fix(api): prefer paper alpaca keys for market data

2026-05-05 22:47:13 +00:00 · 2026-05-05 22:47:13 +00:00 · adfadd824b
commit adfadd824b
parent 351412423f
1 changed files with 22 additions and 4 deletions
--- a/backend/src/services/apiServer.ts
+++ b/backend/src/services/apiServer.ts
@ -151,7 +151,7 @@ interface AlpacaCredentials {
    secret: string;
 }

-async function getUserAlpacaCredentials(userId: string): Promise<AlpacaCredentials> {
+async function getUserExecutionAlpacaCredentials(userId: string): Promise<AlpacaCredentials> {
    const profile = await getCurrentUserProfile(userId);
    const key = String(config.PAPER_TRADING ? profile.ALPACA_API_KEY || '' : profile.REAL_ALPACA_API_KEY || '').trim();
    const secret = String(config.PAPER_TRADING ? profile.ALPACA_SECRET_KEY || '' : profile.REAL_ALPACA_SECRET_KEY || '').trim();
@ -167,6 +167,24 @@ async function getUserAlpacaCredentials(userId: string): Promise<AlpacaCredentia
    return { key, secret };
 }

+async function getUserMarketDataAlpacaCredentials(userId: string): Promise<AlpacaCredentials> {
+    const profile = await getCurrentUserProfile(userId);
+
+    const paperKey = String(profile.ALPACA_API_KEY || '').trim();
+    const paperSecret = String(profile.ALPACA_SECRET_KEY || '').trim();
+    if (paperKey && paperSecret) {
+        return { key: paperKey, secret: paperSecret };
+    }
+
+    const liveKey = String(profile.REAL_ALPACA_API_KEY || '').trim();
+    const liveSecret = String(profile.REAL_ALPACA_SECRET_KEY || '').trim();
+    if (liveKey && liveSecret) {
+        return { key: liveKey, secret: liveSecret };
+    }
+
+    throw new MissingServiceConfigError('User Alpaca credentials are not configured');
+}
+
 interface TradeAuditEvent {
    event: string;
    userId?: string;
@ -2709,7 +2727,7 @@ RULES:
                const period    = String(req.query.period  || '1Y').trim();
                if (!authUserId)         return res.status(401).json({ error: 'Unauthorized' });
                if (!symbol)             return res.status(400).json({ error: 'symbol required' });
-                const alpaca = await getUserAlpacaCredentials(authUserId);
+                const alpaca = await getUserMarketDataAlpacaCredentials(authUserId);

                const now   = new Date();
                let   start = new Date(now);
@ -2796,7 +2814,7 @@ RULES:
                    return res.status(401).json({ error: 'Unauthorized' });
                }
                const limit   = Math.max(1, Math.min(50, Number(req.query.limit) || 10));
-                const alpaca = await getUserAlpacaCredentials(authUserId);
+                const alpaca = await getUserMarketDataAlpacaCredentials(authUserId);
                const qs = new URLSearchParams({
                    ...(symbols ? { symbols } : {}),
                    limit: String(limit),
@ -2827,7 +2845,7 @@ RULES:
                if (!authUserId) {
                    return res.status(401).json({ error: 'Unauthorized' });
                }
-                const alpaca = await getUserAlpacaCredentials(authUserId);
+                const alpaca = await getUserMarketDataAlpacaCredentials(authUserId);
                const url = 'https://data.alpaca.markets/v2/stocks/snapshots?symbols=SPY,DIA,QQQ&feed=iex';
                const r = await fetch(url, {
                    headers: {