Add copy trading authorization checks in LiveTradingBotGrain and StartCopyTradingCommandHandler. Integrated IKaigenService to verify user ownership of master strategy keys before allowing copy trading. Enhanced error handling and logging for authorization verification.

2025-11-16 22:11:54 +07:00
parent 2baa2e173c
commit c229212acd
4 changed files with 149 additions and 19 deletions
--- a/src/Managing.Application/ManageBot/StartCopyTradingCommandHandler.cs
+++ b/src/Managing.Application/ManageBot/StartCopyTradingCommandHandler.cs
@@ -7,6 +7,7 @@ using Managing.Domain.Accounts;
 using Managing.Domain.Bots;
 using MediatR;
 using static Managing.Common.Enums;
+using System;

 namespace Managing.Application.ManageBot
 {
@@ -15,13 +16,15 @@ namespace Managing.Application.ManageBot
        private readonly IAccountService _accountService;
        private readonly IGrainFactory _grainFactory;
        private readonly IBotService _botService;
+        private readonly IKaigenService _kaigenService;

        public StartCopyTradingCommandHandler(
-            IAccountService accountService, IGrainFactory grainFactory, IBotService botService)
+            IAccountService accountService, IGrainFactory grainFactory, IBotService botService, IKaigenService kaigenService)
        {
            _accountService = accountService;
            _grainFactory = grainFactory;
            _botService = botService;
+            _kaigenService = kaigenService;
        }

        public async Task<string> Handle(StartCopyTradingCommand request, CancellationToken cancellationToken)
@@ -40,11 +43,18 @@ namespace Managing.Application.ManageBot
                throw new ArgumentException($"Master bot with identifier {request.MasterBotIdentifier} not found");
            }

-            // Verify the user owns the master bot keys
-            // if (masterBot.User?.Name != request.User.Name)
-            // {
-            //     throw new UnauthorizedAccessException("You don't have permission to copy trades from this bot");
-            // }
+            // Verify the user owns the keys of the master strategy
+            var ownedKeys = await _kaigenService.GetOwnedKeysAsync(request.User);
+            var hasMasterStrategyKey = ownedKeys.Items.Any(key =>
+                string.Equals(key.AgentName, request.MasterBotIdentifier.ToString(), StringComparison.OrdinalIgnoreCase) &&
+                key.Owned >= 1);
+
+            if (!hasMasterStrategyKey)
+            {
+                throw new UnauthorizedAccessException(
+                    $"You don't own the keys for the master strategy '{request.MasterBotIdentifier}'. " +
+                    "You must own at least 1 key for this strategy to copy trade from it.");
+            }

            // Get the master bot configuration
            var masterConfig = await _botService.GetBotConfig(request.MasterBotIdentifier);