
from app.services.signed_request import (
|
||||
SignedReadCreds, signed_read_creds, verify_signed_request_any)
|
||||
|
||||
router = APIRouter()
|
||||
logger = logging.getLogger(__name__)
|
||||
@@ -55,8 +56,7 @@ def _trade_to_schema(trade: BotTrade) -> BotTradeSchema:
|
||||
@router.get("/trades", response_model=List[BotTradeSchema])
|
||||
async def get_trades(
|
||||
wallet: str = Query(..., description="Wallet address (lower-cased internally)"),
|
||||
ts: int = Query(..., description="Signed timestamp (ms)"),
|
||||
sig: str = Query(..., description="EIP-191 signature"),
|
||||
creds: SignedReadCreds = Depends(signed_read_creds),
|
||||
limit: int = Query(default=20, ge=1, le=500), # raised from 100: Analytics needs 500 for full history
|
||||
page: int = Query(default=1, ge=1),
|
||||
db: AsyncSession = Depends(get_db),
|
||||
@@ -65,8 +65,8 @@ async def get_trades(
|
||||
verify_signed_request_any(
|
||||
actions=[ACTION_VIEW_TRADES, ACTION_VIEW_USER],
|
||||
wallet=wallet,
|
||||
timestamp_ms=ts,
|
||||
signature=sig,
|
||||
timestamp_ms=creds.ts,
|
||||
signature=creds.sig,
|
||||
body=None,
|
||||
allow_replay=True,
|
||||
)
|
||||
|
||||
+5
-5
@@ -16,7 +16,8 @@ from app.schemas import (
|
||||
)
|
||||
from app.services.crypto import encrypt_api_key
|
||||
from app.services.hyperliquid import HyperliquidTrader
|
||||
from app.services.signed_request import verify_signed_request
|
||||
from app.services.signed_request import (
|
||||
SignedReadCreds, signed_read_creds, verify_signed_request)
|
||||
|
||||
router = APIRouter()
|
||||
logger = logging.getLogger(__name__)
|
||||
@@ -132,8 +133,7 @@ async def get_user_public(wallet: str, db: AsyncSession = Depends(get_db)):
|
||||
@router.get("/user/{wallet}", response_model=UserResponse)
|
||||
async def get_user(
|
||||
wallet: str,
|
||||
ts: int = Query(..., description="Signed timestamp (ms)"),
|
||||
sig: str = Query(..., description="EIP-191 signature"),
|
||||
creds: SignedReadCreds = Depends(signed_read_creds),
|
||||
db: AsyncSession = Depends(get_db),
|
||||
):
|
||||
wallet = wallet.lower().strip()
|
||||
@@ -143,8 +143,8 @@ async def get_user(
|
||||
verify_signed_request(
|
||||
action=ACTION_VIEW_USER,
|
||||
wallet=wallet,
|
||||
timestamp_ms=ts,
|
||||
signature=sig,
|
||||
timestamp_ms=creds.ts,
|
||||
signature=creds.sig,
|
||||
body=None,
|
||||
allow_replay=True, # idempotent GET — allow sessionStorage caching for UX
|
||||
)
|
||||
|
||||
+8
-11
@@ -139,17 +139,12 @@ async def lifespan(app: FastAPI):
|
||||
|
||||
# 3. Start Truth Social poller via APScheduler
|
||||
_scheduler = AsyncIOScheduler()
|
||||
# Signal monitor — polls every 5 minutes
|
||||
from app.services.funding_signal import poll_funding_signal
|
||||
_scheduler.add_job(
|
||||
poll_funding_signal,
|
||||
"interval",
|
||||
minutes=5,
|
||||
id="funding_signal_poll",
|
||||
max_instances=1,
|
||||
coalesce=True,
|
||||
)
|
||||
logger.info("Breakout signal monitor scheduled every 5 minutes.")
|
||||
# Breakout signal monitor (poll_funding_signal, ETH/LINK 5m) UNSCHEDULED
|
||||
# 2026-06-12: the feature has been disabled for months (_enabled=False,
|
||||
# operator-only toggle) and the frontend panel that displayed it was
|
||||
# removed — the 5-min Binance kline poll was pure waste. The /signal/*
|
||||
# API routes still work; to revive, re-add the add_job() here AND remount
|
||||
# SignalMonitor in the frontend's MacroVibesPageClient.
|
||||
|
||||
_scheduler.add_job(
|
||||
poll_truth_social,
|
||||
@@ -347,6 +342,8 @@ async def lifespan(app: FastAPI):
|
||||
await _telegram_task
|
||||
except asyncio.CancelledError:
|
||||
pass
|
||||
from app.services.http_client import aclose as http_client_aclose
|
||||
await http_client_aclose()
|
||||
await engine.dispose()
|
||||
logger.info("Shutdown complete.")
|
||||
|
||||
|
||||
+44
-37
@@ -24,10 +24,12 @@ from datetime import datetime, timezone
|
||||
from email.utils import parsedate_to_datetime
|
||||
from typing import Optional
|
||||
|
||||
import httpx
|
||||
|
||||
from app.scrapers.truth_social import _process_entry, _post_to_ws_payload
|
||||
from app.ws.manager import manager
|
||||
from app.scrapers.truth_social import (
|
||||
NOT_MODIFIED,
|
||||
_known_external_ids,
|
||||
_process_entry,
|
||||
dispatch_post,
|
||||
)
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
@@ -41,17 +43,32 @@ NS = {
|
||||
last_successful_poll_at: Optional[datetime] = None
|
||||
last_poll_error: Optional[str] = None
|
||||
|
||||
# Conditional-GET validators (same scheme as truth_social.py — most polls
|
||||
# come back 304 and skip the download + XML parse entirely).
|
||||
_etag: Optional[str] = None
|
||||
_last_modified: Optional[str] = None
|
||||
|
||||
async def _fetch_feed() -> Optional[str]:
|
||||
|
||||
async def _fetch_feed():
|
||||
"""Fetch the RSS body. Returns str, NOT_MODIFIED (304), or None on error."""
|
||||
global _etag, _last_modified
|
||||
headers = {
|
||||
"User-Agent": "Mozilla/5.0 (compatible; TrumpSignal/1.0)",
|
||||
"Accept": "application/rss+xml, application/xml",
|
||||
}
|
||||
if _etag:
|
||||
headers["If-None-Match"] = _etag
|
||||
if _last_modified:
|
||||
headers["If-Modified-Since"] = _last_modified
|
||||
try:
|
||||
async with httpx.AsyncClient(timeout=20, follow_redirects=True) as client:
|
||||
resp = await client.get(FEED_URL, headers=headers)
|
||||
resp.raise_for_status()
|
||||
return resp.text
|
||||
from app.services.http_client import get_client
|
||||
resp = await get_client().get(FEED_URL, headers=headers, timeout=20)
|
||||
if resp.status_code == 304:
|
||||
return NOT_MODIFIED
|
||||
resp.raise_for_status()
|
||||
_etag = resp.headers.get("etag")
|
||||
_last_modified = resp.headers.get("last-modified")
|
||||
return resp.text
|
||||
except Exception as exc:
|
||||
# Include type name — httpx often raises bare ConnectError/RemoteProtocolError
|
||||
# with empty .args, which formats as just "Failed to fetch ..." with no body.
|
||||
@@ -105,6 +122,11 @@ async def poll_trumpstruth(db_session_factory) -> None:
|
||||
global last_successful_poll_at, last_poll_error
|
||||
|
||||
raw = await _fetch_feed()
|
||||
if raw is NOT_MODIFIED:
|
||||
# Feed unchanged — successful cycle, nothing to do.
|
||||
last_successful_poll_at = datetime.now(timezone.utc)
|
||||
last_poll_error = None
|
||||
return
|
||||
if raw is None:
|
||||
last_poll_error = "fetch_feed returned None"
|
||||
return
|
||||
@@ -128,41 +150,26 @@ async def poll_trumpstruth(db_session_factory) -> None:
|
||||
|
||||
async with db_session_factory() as db:
|
||||
try:
|
||||
new_posts = []
|
||||
known_ids = await _known_external_ids(entries, db)
|
||||
# Newest-first: commit + dispatch each new post immediately so an
|
||||
# actionable post never queues behind older entries' AI analysis.
|
||||
# dispatch_post is the shared fan-out (WS + Telegram + X + trade)
|
||||
# from truth_social.py — delivery must not depend on which poller
|
||||
# wins the race.
|
||||
for entry in entries:
|
||||
try:
|
||||
post = await _process_entry(entry, db)
|
||||
post = await _process_entry(entry, db, known_ids)
|
||||
if post:
|
||||
new_posts.append(post)
|
||||
await db.commit()
|
||||
logger.info("[trumpstruth] beat CNN — new post id=%d",
|
||||
post.id)
|
||||
await dispatch_post(post, db)
|
||||
except Exception as exc:
|
||||
logger.error("trumpstruth: error on entry %s: %s",
|
||||
entry.get("id"), exc)
|
||||
|
||||
if new_posts:
|
||||
await db.commit()
|
||||
for post in new_posts:
|
||||
await manager.broadcast(_post_to_ws_payload(post))
|
||||
logger.info("[trumpstruth] beat CNN — new post id=%d: %s",
|
||||
post.id, post.text[:60])
|
||||
# Telegram fan-out — matches truth_social.py. Without this,
|
||||
# whichever poller wins the race determines whether users
|
||||
# get pushed — flaky 50% delivery.
|
||||
try:
|
||||
from app.services.telegram import notify_signal
|
||||
notify_signal(post)
|
||||
except Exception as exc:
|
||||
logger.warning("Telegram notify failed for post %d: %s", post.id, exc)
|
||||
try:
|
||||
from app.services.x_poster import notify_x_signal
|
||||
notify_x_signal(post)
|
||||
except Exception as exc:
|
||||
logger.warning("X notify failed for post %d: %s", post.id, exc)
|
||||
try:
|
||||
from app.services.bot_engine import process_post
|
||||
await process_post(post, db)
|
||||
except Exception as exc:
|
||||
logger.error("process_post failed for post %d: %s",
|
||||
post.id, exc)
|
||||
# Capture any remaining writes (entry-filter stub rows).
|
||||
await db.commit()
|
||||
last_successful_poll_at = datetime.now(timezone.utc)
|
||||
last_poll_error = None
|
||||
except Exception as exc:
|
||||
|
||||
@@ -11,7 +11,6 @@ import re
|
||||
from datetime import datetime, timezone
|
||||
from typing import Optional
|
||||
|
||||
import httpx
|
||||
from sqlalchemy import select
|
||||
from sqlalchemy.ext.asyncio import AsyncSession
|
||||
|
||||
@@ -29,6 +28,16 @@ ARCHIVE_URL = "https://ix.cnn.io/data/truth-social/truth_archive.json"
|
||||
last_successful_poll_at: Optional[datetime] = None
|
||||
last_poll_error: Optional[str] = None
|
||||
|
||||
# Conditional-GET validators from the last 200 response. The archive is 30k+
|
||||
# posts (~MBs of JSON); CNN only regenerates it every ~5 min, so most polls
|
||||
# can be answered with a 304 and skip download + parse entirely.
|
||||
_etag: Optional[str] = None
|
||||
_last_modified: Optional[str] = None
|
||||
|
||||
# Sentinel returned by _fetch_archive on HTTP 304 — distinct from None
|
||||
# (fetch failure) so the poller can count it as a successful, no-work cycle.
|
||||
NOT_MODIFIED = object()
|
||||
|
||||
|
||||
def _strip_html(text: str) -> str:
|
||||
text = re.sub(r"<[^>]+>", " ", text)
|
||||
@@ -52,16 +61,29 @@ def _parse_dt(iso: str) -> datetime:
|
||||
return datetime.now(timezone.utc).replace(tzinfo=None)
|
||||
|
||||
|
||||
async def _fetch_archive() -> Optional[list]:
|
||||
async def _fetch_archive(conditional: bool = True):
|
||||
"""Fetch the archive JSON. Returns a list, NOT_MODIFIED (304), or None
|
||||
on error. `conditional=False` (backfill) always downloads the full body
|
||||
so a poller-set ETag can't starve the startup backfill."""
|
||||
global _etag, _last_modified
|
||||
headers = {
|
||||
"User-Agent": "Mozilla/5.0 (compatible; TrumpSignal/1.0)",
|
||||
"Accept": "application/json",
|
||||
}
|
||||
if conditional:
|
||||
if _etag:
|
||||
headers["If-None-Match"] = _etag
|
||||
if _last_modified:
|
||||
headers["If-Modified-Since"] = _last_modified
|
||||
try:
|
||||
async with httpx.AsyncClient(timeout=30, follow_redirects=True) as client:
|
||||
resp = await client.get(ARCHIVE_URL, headers=headers)
|
||||
resp.raise_for_status()
|
||||
return resp.json()
|
||||
from app.services.http_client import get_client
|
||||
resp = await get_client().get(ARCHIVE_URL, headers=headers, timeout=30)
|
||||
if conditional and resp.status_code == 304:
|
||||
return NOT_MODIFIED
|
||||
resp.raise_for_status()
|
||||
_etag = resp.headers.get("etag")
|
||||
_last_modified = resp.headers.get("last-modified")
|
||||
return resp.json()
|
||||
except Exception as exc:
|
||||
# Include type name — httpx often raises bare ConnectError/TimeoutException
|
||||
# with empty .args, which used to log as just "Failed to fetch CNN archive:"
|
||||
@@ -71,9 +93,27 @@ async def _fetch_archive() -> Optional[list]:
|
||||
return None
|
||||
|
||||
|
||||
async def _process_entry(entry: dict, db: AsyncSession) -> Optional[Post]:
|
||||
async def _known_external_ids(entries: list, db: AsyncSession) -> set:
|
||||
"""One batch query for the dedup pass. On a typical poll all ~50 entries
|
||||
already exist, so this replaces 50 per-entry SELECTs with 1."""
|
||||
ids = [hashlib.md5(str(e["id"]).encode()).hexdigest() for e in entries]
|
||||
if not ids:
|
||||
return set()
|
||||
rows = await db.execute(
|
||||
select(Post.external_id).where(Post.external_id.in_(ids)))
|
||||
return {r[0] for r in rows}
|
||||
|
||||
|
||||
async def _process_entry(entry: dict, db: AsyncSession,
|
||||
known_ids: Optional[set] = None) -> Optional[Post]:
|
||||
external_id = hashlib.md5(str(entry["id"]).encode()).hexdigest()
|
||||
|
||||
# Fast path: pre-fetched batch dedup set. New (unseen) ids still get the
|
||||
# confirming SELECT below — protects against a concurrent insert by the
|
||||
# other poller between the batch query and this entry.
|
||||
if known_ids is not None and external_id in known_ids:
|
||||
return None
|
||||
|
||||
result = await db.execute(select(Post).where(Post.external_id == external_id))
|
||||
if result.scalar_one_or_none():
|
||||
return None
|
||||
@@ -198,10 +238,40 @@ def _post_to_ws_payload(post: Post) -> dict:
|
||||
}
|
||||
|
||||
|
||||
async def dispatch_post(post: Post, db: AsyncSession) -> None:
|
||||
"""Broadcast + fan-out + trade for one freshly committed post. Shared by
|
||||
both pollers so delivery doesn't depend on which source wins the race."""
|
||||
await manager.broadcast(_post_to_ws_payload(post))
|
||||
logger.info("Saved new post id=%d: %s", post.id, post.text[:60])
|
||||
# Telegram fan-out (fire-and-forget). _dispatch filters internally:
|
||||
# buy/short → per-subscriber + public channel; relevant-but-hold →
|
||||
# public channel only; noise → dropped.
|
||||
try:
|
||||
from app.services.telegram import notify_signal
|
||||
notify_signal(post)
|
||||
except Exception as exc:
|
||||
logger.warning("Telegram notify failed for post %d: %s", post.id, exc)
|
||||
try:
|
||||
from app.services.x_poster import notify_x_signal
|
||||
notify_x_signal(post)
|
||||
except Exception as exc:
|
||||
logger.warning("X notify failed for post %d: %s", post.id, exc)
|
||||
try:
|
||||
from app.services.bot_engine import process_post
|
||||
await process_post(post, db)
|
||||
except Exception as exc:
|
||||
logger.error("process_post failed for post %d: %s", post.id, exc)
|
||||
|
||||
|
||||
async def poll_truth_social(db_session_factory) -> None:
|
||||
global last_successful_poll_at, last_poll_error
|
||||
logger.info("Polling CNN Truth Social archive...")
|
||||
entries = await _fetch_archive()
|
||||
if entries is NOT_MODIFIED:
|
||||
# Archive unchanged since last poll — successful cycle, nothing to do.
|
||||
last_successful_poll_at = datetime.now(timezone.utc)
|
||||
last_poll_error = None
|
||||
return
|
||||
if not entries:
|
||||
last_poll_error = "fetch_archive returned empty"
|
||||
return
|
||||
@@ -212,39 +282,24 @@ async def poll_truth_social(db_session_factory) -> None:
|
||||
|
||||
async with db_session_factory() as db:
|
||||
try:
|
||||
new_posts = []
|
||||
known_ids = await _known_external_ids(recent, db)
|
||||
found_new = False
|
||||
# Entries are newest-first. Commit + dispatch each new post
|
||||
# IMMEDIATELY rather than after the whole batch — an actionable
|
||||
# post must not wait behind the AI analysis of older entries.
|
||||
for entry in recent:
|
||||
try:
|
||||
post = await _process_entry(entry, db)
|
||||
post = await _process_entry(entry, db, known_ids)
|
||||
if post:
|
||||
new_posts.append(post)
|
||||
found_new = True
|
||||
await db.commit()
|
||||
await dispatch_post(post, db)
|
||||
except Exception as exc:
|
||||
logger.error("Error processing entry %s: %s", entry.get("id"), exc)
|
||||
|
||||
if new_posts:
|
||||
await db.commit()
|
||||
for post in new_posts:
|
||||
await manager.broadcast(_post_to_ws_payload(post))
|
||||
logger.info("Saved new post id=%d: %s", post.id, post.text[:60])
|
||||
# Telegram fan-out (fire-and-forget). _dispatch filters
|
||||
# internally: buy/short → per-subscriber + public channel;
|
||||
# relevant-but-hold → public channel only; noise → dropped.
|
||||
try:
|
||||
from app.services.telegram import notify_signal
|
||||
notify_signal(post)
|
||||
except Exception as exc:
|
||||
logger.warning("Telegram notify failed for post %d: %s", post.id, exc)
|
||||
try:
|
||||
from app.services.x_poster import notify_x_signal
|
||||
notify_x_signal(post)
|
||||
except Exception as exc:
|
||||
logger.warning("X notify failed for post %d: %s", post.id, exc)
|
||||
try:
|
||||
from app.services.bot_engine import process_post
|
||||
await process_post(post, db)
|
||||
except Exception as exc:
|
||||
logger.error("process_post failed for post %d: %s", post.id, exc)
|
||||
else:
|
||||
# Capture any remaining writes (entry-filter stub rows).
|
||||
await db.commit()
|
||||
if not found_new:
|
||||
logger.info("No new posts found.")
|
||||
# Mark a successful poll cycle (separate from "found new posts").
|
||||
last_successful_poll_at = datetime.now(timezone.utc)
|
||||
@@ -258,7 +313,7 @@ async def poll_truth_social(db_session_factory) -> None:
|
||||
async def backfill_history(db_session_factory, limit: int = 500) -> None:
|
||||
"""One-time backfill of historical posts (no Claude analysis, no price impact)."""
|
||||
logger.info("Starting historical backfill (limit=%d)...", limit)
|
||||
entries = await _fetch_archive()
|
||||
entries = await _fetch_archive(conditional=False)
|
||||
if not entries:
|
||||
logger.error("Backfill failed: could not fetch archive")
|
||||
return
|
||||
@@ -268,10 +323,10 @@ async def backfill_history(db_session_factory, limit: int = 500) -> None:
|
||||
|
||||
async with db_session_factory() as db:
|
||||
try:
|
||||
known_ids = await _known_external_ids(to_process, db)
|
||||
for entry in to_process:
|
||||
external_id = hashlib.md5(str(entry["id"]).encode()).hexdigest()
|
||||
result = await db.execute(select(Post).where(Post.external_id == external_id))
|
||||
if result.scalar_one_or_none():
|
||||
if external_id in known_ids:
|
||||
continue
|
||||
|
||||
text = _strip_html(entry.get("content") or "").strip()
|
||||
|
||||
@@ -244,6 +244,16 @@ async def _adopt_locked(wallet_l: str, asset_u: str, mode_n: str) -> AdoptionRes
|
||||
"no Hyperliquid position to manage. Turn off paper mode in "
|
||||
"Settings to use /adopt.")
|
||||
|
||||
# Macro Vibes (System-2) must be ENABLED to hand a position to the bot.
|
||||
# /adopt is the entry point to sys2 management, so honouring the
|
||||
# macro_enabled switch here is what makes that toggle real — otherwise
|
||||
# a user who turned Macro Vibes OFF could still /adopt and the bot would
|
||||
# manage it, contradicting their setting.
|
||||
if not getattr(sub, "macro_enabled", False):
|
||||
raise AdoptionError("macro_disabled",
|
||||
"Macro Vibes is turned off for this wallet. Enable Macro Vibes "
|
||||
"in Settings before using /adopt.")
|
||||
|
||||
# System-2 circuit breaker. Same gate the auto-open path used to run:
|
||||
# if recent losses tripped the sys2 breaker, block new adoptions for
|
||||
# the lockout window. Otherwise the breaker would be useless under
|
||||
|
||||
+13
-14
@@ -4,7 +4,6 @@ import logging
|
||||
from datetime import datetime, timezone
|
||||
from typing import Optional
|
||||
|
||||
import httpx
|
||||
import websockets
|
||||
|
||||
from app.config import settings
|
||||
@@ -127,19 +126,19 @@ async def fetch_historical(asset: str, symbol: str, interval: str = "1m", limit:
|
||||
"""Fetch historical klines from Binance REST API to pre-fill price_store."""
|
||||
url = f"{settings.binance_rest_url}/api/v3/klines?symbol={symbol.upper()}&interval={interval}&limit={limit}"
|
||||
try:
|
||||
async with httpx.AsyncClient(timeout=15) as client:
|
||||
resp = await client.get(url)
|
||||
resp.raise_for_status()
|
||||
for row in resp.json():
|
||||
candle = {
|
||||
"time": row[0], # open time ms
|
||||
"open": float(row[1]),
|
||||
"high": float(row[2]),
|
||||
"low": float(row[3]),
|
||||
"close": float(row[4]),
|
||||
"volume": float(row[5]),
|
||||
}
|
||||
price_store.update(asset, candle)
|
||||
from app.services.http_client import get_client
|
||||
resp = await get_client().get(url, timeout=15)
|
||||
resp.raise_for_status()
|
||||
for row in resp.json():
|
||||
candle = {
|
||||
"time": row[0], # open time ms
|
||||
"open": float(row[1]),
|
||||
"high": float(row[2]),
|
||||
"low": float(row[3]),
|
||||
"close": float(row[4]),
|
||||
"volume": float(row[5]),
|
||||
}
|
||||
price_store.update(asset, candle)
|
||||
logger.info("Loaded %d historical %s candles for %s", limit, interval, asset)
|
||||
except Exception as exc:
|
||||
logger.error("Failed to fetch historical data for %s: %s", asset, exc)
|
||||
|
||||
+107
-28
@@ -1,62 +1,141 @@
|
||||
"""
|
||||
Envelope encryption for HL API private keys.
|
||||
|
||||
Plaintext keys never touch disk: stored values are Fernet-encrypted with a KEK
|
||||
loaded from env (ENCRYPTION_KEY). Rotate KEK → re-encrypt all keys offline.
|
||||
Plaintext keys never touch disk: stored values are Fernet-encrypted with a key
|
||||
derived from the env KEK (ENCRYPTION_KEY).
|
||||
|
||||
Blob formats:
|
||||
enc:v2:<salt_b64url>:<fernet_token> — current. Per-blob random 16-byte
|
||||
salt; Fernet key = PBKDF2-HMAC-SHA256(KEK, salt, 600k iters). Derived
|
||||
keys are cached per salt so steady-state decryption pays the KDF once.
|
||||
enc:v1:<fernet_token> — legacy. Fernet key = single unsalted
|
||||
SHA-256(KEK). Read-only: decrypt still works, encrypt always writes v2.
|
||||
Upgrade rows with scripts/reencrypt_keys.py (H4 fix).
|
||||
<plaintext> — pre-encryption rows. Refused in prod.
|
||||
|
||||
Rotate KEK → re-encrypt all keys offline (scripts/reencrypt_keys.py).
|
||||
"""
|
||||
import base64
|
||||
import hashlib
|
||||
import logging
|
||||
from typing import Optional
|
||||
import os
|
||||
from typing import Dict, Optional
|
||||
|
||||
from cryptography.fernet import Fernet, InvalidToken
|
||||
from cryptography.hazmat.primitives import hashes
|
||||
from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
|
||||
|
||||
from app.config import settings
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
# OWASP-recommended floor for PBKDF2-HMAC-SHA256. The KEK is already a
|
||||
# high-entropy secret, so the KDF mainly buys defence-in-depth against a
|
||||
# weak / partially-leaked / reused KEK. ~0.2-0.4s, paid once per unique salt.
|
||||
_PBKDF2_ITERATIONS = 600_000
|
||||
_SALT_BYTES = 16
|
||||
|
||||
def _derive_fernet_key(raw: str) -> bytes:
|
||||
"""Accept any reasonably-long secret and derive a valid 32-byte Fernet key."""
|
||||
ENC_PREFIX_V1 = "enc:v1:"
|
||||
ENC_PREFIX_V2 = "enc:v2:"
|
||||
# Kept for older imports / scripts that reference the original name.
|
||||
ENC_PREFIX = ENC_PREFIX_V1
|
||||
|
||||
|
||||
def _check_kek(raw: str) -> str:
|
||||
if not raw or len(raw) < 32:
|
||||
raise RuntimeError(
|
||||
"ENCRYPTION_KEY must be set to at least 32 random chars (e.g. `openssl rand -hex 32`)"
|
||||
)
|
||||
digest = hashlib.sha256(raw.encode("utf-8")).digest()
|
||||
return raw
|
||||
|
||||
|
||||
def _derive_v1_key(raw: str) -> bytes:
|
||||
"""Legacy: single unsalted SHA-256 of the KEK."""
|
||||
digest = hashlib.sha256(_check_kek(raw).encode("utf-8")).digest()
|
||||
return base64.urlsafe_b64encode(digest)
|
||||
|
||||
|
||||
_fernet: Optional[Fernet] = None
|
||||
def _derive_v2_key(raw: str, salt: bytes) -> bytes:
|
||||
kdf = PBKDF2HMAC(
|
||||
algorithm=hashes.SHA256(),
|
||||
length=32,
|
||||
salt=salt,
|
||||
iterations=_PBKDF2_ITERATIONS,
|
||||
)
|
||||
return base64.urlsafe_b64encode(kdf.derive(_check_kek(raw).encode("utf-8")))
|
||||
|
||||
|
||||
def _cipher() -> Fernet:
|
||||
global _fernet
|
||||
if _fernet is None:
|
||||
_fernet = Fernet(_derive_fernet_key(settings.encryption_key))
|
||||
return _fernet
|
||||
_fernet_v1: Optional[Fernet] = None
|
||||
# salt → Fernet. One entry per unique salt actually seen: encryption reuses a
|
||||
# single process-lifetime salt, decryption adds one per distinct stored blob.
|
||||
_fernet_v2_cache: Dict[bytes, Fernet] = {}
|
||||
_V2_CACHE_MAX = 4096
|
||||
|
||||
# Salt for NEW encryptions in this process — generated once so the encrypt
|
||||
# path pays the 600k-iteration KDF a single time per process, while blobs
|
||||
# written by other processes/runs still carry their own salt.
|
||||
_encrypt_salt: Optional[bytes] = None
|
||||
|
||||
|
||||
# Prefix lets us distinguish encrypted blobs from any legacy plaintext rows during migration
|
||||
ENC_PREFIX = "enc:v1:"
|
||||
def _cipher_v1() -> Fernet:
|
||||
global _fernet_v1
|
||||
if _fernet_v1 is None:
|
||||
_fernet_v1 = Fernet(_derive_v1_key(settings.encryption_key))
|
||||
return _fernet_v1
|
||||
|
||||
|
||||
def _cipher_v2(salt: bytes) -> Fernet:
|
||||
cached = _fernet_v2_cache.get(salt)
|
||||
if cached is not None:
|
||||
return cached
|
||||
f = Fernet(_derive_v2_key(settings.encryption_key, salt))
|
||||
if len(_fernet_v2_cache) >= _V2_CACHE_MAX:
|
||||
_fernet_v2_cache.clear()
|
||||
_fernet_v2_cache[salt] = f
|
||||
return f
|
||||
|
||||
|
||||
def encrypt_api_key(plaintext: str) -> str:
|
||||
token = _cipher().encrypt(plaintext.encode("utf-8")).decode("utf-8")
|
||||
return ENC_PREFIX + token
|
||||
global _encrypt_salt
|
||||
if _encrypt_salt is None:
|
||||
_encrypt_salt = os.urandom(_SALT_BYTES)
|
||||
salt_b64 = base64.urlsafe_b64encode(_encrypt_salt).decode("ascii")
|
||||
token = _cipher_v2(_encrypt_salt).encrypt(plaintext.encode("utf-8")).decode("utf-8")
|
||||
return f"{ENC_PREFIX_V2}{salt_b64}:{token}"
|
||||
|
||||
|
||||
def decrypt_api_key(stored: str) -> str:
|
||||
if not stored:
|
||||
raise ValueError("Empty api key")
|
||||
if not stored.startswith(ENC_PREFIX):
|
||||
# Legacy plaintext row (from before encryption was added). Refuse to use in prod.
|
||||
if settings.environment == "production":
|
||||
raise RuntimeError(
|
||||
"Found legacy-plaintext HL key; run migration script before production"
|
||||
)
|
||||
logger.warning("Reading LEGACY plaintext HL key — migrate ASAP")
|
||||
return stored
|
||||
try:
|
||||
return _cipher().decrypt(stored[len(ENC_PREFIX):].encode("utf-8")).decode("utf-8")
|
||||
except InvalidToken as exc:
|
||||
raise RuntimeError("HL key decryption failed — wrong ENCRYPTION_KEY?") from exc
|
||||
|
||||
if stored.startswith(ENC_PREFIX_V2):
|
||||
rest = stored[len(ENC_PREFIX_V2):]
|
||||
try:
|
||||
salt_b64, token = rest.split(":", 1)
|
||||
salt = base64.urlsafe_b64decode(salt_b64.encode("ascii"))
|
||||
except Exception as exc:
|
||||
raise RuntimeError("Malformed enc:v2 blob") from exc
|
||||
try:
|
||||
return _cipher_v2(salt).decrypt(token.encode("utf-8")).decode("utf-8")
|
||||
except InvalidToken as exc:
|
||||
raise RuntimeError("HL key decryption failed — wrong ENCRYPTION_KEY?") from exc
|
||||
|
||||
if stored.startswith(ENC_PREFIX_V1):
|
||||
try:
|
||||
return _cipher_v1().decrypt(
|
||||
stored[len(ENC_PREFIX_V1):].encode("utf-8")).decode("utf-8")
|
||||
except InvalidToken as exc:
|
||||
raise RuntimeError("HL key decryption failed — wrong ENCRYPTION_KEY?") from exc
|
||||
|
||||
# Legacy plaintext row (from before encryption was added). Refuse to use in prod.
|
||||
if settings.environment == "production":
|
||||
raise RuntimeError(
|
||||
"Found legacy-plaintext HL key; run migration script before production"
|
||||
)
|
||||
logger.warning("Reading LEGACY plaintext HL key — migrate ASAP")
|
||||
return stored
|
||||
|
||||
|
||||
def is_current_format(stored: Optional[str]) -> bool:
|
||||
"""True if the blob is already enc:v2 (used by scripts/reencrypt_keys.py)."""
|
||||
return bool(stored) and stored.startswith(ENC_PREFIX_V2)
|
||||
|
||||
@@ -31,7 +31,6 @@ import time
|
||||
from datetime import datetime, timezone
|
||||
from typing import Optional
|
||||
|
||||
import httpx
|
||||
|
||||
from app.services.price_store import price_store
|
||||
from app.ws.manager import manager
|
||||
@@ -96,10 +95,10 @@ async def _tick() -> None:
|
||||
"""Single price fetch + dispatch cycle for all HL_PRICE_ASSETS."""
|
||||
now_ms = int(time.time() * 1000)
|
||||
|
||||
async with httpx.AsyncClient(timeout=4.0) as c:
|
||||
r = await c.post(HL_API_URL, json={"type": "allMids"})
|
||||
r.raise_for_status()
|
||||
mids: dict = r.json() # {"BTC": "74541.0", "HYPE": "13.5", …}
|
||||
from app.services.http_client import get_client
|
||||
r = await get_client().post(HL_API_URL, json={"type": "allMids"}, timeout=4.0)
|
||||
r.raise_for_status()
|
||||
mids: dict = r.json() # {"BTC": "74541.0", "HYPE": "13.5", …}
|
||||
|
||||
# Feed is alive the moment we successfully fetch mids, even if a specific
|
||||
# asset is momentarily absent from the response.
|
||||
|
||||
@@ -0,0 +1,37 @@
|
||||
"""Shared pooled httpx.AsyncClient.
|
||||
|
||||
Hot paths (scrapers, Telegram send/poll, price feeds, X poster) used to build
|
||||
a fresh AsyncClient per request, paying a TCP+TLS handshake every time. This
|
||||
module owns one process-wide client with keep-alive pooling; callers override
|
||||
the timeout per request (`client.get(url, timeout=10)`).
|
||||
|
||||
Lifecycle: lazily created on first use; main.py's lifespan closes it on
|
||||
shutdown. Low-frequency daily jobs (KOL/macro fetchers) may keep their own
|
||||
ad-hoc clients — pooling only matters on the per-second paths.
|
||||
"""
|
||||
import logging
|
||||
from typing import Optional
|
||||
|
||||
import httpx
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
_client: Optional[httpx.AsyncClient] = None
|
||||
|
||||
|
||||
def get_client() -> httpx.AsyncClient:
|
||||
global _client
|
||||
if _client is None or _client.is_closed:
|
||||
_client = httpx.AsyncClient(
|
||||
timeout=httpx.Timeout(20.0),
|
||||
follow_redirects=True,
|
||||
limits=httpx.Limits(max_connections=50, max_keepalive_connections=20),
|
||||
)
|
||||
return _client
|
||||
|
||||
|
||||
async def aclose() -> None:
|
||||
global _client
|
||||
if _client is not None and not _client.is_closed:
|
||||
await _client.aclose()
|
||||
_client = None
|
||||
@@ -315,6 +315,8 @@ async def extract_kol_signal(
|
||||
if post_type not in valid_post_types:
|
||||
post_type = "other"
|
||||
|
||||
tier = _derive_tier(cleaned, tvt_score)
|
||||
|
||||
return {
|
||||
"summary": (data.get("summary") or "").strip() or None,
|
||||
"post_type": post_type,
|
||||
@@ -322,6 +324,33 @@ async def extract_kol_signal(
|
||||
"talks_vs_trades_score": tvt_score,
|
||||
# Keep old boolean for any callers that still check it
|
||||
"talks_vs_trades_flag": tvt_score >= 0.5,
|
||||
# tier mirrors x_analysis' vocabulary (trade_signal / directional /
|
||||
# noise) so blog/substack/podcast posts get the same SIGNAL/VIEW UI
|
||||
# badges + the "Signals only" filter that Twitter posts already have.
|
||||
"tier": tier,
|
||||
"model": model,
|
||||
"version": ANALYSIS_VERSION,
|
||||
}
|
||||
|
||||
|
||||
def _derive_tier(tickers: list[dict], tvt_score: float) -> str:
|
||||
"""Map kol_analysis output → the trade_signal/directional/noise tiers that
|
||||
x_analysis emits directly. Non-Twitter analyzers don't ask the model for a
|
||||
tier, so we derive one from the per-ticker conviction + the talks-vs-trades
|
||||
(divergence) score. Without this, blog/substack/podcast rows have tier=NULL
|
||||
and the "Signals only" filter + SIGNAL/VIEW badges never apply to them.
|
||||
|
||||
* directional ticker = an explicit non-"mention" action (buy/sell/
|
||||
reduce/bullish/bearish).
|
||||
* trade_signal = high conviction (>= 0.6) on a directional ticker, or a
|
||||
strong talks-vs-trades divergence (>= 0.6) — the platform's top signal.
|
||||
* directional = a directional view exists but below the trade_signal bar.
|
||||
* noise = no directional ticker and no notable divergence.
|
||||
"""
|
||||
directional = [t for t in tickers if (t.get("action") or "mention") != "mention"]
|
||||
max_conv = max((float(t.get("conviction") or 0) for t in directional), default=0.0)
|
||||
if max_conv >= 0.6 or tvt_score >= 0.6:
|
||||
return "trade_signal"
|
||||
if directional or tvt_score >= 0.5:
|
||||
return "directional"
|
||||
return "noise"
|
||||
|
||||
@@ -468,6 +468,9 @@ async def _ingest_kol(
|
||||
# Extended analysis fields (migration 027)
|
||||
row.post_type = result.get("post_type")
|
||||
row.talks_vs_trades_flag = bool(result.get("talks_vs_trades_flag", False))
|
||||
# tier (trade_signal/directional/noise) so the "Signals only"
|
||||
# filter + SIGNAL/VIEW badges work for non-Twitter KOLs too.
|
||||
row.tier = result.get("tier")
|
||||
stats["analyzed"] += 1
|
||||
except Exception as e:
|
||||
logger.warning("[kol_substack] analysis failed for %s post %s: %s",
|
||||
|
||||
@@ -144,3 +144,58 @@ def verify_signed_request_any(
|
||||
last_exc = exc
|
||||
if last_exc is not None:
|
||||
raise last_exc
|
||||
|
||||
|
||||
# ── Signed-read credential extraction (C3) ────────────────────────────────
|
||||
# Read endpoints historically took the signature as `?ts=&sig=` query params,
|
||||
# which leaks signatures into access logs / proxies / browser history. The
|
||||
# canonical transport is now the X-Sig-Ts / X-Sig-Sig HEADERS; the query
|
||||
# params are kept as a deprecated fallback so older clients keep working.
|
||||
from dataclasses import dataclass
|
||||
|
||||
from fastapi import Header, Query
|
||||
|
||||
|
||||
@dataclass
|
||||
class SignedReadCreds:
|
||||
ts: int
|
||||
sig: str
|
||||
|
||||
|
||||
def signed_read_creds(
|
||||
ts: Optional[int] = Query(default=None, deprecated=True,
|
||||
description="DEPRECATED — use X-Sig-Ts header"),
|
||||
sig: Optional[str] = Query(default=None, deprecated=True,
|
||||
description="DEPRECATED — use X-Sig-Sig header"),
|
||||
x_sig_ts: Optional[int] = Header(default=None, alias="X-Sig-Ts",
|
||||
description="Signed timestamp (ms)"),
|
||||
x_sig_sig: Optional[str] = Header(default=None, alias="X-Sig-Sig",
|
||||
description="EIP-191 signature"),
|
||||
) -> SignedReadCreds:
|
||||
"""FastAPI dependency: required signed-read credentials.
|
||||
|
||||
Headers win over query params when both are present."""
|
||||
t = x_sig_ts if x_sig_ts is not None else ts
|
||||
s = x_sig_sig if x_sig_sig else sig
|
||||
if t is None or not s:
|
||||
raise HTTPException(
|
||||
422, "Missing signed-read credentials (X-Sig-Ts / X-Sig-Sig headers)")
|
||||
return SignedReadCreds(ts=t, sig=s)
|
||||
|
||||
|
||||
def optional_signed_read_creds(
|
||||
# Legacy query names used by /telegram/{wallet}/status.
|
||||
timestamp: Optional[int] = Query(default=None, deprecated=True,
|
||||
description="DEPRECATED — use X-Sig-Ts header"),
|
||||
signature: Optional[str] = Query(default=None, deprecated=True,
|
||||
description="DEPRECATED — use X-Sig-Sig header"),
|
||||
x_sig_ts: Optional[int] = Header(default=None, alias="X-Sig-Ts"),
|
||||
x_sig_sig: Optional[str] = Header(default=None, alias="X-Sig-Sig"),
|
||||
) -> Optional[SignedReadCreds]:
|
||||
"""Like signed_read_creds but returns None when absent — for endpoints
|
||||
that serve a redacted response to unauthenticated callers."""
|
||||
t = x_sig_ts if x_sig_ts is not None else timestamp
|
||||
s = x_sig_sig if x_sig_sig else signature
|
||||
if t is None or not s:
|
||||
return None
|
||||
return SignedReadCreds(ts=t, sig=s)
|
||||
|
||||
@@ -27,7 +27,6 @@ import logging
|
||||
from datetime import datetime, timezone
|
||||
from typing import Optional
|
||||
|
||||
import httpx
|
||||
from sqlalchemy import select, update
|
||||
|
||||
from app.config import settings
|
||||
@@ -274,8 +273,8 @@ async def send_message(chat_id: int | str, text: str, *,
|
||||
if reply_markup is not None:
|
||||
payload["reply_markup"] = reply_markup
|
||||
try:
|
||||
async with httpx.AsyncClient(timeout=10) as client:
|
||||
r = await client.post(url, json=payload)
|
||||
from app.services.http_client import get_client
|
||||
r = await get_client().post(url, json=payload, timeout=10)
|
||||
if r.status_code != 200:
|
||||
logger.warning("Telegram sendMessage failed chat=%s status=%d body=%s",
|
||||
chat_id, r.status_code, r.text[:200])
|
||||
@@ -302,8 +301,8 @@ async def edit_message(chat_id: int, message_id: int, text: str, *,
|
||||
if reply_markup is not None:
|
||||
payload["reply_markup"] = reply_markup
|
||||
try:
|
||||
async with httpx.AsyncClient(timeout=10) as client:
|
||||
r = await client.post(url, json=payload)
|
||||
from app.services.http_client import get_client
|
||||
r = await get_client().post(url, json=payload, timeout=10)
|
||||
if r.status_code != 200:
|
||||
# Telegram returns 400 on "message is not modified" — harmless.
|
||||
if "message is not modified" not in r.text:
|
||||
@@ -331,8 +330,8 @@ async def answer_callback(callback_query_id: str, text: str = "",
|
||||
payload["text"] = text
|
||||
payload["show_alert"] = show_alert
|
||||
try:
|
||||
async with httpx.AsyncClient(timeout=10) as client:
|
||||
await client.post(url, json=payload)
|
||||
from app.services.http_client import get_client
|
||||
await get_client().post(url, json=payload, timeout=10)
|
||||
return True
|
||||
except Exception as exc:
|
||||
logger.debug("Telegram answerCallback exception: %s", exc)
|
||||
|
||||
@@ -1007,15 +1007,14 @@ async def run_bot_loop() -> None:
|
||||
# them without processing, then start the real loop fresh.
|
||||
try:
|
||||
drain_url = TG_API.format(token=token, method="getUpdates")
|
||||
async with httpx.AsyncClient(timeout=10) as client:
|
||||
r = await client.get(drain_url, params={"timeout": 0, "limit": 100})
|
||||
from app.services.http_client import get_client
|
||||
r = await get_client().get(drain_url, params={"timeout": 0, "limit": 100}, timeout=10)
|
||||
if r.status_code == 200:
|
||||
pending = r.json().get("result", [])
|
||||
if pending:
|
||||
drain_offset = pending[-1]["update_id"] + 1
|
||||
# ACK by sending offset back — Telegram won't re-deliver these.
|
||||
async with httpx.AsyncClient(timeout=10) as client:
|
||||
await client.get(drain_url, params={"timeout": 0, "offset": drain_offset})
|
||||
await get_client().get(drain_url, params={"timeout": 0, "offset": drain_offset}, timeout=10)
|
||||
logger.info(
|
||||
"Startup drain: skipped %d stale update(s), offset now %d",
|
||||
len(pending), drain_offset,
|
||||
@@ -1032,8 +1031,8 @@ async def run_bot_loop() -> None:
|
||||
params: dict = {"timeout": 25}
|
||||
if offset is not None:
|
||||
params["offset"] = offset
|
||||
async with httpx.AsyncClient(timeout=35) as client:
|
||||
r = await client.get(url, params=params)
|
||||
from app.services.http_client import get_client
|
||||
r = await get_client().get(url, params=params, timeout=35)
|
||||
if r.status_code != 200:
|
||||
logger.warning("Telegram getUpdates HTTP %d: %s", r.status_code, r.text[:200])
|
||||
await asyncio.sleep(backoff)
|
||||
|
||||
@@ -33,7 +33,6 @@ import urllib.parse
|
||||
from datetime import datetime, timezone
|
||||
from typing import Optional
|
||||
|
||||
import httpx
|
||||
from sqlalchemy import select
|
||||
|
||||
from app.config import settings
|
||||
@@ -146,8 +145,8 @@ async def _post_tweet(text: str, reply_to: Optional[str] = None) -> Optional[str
|
||||
"Content-Type": "application/json",
|
||||
}
|
||||
try:
|
||||
async with httpx.AsyncClient(timeout=10) as client:
|
||||
resp = await client.post(TWEET_URL, json=payload, headers=headers)
|
||||
from app.services.http_client import get_client
|
||||
resp = await get_client().post(TWEET_URL, json=payload, headers=headers, timeout=10)
|
||||
if resp.status_code in (200, 201):
|
||||
_record_sent()
|
||||
tid = resp.json().get("data", {}).get("id")
|
||||
|
||||
Reference in New Issue
Block a user