feat(account): GET /me user endpoint only, disable cache and extra routers

Co-authored-by: Cursor <cursoragent@cursor.com>

src/presentation/decorators/__init__.py

@@ -0,0 +1,4 @@
+from src.presentation.decorators.csrf import csrf_protect
+from src.presentation.decorators.rate_limit import rate_limit, _email_rl_key as email_rl_key
+from src.presentation.decorators.auth import require_access_token
+from src.presentation.decorators.cache import cached

src/presentation/decorators/auth.py

@@ -0,0 +1,36 @@
+from fastapi import Depends, Request
+from fastapi.security.utils import get_authorization_scheme_param
+from src.application.contracts import IJwtService
+from src.application.domain.exceptions import ApplicationException
+from src.application.domain.dto import AccessTokenPayload, AuthContext
+from src.presentation.dependencies import get_jwt_service
+
+
+def _extract_access_token(request: Request) -> str | None:
+    token = request.cookies.get('access_token')
+
+    if token:
+        return token
+
+    auth = request.headers.get('Authorization')
+    if auth:
+        scheme, param = get_authorization_scheme_param(auth)
+        if scheme.lower() == 'bearer' and param:
+            return param
+
+    return None
+
+
+async def require_access_token(
+    request: Request,
+    jwt_service: IJwtService = Depends(get_jwt_service),
+) -> AuthContext:
+    token = _extract_access_token(request)
+    if not token:
+        raise ApplicationException(status_code=401, message='Not authenticated')
+
+    payload: AccessTokenPayload = await jwt_service.decode_access_token(token)
+    if payload.type != 'access':
+        raise ApplicationException(status_code=401, message='Invalid token type')
+
+    return AuthContext(user_id=payload.sub, sid=payload.sid, token=payload)

src/presentation/decorators/cache.py

@@ -0,0 +1,46 @@
+from __future__ import annotations
+import functools
+from typing import Any, Awaitable, Callable
+from fastapi import Request
+from fastapi.responses import ORJSONResponse
+from src.infrastructure.cache import KeydbCache
+from src.infrastructure.logger import get_logger
+from src.presentation.dependencies.cache import get_redis
+
+
+def cached(*, prefix: str) -> Callable:
+
+    def decorator(func: Callable[..., Awaitable[Any]]):
+        @functools.wraps(func)
+        async def wrapper(*args: Any, **kwargs: Any) -> Any:
+            logger = get_logger()
+
+            request = kwargs.get('request')
+            if not isinstance(request, Request):
+                for a in args:
+                    if isinstance(a, Request):
+                        request = a
+                        break
+
+            auth = kwargs.get('auth')
+            user_id = getattr(auth, 'user_id', None) if auth else None
+
+            if request is None or user_id is None:
+                return await func(*args, **kwargs)
+
+            cache_key = f'{prefix}:{user_id}'
+
+            try:
+                redis = get_redis(request)
+                cache = KeydbCache(redis)
+                hit = await cache.get_user(user_id)
+                if hit is not None:
+                    logger.debug(f'Cache hit key={cache_key}')
+                    return ORJSONResponse(status_code=200, content=hit)
+            except Exception as e:
+                logger.warning(f'Cache read failed key={cache_key} error={e}')
+
+            return await func(*args, **kwargs)
+
+        return wrapper
+    return decorator

src/presentation/decorators/csrf.py

@@ -0,0 +1,61 @@
+from __future__ import annotations
+import inspect
+from functools import wraps
+from typing import Callable, Awaitable, Any, Optional, Annotated
+from fastapi import Request, Header
+from src.application.domain.exceptions import ApplicationException
+from src.infrastructure.security import CsrfService
+
+
+def csrf_protect(
+    expected_subject_getter: Optional[Callable[[Request], Optional[str]]] = None,
+):
+    def decorator(func: Callable[..., Awaitable[Any]]):
+        sig = inspect.signature(func)
+        params = list(sig.parameters.values())
+
+        has_request = any(p.annotation is Request or p.name == 'request' for p in params)
+        if not has_request:
+            raise RuntimeError('csrf_protect requires endpoint to accept `request: Request`')
+
+        has_header = any(p.name == 'x_csrf_token' for p in params)
+        if not has_header:
+            params.append(
+                inspect.Parameter(
+                    name='x_csrf_token',
+                    kind=inspect.Parameter.KEYWORD_ONLY,
+                    default=None,
+                    annotation=Annotated[str | None, Header(alias='X-CSRF-Token')],
+                )
+            )
+
+        @wraps(func)
+        async def wrapper(*args, **kwargs):
+            request: Request | None = kwargs.get('request')
+            if request is None:
+                for arg in args:
+                    if isinstance(arg, Request):
+                        request = arg
+                        break
+
+            if request is None:
+                raise ApplicationException(
+                    status_code=500,
+                    message='Request is required for CSRF protection',
+                )
+
+            csrf = CsrfService()
+
+            cookie_token, _ = csrf.extract(request.cookies, request.headers)
+            header_token = kwargs.get('x_csrf_token')
+
+            expected_subject = expected_subject_getter(request) if expected_subject_getter else None
+            csrf.verify_pair(cookie_token, header_token, expected_subject)
+
+            kwargs.pop('x_csrf_token', None)
+            return await func(*args, **kwargs)
+
+        wrapper.__signature__ = sig.replace(parameters=params)
+        return wrapper
+
+    return decorator

src/presentation/decorators/rate_limit.py

@@ -0,0 +1,171 @@
+from __future__ import annotations
+import functools
+import inspect
+import hashlib
+from typing import Any, Awaitable, Callable, Literal, Optional, Protocol, runtime_checkable
+from fastapi import Request
+from redis.asyncio.client import Redis
+from src.application.contracts import ILogger
+from src.application.domain.exceptions import ApplicationException
+from src.infrastructure.logger import get_logger
+from src.presentation.dependencies import get_redis
+
+
+def _find_request(args: tuple[Any, ...], kwargs: dict[str, Any]) -> Request:
+    req = kwargs.get('request')
+    if isinstance(req, Request):
+        return req
+    for a in args:
+        if isinstance(a, Request):
+            return a
+    raise RuntimeError('rate_limit decorator requires fastapi.Request argument')
+
+
+def _client_ip(request: Request) -> str:
+    xff = request.headers.get('x-forwarded-for')
+    if xff:
+        return xff.split(',')[0].strip()
+    if request.client:
+        return request.client.host
+    return 'unknown'
+
+
+_LUA_INCR_EXPIRE_TTL = '''
+local key = KEYS[1]
+local window = tonumber(ARGV[1])
+
+local current = redis.call('INCR', key)
+if current == 1 then
+  redis.call('EXPIRE', key, window)
+end
+
+local ttl = redis.call('TTL', key)
+return { current, ttl }
+'''
+
+
+Scope = Literal['ip', 'device', 'user', 'key']
+
+
+@runtime_checkable
+class KeyBuilder1(Protocol):
+    def __call__(self, request: Request) -> str: ...
+
+
+@runtime_checkable
+class KeyBuilder3(Protocol):
+    def __call__(self, request: Request, args: tuple[Any, ...], kwargs: dict[str, Any]) -> str: ...
+
+
+KeyBuilder = KeyBuilder1 | KeyBuilder3
+
+
+def _call_key_builder(builder: KeyBuilder, request: Request, args: tuple[Any, ...], kwargs: dict[str, Any]) -> str:
+    try:
+        sig = inspect.signature(builder)
+        if len(sig.parameters) >= 3:
+            return builder(request, args, kwargs)
+        return builder(request)
+    except Exception as e:
+        try:
+            return builder(request, args, kwargs)
+        except Exception:
+            raise e
+        
+def _email_rl_key(request: Request, args: tuple[Any, ...], kwargs: dict[str, Any]) -> str:
+
+    body = kwargs.get('body')
+    if body is None and args:
+        for a in args:
+            if hasattr(a, 'email'):
+                body = a
+                break
+
+    email = (getattr(body, 'email', '') or '').strip().lower()
+    if not email:
+        email = _client_ip(request)
+
+    digest = hashlib.sha256(email.encode('utf-8')).hexdigest()[:24]
+    return f'email:{digest}'
+
+def rate_limit(
+    *,
+    limit: int,
+    window_seconds: int,
+    scope: Scope = 'ip',
+    key_prefix: str = 'rl',
+    key_builder: Optional[KeyBuilder] = None,
+    fail_open: bool = True,
+) -> Callable[[Callable[..., Awaitable[Any]]], Callable[..., Awaitable[Any]]]:
+
+    if limit <= 0:
+        raise ValueError('rate_limit: limit must be > 0')
+    if window_seconds <= 0:
+        raise ValueError('rate_limit: window_seconds must be > 0')
+    if scope == 'key' and not key_builder:
+        raise ValueError('rate_limit: scope="key" requires key_builder')
+
+    def decorator(func: Callable[..., Awaitable[Any]]):
+        @functools.wraps(func)
+        async def wrapper(*args: Any, **kwargs: Any):
+            request = _find_request(args, kwargs)
+            logger: ILogger = get_logger()
+
+            if scope == 'ip':
+                ident = _client_ip(request)
+            elif scope == 'device':
+                ident = request.cookies.get('device_id') or _client_ip(request)
+            elif scope == 'user':
+                user = getattr(request.state, 'user', None)
+                user_id = getattr(user, 'id', None) if user else None
+                ident = str(user_id) if user_id else _client_ip(request)
+            else:
+                try:
+                    ident = _call_key_builder(key_builder, request, args, kwargs)  # type: ignore[arg-type]
+                except Exception as e:
+                    logger.error(f'RateLimit key_builder failed error={str(e)}')
+                    raise ApplicationException(500, 'Rate limiter key_builder failed')
+
+            route = request.url.path
+            method = request.method
+            redis_key = f'{key_prefix}:{scope}:{method}:{route}:{ident}'
+
+            logger.debug(f'RateLimit check key={redis_key} limit={limit} window={window_seconds}')
+
+            try:
+                redis: Redis = get_redis(request)
+
+                result = await redis.eval(
+                    _LUA_INCR_EXPIRE_TTL,
+                    1,
+                    redis_key,
+                    str(window_seconds),
+                )
+
+                count = int(result[0])
+                ttl_raw = int(result[1]) if result and len(result) > 1 else window_seconds
+                ttl = window_seconds if ttl_raw < 0 else ttl_raw
+
+            except Exception as e:
+                logger.error(f'RateLimit redis failure key={redis_key} error={str(e)}')
+
+                if fail_open:
+                    logger.warning(f'RateLimit fail-open activated key={redis_key}')
+                    return await func(*args, **kwargs)
+
+                raise ApplicationException(503, 'Rate limiter unavailable')
+
+            if count > limit:
+                retry_after = max(ttl, 0)
+                logger.warning(f'RateLimit exceeded key={redis_key} count={count} limit={limit} retry_after={retry_after}')
+                raise ApplicationException(
+                    status_code=429,
+                    message='Too Many Requests',
+                    headers={'Retry-After': str(retry_after)},
+                )
+
+            logger.debug(f'RateLimit passed key={redis_key} count={count}')
+            return await func(*args, **kwargs)
+
+        return wrapper
+    return decorator

src/presentation/dependencies/__init__.py

@@ -0,0 +1,16 @@
+from src.presentation.dependencies.commands import (
+    get_get_me_command,
+    get_set_phone_command,
+    get_set_crypto_wallet_start_command,
+    get_set_crypto_wallet_complete_command,
+    get_update_bank_details_start_command,
+    get_update_bank_details_complete_command,
+    get_change_password_start_command,
+    get_change_password_complete_command,
+    get_change_email_start_command,
+    get_change_email_confirm_old_command,
+    get_change_email_complete_command,
+)
+from src.presentation.dependencies.security import get_jwt_service
+from src.presentation.dependencies.cache import get_redis, get_cache
+from src.presentation.dependencies.queue_messanger import get_rabbit

src/presentation/dependencies/cache.py

@@ -0,0 +1,12 @@
+from fastapi import Depends, Request
+from redis.asyncio.client import Redis
+from src.application.contracts import ICache
+from src.infrastructure.cache import KeydbCache
+
+
+def get_redis(request: Request) -> Redis:
+    return request.app.state.redis
+
+
+def get_cache(redis_client: Redis = Depends(get_redis)) -> ICache:
+    return KeydbCache(redis_client)

src/presentation/dependencies/commands.py

@@ -0,0 +1,161 @@
+from fastapi import Depends
+from src.application.abstractions import IUnitOfWork
+from src.application.commands import GetMeCommand, SetPhoneCommand, SetCryptoWalletStartCommand, SetCryptoWalletCompleteCommand, UpdateBankDetailsStartCommand, UpdateBankDetailsCompleteCommand, ChangePasswordStartCommand, ChangePasswordCompleteCommand, ChangeEmailStartCommand, ChangeEmailConfirmOldCommand, ChangeEmailCompleteCommand
+from src.application.contracts import ILogger, ICache, IQueueMessanger, IHashService
+from src.presentation.dependencies.cache import get_cache
+from src.presentation.dependencies.logger import get_logger
+from src.presentation.dependencies.queue_messanger import get_rabbit
+from src.presentation.dependencies.security import get_hash_service
+from src.presentation.dependencies.unit_of_work import get_unit_of_work
+
+
+def get_get_me_command(
+    logger: ILogger = Depends(get_logger),
+    unit_of_work: IUnitOfWork = Depends(get_unit_of_work),
+    cache: ICache = Depends(get_cache),
+) -> GetMeCommand:
+    return GetMeCommand(logger=logger, unit_of_work=unit_of_work, cache=cache)
+
+
+def get_set_phone_command(
+    logger: ILogger = Depends(get_logger),
+    unit_of_work: IUnitOfWork = Depends(get_unit_of_work),
+    cache: ICache = Depends(get_cache),
+) -> SetPhoneCommand:
+    return SetPhoneCommand(logger=logger, unit_of_work=unit_of_work, cache=cache)
+
+
+def get_set_crypto_wallet_start_command(
+    logger: ILogger = Depends(get_logger),
+    unit_of_work: IUnitOfWork = Depends(get_unit_of_work),
+    cache: ICache = Depends(get_cache),
+    messanger: IQueueMessanger = Depends(get_rabbit),
+    hash_service: IHashService = Depends(get_hash_service),
+) -> SetCryptoWalletStartCommand:
+    return SetCryptoWalletStartCommand(
+        logger=logger,
+        unit_of_work=unit_of_work,
+        cache=cache,
+        messanger=messanger,
+        hash_service=hash_service,
+    )
+
+
+def get_set_crypto_wallet_complete_command(
+    logger: ILogger = Depends(get_logger),
+    unit_of_work: IUnitOfWork = Depends(get_unit_of_work),
+    cache: ICache = Depends(get_cache),
+    hash_service: IHashService = Depends(get_hash_service),
+) -> SetCryptoWalletCompleteCommand:
+    return SetCryptoWalletCompleteCommand(
+        logger=logger,
+        unit_of_work=unit_of_work,
+        cache=cache,
+        hash_service=hash_service,
+    )
+
+
+def get_change_password_start_command(
+    logger: ILogger = Depends(get_logger),
+    unit_of_work: IUnitOfWork = Depends(get_unit_of_work),
+    cache: ICache = Depends(get_cache),
+    messanger: IQueueMessanger = Depends(get_rabbit),
+    hash_service: IHashService = Depends(get_hash_service),
+) -> ChangePasswordStartCommand:
+    return ChangePasswordStartCommand(
+        logger=logger,
+        unit_of_work=unit_of_work,
+        cache=cache,
+        messanger=messanger,
+        hash_service=hash_service,
+    )
+
+
+def get_change_password_complete_command(
+    logger: ILogger = Depends(get_logger),
+    unit_of_work: IUnitOfWork = Depends(get_unit_of_work),
+    cache: ICache = Depends(get_cache),
+    hash_service: IHashService = Depends(get_hash_service),
+) -> ChangePasswordCompleteCommand:
+    return ChangePasswordCompleteCommand(
+        logger=logger,
+        unit_of_work=unit_of_work,
+        cache=cache,
+        hash_service=hash_service,
+    )
+
+
+def get_change_email_start_command(
+    logger: ILogger = Depends(get_logger),
+    unit_of_work: IUnitOfWork = Depends(get_unit_of_work),
+    cache: ICache = Depends(get_cache),
+    messanger: IQueueMessanger = Depends(get_rabbit),
+    hash_service: IHashService = Depends(get_hash_service),
+) -> ChangeEmailStartCommand:
+    return ChangeEmailStartCommand(
+        logger=logger,
+        unit_of_work=unit_of_work,
+        cache=cache,
+        messanger=messanger,
+        hash_service=hash_service,
+    )
+
+
+def get_change_email_confirm_old_command(
+    logger: ILogger = Depends(get_logger),
+    unit_of_work: IUnitOfWork = Depends(get_unit_of_work),
+    cache: ICache = Depends(get_cache),
+    messanger: IQueueMessanger = Depends(get_rabbit),
+    hash_service: IHashService = Depends(get_hash_service),
+) -> ChangeEmailConfirmOldCommand:
+    return ChangeEmailConfirmOldCommand(
+        logger=logger,
+        unit_of_work=unit_of_work,
+        cache=cache,
+        messanger=messanger,
+        hash_service=hash_service,
+    )
+
+
+def get_change_email_complete_command(
+    logger: ILogger = Depends(get_logger),
+    unit_of_work: IUnitOfWork = Depends(get_unit_of_work),
+    cache: ICache = Depends(get_cache),
+    hash_service: IHashService = Depends(get_hash_service),
+) -> ChangeEmailCompleteCommand:
+    return ChangeEmailCompleteCommand(
+        logger=logger,
+        unit_of_work=unit_of_work,
+        cache=cache,
+        hash_service=hash_service,
+    )
+
+
+def get_update_bank_details_start_command(
+    logger: ILogger = Depends(get_logger),
+    unit_of_work: IUnitOfWork = Depends(get_unit_of_work),
+    cache: ICache = Depends(get_cache),
+    messanger: IQueueMessanger = Depends(get_rabbit),
+    hash_service: IHashService = Depends(get_hash_service),
+) -> UpdateBankDetailsStartCommand:
+    return UpdateBankDetailsStartCommand(
+        logger=logger,
+        unit_of_work=unit_of_work,
+        cache=cache,
+        messanger=messanger,
+        hash_service=hash_service,
+    )
+
+
+def get_update_bank_details_complete_command(
+    logger: ILogger = Depends(get_logger),
+    unit_of_work: IUnitOfWork = Depends(get_unit_of_work),
+    cache: ICache = Depends(get_cache),
+    hash_service: IHashService = Depends(get_hash_service),
+) -> UpdateBankDetailsCompleteCommand:
+    return UpdateBankDetailsCompleteCommand(
+        logger=logger,
+        unit_of_work=unit_of_work,
+        cache=cache,
+        hash_service=hash_service,
+    )

src/presentation/dependencies/logger.py

@@ -0,0 +1,7 @@
+from functools import lru_cache
+from src.application.contracts import ILogger
+from src.infrastructure.logger import logger
+
+@lru_cache
+def get_logger() -> ILogger:
+    return logger

src/presentation/dependencies/queue_messanger.py

@@ -0,0 +1,8 @@
+from functools import lru_cache
+from src.application.contracts import IQueueMessanger
+from src.infrastructure.messanger import RabbitClient
+
+
+@lru_cache(maxsize=1)
+def get_rabbit() -> IQueueMessanger:
+    return RabbitClient()

src/presentation/dependencies/security.py

@@ -0,0 +1,25 @@
+from functools import lru_cache
+from fastapi import Depends
+from src.application.contracts import IJwtService, ILogger, IHashService
+from src.infrastructure.security import JwtService, HashService
+from src.infrastructure.vault import JwtKeyStore
+from src.presentation.dependencies.logger import get_logger
+
+
+@lru_cache(maxsize=1)
+def _hash_service(logger: ILogger) -> IHashService:
+    return HashService(logger=logger)
+
+
+def get_hash_service(logger: ILogger = Depends(get_logger)) -> IHashService:
+    return _hash_service(logger)
+
+
+@lru_cache(maxsize=1)
+def _jwt_service(logger: ILogger) -> IJwtService:
+    key_store = JwtKeyStore.get_instance()
+    return JwtService(logger=logger, key_store=key_store)
+
+
+def get_jwt_service(logger: ILogger = Depends(get_logger)) -> IJwtService:
+    return _jwt_service(logger)

src/presentation/dependencies/unit_of_work.py

@@ -0,0 +1,10 @@
+from fastapi import Depends
+from src.application.abstractions import IUnitOfWork
+from src.application.contracts import ILogger
+from src.infrastructure.database import UnitOfWork
+from src.infrastructure.database.context import async_session_maker
+from src.infrastructure.logger import get_logger
+
+
+def get_unit_of_work(logger: ILogger = Depends(get_logger)) -> IUnitOfWork:
+    return UnitOfWork(session_factory=async_session_maker, logger=logger)

src/presentation/handlers/__init__.py

@@ -0,0 +1,2 @@
+from src.presentation.handlers.unhandled_handler import unhandled_exception_handler
+from src.presentation.handlers.application_handler import application_exception_handler

src/presentation/handlers/application_handler.py

@@ -0,0 +1,17 @@
+from fastapi.responses import ORJSONResponse
+from fastapi import Request
+from src.application.domain.exceptions import ApplicationException
+
+
+async def application_exception_handler(_request: Request, exc: ApplicationException) -> ORJSONResponse:
+    detail = exc.message
+    if 500 <= exc.status_code:
+        detail = "Internal Server Error"
+
+    return ORJSONResponse(
+        status_code=exc.status_code,
+        content={"detail": detail},
+        headers=dict(exc.headers) if exc.headers else None,
+    )
+
+

src/presentation/handlers/unhandled_handler.py

@@ -0,0 +1,12 @@
+from fastapi.responses import ORJSONResponse
+from fastapi import Request
+from starlette import status
+from src.infrastructure.logger import logger
+
+
+async def unhandled_exception_handler(_request: Request, exc: Exception) -> ORJSONResponse:
+    logger.exception(f'Unhandled exception: {type(exc).__name__}')
+    return ORJSONResponse(
+        status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
+        content={'detail': 'Internal Server Error'},
+    )

src/presentation/middleware/__init__.py

@@ -0,0 +1,2 @@
+from src.presentation.middleware.trace_id import TraceIDMiddleware
+from src.presentation.middleware.security_headers import SecurityHeadersMiddleware

src/presentation/middleware/security_headers.py

@@ -0,0 +1,51 @@
+from starlette.middleware.base import BaseHTTPMiddleware
+from starlette.requests import Request
+from starlette.responses import Response
+
+
+class SecurityHeadersMiddleware(BaseHTTPMiddleware):
+    def __init__(
+        self,
+        app,
+        *,
+        hsts: bool = True,
+        hsts_max_age: int = 31536000,  # 1 год
+        hsts_include_subdomains: bool = True,
+        hsts_preload: bool = False,
+        frame_options: str = 'DENY',  # или 'SAMEORIGIN'
+        referrer_policy: str = 'strict-origin-when-cross-origin',
+        content_security_policy: str | None = None,
+    ):
+        super().__init__(app)
+        self.hsts = hsts
+        self.hsts_max_age = hsts_max_age
+        self.hsts_include_subdomains = hsts_include_subdomains
+        self.hsts_preload = hsts_preload
+        self.frame_options = frame_options
+        self.referrer_policy = referrer_policy
+        self.csp = content_security_policy
+
+    async def dispatch(self, request: Request, call_next) -> Response:
+        response: Response = await call_next(request)
+
+        if request.url.path in ('/docs', '/redoc', '/openapi.json'):
+            return response
+
+        if self.hsts and request.url.scheme == 'https':
+            hsts = f'max-age={self.hsts_max_age}'
+            if self.hsts_include_subdomains:
+                hsts += '; includeSubDomains'
+            if self.hsts_preload:
+                hsts += '; preload'
+            response.headers['Strict-Transport-Security'] = hsts
+
+        response.headers['X-Content-Type-Options'] = 'nosniff'
+        
+        response.headers['X-Frame-Options'] = self.frame_options
+
+        response.headers['Referrer-Policy'] = self.referrer_policy
+
+        if self.csp:
+            response.headers['Content-Security-Policy'] = self.csp
+
+        return response

src/presentation/middleware/trace_id.py

@@ -0,0 +1,135 @@
+from __future__ import annotations
+from typing import Optional
+from contextvars import Token
+from starlette.requests import Request
+from starlette.types import ASGIApp, Message, Receive, Scope, Send
+from ulid import ULID
+from src.application.contracts import ILogger
+from src.infrastructure.config import settings
+from src.infrastructure.context_vars import trace_id_var
+
+
+class TraceIDMiddleware:
+    def __init__(
+        self,
+        app: ASGIApp,
+        logger: ILogger,
+        response_header_name: str = "X-Trace-ID",
+        attach_response_header: bool = True,
+    ) -> None:
+        self.app = app
+        self.logger = logger
+        self.response_header_name = response_header_name
+        self.attach_response_header = attach_response_header
+
+    def _is_excluded(self, path: str) -> bool:
+        return any(path == p or path.startswith(p.rstrip("/") + "/") for p in settings.EXCLUDED_PATHS)
+
+    async def __call__(self, scope: Scope, receive: Receive, send: Send) -> None:
+        if scope["type"] != "http":
+            await self.app(scope, receive, send)
+            return
+
+        request = Request(scope)
+
+        if self._is_excluded(request.url.path):
+            await self.app(scope, receive, send)
+            return
+
+        trace_id = request.headers.get("X-Trace-ID") or request.headers.get("X-Request-ID")
+        if not trace_id:
+            trace_id = str(ULID())
+
+        request.state.trace_id = trace_id
+
+        token: Token = trace_id_var.set(trace_id)
+
+        self.logger.debug(f"Request started: {request.method} {request.url} - TraceID: {trace_id}")
+
+        status_code_holder: dict[str, Optional[int]] = {"status": None}
+
+        async def send_wrapper(message: Message) -> None:
+            if message["type"] == "http.response.start":
+                status_code_holder["status"] = int(message["status"])
+
+                if self.attach_response_header:
+                    headers = list(message.get("headers", []))
+                    headers.append((self.response_header_name.lower().encode(), trace_id.encode()))
+                    message["headers"] = headers
+            await send(message)
+
+        try:
+            await self.app(scope, receive, send_wrapper)
+        finally:
+            status = status_code_holder["status"]
+            status_part = f"{status}" if status is not None else "unknown"
+            self.logger.debug(
+                f"Request finished: {request.method} {request.url} - TraceID: {trace_id} - Status: {status_part}"
+            )
+            trace_id_var.reset(token)
+
+
+# from __future__ import annotations
+# from typing import Optional
+# from starlette.requests import Request
+# from starlette.types import ASGIApp, Message, Receive, Scope, Send
+# from ulid import ULID
+# from src.application.contracts import ILogger
+# from src.infrastructure.config.settings import settings
+#
+#
+# class TraceIDMiddleware:
+#     def __init__(
+#         self,
+#         app: ASGIApp,
+#         logger: ILogger,
+#         response_header_name: str = 'X-Trace-ID',
+#         attach_response_header: bool = True,
+#     ) -> None:
+#         self.app = app
+#         self.logger = logger
+#         self.response_header_name = response_header_name
+#         self.attach_response_header = attach_response_header
+#
+#     def _is_excluded(self, path: str) -> bool:
+#         return any(path == p or path.startswith(p.rstrip('/') + '/') for p in settings.EXCLUDED_PATHS)
+#
+#     async def __call__(self, scope: Scope, receive: Receive, send: Send) -> None:
+#         if scope['type'] != 'http':
+#             await self.app(scope, receive, send)
+#             return
+#
+#         request = Request(scope)
+#
+#         if self._is_excluded(request.url.path):
+#             await self.app(scope, receive, send)
+#             return
+#
+#         trace_id = request.headers.get('X-Trace-ID') or request.headers.get('X-Request-ID')
+#         if not trace_id:
+#             trace_id = str(ULID())
+#
+#         request.state.trace_id = trace_id
+#         self.logger.set_trace_id(trace_id)
+#
+#         self.logger.debug(f'Request started: {request.method} {request.url} - TraceID: {trace_id}')
+#
+#         status_code_holder: dict[str, Optional[int]] = {'status': None}
+#
+#         async def send_wrapper(message: Message) -> None:
+#             if message['type'] == 'http.response.start':
+#                 status_code_holder['status'] = int(message['status'])
+#
+#                 if self.attach_response_header:
+#                     headers = list(message.get('headers', []))
+#                     headers.append((self.response_header_name.lower().encode(), trace_id.encode()))
+#                     message['headers'] = headers
+#             await send(message)
+#
+#         try:
+#             await self.app(scope, receive, send_wrapper)
+#         finally:
+#             status = status_code_holder['status']
+#             status_part = f'{status}' if status is not None else 'unknown'
+#             self.logger.debug(f'Request finished: {request.method} {request.url} - TraceID: {trace_id} - Status: {status_part}')
+#             self.logger.clear_trace_id()

src/presentation/routing/__init__.py

@@ -0,0 +1,18 @@
+from fastapi import APIRouter
+from src.presentation.routing.account import account_router
+
+
+me_router = APIRouter(prefix='/me', tags=['Account'])
+
+me_router.include_router(account_router)
+
+# from src.presentation.routing.account_settings import account_settings_router
+# me_router.include_router(account_settings_router)
+
+# from src.presentation.routing.devices import devices_router
+# me_devices_router = APIRouter(prefix='/me', tags=['Devices'])
+# me_devices_router.include_router(devices_router)
+
+# from src.presentation.routing.deals import deals_router
+# me_deals_router = APIRouter(prefix='/me', tags=['Deals'])
+# me_deals_router.include_router(deals_router)

src/presentation/routing/account.py

@@ -0,0 +1,43 @@
+from fastapi import APIRouter, Request, Depends
+from fastapi.responses import ORJSONResponse
+from starlette import status
+from src.application.commands.get_me import GetMeCommand
+from src.application.contracts import ILogger
+from src.application.domain.dto import AuthContext
+from src.presentation.decorators import require_access_token
+from src.presentation.dependencies.commands import get_get_me_command
+from src.presentation.dependencies.logger import get_logger
+
+account_router = APIRouter()
+
+@account_router.get(path='/', response_class=ORJSONResponse, status_code=status.HTTP_200_OK)
+async def me(
+        request: Request,
+        auth: AuthContext = Depends(require_access_token),
+        command: GetMeCommand = Depends(get_get_me_command),
+        logger: ILogger = Depends(get_logger),
+):
+    user = await command(user_id=auth.user_id)
+    logger.info(f'Get user: {user.id}')
+    return ORJSONResponse(
+        status_code=status.HTTP_200_OK,
+        content={
+            'id': user.id,
+            'email': user.email,
+            'first_name': user.first_name,
+            'middle_name': user.middle_name,
+            'last_name': user.last_name,
+            'birth_date': str(user.birth_date) if user.birth_date else None,
+            'crypto_wallet': user.crypto_wallet,
+            'phone': user.phone,
+            'bik': user.bik,
+            'account_number': user.account_number,
+            'card_number': user.card_number,
+            'inn': user.inn,
+            'kyc_verified': user.kyc_verified,
+            'is_deleted': user.is_deleted,
+            'created_at': user.created_at.isoformat() if user.created_at else None,
+            'updated_at': user.updated_at.isoformat() if user.updated_at else None,
+            'kyc_verified_at': user.kyc_verified_at.isoformat() if user.kyc_verified_at else None,
+        }
+    )

src/presentation/routing/account_settings.py

@@ -0,0 +1,150 @@
+from fastapi import APIRouter, Request, Depends
+from fastapi.responses import ORJSONResponse
+from starlette import status
+from src.application.commands import SetPhoneCommand, SetCryptoWalletStartCommand, SetCryptoWalletCompleteCommand, UpdateBankDetailsStartCommand, UpdateBankDetailsCompleteCommand, ChangePasswordStartCommand, ChangePasswordCompleteCommand, ChangeEmailStartCommand, ChangeEmailConfirmOldCommand, ChangeEmailCompleteCommand
+from src.application.domain.dto import AuthContext
+from src.presentation.decorators import require_access_token
+from src.presentation.dependencies import (
+    get_set_phone_command,
+    get_set_crypto_wallet_start_command,
+    get_set_crypto_wallet_complete_command,
+    get_update_bank_details_start_command,
+    get_update_bank_details_complete_command,
+    get_change_password_start_command,
+    get_change_password_complete_command,
+    get_change_email_start_command,
+    get_change_email_confirm_old_command,
+    get_change_email_complete_command,
+)
+from src.presentation.schemas import SetPhoneRequest, CryptoWalletConfirmRequest, BankConfirmRequest, ChangePasswordConfirmRequest, ChangeEmailConfirmOldRequest, ChangeEmailCompleteRequest
+
+
+account_settings_router = APIRouter(prefix='/settings')
+
+
+@account_settings_router.patch(path='/phone', response_class=ORJSONResponse, status_code=status.HTTP_200_OK)
+async def set_phone(
+    request: Request,
+    body: SetPhoneRequest,
+    auth: AuthContext = Depends(require_access_token),
+    command: SetPhoneCommand = Depends(get_set_phone_command),
+):
+    user = await command(user_id=auth.user_id, phone=body.phone)
+    return ORJSONResponse(status_code=status.HTTP_200_OK, content={'phone': user.phone})
+
+
+@account_settings_router.post(path='/crypto-wallet/start', response_class=ORJSONResponse, status_code=status.HTTP_200_OK)
+async def crypto_wallet_start(
+    request: Request,
+    auth: AuthContext = Depends(require_access_token),
+    command: SetCryptoWalletStartCommand = Depends(get_set_crypto_wallet_start_command),
+):
+    result = await command(user_id=auth.user_id)
+    return {'success': result}
+
+
+@account_settings_router.post(path='/crypto-wallet/complete', response_class=ORJSONResponse, status_code=status.HTTP_200_OK)
+async def crypto_wallet_complete(
+    request: Request,
+    body: CryptoWalletConfirmRequest,
+    auth: AuthContext = Depends(require_access_token),
+    command: SetCryptoWalletCompleteCommand = Depends(get_set_crypto_wallet_complete_command),
+):
+    user = await command(
+        user_id=auth.user_id,
+        code=body.code,
+        wallet_address=body.wallet_address,
+    )
+    return {'crypto_wallet': user.crypto_wallet}
+
+
+@account_settings_router.post(path='/email/start', response_class=ORJSONResponse, status_code=status.HTTP_200_OK)
+async def change_email_start(
+    request: Request,
+    auth: AuthContext = Depends(require_access_token),
+    command: ChangeEmailStartCommand = Depends(get_change_email_start_command),
+):
+    result = await command(user_id=auth.user_id)
+    return {'success': result}
+
+
+@account_settings_router.post(path='/email/confirm-old', response_class=ORJSONResponse, status_code=status.HTTP_200_OK)
+async def change_email_confirm_old(
+    request: Request,
+    body: ChangeEmailConfirmOldRequest,
+    auth: AuthContext = Depends(require_access_token),
+    command: ChangeEmailConfirmOldCommand = Depends(get_change_email_confirm_old_command),
+):
+    result = await command(user_id=auth.user_id, code=body.code, new_email=body.new_email)
+    return {'success': result}
+
+
+@account_settings_router.post(path='/email/complete', response_class=ORJSONResponse, status_code=status.HTTP_200_OK)
+async def change_email_complete(
+    request: Request,
+    body: ChangeEmailCompleteRequest,
+    auth: AuthContext = Depends(require_access_token),
+    command: ChangeEmailCompleteCommand = Depends(get_change_email_complete_command),
+):
+    result = await command(user_id=auth.user_id, code=body.code)
+    return {'success': result}
+
+
+@account_settings_router.post(path='/password/start', response_class=ORJSONResponse, status_code=status.HTTP_200_OK)
+async def change_password_start(
+    request: Request,
+    auth: AuthContext = Depends(require_access_token),
+    command: ChangePasswordStartCommand = Depends(get_change_password_start_command),
+):
+    result = await command(user_id=auth.user_id)
+    return {'success': result}
+
+
+@account_settings_router.post(path='/password/complete', response_class=ORJSONResponse, status_code=status.HTTP_200_OK)
+async def change_password_complete(
+    request: Request,
+    body: ChangePasswordConfirmRequest,
+    auth: AuthContext = Depends(require_access_token),
+    command: ChangePasswordCompleteCommand = Depends(get_change_password_complete_command),
+):
+    result = await command(
+        user_id=auth.user_id,
+        code=body.code,
+        new_password=body.new_password,
+        confirm_password=body.confirm_password,
+    )
+    return {'success': result}
+
+
+@account_settings_router.post(path='/bank/start', response_class=ORJSONResponse, status_code=status.HTTP_200_OK)
+async def bank_details_start(
+    request: Request,
+    auth: AuthContext = Depends(require_access_token),
+    command: UpdateBankDetailsStartCommand = Depends(get_update_bank_details_start_command),
+):
+    result = await command(user_id=auth.user_id)
+    return {'success': result}
+
+
+@account_settings_router.post(path='/bank/complete', response_class=ORJSONResponse, status_code=status.HTTP_200_OK)
+async def bank_details_complete(
+    request: Request,
+    body: BankConfirmRequest,
+    auth: AuthContext = Depends(require_access_token),
+    command: UpdateBankDetailsCompleteCommand = Depends(get_update_bank_details_complete_command),
+):
+    user = await command(
+        user_id=auth.user_id,
+        code=body.code,
+        bik=body.bik,
+        account_number=body.account_number,
+        card_number=body.card_number,
+    )
+    return ORJSONResponse(
+        status_code=status.HTTP_200_OK,
+        content={
+            'bik': user.bik,
+            'account_number': user.account_number,
+            'card_number': user.card_number,
+        },
+    )

src/presentation/routing/deals.py

@@ -0,0 +1,7 @@
+from fastapi import APIRouter
+
+deals_router = APIRouter(prefix='/deals')
+
+@deals_router.get(path='')
+async def deals():
+    pass

src/presentation/routing/devices.py

@@ -0,0 +1,11 @@
+from fastapi import APIRouter, Request
+from fastapi.responses import ORJSONResponse
+from starlette import status
+
+devices_router = APIRouter(prefix='/devices')
+
+@devices_router.get(path='/', response_class=ORJSONResponse, status_code=status.HTTP_200_OK)
+async def devices(
+    request: Request,
+):
+    pass

src/presentation/schemas/__init__.py

@@ -0,0 +1,5 @@
+from src.presentation.schemas.phone import SetPhoneRequest
+from src.presentation.schemas.bank import BankUpdateRequest, BankConfirmRequest
+from src.presentation.schemas.crypto_wallet import CryptoWalletConfirmRequest
+from src.presentation.schemas.password import ChangePasswordConfirmRequest
+from src.presentation.schemas.email import ChangeEmailConfirmOldRequest, ChangeEmailCompleteRequest

src/presentation/schemas/bank.py

@@ -0,0 +1,110 @@
+import re
+from typing import Self
+from pydantic import BaseModel, field_validator, model_validator
+
+
+class BankUpdateRequest(BaseModel):
+    bik: str | None = None
+    account_number: str | None = None
+    card_number: str | None = None
+
+    @model_validator(mode='after')
+    def at_least_one(self) -> Self:
+        if not any([self.bik, self.account_number, self.card_number]):
+            raise ValueError('At least one field is required')
+        return self
+
+    @field_validator('bik')
+    @classmethod
+    def validate_bik(cls, v: str | None) -> str | None:
+        if v is None:
+            return None
+        v = v.strip()
+        if not re.match(r'^\d{9}$', v):
+            raise ValueError('BIK must be exactly 9 digits')
+        return v
+
+    @field_validator('account_number')
+    @classmethod
+    def validate_account_number(cls, v: str | None) -> str | None:
+        if v is None:
+            return None
+        v = v.strip()
+        if not re.match(r'^\d{20}$', v):
+            raise ValueError('Account number must be exactly 20 digits')
+        return v
+
+    @field_validator('card_number')
+    @classmethod
+    def validate_card_number(cls, v: str | None) -> str | None:
+        if v is None:
+            return None
+        v = re.sub(r'[\s\-]', '', v)
+        if not re.match(r'^\d{13,19}$', v):
+            raise ValueError('Card number must be 13-19 digits')
+        if not cls._luhn_check(v):
+            raise ValueError('Invalid card number (Luhn check failed)')
+        return v
+
+    @staticmethod
+    def _luhn_check(number: str) -> bool:
+        digits = [int(d) for d in number]
+        odd_digits = digits[-1::-2]
+        even_digits = digits[-2::-2]
+        total = sum(odd_digits)
+        for d in even_digits:
+            total += sum(divmod(d * 2, 10))
+        return total % 10 == 0
+
+
+class BankConfirmRequest(BaseModel):
+    code: str
+    bik: str | None = None
+    account_number: str | None = None
+    card_number: str | None = None
+
+    @model_validator(mode='after')
+    def at_least_one_field(self) -> Self:
+        if not any([self.bik, self.account_number, self.card_number]):
+            raise ValueError('At least one bank field is required')
+        return self
+
+    @field_validator('code')
+    @classmethod
+    def validate_code(cls, v: str) -> str:
+        v = v.strip()
+        if not re.match(r'^\d{6}$', v):
+            raise ValueError('Code must be exactly 6 digits')
+        return v
+
+    @field_validator('bik')
+    @classmethod
+    def validate_bik(cls, v: str | None) -> str | None:
+        if v is None:
+            return None
+        v = v.strip()
+        if not re.match(r'^\d{9}$', v):
+            raise ValueError('BIK must be exactly 9 digits')
+        return v
+
+    @field_validator('account_number')
+    @classmethod
+    def validate_account_number(cls, v: str | None) -> str | None:
+        if v is None:
+            return None
+        v = v.strip()
+        if not re.match(r'^\d{20}$', v):
+            raise ValueError('Account number must be exactly 20 digits')
+        return v
+
+    @field_validator('card_number')
+    @classmethod
+    def validate_card_number(cls, v: str | None) -> str | None:
+        if v is None:
+            return None
+        v = re.sub(r'[\s\-]', '', v)
+        if not re.match(r'^\d{13,19}$', v):
+            raise ValueError('Card number must be 13-19 digits')
+        if not BankUpdateRequest._luhn_check(v):
+            raise ValueError('Invalid card number (Luhn check failed)')
+        return v

src/presentation/schemas/crypto_wallet.py

@@ -0,0 +1,23 @@
+import re
+from pydantic import BaseModel, field_validator
+
+
+class CryptoWalletConfirmRequest(BaseModel):
+    code: str
+    wallet_address: str
+
+    @field_validator('code')
+    @classmethod
+    def validate_code(cls, v: str) -> str:
+        v = v.strip()
+        if not re.match(r'^\d{6}$', v):
+            raise ValueError('Code must be exactly 6 digits')
+        return v
+
+    @field_validator('wallet_address')
+    @classmethod
+    def validate_tron_address(cls, v: str) -> str:
+        v = v.strip()
+        if not re.match(r'^T[1-9A-HJ-NP-Za-km-z]{33}$', v):
+            raise ValueError('Invalid TRON wallet address')
+        return v

src/presentation/schemas/email.py

@@ -0,0 +1,35 @@
+import re
+from pydantic import BaseModel, field_validator
+
+
+class ChangeEmailConfirmOldRequest(BaseModel):
+    code: str
+    new_email: str
+
+    @field_validator('code')
+    @classmethod
+    def validate_code(cls, v: str) -> str:
+        v = v.strip()
+        if not re.match(r'^\d{6}$', v):
+            raise ValueError('Code must be exactly 6 digits')
+        return v
+
+    @field_validator('new_email')
+    @classmethod
+    def validate_new_email(cls, v: str) -> str:
+        v = v.strip().lower()
+        if not re.match(r'^[^@\s]+@[^@\s]+\.[^@\s]+$', v):
+            raise ValueError('Invalid email address')
+        return v
+
+
+class ChangeEmailCompleteRequest(BaseModel):
+    code: str
+
+    @field_validator('code')
+    @classmethod
+    def validate_code(cls, v: str) -> str:
+        v = v.strip()
+        if not re.match(r'^\d{6}$', v):
+            raise ValueError('Code must be exactly 6 digits')
+        return v

src/presentation/schemas/password.py

@@ -0,0 +1,30 @@
+import re
+from typing import Self
+from pydantic import BaseModel, field_validator, model_validator
+
+
+class ChangePasswordConfirmRequest(BaseModel):
+    code: str
+    new_password: str
+    confirm_password: str
+
+    @model_validator(mode='after')
+    def passwords_match(self) -> Self:
+        if self.new_password != self.confirm_password:
+            raise ValueError('Passwords do not match')
+        return self
+
+    @field_validator('code')
+    @classmethod
+    def validate_code(cls, v: str) -> str:
+        v = v.strip()
+        if not re.match(r'^\d{6}$', v):
+            raise ValueError('Code must be exactly 6 digits')
+        return v
+
+    @field_validator('new_password')
+    @classmethod
+    def validate_new_password(cls, v: str) -> str:
+        if len(v) < 8:
+            raise ValueError('Password must be at least 8 characters')
+        return v

src/presentation/schemas/phone.py

@@ -0,0 +1,17 @@
+import re
+from pydantic import BaseModel, field_validator
+from src.application.domain.exceptions import ApplicationException
+
+
+class SetPhoneRequest(BaseModel):
+    phone: str
+
+    @field_validator('phone')
+    @classmethod
+    def validate_russian_phone(cls, v: str) -> str:
+        cleaned = re.sub(r'[\s\-\(\)]', '', v)
+        pattern = r'^(\+7|8)\d{10}$'
+        if not re.match(pattern, cleaned):
+            raise ApplicationException(message='Invalid Russian phone number', status_code=429)
+        normalized = '+7' + cleaned[-10:]
+        return normalized