iwa 0.0.0__py3-none-any.whl → 0.0.1a2__py3-none-any.whl

iwa/web/routers/transactions.py

@@ -0,0 +1,153 @@
+"""Transactions Router for Web API."""
+
+import datetime
+import json
+import logging
+
+from fastapi import APIRouter, Depends, HTTPException, Request
+from pydantic import BaseModel, Field, field_validator
+from slowapi import Limiter
+from slowapi.util import get_remote_address
+from web3 import Web3
+
+from iwa.core.db import SentTransaction
+from iwa.web.dependencies import verify_auth, wallet
+
+logger = logging.getLogger(__name__)
+router = APIRouter(prefix="/api", tags=["transactions"])
+
+# Rate limiter for this router
+limiter = Limiter(key_func=get_remote_address)
+
+
+class TransactionRequest(BaseModel):
+    """Request model for sending a transaction."""
+
+    from_address: str = Field(description="Sender address or tag")
+    to_address: str = Field(description="Recipient address or tag")
+    amount_eth: float = Field(description="Amount to send in ETH/Tokens")
+    token: str = Field(default="native", description="Token symbol (e.g., OLAS) or 'native'")
+    chain: str = Field(default="gnosis", description="Target blockchain")
+
+    @field_validator("from_address", "to_address")
+    @classmethod
+    def validate_address(cls, v: str) -> str:
+        """Validate address format."""
+        if not v:
+            raise ValueError("Address cannot be empty")
+        if v.startswith("0x"):
+            if len(v) != 42:
+                raise ValueError("Invalid address format")
+        else:
+            # Assume it's a tag - allow alphanumeric, underscores, dashes, and spaces
+            if not v.replace("_", "").replace("-", "").replace(" ", "").isalnum():
+                raise ValueError("Invalid tag format")
+        return v
+
+    @field_validator("chain")
+    @classmethod
+    def validate_chain(cls, v: str) -> str:
+        """Validate chain name."""
+        if not v.replace("-", "").isalnum():
+            raise ValueError("Invalid chain name")
+        return v
+
+    @field_validator("token")
+    @classmethod
+    def validate_token(cls, v: str) -> str:
+        """Validate token symbol or address."""
+        # Token can be "native", a symbol "OLAS", or address "0x..."
+        if not v:
+            raise ValueError("Token cannot be empty")
+        if v.startswith("0x") and len(v) != 42:
+            raise ValueError("Invalid token address")
+        return v
+
+    @field_validator("amount_eth")
+    @classmethod
+    def validate_amount(cls, v: float) -> float:
+        """Validate amount is positive."""
+        if v < 0:
+            raise ValueError("Amount must be positive")
+        if v > 1e18:  # Sanity check
+            raise ValueError("Amount too large")
+        return v
+
+
+@router.get(
+    "/transactions",
+    summary="Get Transactions",
+    description="Retrieve recent sent transactions (last 24h) for a chain.",
+)
+def get_transactions(chain: str = "gnosis", auth: bool = Depends(verify_auth)):
+    """Get recent transactions for a specific chain."""
+    if not chain.replace("-", "").isalnum():
+        raise HTTPException(status_code=400, detail="Invalid chain name")
+    chain = chain.lower()
+    recent = (
+        SentTransaction.select()
+        .where(
+            (SentTransaction.chain == chain)
+            & (SentTransaction.timestamp > (datetime.datetime.now() - datetime.timedelta(hours=24)))
+        )
+        .order_by(SentTransaction.timestamp.desc())
+    )
+
+    result = []
+    for tx in recent:
+        # Get token decimals for proper display
+        token_decimals = 18  # Default for native
+        if tx.token and tx.token.lower() not in ["native", "native currency"]:
+            try:
+                from iwa.core.chain import ChainInterfaces
+                from iwa.core.contracts.erc20 import ERC20Contract
+
+                chain_interface = ChainInterfaces().get(chain)
+                if chain_interface:
+                    token_address = chain_interface.chain.get_token_address(tx.token)
+                    if token_address:
+                        erc20 = ERC20Contract(token_address, chain)
+                        token_decimals = erc20.decimals
+            except Exception:
+                pass  # Default to 18 if we can't get decimals
+
+        amount_display = float(tx.amount_wei or 0) / (10**token_decimals)
+
+        result.append(
+            {
+                "timestamp": tx.timestamp.isoformat(),
+                "chain": tx.chain.capitalize(),
+                "from": tx.from_tag or tx.from_address,
+                "to": tx.to_tag or tx.to_address,
+                "token": tx.token,
+                "amount": f"{amount_display:.2f}",
+                "value_eur": f"€{(tx.value_eur or 0.0):.2f}",
+                "status": "Confirmed",
+                "hash": tx.tx_hash,
+                "gas_cost": str(tx.gas_cost or "0"),
+                "gas_value_eur": f"€{tx.gas_value_eur:.4f}" if tx.gas_value_eur else "?",
+                "tags": json.loads(tx.tags) if tx.tags else [],
+            }
+        )
+    return result
+
+
+@router.post(
+    "/send",
+    summary="Send Transaction",
+    description="Send native currency or ERC20 tokens from a managed account.",
+)
+@limiter.limit("10/minute")
+def send_transaction(request: Request, req: TransactionRequest, auth: bool = Depends(verify_auth)):
+    """Send a transaction from an account."""
+    try:
+        tx_hash = wallet.send(
+            from_address_or_tag=req.from_address,
+            to_address_or_tag=req.to_address,
+            amount_wei=Web3.to_wei(req.amount_eth, "ether"),
+            token_address_or_name=req.token,
+            chain_name=req.chain,
+        )
+        return {"status": "success", "hash": tx_hash}
+    except Exception as e:
+        raise HTTPException(status_code=400, detail=str(e)) from None

iwa/web/server.py

@@ -0,0 +1,155 @@
+"""FastAPI Server Entrypoint."""
+
+import logging
+import os
+from contextlib import asynccontextmanager
+from pathlib import Path
+
+from fastapi import FastAPI, Request
+from fastapi.middleware.cors import CORSMiddleware
+from fastapi.responses import HTMLResponse, JSONResponse
+from fastapi.staticfiles import StaticFiles
+from slowapi import Limiter, _rate_limit_exceeded_handler
+from slowapi.errors import RateLimitExceeded
+from slowapi.util import get_remote_address
+from starlette.middleware.base import BaseHTTPMiddleware
+
+from iwa.core.wallet import init_db
+
+# Pre-load cowdao_cowpy modules BEFORE async loop starts
+# This is required because cowdao_cowpy uses asyncio.run() at import time
+# which fails if called from an already running event loop
+from iwa.plugins.gnosis.cow_utils import get_cowpy_module
+
+get_cowpy_module("DEFAULT_APP_DATA_HASH")  # Forces import now, not during async
+
+# Import dependencies to ensure initialization
+# Import routers
+from iwa.web.routers import accounts, olas, state, swap, transactions  # noqa: E402
+
+# Configure logging
+logging.basicConfig(level=logging.INFO)
+logger = logging.getLogger(__name__)
+
+
+# Rate limiter (in-memory storage, resets on restart)
+limiter = Limiter(key_func=get_remote_address)
+
+
+class SecurityHeadersMiddleware(BaseHTTPMiddleware):
+    """Middleware to add security headers to all responses."""
+
+    async def dispatch(self, request: Request, call_next):
+        """Add security headers to response."""
+        response = await call_next(request)
+        response.headers["X-Content-Type-Options"] = "nosniff"
+        response.headers["X-Frame-Options"] = "DENY"
+        response.headers["X-XSS-Protection"] = "1; mode=block"
+        response.headers["Referrer-Policy"] = "strict-origin-when-cross-origin"
+        response.headers["Permissions-Policy"] = "geolocation=(), microphone=(), camera=()"
+        # Content Security Policy for XSS protection
+        response.headers["Content-Security-Policy"] = (
+            "default-src 'self'; "
+            "script-src 'self'; "
+            "style-src 'self'; "
+            "img-src 'self' data:; "
+            "font-src 'self'; "
+            "connect-src 'self'"
+        )
+        # HSTS for production HTTPS deployments (enable via environment variable)
+        if os.getenv("ENABLE_HSTS", "").lower() in ("true", "1", "yes"):
+            response.headers["Strict-Transport-Security"] = "max-age=31536000; includeSubDomains"
+        return response
+
+
+@asynccontextmanager
+async def lifespan(app: FastAPI):
+    """Lifecycle events."""
+    logger.info("Starting up check operations...")
+    init_db()
+
+    # Initialize block tracking for Tenderly monitoring
+    from iwa.core.chain import ChainInterfaces
+
+    ChainInterfaces().gnosis.init_block_tracking()
+    # Check block limit immediately at startup with visual progress bar
+    ChainInterfaces().gnosis.check_block_limit(show_progress_bar=True)
+
+    yield
+    logger.info("Shutting down...")
+
+
+app = FastAPI(title="IWA Web UI", version="0.1.0", lifespan=lifespan)
+
+# Attach rate limiter to app
+app.state.limiter = limiter
+app.add_exception_handler(RateLimitExceeded, _rate_limit_exceeded_handler)
+
+# Security Headers Middleware
+app.add_middleware(SecurityHeadersMiddleware)
+
+# CORS - configurable via environment variable for production
+default_origins = [
+    "http://localhost:3000",
+    "http://127.0.0.1:3000",
+    "http://localhost:8080",
+    "http://127.0.0.1:8080",
+]
+allowed_origins_env = os.getenv("ALLOWED_ORIGINS")
+if allowed_origins_env:
+    origins = [origin.strip() for origin in allowed_origins_env.split(",")]
+else:
+    origins = default_origins
+
+app.add_middleware(
+    CORSMiddleware,
+    allow_origins=origins,
+    allow_credentials=True,
+    allow_methods=["GET", "POST", "PUT", "DELETE"],
+    allow_headers=["*"],
+)
+
+
+# Exception Handler
+@app.exception_handler(Exception)
+async def global_exception_handler(request: Request, exc: Exception):
+    """Global exception handler for the API."""
+    logger.error(f"Global exception: {exc}", exc_info=True)
+    return JSONResponse(
+        status_code=500,
+        content={"detail": "Internal Server Error. Check logs for details."},
+    )
+
+
+# Include Routers
+app.include_router(state.router)
+app.include_router(accounts.router)
+app.include_router(transactions.router)
+app.include_router(swap.router)
+app.include_router(olas.router)
+
+# Mount Static Files at /static/ path
+static_dir = Path(__file__).parent / "static"
+if static_dir.exists():
+    app.mount("/static", StaticFiles(directory=static_dir), name="static")
+
+
+# Serve index.html for root path
+@app.get("/", response_class=HTMLResponse)
+async def root():
+    """Serve the main HTML page."""
+    index_path = static_dir / "index.html"
+    if index_path.exists():
+        return index_path.read_text()
+    return HTMLResponse(content="<h1>IWA Web UI</h1><p>index.html not found</p>", status_code=200)
+
+
+def run_server(host: str = "127.0.0.1", port: int = 8000):
+    """Run the web server using uvicorn."""
+    import uvicorn
+
+    uvicorn.run(app, host=host, port=port)
+
+
+if __name__ == "__main__":
+    run_server()