charieswei
/
TradingAgents
mirror of https://github.com/TauricResearch/TradingAgents.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
TradingAgents/tests/api/README.md

5.4 KiB
Raw Blame History

FastAPI Backend Tests (Issue #48)

This directory contains comprehensive test coverage for the FastAPI backend implementation following Test-Driven Development (TDD) principles.

Test Status: RED Phase ✗

Tests have been written BEFORE implementation. Current status:

  • 155 tests FAILING (expected - no implementation yet)
  • 37 tests SKIPPED (waiting for imports)
  • 16 tests PASSED (placeholder tests)

Test Structure

Test Files

  1. test_auth.py (41 tests)

    • Password hashing with Argon2 (via pwdlib)
    • JWT token generation and validation
    • Login endpoint (POST /api/v1/auth/login)
    • Protected endpoint authentication
    • Security tests (timing attacks, token leakage, rate limiting)

  2. test_strategies.py (95 tests)

    • List strategies (GET /api/v1/strategies)
    • Create strategy (POST /api/v1/strategies)
    • Get single strategy (GET /api/v1/strategies/{id})
    • Update strategy (PUT /api/v1/strategies/{id})
    • Delete strategy (DELETE /api/v1/strategies/{id})
    • User isolation and authorization
    • Pagination and filtering
    • Edge cases (SQL injection, XSS, Unicode, concurrency)

  3. test_middleware.py (48 tests)

    • Error handling (401, 404, 422, 500)
    • Request logging
    • CORS configuration
    • Request ID tracking
    • Rate limiting
    • Content negotiation
    • Security headers

  4. test_models.py (45 tests)

    • User model (username, email, password, timestamps)
    • Strategy model (name, description, parameters, is_active)
    • Relationships (User -> Strategies)
    • Constraints (unique, foreign key)
    • Cascade delete
    • Complex queries

  5. test_config.py (24 tests)

    • Settings loading from environment
    • JWT configuration
    • Database URL
    • CORS settings
    • Environment-specific config
    • Configuration validation

  6. test_migrations.py (32 tests)

    • Alembic migration files
    • Migration execution (upgrade/downgrade)
    • Schema validation
    • Migration history
    • Edge cases

Shared Fixtures (conftest.py)

  • Database fixtures: db_engine, db_session, clean_db
  • FastAPI fixtures: test_app, client
  • Auth fixtures: test_user, jwt_token, auth_headers
  • Strategy fixtures: strategy_data, test_strategy, multiple_strategies
  • Security fixtures: sample_sql_injection_payloads, sample_xss_payloads

Running Tests

Run all API tests

pytest tests/api/ --tb=line -q

Run specific test file

pytest tests/api/test_auth.py -v

Run specific test class

pytest tests/api/test_auth.py::TestPasswordHashing -v

Run with coverage

pytest tests/api/ --cov=tradingagents.api --cov-report=html

Test Coverage Goals

Target: 80%+ coverage across all modules

Coverage Areas

  • Authentication: Password hashing, JWT tokens, login flow
  • Authorization: User isolation, token validation, protected endpoints
  • CRUD Operations: Create, Read, Update, Delete for strategies
  • Database: Models, relationships, constraints, migrations
  • Error Handling: Consistent error responses, no stack trace leaks
  • Security: SQL injection prevention, XSS prevention, rate limiting
  • Edge Cases: Unicode, large payloads, concurrent requests

Implementation Plan

After tests are written (current state), implementation will follow this order:

  1. Models (tradingagents/api/models/)

    • User model
    • Strategy model
    • Base configuration

  2. Database (tradingagents/api/database.py)

    • Async SQLAlchemy engine
    • Session management

  3. Configuration (tradingagents/api/config.py)

    • Settings with Pydantic
    • Environment variable loading

  4. Services (tradingagents/api/services/)

    • auth_service.py (password hashing, JWT)

  5. Routes (tradingagents/api/routes/)

    • auth.py (login endpoint)
    • strategies.py (CRUD endpoints)

  6. Middleware (tradingagents/api/middleware/)

    • Error handling
    • Request logging

  7. Dependencies (tradingagents/api/dependencies.py)

    • Database session dependency
    • Current user dependency

  8. Main App (tradingagents/api/main.py)

    • FastAPI application
    • Router registration
    • Middleware setup

  9. Alembic Migrations

    • Initialize Alembic
    • Create initial migration
    • Test migration execution

Expected Implementation Dependencies

[project.dependencies]
fastapi = ">=0.100.0"
uvicorn = ">=0.23.0"
sqlalchemy = ">=2.0.0"
asyncpg = ">=0.29.0"  # For PostgreSQL
aiosqlite = ">=0.19.0"  # For SQLite
alembic = ">=1.12.0"
pydantic = ">=2.0.0"
pydantic-settings = ">=2.0.0"
python-jose[cryptography] = ">=3.3.0"  # For JWT
pwdlib[argon2] = ">=0.2.0"  # For password hashing
python-multipart = ">=0.0.6"  # For form data
httpx = ">=0.24.0"  # For testing
pytest-asyncio = ">=0.21.0"

TDD Workflow

  1. RED: Write tests that fail (CURRENT STATE)
  2. GREEN: Implement minimum code to pass tests
  3. REFACTOR: Improve code quality while keeping tests green

Next Steps

  1. Run tests to verify RED phase: pytest tests/api/ --tb=line -q
  2. Implement models and database setup
  3. Implement authentication service
  4. Implement API endpoints
  5. Implement middleware
  6. Run tests to achieve GREEN phase
  7. Refactor for code quality

Notes

  • All async tests use pytest.mark.asyncio
  • Tests use httpx.AsyncClient for API calls
  • Database tests use SQLite in-memory for speed
  • Security tests validate SQL injection and XSS prevention
  • Edge case tests ensure robust error handling