A full-stack cryptocurrency trading platform with advanced security features, KYC verification, real-time market data, and comprehensive trading capabilities.
- Features
- Tech Stack
- Prerequisites
- Quick Start
- Project Structure
- Configuration
- API Documentation
- Security Features
- Database Migrations
- Admin Panel
- Troubleshooting
- π Real-time market data integration (Binance)
- π Spot trading with limit and market orders
- π Margin trading support
- π± Multiple cryptocurrency pairs
- π Order history and tracking
- π WebSocket for live updates
- π JWT authentication with refresh tokens
- π‘οΈ Two-Factor Authentication (2FA/TOTP)
- π Row-level database locking for race condition prevention
- β±οΈ Withdrawal time delays (10-60 minutes based on amount)
- π« Address blacklisting
- π Encrypted 2FA secret storage
- π Comprehensive audit logging
- π¦ Rate limiting on all critical endpoints
- π 3-level KYC system
- π« ID document verification
- π€³ Selfie verification
- π Address proof verification
- πΌοΈ Advanced file validation (MIME type, dimensions, EXIF)
- βοΈ Admin review workflow
- π° Multi-currency wallet support
- π₯ Deposit address generation
- π€ Secure withdrawals with 2FA
- πΈ Transaction history
- π Balance tracking
- π₯ User management
- β KYC approval/rejection
- π³ Withdrawal approval
- π« Address blacklisting
- π System monitoring
- π Audit logs
- Framework: Flask (Python 3.11)
- Database: PostgreSQL 15
- Cache: Redis 7
- ORM: SQLAlchemy
- Migrations: Flask-Migrate (Alembic)
- Authentication: Flask-JWT-Extended
- API Docs: Swagger/Flasgger
- Real-time: WebSockets
- Task Queue: Redis
- Framework: React 18
- Language: TypeScript
- State Management: Redux Toolkit
- UI Library: Material-UI (MUI)
- HTTP Client: Axios
- Routing: React Router v6
- Forms: React Hook Form
- Charts: Chart.js
- Containerization: Docker & Docker Compose
- Web Server: Nginx
- Process Manager: Gunicorn
- Docker Desktop (v20.10+)
- Docker Compose (v2.0+)
- Git
- 4GB+ RAM available
- 10GB+ free disk space
git clone <repository-url>
cd cryptoTrade./install.shThis will:
- β Check prerequisites
- π Generate secure random keys
- π Create .env configuration
- ποΈ Build Docker images
- π Start all services
- ποΈ Run database migrations
- π± Seed initial data
- π₯ Verify service health
- Frontend: http://localhost:3000
- Backend API: http://localhost:5001
- Swagger Docs: http://localhost:5001/api/docs
Email: admin@cryptotrade.com
Password: admin123!@#
cryptoTrade/
βββ backend/
β βββ app/
β β βββ __init__.py # Flask app initialization
β β βββ config.py # Configuration
β β βββ api/
β β β βββ v1/ # API v1 endpoints
β β β β βββ auth.py # Authentication
β β β β βββ user.py # User management
β β β β βββ wallet.py # Wallet operations
β β β β βββ trading.py # Trading operations
β β β β βββ market.py # Market data
β β β β βββ kyc.py # KYC verification
β β β βββ admin/ # Admin endpoints
β β βββ models/ # Database models
β β βββ services/ # Business logic
β β βββ utils/ # Utilities
β β βββ migrations/ # Database migrations
β βββ requirements.txt # Python dependencies
β βββ Dockerfile
β βββ run.py # Application entry point
β
βββ frontend/
β βββ src/
β β βββ components/ # React components
β β βββ pages/ # Page components
β β βββ redux/ # Redux store
β β βββ services/ # API services
β β βββ App.tsx # Main app component
β βββ package.json # Node dependencies
β βββ Dockerfile
β βββ tsconfig.json # TypeScript config
β
βββ docker-compose.yml # Docker orchestration
βββ .env # Environment variables
βββ install.sh # Installation script
βββ start.sh # Start services
βββ stop.sh # Stop services
βββ restart.sh # Restart services
βββ logs.sh # View logs
βββ clean.sh # Clean all data
The .env file is auto-generated during installation. Key variables:
# Security (DO NOT use defaults in production!)
SECRET_KEY=<random-key>
JWT_SECRET_KEY=<random-key>
ENCRYPTION_KEY=<random-key>
# Database
POSTGRES_USER=cryptotrade
POSTGRES_PASSWORD=<secure-password>
POSTGRES_DB=cryptotrade
# Email (Configure for production)
MAIL_SERVER=smtp.gmail.com
MAIL_PORT=587
MAIL_USERNAME=your-email@gmail.com
MAIL_PASSWORD=your-app-password
# Binance API (Configure for trading)
BINANCE_API_KEY=your-api-key
BINANCE_SECRET_KEY=your-secret-key
BINANCE_TESTNET=True
# Application
FLASK_ENV=development # Change to 'production' for production
DEBUG=True # Set to False in production- Set
FLASK_ENV=production - Set
DEBUG=False - Generate strong secrets:
openssl rand -hex 32 # For SECRET_KEY and JWT_SECRET_KEY openssl rand -base64 32 # For ENCRYPTION_KEY
- Configure real email SMTP settings
- Set up Binance API keys
- Enable SSL/TLS
- Set up proper CORS origins
- Configure production-grade Redis
Visit http://localhost:5001/api/docs for interactive API documentation.
POST /api/v1/auth/register- Register new userPOST /api/v1/auth/login- LoginPOST /api/v1/auth/refresh- Refresh tokenPOST /api/v1/auth/logout- LogoutGET /api/v1/auth/verify-email/<token>- Verify emailPOST /api/v1/auth/forgot-password- Request password resetPOST /api/v1/auth/reset-password- Reset passwordPOST /api/v1/auth/2fa/setup- Setup 2FAPOST /api/v1/auth/2fa/verify- Enable 2FAPOST /api/v1/auth/2fa/disable- Disable 2FA
GET /api/v1/wallets- Get all walletsGET /api/v1/wallets/<currency>- Get specific walletGET /api/v1/wallets/<currency>/address- Get deposit addressGET /api/v1/wallets/deposits- Get deposit historyPOST /api/v1/wallets/withdraw- Create withdrawalGET /api/v1/wallets/withdrawals- Get withdrawal historyPOST /api/v1/wallets/withdrawals/<id>/cancel- Cancel withdrawal
GET /api/v1/trading/pairs- Get trading pairsPOST /api/v1/trading/orders- Create orderGET /api/v1/trading/orders- Get ordersDELETE /api/v1/trading/orders/<id>- Cancel orderGET /api/v1/trading/history- Get trade history
POST /api/v1/kyc/basic-info- Submit Level 1 KYCPOST /api/v1/kyc/id-verification- Submit Level 2 KYCPOST /api/v1/kyc/address-verification- Submit Level 3 KYCGET /api/v1/kyc/status- Get KYC status
GET /api/admin/users- Get all usersGET /api/admin/kyc/requests- Get KYC requestsPOST /api/admin/kyc/requests/<id>/approve- Approve KYCPOST /api/admin/kyc/requests/<id>/reject- Reject KYC
- β JWT with access & refresh tokens
- β Token blacklisting on logout
- β Password hashing with bcrypt (12 rounds)
- β 2FA/TOTP with encrypted secret storage
- β Email verification (24-hour expiration)
- β Password reset tokens (1-hour expiration)
- β Rate limiting (per minute/hour/day)
- β CORS configuration
- β Input validation & sanitization
- β SQL injection prevention (ORM)
- β XSS protection
- β 2FA required for all withdrawals
- β Time delays (10-60 minutes based on amount)
- β Manual approval for large amounts (>$1000)
- β Address validation
- β Blacklist checking
- β Row-level locking to prevent race conditions
- β MIME type verification
- β File size limits
- β Filename sanitization
- β Extension validation
- β Image dimension checks
- β EXIF metadata validation
- β Secure storage paths
- β Admin action logging
- β IP address tracking
- β User agent tracking
- β Old/new value tracking
- β Immutable audit trail
docker-compose exec backend flask db currentdocker-compose exec backend flask db historydocker-compose exec backend flask db revision -m "description"docker-compose exec backend flask db upgradedocker-compose exec backend flask db downgrade- Login with admin account
- Navigate to http://localhost:3000/admin
- User Management: View, block, unblock users
- KYC Management: Review and approve/reject KYC submissions
- Withdrawal Management: Approve large withdrawals
- Blacklist Management: Manage blocked addresses
- System Monitoring: View audit logs and system stats
docker-compose exec backend python make_admin.py user@example.com./start.sh # Start all services
./stop.sh # Stop all services
./restart.sh # Restart all services./logs.sh # All logs
./logs.sh backend # Backend only
./logs.sh frontend # Frontend only./clean.sh # β οΈ Removes all containers, volumes, and data# Access PostgreSQL
docker-compose exec db psql -U cryptotrade -d cryptotrade
# Backup database
docker-compose exec db pg_dump -U cryptotrade cryptotrade > backup.sql
# Restore database
cat backup.sql | docker-compose exec -T db psql -U cryptotrade cryptotradedocker-compose exec backend flask shell# Check if containers are running
docker-compose ps
# View frontend logs
./logs.sh frontend
# Restart frontend
docker-compose restart frontend# Check backend logs
./logs.sh backend
# Restart backend
docker-compose restart backend
# Check migrations
docker-compose exec backend flask db current# Check if database is ready
docker-compose exec db pg_isready -U cryptotrade
# Restart database
docker-compose restart db
# Check database logs
./logs.sh db# Find process using port 3000 (frontend)
lsof -ti:3000 | xargs kill -9
# Find process using port 5001 (backend)
lsof -ti:5001 | xargs kill -9./clean.sh # Clean all data
./install.sh # Reinstall from scratch-
Development:
- CPU: 2+ cores
- RAM: 4GB
- Disk: 10GB
-
Production:
- CPU: 4+ cores
- RAM: 8GB+
- Disk: 50GB+ (SSD recommended)
- Redis: Separate instance
- PostgreSQL: Separate instance
Overall Security Score: 9/10
β Strong authentication with JWT + 2FA β Comprehensive input validation β SQL injection prevention β XSS protection β CSRF protection β Rate limiting β Secure file uploads β Audit logging β Withdrawal security β Address validation & blacklisting
This project is proprietary software. All rights reserved.
For issues and questions:
- Check Troubleshooting section
- View application logs:
./logs.sh - Check Swagger docs: http://localhost:5001/api/docs
- Run
./install.sh - Access http://localhost:3000
- Login with admin credentials
- Change admin password
- Configure email settings in
.env - Configure Binance API keys in
.env - Test registration flow
- Test KYC verification
- Test trading functionality
- Review API documentation
- Set up production environment variables
Built with β€οΈ using Flask, React, and Docker