Merge branch 'main' into codex/hip-3-perps

Author: 0xh3rman

AGENTS.md

@@ -14,6 +14,7 @@ Guidance for AI assistants (Claude Code, Gemini, Codex, etc.) collaborating on t
 - [Tests](skills/tests.md) — Test conventions, mocks, integration tests
 - [Defensive Programming](skills/defensive-programming.md) — Safety rules and exhaustive patterns
 - [Common Issues](skills/common-issues.md) — Known anti-patterns and their fixes
+- [Swapper Checklist](skills/swapper-checklist.md) — Integration checklist for swapper providers
 
 ## Task Completion
 

Cargo.lock

@@ -82,7 +82,7 @@ futures = { version = "0.3.32" }
 uuid = { version = "1.22.0", features = ["v4"] }
 
 # db
-redis = { version = "1.0.3", default-features = false, features = [
+redis = { version = "1.1.0", default-features = false, features = [
     "tokio-comp",
     "connection-manager",
 ] }

Cargo.toml

@@ -32,9 +32,9 @@ mercuryo:
     secret: ""
     token: ""
 banxa:
-  url: ""
+  url: "https://gemwallet.banxa.com"
   key:
-    public: "" 
+    public: ""
     secret: ""
 paybis:
   key:
@@ -254,6 +254,9 @@ consumer:
 
 api:
   service: ""
+  admin:
+    enabled: false
+    token: ""
   auth:
     enabled: true
     tolerance: 5m

Settings.yaml

@@ -0,0 +1,99 @@
+use rocket::Request;
+use rocket::http::Status;
+use rocket::outcome::Outcome::{Error, Success};
+use rocket::request::{FromRequest, Outcome};
+
+use crate::responders::cache_error;
+
+const AUTHORIZATION_HEADER: &str = "Authorization";
+const BEARER_PREFIX: &str = "Bearer ";
+
+fn error_outcome<T>(req: &Request<'_>, status: Status, message: &str) -> Outcome<T, String> {
+    cache_error(req, message);
+    Error((status, message.to_string()))
+}
+
+#[derive(Debug, Clone)]
+pub struct AdminConfig {
+    pub token: String,
+}
+
+pub struct AdminAuthorized;
+
+#[rocket::async_trait]
+impl<'r> FromRequest<'r> for AdminAuthorized {
+    type Error = String;
+
+    async fn from_request(req: &'r Request<'_>) -> Outcome<Self, String> {
+        let Success(config) = req.guard::<&rocket::State<AdminConfig>>().await else {
+            return error_outcome(req, Status::InternalServerError, "Admin config not available");
+        };
+
+        if config.token.is_empty() {
+            return error_outcome(req, Status::InternalServerError, "Admin token is not configured");
+        }
+
+        let Some(auth_value) = req.headers().get_one(AUTHORIZATION_HEADER) else {
+            return error_outcome(req, Status::Unauthorized, "Missing Authorization header");
+        };
+
+        if !auth_value.starts_with(BEARER_PREFIX) {
+            return error_outcome(req, Status::Unauthorized, "Invalid authorization format");
+        }
+
+        if auth_value[BEARER_PREFIX.len()..] != config.token {
+            return error_outcome(req, Status::Unauthorized, "Invalid admin token");
+        }
+
+        Success(AdminAuthorized)
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use rocket::http::{Header, Status};
+    use rocket::local::asynchronous::Client;
+    use rocket::{Build, Rocket, get, routes};
+
+    use super::{AdminAuthorized, AdminConfig};
+
+    #[get("/protected")]
+    async fn protected(_admin: AdminAuthorized) -> &'static str {
+        "ok"
+    }
+
+    fn rocket(config: AdminConfig) -> Rocket<Build> {
+        rocket::build().manage(config).mount("/", routes![protected])
+    }
+
+    fn bearer_header(token: &str) -> Header<'static> {
+        Header::new("Authorization", format!("Bearer {token}"))
+    }
+
+    #[rocket::async_test]
+    async fn test_invalid_token_returns_unauthorized() {
+        let client = Client::tracked(rocket(AdminConfig { token: "secret".to_string() })).await.unwrap();
+
+        let response = client.get("/protected").header(bearer_header("wrong")).dispatch().await;
+
+        assert_eq!(response.status(), Status::Unauthorized);
+    }
+
+    #[rocket::async_test]
+    async fn test_correct_token_returns_ok() {
+        let client = Client::tracked(rocket(AdminConfig { token: "secret".to_string() })).await.unwrap();
+
+        let response = client.get("/protected").header(bearer_header("secret")).dispatch().await;
+
+        assert_eq!(response.status(), Status::Ok);
+    }
+
+    #[rocket::async_test]
+    async fn test_enabled_with_empty_token_returns_internal_server_error() {
+        let client = Client::tracked(rocket(AdminConfig { token: String::new() })).await.unwrap();
+
+        let response = client.get("/protected").dispatch().await;
+
+        assert_eq!(response.status(), Status::InternalServerError);
+    }
+}

apps/api/src/admin.rs

@@ -2,6 +2,8 @@ pub mod cilent;
 mod filter;
 mod model;
 
+use crate::admin::AdminAuthorized;
+use crate::chain::ChainClient;
 use crate::params::{AssetIdParam, SearchQueryParam};
 use crate::responders::{ApiError, ApiResponse};
 pub use cilent::{AssetsClient, SearchClient};
@@ -30,20 +32,20 @@ pub async fn get_assets(asset_ids: Json<Vec<String>>, client: &State<Mutex<Asset
 
 #[post("/assets/add", format = "json", data = "<asset_id>")]
 pub async fn add_asset(
-    asset_id: Json<Vec<AssetId>>,
+    _admin: AdminAuthorized,
+    asset_id: Json<AssetId>,
     client: &State<Mutex<AssetsClient>>,
-    chain_client: &State<Mutex<crate::chain::ChainClient>>,
-) -> Result<ApiResponse<Vec<Asset>>, ApiError> {
-    let asset_id = asset_id.0.first().ok_or(ApiError::BadRequest("Missing asset_id".to_string()))?;
-
+    chain_client: &State<Mutex<ChainClient>>,
+) -> Result<ApiResponse<Asset>, ApiError> {
+    let asset_id = asset_id.0;
     let asset = chain_client
         .lock()
         .await
         .get_token_data(asset_id.chain, asset_id.token_id.clone().ok_or(ApiError::BadRequest("Missing token_id".to_string()))?)
         .await?;
     client.lock().await.add_assets(vec![asset.clone()])?;
 
-    Ok(vec![asset].into())
+    Ok(asset.into())
 }
 
 #[get("/assets/search?<query>&<chains>&<tags>&<limit>&<offset>")]

apps/api/src/assets/mod.rs

@@ -1,12 +1,35 @@
-use rocket::{State, get, tokio::sync::Mutex};
+use rocket::serde::json::Json;
+use rocket::{State, get, post, tokio::sync::Mutex};
+use streamer::{StreamProducer, StreamProducerQueue, TransactionsPayload};
 
+use crate::admin::AdminAuthorized;
 use crate::params::ChainParam;
 use crate::responders::{ApiError, ApiResponse};
-use primitives::Transaction;
+use primitives::{Transaction, TransactionId};
 
 use super::ChainClient;
 
 #[get("/chain/transactions/<chain>/<hash>")]
 pub async fn get_transaction(chain: ChainParam, hash: &str, client: &State<Mutex<ChainClient>>) -> Result<ApiResponse<Option<Transaction>>, ApiError> {
     Ok(client.lock().await.get_transaction_by_hash(chain.0, hash.to_string()).await?.into())
 }
+
+#[post("/transactions/add", format = "json", data = "<transaction_id>")]
+pub async fn add_transaction(
+    _admin: AdminAuthorized,
+    transaction_id: Json<TransactionId>,
+    chain_client: &State<Mutex<ChainClient>>,
+    stream_producer: &State<StreamProducer>,
+) -> Result<ApiResponse<Option<Transaction>>, ApiError> {
+    let client = chain_client.lock().await;
+
+    let transaction_id = transaction_id.0;
+    let transaction = client.get_transaction_by_hash(transaction_id.chain, transaction_id.hash).await?;
+
+    if let Some(transaction) = transaction.as_ref() {
+        let payload = TransactionsPayload::new(transaction.asset_id.chain, vec![], vec![transaction.clone()]);
+        stream_producer.publish_transactions(payload).await?;
+    }
+
+    Ok(transaction.into())
+}

apps/api/src/chain/transaction.rs

@@ -2,7 +2,7 @@ use std::collections::BTreeSet;
 use std::error::Error;
 
 use fiat::FiatClient;
-use primitives::{FiatQuote, FiatQuoteRequest, FiatQuoteUrl, FiatQuotes};
+use primitives::{FiatQuote, FiatQuoteRequest, FiatQuoteUrl, FiatQuotes, FiatTransaction, FiatTransactionInfo};
 use storage::{Database, FiatRepository, WalletsRepository};
 
 pub struct FiatQuotesClient {
@@ -19,6 +19,10 @@ impl FiatQuotesClient {
         self.fiat_client.get_quotes(request).await
     }
 
+    pub async fn get_quote(&self, quote_id: &str) -> Result<FiatQuote, Box<dyn Error + Send + Sync>> {
+        self.fiat_client.get_quote(quote_id).await
+    }
+
     pub async fn get_quote_url(
         &self,
         quote_id: &str,
@@ -42,15 +46,19 @@ impl FiatQuotesClient {
         self.fiat_client.process_and_publish_webhook(provider, webhook_data).await
     }
 
-    pub async fn get_order_status(&self, provider: &str, order_id: &str) -> Result<primitives::FiatTransaction, Box<dyn Error + Send + Sync>> {
+    pub async fn get_order_status(&self, provider: &str, order_id: &str) -> Result<FiatTransaction, Box<dyn Error + Send + Sync>> {
         self.fiat_client.get_order_status(provider, order_id).await
     }
 
-    pub fn get_transactions_by_wallet_id(&self, device_row_id: i32, wallet_id: i32) -> Result<Vec<primitives::FiatTransaction>, Box<dyn Error + Send + Sync>> {
+    pub fn get_transactions_by_wallet_id(&self, device_row_id: i32, wallet_id: i32) -> Result<Vec<FiatTransactionInfo>, Box<dyn Error + Send + Sync>> {
         let subscriptions = self.database.wallets()?.get_subscriptions_by_wallet_id(device_row_id, wallet_id)?;
         let addresses = subscriptions.into_iter().map(|(_, address)| address.address).collect::<BTreeSet<_>>().into_iter().collect();
 
-        let mut database = self.database.fiat()?;
-        Ok(FiatRepository::get_fiat_transactions_by_addresses(&mut database, addresses)?)
+        let transactions = FiatRepository::get_fiat_transactions_with_assets_by_addresses(&mut self.database.fiat()?, addresses)?;
+
+        Ok(transactions
+            .into_iter()
+            .map(|(transaction, asset)| fiat::fiat_transaction_info(transaction, asset))
+            .collect())
     }
 }

apps/api/src/devices/clients/fiat.rs

@@ -27,8 +27,8 @@ use primitives::device::Device;
 use primitives::name::NameRecord;
 use primitives::rewards::{RedemptionRequest, RedemptionResult, RewardRedemptionOption};
 use primitives::{
-    AddressName, AssetId, AuthNonce, ChainAddress, FiatAssets, FiatQuoteRequest, FiatQuoteType, FiatQuoteUrl, FiatQuotes, InAppNotification, MigrateDeviceIdRequest, NFTData,
-    PortfolioAssets, PortfolioAssetsRequest, PriceAlerts, ReportNft, RewardEvent, Rewards, ScanTransaction, ScanTransactionPayload, Transaction, TransactionsResponse,
+    AddressName, AssetId, AuthNonce, ChainAddress, FiatAssets, FiatQuote, FiatQuoteRequest, FiatQuoteType, FiatQuoteUrl, FiatQuotes, InAppNotification, MigrateDeviceIdRequest,
+    NFTData, PortfolioAssets, PortfolioAssetsRequest, PriceAlerts, ReportNft, RewardEvent, Rewards, ScanTransaction, ScanTransactionPayload, Transaction, TransactionsResponse,
     WalletSubscriptionChains,
 };
 use rocket::{State, delete, get, post, put, serde::json::Json, tokio::sync::Mutex};
@@ -218,15 +218,16 @@ pub async fn send_push_notification_device_v2(device: AuthenticatedDevice, clien
 
 #[post("/devices/nft/report", format = "json", data = "<request>")]
 pub async fn report_device_nft_v2(device: AuthenticatedDevice, request: Json<ReportNft>, client: &State<Mutex<NFTClient>>) -> Result<ApiResponse<bool>, ApiError> {
+    let asset_id = request
+        .asset_id
+        .as_deref()
+        .map(|asset_id| AssetId::new(asset_id).ok_or_else(|| ApiError::BadRequest(format!("Invalid asset_id: {asset_id}"))))
+        .transpose()?;
+
     Ok(client
         .lock()
         .await
-        .report_nft(
-            &device.device_row.device_id,
-            request.collection_id.clone(),
-            request.asset_id.clone(),
-            request.reason.clone(),
-        )?
+        .report_nft(&device.device_row.device_id, request.collection_id.clone(), asset_id, request.reason.clone())?
         .into())
 }
 
@@ -328,29 +329,12 @@ pub async fn delete_device_price_alerts_v2(
     Ok(client.lock().await.delete_price_alerts(&device.device_row.device_id, price_alerts.0).await?.into())
 }
 
-#[get("/devices/fiat/orders/<provider>/<order_id>")]
-pub async fn get_device_fiat_order_v2(
-    _device: AuthenticatedDevice,
-    provider: &str,
-    order_id: &str,
-    client: &State<Mutex<FiatQuotesClient>>,
-) -> Result<ApiResponse<primitives::FiatTransactionInfo>, ApiError> {
-    Ok(fiat::fiat_transaction_info(client.lock().await.get_order_status(provider, order_id).await?).into())
-}
-
 #[get("/devices/fiat/transactions")]
 pub async fn get_device_fiat_transactions_v2(
     device: AuthenticatedDeviceWallet,
     client: &State<Mutex<FiatQuotesClient>>,
 ) -> Result<ApiResponse<Vec<primitives::FiatTransactionInfo>>, ApiError> {
-    Ok(client
-        .lock()
-        .await
-        .get_transactions_by_wallet_id(device.device_row.id, device.wallet_id)?
-        .into_iter()
-        .map(fiat::fiat_transaction_info)
-        .collect::<Vec<_>>()
-        .into())
+    Ok(client.lock().await.get_transactions_by_wallet_id(device.device_row.id, device.wallet_id)?.into())
 }
 
 #[get("/devices/fiat/assets/<quote_type>")]
@@ -385,14 +369,19 @@ pub async fn get_fiat_quotes_v2(
         quote_type: quote_type.0,
         amount,
         currency: currency.as_string(),
-        provider_id: provider.map(|p| p.0.id()),
+        provider_id: provider.map(|p| p.0.id().to_string()),
         ip_address: ip_address.map(str::to_string).unwrap_or(fallback_ip_address),
     };
     let quotes = client.lock().await.get_quotes(quote_request).await?;
     fiat_metrics.record_quotes(&quotes);
     Ok(quotes.into())
 }
 
+#[get("/devices/fiat/quotes/<quote_id>", rank = 2)]
+pub async fn get_fiat_quote_v2(_device: AuthenticatedDevice, quote_id: &str, client: &State<Mutex<FiatQuotesClient>>) -> Result<ApiResponse<FiatQuote>, ApiError> {
+    Ok(client.lock().await.get_quote(quote_id).await?.into())
+}
+
 #[get("/fiat/quotes/<quote_type>?<asset_id>&<amount>&<currency>&<provider_id>&<ip_address>")]
 pub async fn get_fiat_quotes_v1(
     quote_type: FiatQuoteTypeParam,
@@ -411,7 +400,7 @@ pub async fn get_fiat_quotes_v1(
         quote_type: quote_type.0,
         amount,
         currency: currency.as_string(),
-        provider_id: provider_id.map(|p| p.0.id()),
+        provider_id: provider_id.map(|p| p.0.id().to_string()),
         ip_address: ip_address.map(str::to_string).unwrap_or(fallback_ip_address),
     };
     let quotes = client.lock().await.get_quotes(quote_request).await?;