initial commit — cassandra v0.1
Containerised macro-strategy dashboard: 4-panel web UI (indicators, portfolio, flash news, AI strategic log), MariaDB store, hourly ingestion jobs, OpenRouter-backed AI analysis. Ports the four prototype scripts in the parent dir (market_pulse, flash_news, trading212, strategic_log) into async services backed by a persistent DB and served via FastAPI + Jinja2 + HTMX. APScheduler runs as a separate compose service for crash-safety and easier restarts. Portfolio composition + position names come live from Trading 212; news per-ticker headlines reuse those names. Tone (NOVICE/INTERMEDIATE/ PRO) and analysis style (DRY/SPECULATIVE) are env-configurable and stored on each log row so historical entries show what produced them. Default model is deepseek/deepseek-v4-flash (overridable via env). Light/dark theme toggle, sans-serif for prose surfaces, monospace for data. Bearer-token auth, OpenRouter monthly cost cap, RSS feeds auto- disabled on consecutive failures. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
commit
a10409c02b
61 changed files with 4890 additions and 0 deletions
31
app/auth.py
Normal file
31
app/auth.py
Normal file
|
|
@ -0,0 +1,31 @@
|
|||
"""Bearer-token auth — single static token from CASSANDRA_TOKEN env.
|
||||
If the env is empty, the app runs open (LAN-only / dev mode).
|
||||
Constant-time comparison via secrets.compare_digest.
|
||||
"""
|
||||
from __future__ import annotations
|
||||
|
||||
import secrets
|
||||
|
||||
from fastapi import Header, HTTPException, status
|
||||
|
||||
from app.config import get_settings
|
||||
|
||||
|
||||
async def require_token(
|
||||
authorization: str | None = Header(default=None),
|
||||
) -> None:
|
||||
expected = get_settings().CASSANDRA_TOKEN
|
||||
if not expected:
|
||||
return # open mode — no auth required
|
||||
if not authorization or not authorization.lower().startswith("bearer "):
|
||||
raise HTTPException(
|
||||
status_code=status.HTTP_401_UNAUTHORIZED,
|
||||
detail="Bearer token required",
|
||||
headers={"WWW-Authenticate": "Bearer"},
|
||||
)
|
||||
provided = authorization.split(" ", 1)[1].strip()
|
||||
if not secrets.compare_digest(provided.encode(), expected.encode()):
|
||||
raise HTTPException(
|
||||
status_code=status.HTTP_403_FORBIDDEN,
|
||||
detail="Invalid token",
|
||||
)
|
||||
Loading…
Add table
Add a link
Reference in a new issue