mirror of
https://github.com/we-promise/sure.git
synced 2026-05-10 22:25:00 +00:00
c5503320af
* Add missing IndexaCapitalItem::SyncCompleteEvent
Syncable#sync_broadcaster instantiates self.class::SyncCompleteEvent,
which is implemented for every other provider (Plaid, Lunchflow,
Mercury, etc.) but was missing for IndexaCapitalItem. The error was
swallowed by Sync#perform_post_sync's rescue, so syncs appeared to
succeed but post-sync UI broadcasts never fired:
Error performing post-sync for IndexaCapitalItem (...):
uninitialized constant IndexaCapitalItem::SyncCompleteEvent
This adds the class, modeled on LunchflowItem::SyncCompleteEvent,
restoring per-account and per-item Turbo broadcasts after Indexa
Capital syncs.
* Fix IndexaCapital account setup never creating accounts
complete_account_setup read params[:accounts], but the form in
setup_accounts.html.erb submits account_ids[] (array) and
sync_start_dates[<id>] (hash). The hash was always empty, so every
submit hit the empty-config branch and bounced back with
"No accounts to set up." — accounts were never created.
The controller also branched on config[:account_type] / config[:subtype]
even though the form has no account-type picker (Indexa Capital is an
investment-only broker). Rewrote complete_account_setup to consume the
form's actual params and infer the accountable type as Investment from
indexa_capital_account.account_type.
* Fix IndexaCapital balance double-count and account type
Two more issues in the IndexaCapital flow that surfaced once accounts
could actually be created (see prior commit):
1. Accountable type was inferred from indexa_capital_account.account_type
("mutual" / "pension"), but infer_accountable_type doesn't recognize
those values and falls through to "Depository". The result: every
imported Indexa account showed up as a Cash depository account
instead of an Investment account, hiding holdings/trades surfaces.
Indexa Capital is investment-only, so hard-code the accountable
type to Investment.
2. Account::Processor#calculate_total_balance summed every row in
raw_holdings_payload. Indexa returns a time series — one row per
security per date — so the naive sum double-counts (observed:
reported €91,633 became stored balance €180,039). Trust the API's
current_balance when present, and if we have to fall back to a
computed total, dedupe by instrument and take the latest-dated
amount per security.
* Fix IndexaCapital holdings reflecting oldest snapshot per security
HoldingsProcessor#process iterated every row in raw_holdings_payload.
Indexa returns a time series (many rows per security across dates),
and each iteration upserts the same (account, security, today) holding
row, so the LAST row processed wins. The payload is ordered with
newer dates first, so the last row processed is the OLDEST snapshot —
the holdings shown in the UI reflected tiny early positions instead
of the current ones (e.g. 3.8 shares of US 500 stored vs 62.34 actual).
Reduce the payload to one row per security (latest date) before
processing. The cost-basis update is now also driven by the latest
snapshot for the same reason.
* Fix IndexaCapital holdings using per-lot detail instead of totals
Importer#normalize_holdings_response read data[:fiscal_results], which
the Indexa API returns as per-tax-lot detail — many rows per security
covering each subscription_date, plus virtual sell/buy rows generated
by rebalances. Iterating it produced wildly wrong stored holdings:
e.g. 9.61 shares stored for Vanguard US 500 vs 62.34 actual; total
weights summed to ~10% instead of 100%.
The same response also includes data[:total_fiscal_results] — one
aggregated row per security with current titles/amount/cost matching
the Indexa UI and the user-downloadable positions CSV. Prefer it,
falling back to the per-lot field only when the totals are absent.
* Address CodeRabbit review on IndexaCapital fixes
Four review items, all fixed:
* Share instrument-key extraction
HoldingsProcessor#extract_ticker and Processor#calculate_holdings_value
used different fallback orders (one looked at :isin, the other at
:isin_code), so they could disagree on which rows referred to the same
security. Moved a single extract_instrument_key helper into
IndexaCapitalAccount::DataHelpers and routed both callers through it.
* Simplify Processor#calculate_holdings_value
The date-based dedupe was a workaround for the bug already fixed in
the importer (which now stores total_fiscal_results — one row per
security). Replaced the date comparison with a per-security map
populated via the shared key extractor. Same end result, fewer
moving parts, no fragile string-date comparison.
* Drop dead config key passed to create_account_from_indexa_capital
create_account_from_indexa_capital only reads :subtype and :balance
from its config arg. Passing :sync_start_date there was inert.
* Don't mark created accounts as skipped on post-create errors
In complete_account_setup, ensure_account_provider! and
update!(sync_start_date:) ran inside the same begin/rescue as the
Account.create!. If either raised after the Account row was already
persisted, control jumped to the rescue with created_count not yet
incremented and the account was wrongly counted as skipped. Now:
parse the form-supplied sync_start_date up front (a malformed value
is silently dropped instead of bubbling out of the loop), bump
created_count immediately after persisted?, and isolate the post-
create steps in their own rescue so failures there are logged but
don't desync the success counter.
* Fall back to /portfolio so pension plans get holdings imported
Indexa's /accounts/{id}/fiscal-results endpoint returns
{fiscal_results: [], total_fiscal_results: []} for pension plan
accounts (e.g. type "pension"). The same positions are exposed via
/accounts/{id}/portfolio in instrument_accounts[].positions[] for
both mutual funds and pensions, so use it as a fallback when
fiscal-results is empty.
The portfolio response uses the same field names HoldingsProcessor
already understands (instrument, titles, price, amount, cost_amount)
plus a derived cost_price (cost_amount / titles) added during
adaptation. No HoldingsProcessor changes needed.
Verified against the user-downloadable "Posiciones" CSV for an
SH71ZPMY pension account: two positions (N5138 Acciones, N5137
Bonos) and balance €8,273.56 match exactly.
* Fix CI: update tests for new IndexaCapital flow + rubocop blank line
* Lint: drop trailing blank line before `end` in
IndexaCapitalAccount::Processor (Layout/EmptyLinesAroundClassBody).
* Controller test: complete_account_setup#creates was posting
params: { accounts: { id => { account_type:, subtype: } } } against
the old controller schema. The new endpoint reads
params[:account_ids] and infers Investment for Indexa Capital, so
switch the test to that shape (and update the matching skip-already-
linked / no-selected-accounts cases).
* Processor test: "updates account balance from holdings value" set
current_balance: 38905.21 alongside holdings summing to 27093.01
and asserted the latter wins. After the fix
(calculate_total_balance prefers the API-reported current_balance
when present), the API value is the right answer. Renamed to
"trusts API current_balance over holdings sum when present" and
added a sibling test that nils current_balance to exercise the
holdings-sum fallback path explicitly (still asserts 27093.01).
* Wrap account creation+linking in a transaction to avoid orphans
complete_account_setup created the Account row first, incremented
created_count, and only then called ensure_account_provider! / the
sync_start_date update inside an inner rescue. If the link or the
sync_start_date update raised after the Account was already persisted,
control fell into the inner rescue: the orphaned Account row stayed
in the database, the failure was silently logged, and the success
counter was inflated.
Wrap creation, ensure_account_provider!, and the optional
sync_start_date update in a single ActiveRecord::Base.transaction.
Increment created_count only after the transaction commits; on any
exception the outer rescue rolls the whole step into skipped_count
with a clear log line tagged with the indexa_capital_account id.
253 lines
7.9 KiB
Ruby
253 lines
7.9 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
class Provider::IndexaCapital
|
|
include HTTParty
|
|
|
|
headers "User-Agent" => "Sure Finance IndexaCapital Client"
|
|
default_options.merge!(verify: true, ssl_verify_mode: OpenSSL::SSL::VERIFY_PEER, timeout: 120)
|
|
|
|
class Error < StandardError
|
|
attr_reader :error_type
|
|
|
|
def initialize(message, error_type = :unknown)
|
|
super(message)
|
|
@error_type = error_type
|
|
end
|
|
end
|
|
|
|
class ConfigurationError < Error; end
|
|
class AuthenticationError < Error; end
|
|
|
|
BASE_URL = "https://api.indexacapital.com"
|
|
|
|
# Supports two auth modes:
|
|
# 1. Username/document/password credentials (authenticates via /auth/authenticate)
|
|
# 2. Pre-generated API token (from env or user dashboard)
|
|
def initialize(username: nil, document: nil, password: nil, api_token: nil)
|
|
@username = username
|
|
@document = document
|
|
@password = password
|
|
@api_token = api_token
|
|
validate_configuration!
|
|
end
|
|
|
|
# GET /users/me → list of accounts
|
|
def list_accounts
|
|
with_retries("list_accounts") do
|
|
response = self.class.get(
|
|
"#{base_url}/users/me",
|
|
headers: auth_headers
|
|
)
|
|
data = handle_response(response)
|
|
extract_accounts(data)
|
|
end
|
|
end
|
|
|
|
# GET /accounts/{account_number}/fiscal-results → holdings (positions with cost basis)
|
|
def get_holdings(account_number:)
|
|
sanitize_account_number!(account_number)
|
|
with_retries("get_holdings") do
|
|
response = self.class.get(
|
|
"#{base_url}/accounts/#{account_number}/fiscal-results",
|
|
headers: auth_headers
|
|
)
|
|
handle_response(response)
|
|
end
|
|
end
|
|
|
|
# GET /accounts/{account_number}/portfolio → current snapshot with positions.
|
|
# Used as a fallback when fiscal-results is empty (e.g. pension plans, where
|
|
# Indexa returns {fiscal_results: [], total_fiscal_results: []} but exposes
|
|
# the same positions through this endpoint).
|
|
def get_portfolio(account_number:)
|
|
sanitize_account_number!(account_number)
|
|
with_retries("get_portfolio") do
|
|
response = self.class.get(
|
|
"#{base_url}/accounts/#{account_number}/portfolio",
|
|
headers: auth_headers
|
|
)
|
|
handle_response(response)
|
|
end
|
|
end
|
|
|
|
# GET /accounts/{account_number}/performance → latest portfolio total_amount
|
|
def get_account_balance(account_number:)
|
|
sanitize_account_number!(account_number)
|
|
with_retries("get_account_balance") do
|
|
response = self.class.get(
|
|
"#{base_url}/accounts/#{account_number}/performance",
|
|
headers: auth_headers
|
|
)
|
|
data = handle_response(response)
|
|
extract_balance(data)
|
|
end
|
|
end
|
|
|
|
# No activities/transactions endpoint exists in the Indexa Capital API.
|
|
# Returns empty array to keep the interface consistent.
|
|
def get_activities(account_number:, start_date: nil, end_date: nil)
|
|
Rails.logger.info "Provider::IndexaCapital - No activities endpoint available for Indexa Capital API"
|
|
[]
|
|
end
|
|
|
|
private
|
|
|
|
RETRYABLE_ERRORS = [
|
|
SocketError, Net::OpenTimeout, Net::ReadTimeout,
|
|
Errno::ECONNRESET, Errno::ECONNREFUSED, Errno::ETIMEDOUT, EOFError
|
|
].freeze
|
|
|
|
MAX_RETRIES = 3
|
|
INITIAL_RETRY_DELAY = 2 # seconds
|
|
|
|
# Indexa Capital account numbers are 8-char alphanumeric (e.g., "LPYH3MCQ")
|
|
def sanitize_account_number!(account_number)
|
|
unless account_number.present? && account_number.match?(/\A[A-Za-z0-9]+\z/)
|
|
raise Error.new("Invalid account number format: #{account_number}", :bad_request)
|
|
end
|
|
end
|
|
|
|
attr_reader :username, :document, :password, :api_token
|
|
|
|
def validate_configuration!
|
|
return if @api_token.present?
|
|
|
|
if @username.blank? || @document.blank? || @password.blank?
|
|
raise ConfigurationError, "Either API token or all three username/document/password credentials are required"
|
|
end
|
|
end
|
|
|
|
def token_auth?
|
|
@api_token.present?
|
|
end
|
|
|
|
def with_retries(operation_name, max_retries: MAX_RETRIES)
|
|
retries = 0
|
|
|
|
begin
|
|
yield
|
|
rescue *RETRYABLE_ERRORS => e
|
|
retries += 1
|
|
|
|
if retries <= max_retries
|
|
delay = calculate_retry_delay(retries)
|
|
Rails.logger.warn(
|
|
"IndexaCapital API: #{operation_name} failed (attempt #{retries}/#{max_retries}): " \
|
|
"#{e.class}: #{e.message}. Retrying in #{delay}s..."
|
|
)
|
|
sleep(delay)
|
|
retry
|
|
else
|
|
Rails.logger.error(
|
|
"IndexaCapital API: #{operation_name} failed after #{max_retries} retries: " \
|
|
"#{e.class}: #{e.message}"
|
|
)
|
|
raise Error.new("Network error after #{max_retries} retries: #{e.message}", :network_error)
|
|
end
|
|
end
|
|
end
|
|
|
|
def calculate_retry_delay(retry_count)
|
|
base_delay = INITIAL_RETRY_DELAY * (2 ** (retry_count - 1))
|
|
jitter = base_delay * rand * 0.25
|
|
[ base_delay + jitter, 30 ].min
|
|
end
|
|
|
|
def base_url
|
|
BASE_URL
|
|
end
|
|
|
|
def base_headers
|
|
{
|
|
"Content-Type" => "application/json",
|
|
"Accept" => "application/json"
|
|
}
|
|
end
|
|
|
|
def auth_headers
|
|
base_headers.merge("X-AUTH-TOKEN" => token)
|
|
end
|
|
|
|
def token
|
|
@token ||= token_auth? ? @api_token : authenticate!
|
|
end
|
|
|
|
def authenticate!
|
|
response = self.class.post(
|
|
"#{base_url}/auth/authenticate",
|
|
headers: base_headers,
|
|
body: {
|
|
username: username,
|
|
document: document,
|
|
password: password
|
|
}.to_json
|
|
)
|
|
payload = handle_response(response)
|
|
jwt = payload[:token]
|
|
raise AuthenticationError.new("Authentication token missing in response", :unauthorized) if jwt.blank?
|
|
|
|
jwt
|
|
end
|
|
|
|
def handle_response(response)
|
|
case response.code
|
|
when 200, 201
|
|
begin
|
|
JSON.parse(response.body, symbolize_names: true)
|
|
rescue JSON::ParserError => e
|
|
raise Error.new("Invalid JSON in response: #{e.message}", :bad_response)
|
|
end
|
|
when 400
|
|
Rails.logger.error "IndexaCapital API: Bad request - #{response.body}"
|
|
raise Error.new("Bad request: #{response.body}", :bad_request)
|
|
when 401
|
|
raise AuthenticationError.new("Invalid credentials", :unauthorized)
|
|
when 403
|
|
raise AuthenticationError.new("Access forbidden - check your permissions", :access_forbidden)
|
|
when 404
|
|
raise Error.new("Resource not found", :not_found)
|
|
when 429
|
|
raise Error.new("Rate limit exceeded. Please try again later.", :rate_limited)
|
|
when 500..599
|
|
raise Error.new("IndexaCapital server error (#{response.code}). Please try again later.", :server_error)
|
|
else
|
|
Rails.logger.error "IndexaCapital API: Unexpected response - Code: #{response.code}, Body: #{response.body}"
|
|
raise Error.new("Unexpected error: #{response.code} - #{response.body}", :unknown)
|
|
end
|
|
end
|
|
|
|
# Extract accounts array from /users/me response
|
|
# API returns: { accounts: [{ account_number: "ABC12345", type: "mutual", status: "active", ... }] }
|
|
def extract_accounts(user_data)
|
|
accounts = user_data[:accounts] || []
|
|
accounts.map do |acct|
|
|
{
|
|
account_number: acct[:account_number],
|
|
name: account_display_name(acct),
|
|
type: acct[:type],
|
|
status: acct[:status],
|
|
currency: "EUR",
|
|
raw: acct
|
|
}.with_indifferent_access
|
|
end
|
|
end
|
|
|
|
def account_display_name(acct)
|
|
type_label = case acct[:type]
|
|
when "mutual" then "Mutual Fund"
|
|
when "pension", "epsv" then "Pension Plan"
|
|
else acct[:type]&.titleize || "Account"
|
|
end
|
|
"Indexa Capital #{type_label} (#{acct[:account_number]})"
|
|
end
|
|
|
|
# Extract current balance from performance endpoint's portfolios array
|
|
def extract_balance(performance_data)
|
|
portfolios = performance_data[:portfolios]
|
|
return 0 unless portfolios.is_a?(Array) && portfolios.any?
|
|
|
|
latest = portfolios.max_by { |p| Date.parse(p[:date].to_s) rescue Date.new }
|
|
latest[:total_amount].to_d
|
|
end
|
|
end
|