Spaces:

dromerosm
/

ticker_monitor_api

Sleeping

dromerosm commited on Jul 31

Commit

c7fa0d0

1 Parent(s): c815950

Enhance API tests for new /data/analyze endpoint

- Added comprehensive tests for /data/analyze endpoint
- Implemented daily and intraday data validation
- Included multiple intervals (5m, 15m, 1h, 4h) testing
- Validated market status and rate limiting (20 req/min)
- Enhanced security tests including SQL injection and header checks
- Updated response validation for technical indicators
- Improved overall test structure and error handling

Files changed (3) hide show

api/index.py +663 -6
logs/api.log +0 -0
tests/test_api.py +349 -9

api/index.py CHANGED Viewed

@@ -12,7 +12,7 @@ from contextlib import asynccontextmanager
 import yaml
 import importlib.metadata
 import pytz
-from fastapi import FastAPI, HTTPException, BackgroundTasks, Depends, Security
 from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
 from pydantic import BaseModel, Field
 from sqlalchemy.ext.asyncio import create_async_engine, AsyncSession, async_sessionmaker
@@ -139,6 +139,45 @@ class DownloadDataResponse(BaseModel):
     updated_at: datetime
 # --- AUTHENTICATION ---
 security = HTTPBearer()
@@ -164,6 +203,121 @@ async def verify_api_key(credentials: HTTPAuthorizationCredentials = Security(se
     return credentials.credentials
 # --- CONFIGURATION ---
 class Config:
@@ -383,6 +537,80 @@ class YFinanceService:
         self.config = config
         self.logger = logging.getLogger(__name__)
     def calculate_technical_indicators(self, df: pd.DataFrame) -> pd.DataFrame:
         """
         Calculate technical indicators for a ticker's data.
@@ -860,7 +1088,8 @@ async def lifespan(app: FastAPI):
     await database.engine.dispose()
     logger.info("database_lifecycle event=connections_closed")
-# Create FastAPI app
 app = FastAPI(
     title="Stock Monitoring API",
     description="API for managing S&P 500 and Nasdaq 100 ticker data",
@@ -868,10 +1097,6 @@ app = FastAPI(
     lifespan=lifespan,
 )
 # --- API ENDPOINTS ---
 @app.get("/")
@@ -1370,6 +1595,438 @@ async def get_ticker_data(
         raise HTTPException(status_code=500, detail="Failed to fetch ticker data")
 # Local execution configuration
 if __name__ == "__main__":
     import uvicorn

 import yaml
 import importlib.metadata
 import pytz
+from fastapi import FastAPI, HTTPException, BackgroundTasks, Depends, Security, Request, Response
 from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
 from pydantic import BaseModel, Field
 from sqlalchemy.ext.asyncio import create_async_engine, AsyncSession, async_sessionmaker
     updated_at: datetime
+class FinancialDataRequest(BaseModel):
+    tickers: List[str] = Field(..., description="Stock ticker symbols (e.g., ['AAPL', 'MSFT', 'GOOGL'])")
+    period: str = Field(default="3mo", description="Data period: 1d,5d,1mo,3mo,6mo,1y,2y,5y,10y,ytd,max")
+    intraday: bool = Field(default=False, description="Enable intraday data (pre-market to post-market)")
+    interval: str = Field(default="1d", description="Data interval: 1m,2m,5m,15m,30m,60m,90m,1h,4h,1d,5d,1wk,1mo,3mo")
+class TechnicalIndicatorData(BaseModel):
+    ticker: str
+    datetime: str  # Changed from 'date' to 'datetime' for intraday support
+    open: float
+    high: float
+    low: float
+    close: float
+    volume: int
+    sma_fast: Optional[float] = None  # SMA 10
+    sma_med: Optional[float] = None   # SMA 20
+    sma_slow: Optional[float] = None  # SMA 50
+class MarketStatus(BaseModel):
+    is_open: bool
+    market_state: str  # REGULAR, PREPRE, PRE, POST, POSTPOST, CLOSED
+    timezone: str
+class FinancialDataResponse(BaseModel):
+    success: bool
+    tickers: List[str]
+    period: str
+    interval: str
+    intraday: bool
+    total_data_points: int
+    date_range: Dict[str, str]  # start_date, end_date
+    market_status: Optional[MarketStatus] = None
+    data: List[TechnicalIndicatorData]
+    calculated_at: datetime
 # --- AUTHENTICATION ---
 security = HTTPBearer()
     return credentials.credentials
+# --- RATE LIMITING ---
+class RateLimiter:
+    def __init__(self):
+        self.requests = {}  # {ip_address: {endpoint: [(timestamp, count), ...]}}
+        self.limits = {
+            "/data/analyze": {"requests": 20, "window": 60},  # 20 requests per minute
+            "default": {"requests": 100, "window": 60}  # 100 requests per minute default
+        }
+    def is_allowed(self, client_ip: str, endpoint: str) -> tuple[bool, dict]:
+        """
+        Check if request is within rate limits.
+        Returns (is_allowed, rate_info)
+        """
+        current_time = time.time()
+        # Get limits for this endpoint
+        limit_config = self.limits.get(endpoint, self.limits["default"])
+        max_requests = limit_config["requests"]
+        window_seconds = limit_config["window"]
+        # Initialize tracking for this IP if needed
+        if client_ip not in self.requests:
+            self.requests[client_ip] = {}
+        if endpoint not in self.requests[client_ip]:
+            self.requests[client_ip][endpoint] = []
+        # Clean old requests outside the window
+        cutoff_time = current_time - window_seconds
+        self.requests[client_ip][endpoint] = [
+            (timestamp, count) for timestamp, count in self.requests[client_ip][endpoint]
+            if timestamp > cutoff_time
+        ]
+        # Count current requests in window
+        current_count = sum(count for _, count in self.requests[client_ip][endpoint])
+        # Check if limit exceeded
+        if current_count >= max_requests:
+            return False, {
+                "allowed": False,
+                "current_count": current_count,
+                "limit": max_requests,
+                "window_seconds": window_seconds,
+                "reset_time": max(timestamp for timestamp, _ in self.requests[client_ip][endpoint]) + window_seconds
+            }
+        # Allow request and record it
+        self.requests[client_ip][endpoint].append((current_time, 1))
+        return True, {
+            "allowed": True,
+            "current_count": current_count + 1,
+            "limit": max_requests,
+            "window_seconds": window_seconds,
+            "remaining": max_requests - current_count - 1
+        }
+# Global rate limiter instance
+rate_limiter = RateLimiter()
+async def check_rate_limit(request: Request, endpoint: str = "/data/analyze"):
+    """
+    Dependency to check rate limits for endpoints.
+    """
+    # Get client IP (handle proxies)
+    client_ip = request.headers.get("x-forwarded-for", "").split(",")[0].strip()
+    if not client_ip:
+        client_ip = request.headers.get("x-real-ip", "")
+    if not client_ip:
+        client_ip = getattr(request.client, "host", "unknown")
+    is_allowed, rate_info = rate_limiter.is_allowed(client_ip, endpoint)
+    if not is_allowed:
+        reset_time = int(rate_info["reset_time"])
+        logger = logging.getLogger(__name__)
+        logger.warning(f"rate_limit_exceeded client_ip={client_ip} endpoint={endpoint} count={rate_info['current_count']} limit={rate_info['limit']}")
+        raise HTTPException(
+            status_code=429,
+            detail={
+                "error": "Rate limit exceeded",
+                "limit": rate_info["limit"],
+                "window_seconds": rate_info["window_seconds"],
+                "reset_time": reset_time,
+                "current_count": rate_info["current_count"]
+            },
+            headers={
+                "X-RateLimit-Limit": str(rate_info["limit"]),
+                "X-RateLimit-Remaining": "0",
+                "X-RateLimit-Reset": str(reset_time),
+                "Retry-After": str(int(rate_info["reset_time"] - time.time()))
+            }
+        )
+    return rate_info
+async def add_security_headers(response: Response, rate_info: dict = None):
+    """
+    Add security headers to response.
+    """
+    response.headers["X-Content-Type-Options"] = "nosniff"
+    response.headers["X-Frame-Options"] = "DENY"
+    response.headers["X-XSS-Protection"] = "1; mode=block"
+    if rate_info:
+        response.headers["X-RateLimit-Limit"] = str(rate_info["limit"])
+        response.headers["X-RateLimit-Remaining"] = str(rate_info.get("remaining", 0))
+    return response
 # --- CONFIGURATION ---
 class Config:
         self.config = config
         self.logger = logging.getLogger(__name__)
+    def get_market_status(self, ticker: str) -> MarketStatus:
+        """
+        Get current market status using yfinance's most reliable endpoints.
+        Uses multiple methods for accuracy: info, calendar, and recent data.
+        """
+        try:
+            ticker_obj = yf.Ticker(ticker)
+            # Method 1: Try to get current data with 1-minute interval
+            # This is the most reliable way to check if market is currently active
+            current_data = None
+            market_state = 'UNKNOWN'
+            timezone_name = 'America/New_York'
+            try:
+                # Get very recent data to check market activity
+                current_data = ticker_obj.history(period="1d", interval="1m", prepost=True)
+                if not current_data.empty:
+                    last_timestamp = current_data.index[-1]
+                    now = datetime.now(last_timestamp.tz)
+                    time_diff = (now - last_timestamp).total_seconds()
+                    # If last data is within 5 minutes, market is likely active
+                    if time_diff <= 300:  # 5 minutes
+                        # Check if it's during regular hours, pre-market, or post-market
+                        hour = last_timestamp.hour
+                        if 9 <= hour < 16:  # Regular hours (9:30 AM - 4:00 PM ET, roughly)
+                            market_state = 'REGULAR'
+                        elif 4 <= hour < 9:  # Pre-market (4:00 AM - 9:30 AM ET)
+                            market_state = 'PRE'
+                        elif 16 <= hour <= 20:  # Post-market (4:00 PM - 8:00 PM ET)
+                            market_state = 'POST'
+                        else:
+                            market_state = 'CLOSED'
+                    else:
+                        market_state = 'CLOSED'
+            except Exception as hist_error:
+                self.logger.debug(f"history_method_failed ticker={ticker} error={str(hist_error)}")
+            # Method 2: Use ticker.info as backup/validation
+            try:
+                info = ticker_obj.info
+                info_market_state = info.get('marketState', 'UNKNOWN')
+                timezone_name = info.get('exchangeTimezoneName', 'America/New_York')
+                # If history method failed, use info method
+                if market_state == 'UNKNOWN' and info_market_state != 'UNKNOWN':
+                    market_state = info_market_state
+            except Exception as info_error:
+                self.logger.debug(f"info_method_failed ticker={ticker} error={str(info_error)}")
+            # Determine if market is open
+            is_open = market_state in ['REGULAR', 'PRE', 'POST']
+            self.logger.info(f"market_status_determined ticker={ticker} state={market_state} is_open={is_open} timezone={timezone_name}")
+            return MarketStatus(
+                is_open=is_open,
+                market_state=market_state,
+                timezone=timezone_name
+            )
+        except Exception as e:
+            self.logger.warning(f"market_status_check_failed ticker={ticker} error={str(e)}")
+            # Return conservative default status
+            return MarketStatus(
+                is_open=False,
+                market_state='UNKNOWN',
+                timezone='America/New_York'
+            )
     def calculate_technical_indicators(self, df: pd.DataFrame) -> pd.DataFrame:
         """
         Calculate technical indicators for a ticker's data.
     await database.engine.dispose()
     logger.info("database_lifecycle event=connections_closed")
+# --------------------------
+# --- Create FastAPI app ---
 app = FastAPI(
     title="Stock Monitoring API",
     description="API for managing S&P 500 and Nasdaq 100 ticker data",
     lifespan=lifespan,
 )
 # --- API ENDPOINTS ---
 @app.get("/")
         raise HTTPException(status_code=500, detail="Failed to fetch ticker data")
+@app.post("/data/analyze")
+async def analyze_financial_data(
+    request: FinancialDataRequest,
+    http_request: Request,
+    api_key: str = Depends(verify_api_key),
+    rate_info: dict = Depends(check_rate_limit)
+):
+    """
+    Download financial data for multiple tickers and calculate technical indicators without database storage.
+    **Security Features**:
+    - **API Key Required**: Must provide valid API key in Authorization header
+    - **Rate Limited**: Maximum 20 requests per minute per IP address
+    - **Input Validation**: Comprehensive validation of ticker symbols and parameters
+    - **Request Logging**: All requests are logged with IP address and timing
+    **Logic**:
+    - Downloads real-time data from Yahoo Finance for the specified tickers and period
+    - Optimized for multiple tickers by downloading them in a single batch request
+    - Calculates technical indicators: SMA 10 (fast), SMA 20 (med), SMA 50 (slow)
+    - Returns the data with technical indicators without storing in database
+    - Useful for real-time analysis and testing without persisting data
+    **Authentication**:
+    - **Header**: `Authorization: Bearer <your_api_key>`
+    **Rate Limits**:
+    - **Limit**: 20 requests per minute per IP address
+    - **Headers**: Response includes rate limit headers (X-RateLimit-*)
+    **Args**:
+    - **request**: FinancialDataRequest (list of ticker symbols and period)
+    - **http_request**: Request object (auto-injected for IP tracking)
+    - **api_key**: API key for authentication (auto-injected)
+    - **rate_info**: Rate limiting info (auto-injected)
+    **Supported periods**:
+    - 1d, 5d, 1mo, 3mo, 6mo, 1y, 2y, 5y, 10y, ytd, max
+    **Supported intervals**:
+    - 1m, 2m, 5m, 15m, 30m, 60m, 90m, 1h, 4h, 1d, 5d, 1wk, 1mo, 3mo
+    **Intraday Features**:
+    - **Pre/Post Market**: Include extended hours data when `intraday=true`
+    - **Market Status**: Real-time market status checking
+    - **High Frequency**: Support for 5m to 4h intervals
+    - **Restrictions**: Intraday limited to 1d/5d/1mo periods with 5m-4h intervals
+    **Example requests:**
+    ```bash
+    # Daily data (default)
+    curl -X POST "http://localhost:7860/data/analyze" \\
+      -H "Authorization: Bearer your_api_key" \\
+      -H "Content-Type: application/json" \\
+      -d '{"tickers": ["AAPL", "MSFT"], "period": "3mo"}'
+    # Intraday 15-minute data with pre/post market
+    curl -X POST "http://localhost:7860/data/analyze" \\
+      -H "Authorization: Bearer your_api_key" \\
+      -H "Content-Type: application/json" \\
+      -d '{"tickers": ["AAPL"], "period": "1d", "interval": "15m", "intraday": true}'
+    # Hourly data for current week
+    curl -X POST "http://localhost:7860/data/analyze" \\
+      -H "Authorization: Bearer your_api_key" \\
+      -H "Content-Type: application/json" \\
+      -d '{"tickers": ["TSLA", "NVDA"], "period": "5d", "interval": "1h", "intraday": true}'
+    ```
+    **Example request body**:
+    ```json
+    {
+        "tickers": ["TSLA", "NVDA"],
+        "period": "5d",
+        "interval": "1h",
+        "intraday": true
+    }
+    ```
+    **Example response:**
+    ```json
+    {
+        "success": true,
+        "tickers": ["AAPL", "MSFT", "GOOGL"],
+        "period": "3mo",
+        "total_data_points": 195,
+        "date_range": {
+            "start_date": "2025-04-30",
+            "end_date": "2025-07-31"
+        },
+        "data": [
+            {
+                "ticker": "AAPL",
+                "date": "2025-07-31",
+                "open": 150.25,
+                "high": 152.80,
+                "low": 149.50,
+                "close": 151.75,
+                "volume": 45123000,
+                "sma_fast": 150.85,
+                "sma_med": 149.92,
+                "sma_slow": 148.15
+            }
+        ],
+        "calculated_at": "2025-07-31T14:15:26+00:00"
+    }
+    ```
+    **Error Responses**:
+    - **401**: Invalid or missing API key
+    - **429**: Rate limit exceeded (includes Retry-After header)
+    - **400**: Invalid input parameters
+    - **404**: No data found for requested tickers
+    - **500**: Internal server error
+    """
+    try:
+        logger = logging.getLogger(__name__)
+        start_time = time.perf_counter()
+        # Security logging - get client IP for audit trail
+        client_ip = http_request.headers.get("x-forwarded-for", "").split(",")[0].strip()
+        if not client_ip:
+            client_ip = http_request.headers.get("x-real-ip", "")
+        if not client_ip:
+            client_ip = getattr(http_request.client, "host", "unknown")
+        user_agent = http_request.headers.get("user-agent", "unknown")
+        # Enhanced input validation and security checks
+        if not request.tickers or len(request.tickers) == 0:
+            logger.warning(f"security_validation_failed client_ip={client_ip} reason=empty_tickers_list user_agent={user_agent}")
+            raise HTTPException(
+                status_code=400,
+                detail="At least one ticker symbol is required."
+            )
+        if len(request.tickers) > 50:
+            logger.warning(f"security_validation_failed client_ip={client_ip} reason=too_many_tickers count={len(request.tickers)} user_agent={user_agent}")
+            raise HTTPException(
+                status_code=400,
+                detail="Maximum 50 tickers allowed per request."
+            )
+        # Clean and validate ticker symbols with enhanced security
+        ticker_symbols = []
+        for ticker in request.tickers:
+            ticker_clean = str(ticker).upper().strip()
+            # Security: Check for malicious patterns
+            if not ticker_clean or len(ticker_clean) > 10:
+                logger.warning(f"security_validation_failed client_ip={client_ip} reason=invalid_ticker_length ticker={ticker} user_agent={user_agent}")
+                raise HTTPException(
+                    status_code=400,
+                    detail=f"Invalid ticker symbol '{ticker}'. Must be 1-10 characters."
+                )
+            # Security: Only allow alphanumeric characters and common symbols
+            import re
+            if not re.match(r'^[A-Z0-9\.\-\^]+$', ticker_clean):
+                logger.warning(f"security_validation_failed client_ip={client_ip} reason=invalid_ticker_chars ticker={ticker} user_agent={user_agent}")
+                raise HTTPException(
+                    status_code=400,
+                    detail=f"Invalid ticker symbol '{ticker}'. Only alphanumeric characters, dots, hyphens, and carets allowed."
+                )
+            ticker_symbols.append(ticker_clean)
+        # Remove duplicates while preserving order
+        seen = set()
+        ticker_symbols = [x for x in ticker_symbols if not (x in seen or seen.add(x))]
+        # Validate period and interval with security logging
+        valid_periods = ['1d', '5d', '1mo', '3mo', '6mo', '1y', '2y', '5y', '10y', 'ytd', 'max']
+        valid_intervals = ['1m', '2m', '5m', '15m', '30m', '60m', '90m', '1h', '4h', '1d', '5d', '1wk', '1mo', '3mo']
+        if request.period not in valid_periods:
+            logger.warning(f"security_validation_failed client_ip={client_ip} reason=invalid_period period={request.period} user_agent={user_agent}")
+            raise HTTPException(
+                status_code=400,
+                detail=f"Invalid period. Must be one of: {', '.join(valid_periods)}"
+            )
+        if request.interval not in valid_intervals:
+            logger.warning(f"security_validation_failed client_ip={client_ip} reason=invalid_interval interval={request.interval} user_agent={user_agent}")
+            raise HTTPException(
+                status_code=400,
+                detail=f"Invalid interval. Must be one of: {', '.join(valid_intervals)}"
+            )
+        # Validate intraday configuration
+        if request.intraday:
+            # For intraday data, restrict to shorter periods and specific intervals
+            intraday_periods = ['1d', '5d', '1mo']
+            intraday_intervals = ['5m', '15m', '30m', '60m', '90m', '1h', '4h']
+            if request.period not in intraday_periods:
+                logger.warning(f"security_validation_failed client_ip={client_ip} reason=invalid_intraday_period period={request.period} user_agent={user_agent}")
+                raise HTTPException(
+                    status_code=400,
+                    detail=f"For intraday data, period must be one of: {', '.join(intraday_periods)}"
+                )
+            if request.interval not in intraday_intervals:
+                logger.warning(f"security_validation_failed client_ip={client_ip} reason=invalid_intraday_interval interval={request.interval} user_agent={user_agent}")
+                raise HTTPException(
+                    status_code=400,
+                    detail=f"For intraday data, interval must be one of: {', '.join(intraday_intervals)}"
+                )
+        # Security audit log for successful request start
+        logger.info(f"financial_data_analysis_started client_ip={client_ip} tickers={ticker_symbols} period={request.period} interval={request.interval} intraday={request.intraday} count={len(ticker_symbols)} api_key_valid=true user_agent={user_agent}")
+        logger.info(f"rate_limit_info client_ip={client_ip} current_count={rate_info['current_count']} limit={rate_info['limit']} remaining={rate_info.get('remaining', 0)}")
+        # Get market status for the first ticker (representative)
+        market_status = None
+        if request.intraday or request.interval in ['1m', '2m', '5m', '15m', '30m', '60m', '90m', '1h', '4h']:
+            yfinance_svc = YFinanceService(config)
+            market_status = yfinance_svc.get_market_status(ticker_symbols[0])
+            logger.info(f"market_status_check ticker={ticker_symbols[0]} state={market_status.market_state} is_open={market_status.is_open}")
+        # Download data from Yahoo Finance - optimized for multiple tickers with interval support
+        download_start = time.perf_counter()
+        # Configure download parameters
+        download_params = {
+            'period': request.period,
+            'progress': False,
+            'auto_adjust': True
+        }
+        # Only group by ticker if we have multiple tickers
+        if len(ticker_symbols) > 1:
+            download_params['group_by'] = 'ticker'
+        # Add interval if different from default
+        if request.interval != '1d':
+            download_params['interval'] = request.interval
+        # For intraday data, include pre/post market data
+        if request.intraday:
+            download_params['prepost'] = True
+            logger.info(f"intraday_download_enabled prepost=true interval={request.interval}")
+        data = yf.download(ticker_symbols, **download_params)
+        download_end = time.perf_counter()
+        if data.empty:
+            logger.warning(f"no_data_found tickers={ticker_symbols} period={request.period}")
+            raise HTTPException(
+                status_code=404,
+                detail=f"No financial data found for tickers {ticker_symbols} with period {request.period}"
+            )
+        logger.info(f"data_downloaded tickers_count={len(ticker_symbols)} rows={len(data)} duration_ms={(download_end-download_start)*1000:.2f}")
+        # Calculate technical indicators and convert to response format
+        calc_start = time.perf_counter()
+        if 'yfinance_svc' not in locals():
+            yfinance_svc = YFinanceService(config)
+        result_data = []
+        all_dates = []
+        # Handle both single ticker and multi-ticker cases
+        if len(ticker_symbols) == 1:
+            # Single ticker case - flatten multi-level columns if they exist
+            ticker = ticker_symbols[0]
+            # Check if we have multi-level columns and flatten them
+            if isinstance(data.columns, pd.MultiIndex):
+                # Flatten the multi-level columns by taking the first level (the actual column names)
+                data.columns = data.columns.get_level_values(0)
+            data_with_indicators = yfinance_svc.calculate_technical_indicators(data)
+            all_dates.extend(data_with_indicators.index.tolist())
+            for date_idx, row in data_with_indicators.iterrows():
+                try:
+                    close_val = row['Close']
+                    if pd.isna(close_val):
+                        continue
+                except (KeyError, ValueError):
+                    continue
+                # Format datetime based on data type (intraday vs daily)
+                if request.intraday or request.interval in ['1m', '2m', '5m', '15m', '30m', '60m', '90m', '1h', '4h']:
+                    datetime_str = date_idx.isoformat()
+                else:
+                    datetime_str = date_idx.date().isoformat()
+                result_data.append(TechnicalIndicatorData(
+                    ticker=ticker,
+                    datetime=datetime_str,
+                    open=float(row['Open']),
+                    high=float(row['High']),
+                    low=float(row['Low']),
+                    close=float(row['Close']),
+                    volume=int(row['Volume']),
+                    sma_fast=float(row['sma_fast']) if pd.notna(row['sma_fast']) else None,
+                    sma_med=float(row['sma_med']) if pd.notna(row['sma_med']) else None,
+                    sma_slow=float(row['sma_slow']) if pd.notna(row['sma_slow']) else None
+                ))
+        else:
+            # Multiple tickers case - data is grouped by ticker
+            processed_tickers = []
+            for ticker in ticker_symbols:
+                if ticker not in data.columns.get_level_values(0):
+                    logger.warning(f"ticker_data_missing ticker={ticker} reason=not_in_downloaded_data")
+                    continue
+                ticker_data = data[ticker]
+                if ticker_data.empty:
+                    logger.warning(f"ticker_data_empty ticker={ticker}")
+                    continue
+                # Calculate technical indicators for this ticker
+                ticker_data_with_indicators = yfinance_svc.calculate_technical_indicators(ticker_data)
+                all_dates.extend(ticker_data_with_indicators.index.tolist())
+                processed_tickers.append(ticker)
+                for date_idx, row in ticker_data_with_indicators.iterrows():
+                    try:
+                        close_val = row['Close']
+                        if pd.isna(close_val):
+                            continue
+                    except (KeyError, ValueError):
+                        continue
+                    # Format datetime based on data type (intraday vs daily)
+                    if request.intraday or request.interval in ['1m', '2m', '5m', '15m', '30m', '60m', '90m', '1h', '4h']:
+                        datetime_str = date_idx.isoformat()
+                    else:
+                        datetime_str = date_idx.date().isoformat()
+                    result_data.append(TechnicalIndicatorData(
+                        ticker=ticker,
+                        datetime=datetime_str,
+                        open=float(row['Open']),
+                        high=float(row['High']),
+                        low=float(row['Low']),
+                        close=float(row['Close']),
+                        volume=int(row['Volume']),
+                        sma_fast=float(row['sma_fast']) if pd.notna(row['sma_fast']) else None,
+                        sma_med=float(row['sma_med']) if pd.notna(row['sma_med']) else None,
+                        sma_slow=float(row['sma_slow']) if pd.notna(row['sma_slow']) else None
+                    ))
+            if not processed_tickers:
+                raise HTTPException(
+                    status_code=404,
+                    detail=f"No valid data found for any of the requested tickers: {ticker_symbols}"
+                )
+        calc_end = time.perf_counter()
+        logger.info(f"indicators_calculated tickers_count={len(ticker_symbols)} duration_ms={(calc_end-calc_start)*1000:.2f}")
+        # Calculate date range
+        start_date = min(all_dates).date() if all_dates else datetime.now().date()
+        end_date = max(all_dates).date() if all_dates else datetime.now().date()
+        # Sort by ticker and datetime (most recent first)
+        result_data.sort(key=lambda x: (x.ticker, x.datetime), reverse=True)
+        end_time = time.perf_counter()
+        total_duration = end_time - start_time
+        # Security audit log for successful completion
+        logger.info(f"financial_data_analysis_completed client_ip={client_ip} tickers={ticker_symbols} data_points={len(result_data)} total_duration_ms={total_duration*1000:.2f} status=success")
+        # Create response with security headers
+        from fastapi.responses import JSONResponse
+        # Create response data
+        response_data = {
+            "success": True,
+            "tickers": ticker_symbols,
+            "period": request.period,
+            "interval": request.interval,
+            "intraday": request.intraday,
+            "total_data_points": len(result_data),
+            "date_range": {
+                "start_date": start_date.isoformat(),
+                "end_date": end_date.isoformat()
+            },
+            "market_status": {
+                "is_open": market_status.is_open,
+                "market_state": market_status.market_state,
+                "timezone": market_status.timezone
+            } if market_status else None,
+            "data": [
+                {
+                    "ticker": item.ticker,
+                    "datetime": item.datetime,
+                    "open": item.open,
+                    "high": item.high,
+                    "low": item.low,
+                    "close": item.close,
+                    "volume": item.volume,
+                    "sma_fast": item.sma_fast,
+                    "sma_med": item.sma_med,
+                    "sma_slow": item.sma_slow
+                }
+                for item in result_data
+            ],
+            "calculated_at": datetime.now(pytz.UTC).isoformat()
+        }
+        # Return JSONResponse with security headers
+        return JSONResponse(
+            content=response_data,
+            headers={
+                "X-RateLimit-Limit": str(rate_info["limit"]),
+                "X-RateLimit-Remaining": str(rate_info.get("remaining", 0)),
+                "X-Content-Type-Options": "nosniff",
+                "X-Frame-Options": "DENY",
+                "X-XSS-Protection": "1; mode=block"
+            }
+        )
+    except HTTPException:
+        raise
+    except Exception as e:
+        logger = logging.getLogger(__name__)
+        # Security audit log for errors
+        client_ip = http_request.headers.get("x-forwarded-for", "").split(",")[0].strip()
+        if not client_ip:
+            client_ip = getattr(http_request.client, "host", "unknown")
+        logger.error(f"financial_data_analysis_failed client_ip={client_ip} tickers={request.tickers} error={str(e)} status=error")
+        raise HTTPException(
+            status_code=500,
+            detail=f"Failed to analyze financial data for tickers {request.tickers}: {str(e)}"
+        )
 # Local execution configuration
 if __name__ == "__main__":
     import uvicorn

logs/api.log CHANGED Viewed

The diff for this file is too large to render. See raw diff

tests/test_api.py CHANGED Viewed

@@ -3,12 +3,16 @@
 Automated API Testing Script for Stock Monitoring API
 Tests authentication, endpoints, and security features.
-Updated for new API architecture:
-- Removed /data/download endpoint (now uses only /data/download-all)
-- Added force_refresh and force_indicators parameters
-- Updated bulk download strategy testing with 3-month period
-- Added technical indicators validation (SMA 10, 20, 50)
-- Updated response validation for new SMA fields
 """
 import requests
@@ -19,6 +23,8 @@ from dotenv import load_dotenv
 # Load environment variables from parent directory
 load_dotenv(dotenv_path="../.env")
 PORT = os.getenv("PORT", "7860")
 print(f"Using PORT: {PORT}")
@@ -105,6 +111,7 @@ def test_protected_endpoints_no_auth():
         ("POST", "/tickers/update", {"force_refresh": False}),
         ("POST", "/tickers/update-async", {"force_refresh": False}),
         ("POST", "/data/download-all", {"force_refresh": False, "force_indicators": False}),
         ("GET", "/tasks", None),
         ("DELETE", "/tasks/old", None)
     ]
@@ -137,6 +144,7 @@ def test_protected_endpoints_invalid_auth():
     protected_endpoints = [
         ("POST", "/tickers/update", {"force_refresh": False}),
         ("POST", "/data/download-all", {"force_refresh": False, "force_indicators": False}),
         ("GET", "/tasks", None),
     ]
@@ -321,7 +329,11 @@ def main():
     """Run all tests."""
     print("🧪 Starting Stock Monitoring API Tests")
     print(f"🔗 Base URL: {BASE_URL}")
-    print(f"🔑 API Key: {API_KEY[:10]}...")
     all_tests_passed = True
@@ -333,6 +345,11 @@ def main():
     all_tests_passed &= test_protected_endpoints_valid_auth()
     all_tests_passed &= test_data_endpoints()
     all_tests_passed &= test_technical_indicators()
     all_tests_passed &= test_sql_injection_safety()
     # Final results
@@ -345,8 +362,15 @@ def main():
         print("✅ Public endpoints are accessible")
         print("✅ Bulk data download with freshness check is working")
         print("✅ Technical indicators (SMA 10, 20, 50) are working")
-        print("✅ 3-month data period and force_indicators flag functional")
-        print("✅ New optimized API architecture is functional")
     else:
         print("❌ SOME TESTS FAILED!")
         print("⚠️  Please check the API implementation")
@@ -411,5 +435,321 @@ def test_technical_indicators():
     return all_passed
 if __name__ == "__main__":
     exit(main())

 Automated API Testing Script for Stock Monitoring API
 Tests authentication, endpoints, and security features.
+Updated for new API architecture with /data/analyze endpoint:
+- Added comprehensive /data/analyze endpoint testing
+- Tests intraday data with multiple intervals (5m, 15m, 1h, 4h)
+- Tests pre/post market data functionality
+- Tests market status checking
+- Tests rate limiting (20 req/min)
+- Tests security features and input validation
+- Tests multiple tickers optimization
+- Validates technical indicators on all intervals
+- Tests daily vs intraday data formats
 """
 import requests
 # Load environment variables from parent directory
 load_dotenv(dotenv_path="../.env")
+# Also try loading from current directory
+load_dotenv()
 PORT = os.getenv("PORT", "7860")
 print(f"Using PORT: {PORT}")
         ("POST", "/tickers/update", {"force_refresh": False}),
         ("POST", "/tickers/update-async", {"force_refresh": False}),
         ("POST", "/data/download-all", {"force_refresh": False, "force_indicators": False}),
+        ("POST", "/data/analyze", {"tickers": ["AAPL"], "period": "1d"}),
         ("GET", "/tasks", None),
         ("DELETE", "/tasks/old", None)
     ]
     protected_endpoints = [
         ("POST", "/tickers/update", {"force_refresh": False}),
         ("POST", "/data/download-all", {"force_refresh": False, "force_indicators": False}),
+        ("POST", "/data/analyze", {"tickers": ["AAPL"], "period": "1d"}),
         ("GET", "/tasks", None),
     ]
     """Run all tests."""
     print("🧪 Starting Stock Monitoring API Tests")
     print(f"🔗 Base URL: {BASE_URL}")
+    if API_KEY:
+        print(f"🔑 API Key: {API_KEY[:10]}...")
+    else:
+        print("❌ API Key not found in environment variables!")
+        return 1
     all_tests_passed = True
     all_tests_passed &= test_protected_endpoints_valid_auth()
     all_tests_passed &= test_data_endpoints()
     all_tests_passed &= test_technical_indicators()
+    all_tests_passed &= test_analyze_endpoint_daily()
+    all_tests_passed &= test_analyze_endpoint_intraday()
+    all_tests_passed &= test_analyze_endpoint_validation()
+    all_tests_passed &= test_analyze_endpoint_rate_limiting()
+    all_tests_passed &= test_analyze_endpoint_security()
     all_tests_passed &= test_sql_injection_safety()
     # Final results
         print("✅ Public endpoints are accessible")
         print("✅ Bulk data download with freshness check is working")
         print("✅ Technical indicators (SMA 10, 20, 50) are working")
+        print("✅ /data/analyze endpoint with daily data is functional")
+        print("✅ /data/analyze endpoint with intraday data is functional")
+        print("✅ Market status checking is working")
+        print("✅ Multiple tickers optimization is working")
+        print("✅ Rate limiting (20 req/min) is enforced")
+        print("✅ Security headers and input validation are active")
+        print("✅ Pre/post market data functionality is working")
+        print("✅ Multiple intervals (5m, 15m, 1h, 4h) are supported")
+        print("✅ Intraday vs daily datetime formatting is correct")
     else:
         print("❌ SOME TESTS FAILED!")
         print("⚠️  Please check the API implementation")
     return all_passed
+def test_analyze_endpoint_daily():
+    """Test /data/analyze endpoint with daily data."""
+    print_test_header("Data Analyze Endpoint - Daily Data")
+    all_passed = True
+    # Test 1: Single ticker daily data
+    try:
+        payload = {
+            "tickers": ["AAPL"],
+            "period": "1mo"
+        }
+        response = requests.post(
+            f"{BASE_URL}/data/analyze",
+            headers=HEADERS_VALID_AUTH,
+            json=payload,
+            timeout=30
+        )
+        passed = response.status_code == 200
+        all_passed &= print_result("/data/analyze (single ticker)", "POST", 200, response.status_code, passed)
+        if passed:
+            data = response.json()
+            print(f"   📊 Success: {data.get('success')}")
+            print(f"   📈 Tickers: {data.get('tickers')}")
+            print(f"   📅 Period: {data.get('period')}")
+            print(f"   📊 Interval: {data.get('interval')}")
+            print(f"   🕐 Intraday: {data.get('intraday')}")
+            print(f"   📊 Data points: {data.get('total_data_points')}")
+            print(f"   📅 Date range: {data.get('date_range', {}).get('start_date')} to {data.get('date_range', {}).get('end_date')}")
+            # Validate response structure
+            if data.get('data') and len(data['data']) > 0:
+                sample = data['data'][0]
+                print(f"   💰 Sample close: ${sample.get('close', 0):.2f}")
+                print(f"   📊 Has SMA Fast: {sample.get('sma_fast') is not None}")
+                print(f"   📊 Has SMA Med: {sample.get('sma_med') is not None}")
+                print(f"   📊 Has SMA Slow: {sample.get('sma_slow') is not None}")
+                # Check datetime format for daily data (should be date only)
+                datetime_str = sample.get('datetime', '')
+                print(f"   📅 DateTime format: {datetime_str} (daily: {len(datetime_str) == 10})")
+    except Exception as e:
+        print(f"❌ Single ticker daily test failed: {e}")
+        all_passed = False
+    # Small delay to avoid rate limiting
+    time.sleep(1)
+    # Test 2: Multiple tickers daily data
+    try:
+        payload = {
+            "tickers": ["AAPL", "MSFT", "GOOGL"],
+            "period": "5d"
+        }
+        response = requests.post(
+            f"{BASE_URL}/data/analyze",
+            headers=HEADERS_VALID_AUTH,
+            json=payload,
+            timeout=40
+        )
+        passed = response.status_code == 200
+        all_passed &= print_result("/data/analyze (multi ticker)", "POST", 200, response.status_code, passed)
+        if passed:
+            data = response.json()
+            print(f"   📊 Tickers: {len(data.get('tickers', []))}")
+            print(f"   📈 Data points: {data.get('total_data_points')}")
+            # Check rate limit headers
+            rate_limit = response.headers.get('X-RateLimit-Limit')
+            rate_remaining = response.headers.get('X-RateLimit-Remaining')
+            if rate_limit:
+                print(f"   🚦 Rate limit: {rate_remaining}/{rate_limit}")
+    except Exception as e:
+        print(f"❌ Multi ticker daily test failed: {e}")
+        all_passed = False
+    return all_passed
+def test_analyze_endpoint_intraday():
+    """Test /data/analyze endpoint with intraday data."""
+    print_test_header("Data Analyze Endpoint - Intraday Data")
+    all_passed = True
+    # Test different intervals
+    intervals_to_test = [
+        ("15m", "15-minute intervals"),
+        ("1h", "1-hour intervals"),
+        ("4h", "4-hour intervals")
+    ]
+    for interval, description in intervals_to_test:
+        try:
+            payload = {
+                "tickers": ["AAPL"],
+                "period": "1d",
+                "interval": interval,
+                "intraday": True
+            }
+            response = requests.post(
+                f"{BASE_URL}/data/analyze",
+                headers=HEADERS_VALID_AUTH,
+                json=payload,
+                timeout=30
+            )
+            passed = response.status_code == 200
+            all_passed &= print_result(f"/data/analyze ({interval})", "POST", 200, response.status_code, passed)
+            if passed:
+                data = response.json()
+                print(f"   📊 {description}: {data.get('total_data_points')} points")
+                print(f"   🕐 Intraday: {data.get('intraday')}")
+                print(f"   📊 Interval: {data.get('interval')}")
+                # Check market status
+                market_status = data.get('market_status')
+                if market_status:
+                    print(f"   📈 Market open: {market_status.get('is_open')}")
+                    print(f"   📊 Market state: {market_status.get('market_state')}")
+                    print(f"   🌍 Timezone: {market_status.get('timezone')}")
+                # Check datetime format for intraday (should include time)
+                if data.get('data') and len(data['data']) > 0:
+                    sample = data['data'][0]
+                    datetime_str = sample.get('datetime', '')
+                    print(f"   📅 DateTime format: {datetime_str[:19]}... (intraday: {len(datetime_str) > 10})")
+            # Add delay to avoid rate limiting during tests
+            time.sleep(2)
+        except Exception as e:
+            print(f"❌ Intraday {interval} test failed: {e}")
+            all_passed = False
+    return all_passed
+def test_analyze_endpoint_validation():
+    """Test /data/analyze endpoint input validation."""
+    print_test_header("Data Analyze Endpoint - Input Validation")
+    all_passed = True
+    # Test invalid inputs
+    test_cases = [
+        # (payload, expected_status, description)
+        ({"tickers": [], "period": "1d"}, 400, "Empty tickers list"),
+        ({"tickers": ["INVALID!!!"], "period": "1d"}, 400, "Invalid ticker characters"),
+        ({"tickers": ["AAPL"], "period": "invalid"}, 400, "Invalid period"),
+        ({"tickers": ["AAPL"], "period": "1d", "interval": "invalid"}, 400, "Invalid interval"),
+        ({"tickers": ["AAPL"], "period": "1y", "interval": "5m", "intraday": True}, 400, "Invalid intraday period"),
+        ({"tickers": ["AAPL"], "period": "1d", "interval": "1d", "intraday": True}, 400, "Invalid intraday interval"),
+        ({"tickers": ["A" * 50] * 51, "period": "1d"}, 400, "Too many tickers"),
+    ]
+    for payload, expected_status, description in test_cases:
+        try:
+            response = requests.post(
+                f"{BASE_URL}/data/analyze",
+                headers=HEADERS_VALID_AUTH,
+                json=payload,
+                timeout=15
+            )
+            passed = response.status_code == expected_status
+            all_passed &= print_result(f"/data/analyze ({description})", "POST", expected_status, response.status_code, passed)
+            if not passed:
+                print(f"   📄 Response: {response.text[:100]}...")
+            # Small delay to avoid rate limiting except for rate limit test
+            if "Too many tickers" not in description:
+                time.sleep(0.5)
+        except Exception as e:
+            print(f"❌ Validation test '{description}' failed: {e}")
+            all_passed = False
+    return all_passed
+def test_analyze_endpoint_rate_limiting():
+    """Test rate limiting on /data/analyze endpoint."""
+    print_test_header("Data Analyze Endpoint - Rate Limiting")
+    all_passed = True
+    print("   ⏰ Waiting 5 seconds to start with fresh rate limit...")
+    time.sleep(5)
+    print("   🚦 Testing rate limit (20 requests/minute)...")
+    # Make requests quickly to test rate limiting
+    payload = {"tickers": ["AAPL"], "period": "1d"}
+    successful_requests = 0
+    rate_limited_requests = 0
+    for i in range(15):  # Try 15 requests (moderate test, not exhausting all)
+        try:
+            response = requests.post(
+                f"{BASE_URL}/data/analyze",
+                headers=HEADERS_VALID_AUTH,
+                json=payload,
+                timeout=10
+            )
+            if response.status_code == 200:
+                successful_requests += 1
+            elif response.status_code == 429:
+                rate_limited_requests += 1
+                print(f"   🚦 Rate limited on request {i+1}")
+                # Check rate limit headers
+                retry_after = response.headers.get('Retry-After')
+                if retry_after:
+                    print(f"   ⏰ Retry after: {retry_after} seconds")
+                break
+            else:
+                print(f"   ⚠️  Unexpected status {response.status_code} on request {i+1}")
+            # Very small delay between requests
+            time.sleep(0.05)
+        except Exception as e:
+            print(f"❌ Rate limit test request {i+1} failed: {e}")
+    print(f"   ✅ Successful requests: {successful_requests}")
+    print(f"   🚦 Rate limited requests: {rate_limited_requests}")
+    # Rate limiting should kick in
+    passed = successful_requests > 0 and rate_limited_requests > 0
+    all_passed &= passed
+    if passed:
+        print("   ✅ Rate limiting is working correctly")
+    else:
+        print("   ❌ Rate limiting may not be working properly")
+    return all_passed
+def test_analyze_endpoint_security():
+    """Test security features of /data/analyze endpoint."""
+    print_test_header("Data Analyze Endpoint - Security Features")
+    all_passed = True
+    print("   ⏰ Waiting 10 seconds before security tests...")
+    time.sleep(10)
+    # Test 1: SQL injection attempts in ticker names
+    injection_attempts = [
+        "'; DROP TABLE tickers; --",
+        "' OR '1'='1",
+        "AAPL'; DELETE FROM tasks; --",
+        "<script>alert('xss')</script>",
+        "../../etc/passwd"
+    ]
+    for injection in injection_attempts:
+        try:
+            payload = {"tickers": [injection], "period": "1d"}
+            response = requests.post(
+                f"{BASE_URL}/data/analyze",
+                headers=HEADERS_VALID_AUTH,
+                json=payload,
+                timeout=15
+            )
+            # Should return 400 (validation error) for malicious input
+            # But if rate limited, skip this specific test
+            if response.status_code == 429:
+                print(f"   🚦 Rate limited during injection test: {injection[:20]}... (skipping)")
+                continue
+            passed = response.status_code == 400
+            all_passed &= print_result(f"/data/analyze (injection: {injection[:20]}...)", "POST", 400, response.status_code, passed)
+            # Small delay to avoid rate limiting
+            time.sleep(0.5)
+        except Exception as e:
+            print(f"❌ Security test failed: {e}")
+            all_passed = False
+    # Test 2: Check security headers in response
+    try:
+        payload = {"tickers": ["AAPL"], "period": "1d"}
+        response = requests.post(
+            f"{BASE_URL}/data/analyze",
+            headers=HEADERS_VALID_AUTH,
+            json=payload,
+            timeout=15
+        )
+        if response.status_code == 200:
+            security_headers = [
+                'X-Content-Type-Options',
+                'X-Frame-Options',
+                'X-XSS-Protection'
+            ]
+            headers_found = 0
+            for header in security_headers:
+                if header in response.headers:
+                    headers_found += 1
+                    print(f"   🛡️  {header}: {response.headers[header]}")
+            passed = headers_found >= 2  # At least 2 security headers
+            all_passed &= passed
+            print(f"   🛡️  Security headers: {headers_found}/{len(security_headers)}")
+    except Exception as e:
+        print(f"❌ Security headers test failed: {e}")
+        all_passed = False
+    return all_passed
 if __name__ == "__main__":
     exit(main())