rob
ee16023b6b
Implement a subscription system for public strategies: Security & Auth: - Bind WebSocket user identity at connect time (prevents spoofing) - Add server-side ownership verification for all destructive operations - Invalidate socket connections on logout - Add XSS protection with HTML/JS escaping in frontend Database: - Add strategy_subscriptions table with proper indexes - Fix get_all_rows_from_datacache to fall back to DB when cache empty Backend: - Add subscribe/unsubscribe endpoints with authorization checks - Add get_user_strategies (owned + subscribed) and get_public_strategies_catalog - Propagate indicator_owner_id through strategy instances for subscribed strategies - Redact strategy internals (code, workspace) for non-owners Frontend: - Add "Add Public" button to browse and subscribe to public strategies - Show subscribed strategies with creator badge and unsubscribe button - Prevent editing of subscribed strategies (show info modal instead) - Add public strategy browser modal Tests: - Update authorization tests for new subscription-required model Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> |
||
|---|---|---|
| .github/workflows | ||
| UML | ||
| __pycache__ | ||
| archived_code | ||
| config | ||
| markdown | ||
| src | ||
| tests | ||
| .claudeignore | ||
| .gitignore | ||
| CLAUDE.md | ||
| pytest.ini | ||
| requirements.txt | ||
| test_live_manual.py | ||