Skip to content

feat(funds): implement fund ledger system and wallet management#236

Merged
recscse merged 3 commits intomainfrom
feature-branch
Feb 26, 2026
Merged

feat(funds): implement fund ledger system and wallet management#236
recscse merged 3 commits intomainfrom
feature-branch

Conversation

@recscse
Copy link
Copy Markdown
Contributor

@recscse recscse commented Feb 26, 2026

Comprehensive fund management system including:

  • Database migration for FundLedger model.
  • FundManager service for handling deposits, withdrawals, and balance tracking.
  • Integration with CapitalManager and ExecutionHandler for fund-aware trading.
  • New UI components for Add Funds, Fund Statement Table, and a dedicated Funds Tab in User Profile.
  • Performance optimizations in AutoTradingPage and ProfilePage.

@recscse
feat(funds): implement fund ledger system and wallet management
c5dbd89 
Comprehensive fund management system including:
- Database migration for FundLedger model.
- FundManager service for handling deposits, withdrawals, and balance tracking.
- Integration with CapitalManager and ExecutionHandler for fund-aware trading.
- New UI components for Add Funds, Fund Statement Table, and a dedicated Funds Tab in User Profile.
- Performance optimizations in AutoTradingPage and ProfilePage.
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Feb 26, 2026

🤖 Automated PR Quality Check

Validated PR structure, code complexity, and trading safety patterns. Reviewers have been notified.

github-advanced-security[bot]
github-advanced-security AI found potential problems Feb 26, 2026
View reviewed changes
Comment thread router/trading_execution_router.py
"""Add virtual funds to paper trading account"""
try:
result = fund_manager.add_paper_funds(current_user.id, amount, db, description)
return result

Check warning

Code scanning / CodeQL

Information exposure through an exception Medium

Stack trace information
Loading
flows to this location and may be exposed to an external user.

Copilot Autofix

AI 2 months ago

General approach: Do not expose raw exception messages (or derived text like stack traces) in HTTP responses. Instead, log the full exception server‑side and return a generic, user‑safe error message and optionally a stable error code. Internally, service methods should not return raw str(e) to API layers; they should either raise suitable application exceptions or return generic error fields without implementation details.

Best concrete fix here, without changing existing behavior structure:

  1. In FundManagementService.add_paper_funds, change the except block so that:

    • It still rolls back the transaction and logs the detailed error (including e) using the existing logger.
    • But instead of returning {"success": False, "error": str(e)}, it returns a generic error message, e.g. {"success": False, "error": "Failed to add paper funds. Please try again later."}. This preserves the response shape (success + error string) so existing callers don’t break, but removes sensitive details.

  2. In the router’s /funds/add-paper-funds endpoint, the current pattern of catching exceptions and raising HTTPException(status_code=500, detail=str(e)) can also leak str(e) if something fails before reaching the service or if the service raises instead of returning an error dict. Change that HTTPException detail to a generic message, e.g. "Internal server error while adding funds". Logging already captures the detailed error.

These two changes ensure that neither direct exceptions nor service-returned errors expose internal exception text to clients, while leaving overall control flow and result structure intact.

Specific edits:

  • File services/trading_execution/fund_manager.py, within FundManagementService.add_paper_funds, lines 155–158.
  • File router/trading_execution_router.py, within add_paper_funds route, lines 1914–1916.

No new methods or imports are required beyond what’s already present; we continue using the existing logger instances.

Suggested changeset 2
router/trading_execution_router.py

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/router/trading_execution_router.py b/router/trading_execution_router.py
--- a/router/trading_execution_router.py
+++ b/router/trading_execution_router.py
@@ -1913,7 +1913,11 @@
         return result
     except Exception as e:
         logger.error(f"Error adding funds: {e}")
-        raise HTTPException(status_code=500, detail=str(e))
+        # Do not expose internal exception details to the client
+        raise HTTPException(
+            status_code=500,
+            detail="Internal server error while adding funds."
+        )
 
 @router.get("/funds/statement")
 async def get_fund_statement(
EOF
@@ -1913,7 +1913,11 @@
return result
except Exception as e:
logger.error(f"Error adding funds: {e}")
raise HTTPException(status_code=500, detail=str(e))
# Do not expose internal exception details to the client
raise HTTPException(
status_code=500,
detail="Internal server error while adding funds."
)

@router.get("/funds/statement")
async def get_fund_statement(
services/trading_execution/fund_manager.py
Outside changed files

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/services/trading_execution/fund_manager.py b/services/trading_execution/fund_manager.py
--- a/services/trading_execution/fund_manager.py
+++ b/services/trading_execution/fund_manager.py
@@ -155,7 +155,11 @@
         except Exception as e:
             db.rollback()
             logger.error(f"❌ Error adding paper funds: {e}")
-            return {"success": False, "error": str(e)}
+            # Return a generic error message to avoid exposing internal details
+            return {
+                "success": False,
+                "error": "Failed to add paper funds. Please try again later."
+            }
 
     def block_margin(self, user_id: int, amount: float, trading_mode: str, reference_id: str, db: Session) -> bool:
         """Block margin for a new trade"""
EOF
@@ -155,7 +155,11 @@
except Exception as e:
db.rollback()
logger.error(f"❌ Error adding paper funds: {e}")
return {"success": False, "error": str(e)}
# Return a generic error message to avoid exposing internal details
return {
"success": False,
"error": "Failed to add paper funds. Please try again later."
}

def block_margin(self, user_id: int, amount: float, trading_mode: str, reference_id: str, db: Session) -> bool:
"""Block margin for a new trade"""
Copilot is powered by AI and may make mistakes. Always verify output.
@netlify
Copy link
Copy Markdown

netlify Bot commented Feb 26, 2026
edited
Loading

Deploy Preview for resplendent-shortbread-e830d3 ready!

Name Link
🔨 Latest commit 55b342a
🔍 Latest deploy log https://app.netlify.com/projects/resplendent-shortbread-e830d3/deploys/699fd90d0f57740008e4e741
😎 Deploy Preview https://deploy-preview-236--resplendent-shortbread-e830d3.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.
Lighthouse
Lighthouse		 1 paths audited
Performance: 53
Accessibility: 91
Best Practices: 92
SEO: 100
PWA: 90
View the detailed breakdown and full score reports

To edit notification comments on pull requests, go to your Netlify project configuration.

@recscse recscse merged commit 4623e3e into main Feb 26, 2026
15 of 21 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@recscse @github-advanced-security