QT/sure
1
0
Fork 0
mirror of https://github.com/we-promise/sure.git synced 2026-04-10 15:54:48 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
e573896efe6dee2ee71fa187a869b4e593603565
sure/app/models/provider/indexa_capital.rb
David Gil ba442d5f26 Implement Indexa Capital provider with real API integration (#933) 
* Add Indexa Capital provider scaffold

Generate Indexa Capital provider scaffolding and align credential fields with the API authentication requirements.

* Fix PR 926 lint and schema CI failures

* Implement Indexa Capital provider with real API integration

- Rewrite all broken view templates (were meta-ERB from code generator)
- Create missing select_accounts.html.erb template
- Implement real API calls: list_accounts via /users/me, get_holdings
  via /accounts/{number}/fiscal-results, get_account_balance via
  /accounts/{number}/performance
- Add API token auth support (stored token > env token > credentials)
- Add api_token column with encryption support
- Redesign settings panel: API token prominent, credentials collapsible
- Fix account balances display using performance endpoint portfolios
- Fix accounts index empty-state guard missing indexa_capital_items
- Simplify activities fetch job (no activities API endpoint exists)
- Fix i18n interpolation (%%{ -> %{) throughout locale file

* Add tests for Indexa Capital provider integration

- IndexaCapitalItemTest: validations, credentials, scopes, sync status
- IndexaCapitalAccountTest: upsert, holdings, account provider linking
- Provider::IndexaCapitalTest: auth modes, API stubs, error handling
- IndexaCapitalItemsControllerTest: CRUD, setup, linking, authorization
- Fixtures for items (token + credentials) and accounts (mutual + pension)

52 tests, 98 assertions, 0 failures

* Address code review feedback from PR #933

- Fix zero balance bug: use `nil?` instead of `present?` so 0 is stored
- Fix has_indexa_capital_credentials? to check api_token (was ignored)
- Fix build_provider to delegate to Provided concern (was ignoring token)
- Fix IndexaCapital section outside encryption_error guard in settings
- Add account_number sanitization to prevent path traversal in API URLs
- Replace all skipped processor tests with real working tests
- Add zero-balance and path-traversal test coverage

61 tests, 107 assertions, 0 failures

* Address code review round 2: credentials validation, RuboCop, test quality

- Fix RuboCop SpaceInsideArrayLiteralBrackets in credentials check
- Chain where.not calls so all three username/document/password must be present
- Require all three credentials (||) instead of any one (&&) in validate_configuration!
- Move attr_reader to private to avoid exposing credentials publicly
- Parse dates with Date.parse in extract_balance for robustness
- Remove stale TODO and Crypto from supported_account_types
- Order build_provider query deterministically by created_at
- Replace no-op holdings assertion with meaningful assert_difference

* Address code review round 3: JSON parse safety and test precision

- Rescue JSON::ParserError on 2xx responses for clearer error messages
- Fix weak balance assertion: set balance to 0 before processing, assert
  expected value (27093.01 = sum of holdings amounts)

* Include Indexa Capital in automatic family sync

Add indexa_capital_items to Family::Syncer#child_syncables so balances
and holdings refresh on daily auto-sync and login sync, not only on
manual sync button clicks.

---------

Signed-off-by: Juan José Mata <juanjo.mata@gmail.com>
Co-authored-by: Juan José Mata <jjmata@jjmata.com>
Co-authored-by: Juan José Mata <juanjo.mata@gmail.com>
2026-02-08 18:19:37 +01:00

238 lines
7.3 KiB
Ruby
Raw Blame History

# frozen_string_literal: true
class Provider::IndexaCapital
include HTTParty
headers "User-Agent" => "Sure Finance IndexaCapital Client"
default_options.merge!(verify: true, ssl_verify_mode: OpenSSL::SSL::VERIFY_PEER, timeout: 120)
class Error < StandardError
attr_reader :error_type
def initialize(message, error_type = :unknown)
super(message)
@error_type = error_type
end
end
class ConfigurationError < Error; end
class AuthenticationError < Error; end
BASE_URL = "https://api.indexacapital.com"
# Supports two auth modes:
# 1. Username/document/password credentials (authenticates via /auth/authenticate)
# 2. Pre-generated API token (from env or user dashboard)
def initialize(username: nil, document: nil, password: nil, api_token: nil)
@username = username
@document = document
@password = password
@api_token = api_token
validate_configuration!
end
# GET /users/me → list of accounts
def list_accounts
with_retries("list_accounts") do
response = self.class.get(
"#{base_url}/users/me",
headers: auth_headers
)
data = handle_response(response)
extract_accounts(data)
end
end
# GET /accounts/{account_number}/fiscal-results → holdings (positions with cost basis)
def get_holdings(account_number:)
sanitize_account_number!(account_number)
with_retries("get_holdings") do
response = self.class.get(
"#{base_url}/accounts/#{account_number}/fiscal-results",
headers: auth_headers
)
handle_response(response)
end
end
# GET /accounts/{account_number}/performance → latest portfolio total_amount
def get_account_balance(account_number:)
sanitize_account_number!(account_number)
with_retries("get_account_balance") do
response = self.class.get(
"#{base_url}/accounts/#{account_number}/performance",
headers: auth_headers
)
data = handle_response(response)
extract_balance(data)
end
end
# No activities/transactions endpoint exists in the Indexa Capital API.
# Returns empty array to keep the interface consistent.
def get_activities(account_number:, start_date: nil, end_date: nil)
Rails.logger.info "Provider::IndexaCapital - No activities endpoint available for Indexa Capital API"
[]
end
private
RETRYABLE_ERRORS = [
SocketError, Net::OpenTimeout, Net::ReadTimeout,
Errno::ECONNRESET, Errno::ECONNREFUSED, Errno::ETIMEDOUT, EOFError
].freeze
MAX_RETRIES = 3
INITIAL_RETRY_DELAY = 2 # seconds
# Indexa Capital account numbers are 8-char alphanumeric (e.g., "LPYH3MCQ")
def sanitize_account_number!(account_number)
unless account_number.present? && account_number.match?(/\A[A-Za-z0-9]+\z/)
raise Error.new("Invalid account number format: #{account_number}", :bad_request)
end
end
attr_reader :username, :document, :password, :api_token
def validate_configuration!
return if @api_token.present?
if @username.blank? || @document.blank? || @password.blank?
raise ConfigurationError, "Either API token or all three username/document/password credentials are required"
end
end
def token_auth?
@api_token.present?
end
def with_retries(operation_name, max_retries: MAX_RETRIES)
retries = 0
begin
yield
rescue *RETRYABLE_ERRORS => e
retries += 1
if retries <= max_retries
delay = calculate_retry_delay(retries)
Rails.logger.warn(
"IndexaCapital API: #{operation_name} failed (attempt #{retries}/#{max_retries}): " \
"#{e.class}: #{e.message}. Retrying in #{delay}s..."
)
sleep(delay)
retry
else
Rails.logger.error(
"IndexaCapital API: #{operation_name} failed after #{max_retries} retries: " \
"#{e.class}: #{e.message}"
)
raise Error.new("Network error after #{max_retries} retries: #{e.message}", :network_error)
end
end
end
def calculate_retry_delay(retry_count)
base_delay = INITIAL_RETRY_DELAY * (2 ** (retry_count - 1))
jitter = base_delay * rand * 0.25
[ base_delay + jitter, 30 ].min
end
def base_url
BASE_URL
end
def base_headers
{
"Content-Type" => "application/json",
"Accept" => "application/json"
}
end
def auth_headers
base_headers.merge("X-AUTH-TOKEN" => token)
end
def token
@token ||= token_auth? ? @api_token : authenticate!
end
def authenticate!
response = self.class.post(
"#{base_url}/auth/authenticate",
headers: base_headers,
body: {
username: username,
document: document,
password: password
}.to_json
)
payload = handle_response(response)
jwt = payload[:token]
raise AuthenticationError.new("Authentication token missing in response", :unauthorized) if jwt.blank?
jwt
end
def handle_response(response)
case response.code
when 200, 201
begin
JSON.parse(response.body, symbolize_names: true)
rescue JSON::ParserError => e
raise Error.new("Invalid JSON in response: #{e.message}", :bad_response)
end
when 400
Rails.logger.error "IndexaCapital API: Bad request - #{response.body}"
raise Error.new("Bad request: #{response.body}", :bad_request)
when 401
raise AuthenticationError.new("Invalid credentials", :unauthorized)
when 403
raise AuthenticationError.new("Access forbidden - check your permissions", :access_forbidden)
when 404
raise Error.new("Resource not found", :not_found)
when 429
raise Error.new("Rate limit exceeded. Please try again later.", :rate_limited)
when 500..599
raise Error.new("IndexaCapital server error (#{response.code}). Please try again later.", :server_error)
else
Rails.logger.error "IndexaCapital API: Unexpected response - Code: #{response.code}, Body: #{response.body}"
raise Error.new("Unexpected error: #{response.code} - #{response.body}", :unknown)
end
end
# Extract accounts array from /users/me response
# API returns: { accounts: [{ account_number: "ABC12345", type: "mutual", status: "active", ... }] }
def extract_accounts(user_data)
accounts = user_data[:accounts] || []
accounts.map do |acct|
{
account_number: acct[:account_number],
name: account_display_name(acct),
type: acct[:type],
status: acct[:status],
currency: "EUR",
raw: acct
}.with_indifferent_access
end
end
def account_display_name(acct)
type_label = case acct[:type]
when "mutual" then "Mutual Fund"
when "pension", "epsv" then "Pension Plan"
else acct[:type]&.titleize || "Account"
end
"Indexa Capital #{type_label} (#{acct[:account_number]})"
end
# Extract current balance from performance endpoint's portfolios array
def extract_balance(performance_data)
portfolios = performance_data[:portfolios]
return 0 unless portfolios.is_a?(Array) && portfolios.any?
latest = portfolios.max_by { |p| Date.parse(p[:date].to_s) rescue Date.new }
latest[:total_amount].to_d
end
end
Reference in New Issue View Git Blame Copy Permalink