Cryptocurrency Exchange Platform

A comprehensive cryptocurrency exchange (CEX) platform built with FastAPI, featuring secure wallet management, transaction signing, fiat transfers, and crypto trading capabilities.

Features

🔐 Authentication & Security

• JWT-based authentication system
• Secure password hashing with bcrypt
• Rate limiting middleware (100 requests/minute)
• Security headers middleware
• Input validation and sanitization

💰 Wallet Management

• Multi-currency crypto wallet support (BTC, ETH, USDT)
• Fiat account management (USD, EUR, GBP)
• Local private key generation and encryption
• Secure wallet address generation

💸 Transaction Handling

• Local transaction signing (no external APIs)
• Crypto send/receive functionality
• Fiat deposit/withdrawal system
• Transaction history and tracking
• Fee calculation and management

🏗️ Architecture

• Clean, modular codebase structure
• SQLAlchemy ORM with Alembic migrations
• Pydantic schemas for data validation
• Service layer pattern
• Comprehensive error handling

Tech Stack

• Framework: FastAPI 0.104.1
• Database: SQLite with SQLAlchemy
• Authentication: JWT with python-jose
• Cryptography: ecdsa, bitcoin, web3, cryptography
• Validation: Pydantic
• Server: Uvicorn
• Code Quality: Ruff

Project Structure

├── app/
│   ├── api/                 # API endpoints
│   │   ├── auth.py         # Authentication routes
│   │   ├── wallets.py      # Wallet management routes
│   │   └── transactions.py # Transaction routes
│   ├── core/               # Core configuration
│   │   ├── config.py       # Application settings
│   │   ├── security.py     # Security utilities
│   │   └── middleware.py   # Security middleware
│   ├── db/                 # Database configuration
│   │   ├── base.py         # SQLAlchemy base
│   │   └── session.py      # Database session
│   ├── models/             # Database models
│   │   ├── user.py         # User model
│   │   ├── wallet.py       # Wallet & fiat account models
│   │   └── transaction.py  # Transaction models
│   ├── schemas/            # Pydantic schemas
│   ├── services/           # Business logic
│   │   ├── auth.py         # Authentication service
│   │   ├── wallet.py       # Wallet service
│   │   └── transaction.py  # Transaction service
│   ├── utils/              # Utilities
│   │   ├── crypto.py       # Cryptocurrency utilities
│   │   └── validation.py   # Input validation
│   └── storage/            # Application storage
│       ├── db/             # SQLite database
│       └── logs/           # Application logs
├── alembic/                # Database migrations
├── requirements.txt        # Python dependencies
├── main.py                 # Application entry point
└── .env.example           # Environment variables template

Installation & Setup

1. Clone the repository

git clone <repository-url>
cd cryptocurrencyexchangeplatform-vgi538

2. Install dependencies

pip install -r requirements.txt

3. Environment Configuration

cp .env.example .env
# Edit .env file with your configuration

Required Environment Variables:

• SECRET_KEY: JWT secret key (use a long, random string in production)
• DATABASE_URL: SQLite database path
• BTC_NETWORK: Bitcoin network (mainnet/testnet)
• ETH_NETWORK: Ethereum network (mainnet/goerli)

4. Database Setup

# Run migrations
alembic upgrade head

5. Run the application

# Development mode
uvicorn main:app --host 0.0.0.0 --port 8000 --reload

# Production mode
python main.py

API Documentation

Once running, access the interactive API documentation:

• Swagger UI: http://localhost:8000/docs
• ReDoc: http://localhost:8000/redoc
• OpenAPI JSON: http://localhost:8000/openapi.json

API Endpoints

Authentication

• POST /auth/register - User registration
• POST /auth/login - User login
• GET /auth/me - Get current user info

Wallets

• POST /wallets/crypto - Create crypto wallet
• POST /wallets/fiat - Create fiat account
• GET /wallets/crypto - Get user's crypto wallets
• GET /wallets/fiat - Get user's fiat accounts
• GET /wallets/crypto/{wallet_id} - Get specific crypto wallet
• GET /wallets/fiat/{account_id} - Get specific fiat account

Transactions

• POST /transactions/crypto/send - Send cryptocurrency
• POST /transactions/fiat/deposit - Deposit fiat currency
• POST /transactions/fiat/withdraw - Withdraw fiat currency
• GET /transactions/crypto - Get crypto transaction history
• GET /transactions/fiat - Get fiat transaction history
• GET /transactions/crypto/{transaction_id} - Get specific transaction

System

• GET / - Application info
• GET /health - Health check endpoint

Security Features

🔒 Private Key Management

• Private keys are generated locally using secure random number generation
• Keys are encrypted using PBKDF2 with SHA-256 and stored encrypted in database
• Encryption uses user-specific salts and application secret key

🛡️ Transaction Security

• All transactions are signed locally using the wallet's private key
• No external APIs required for transaction signing
• Transaction data integrity verified through cryptographic signatures

🚦 Rate Limiting

• 100 requests per minute per IP address
• Automatic cleanup of rate limit storage
• Configurable limits per endpoint

🔐 Input Validation

• Comprehensive input validation for all endpoints
• Email, password, and phone number format validation
• Transaction amount and currency validation
• Address format validation for different cryptocurrencies

Supported Cryptocurrencies

• Bitcoin (BTC): Testnet and Mainnet support
• Ethereum (ETH): Goerli and Mainnet support
• Tether (USDT): ERC-20 token on Ethereum network

Supported Fiat Currencies

• USD (US Dollar)
• EUR (Euro)
• GBP (British Pound)

Error Handling

The application includes comprehensive error handling:

• HTTP status codes for different error types
• Detailed error messages for debugging
• Global exception handler for unhandled errors
• Validation errors with specific field information

Development

Code Quality

# Run linting and auto-fix
ruff check --fix .

Testing

# Run tests (when implemented)
pytest

Production Deployment

Environment Variables for Production

• Set DEBUG=False
• Use a strong, unique SECRET_KEY
• Configure proper database URL
• Set appropriate CORS origins
• Use production cryptocurrency networks

Security Considerations

• Use HTTPS in production
• Implement proper key management
• Set up database backups
• Monitor transaction activity
• Implement additional KYC/AML compliance

License

This project is developed for educational and development purposes. Ensure compliance with financial regulations in your jurisdiction before production use.