itial commit

.gitignore

@@ -0,0 +1,34 @@
+
+# Python
+venv/
+__pycache__/
+*.pyc
+.env
+.venv
+.env.example
+ENV/
+env/
+
+# JS (if any)
+node_modules/
+dist/
+build/
+
+
+# Logs
+*.log
+
+# Python
+__pycache__/
+*.py[cod]
+*$py.class
+venv/
+.env
+
+
+
+# System
+.DS_Store
+Thumbs.db
+
+

Dockerfile

@@ -0,0 +1,24 @@
+
+# Use an official Python runtime as a parent image
+FROM python:3.10-slim
+
+# Set the working directory in the container
+WORKDIR /app
+
+# Copy the requirements file into the container
+COPY requirements.txt .
+
+# Install any needed packages specified in requirements.txt
+RUN pip install --no-cache-dir -r requirements.txt
+
+# Copy the current directory contents into the container at /app
+COPY . .
+
+# Expose port 8000
+EXPOSE 8000
+
+# Define environment variable
+ENV PORT=8000
+
+# Run app.py when the container launches
+CMD ["uvicorn", "app.main:app", "--host", "0.0.0.0", "--port", "8000"]

README.md

@@ -0,0 +1,41 @@
+---
+title: Rift Backend
+emoji: 🚀
+colorFrom: orange
+colorTo: blue
+sdk: docker
+app_port: 8000
+pinned: false
+tags:
+  - backend
+  - fastapi
+  - algorand
+  - pinata
+---
+
+# Rift Backend
+
+FastAPI backend for the decentralized ad-based video platform.
+
+## Core Endpoints
+
+- `POST /auth/challenge`
+- `POST /auth/signup`
+- `POST /auth/login`
+- `GET /auth/me`
+- `POST /videos/upload`
+- `GET /videos/list`
+- `GET /videos/{video_id}`
+- `POST /views/track`
+- `POST /ads/create`
+- `POST /ads/banner/create`
+- `GET /settlement/`
+- `POST /settlement/trigger`
+- `POST /settlement/trigger-banner`
+
+## Stack Integration
+
+- **Supabase PostgreSQL** for metadata and analytics
+- **Pinata (IPFS)** for video/ad file storage
+- **Algorand Testnet/Mainnet** for ADMC token settlement
+- **APScheduler** for automated reward and banner distribution jobs

app/config.py

@@ -0,0 +1,50 @@
+from __future__ import annotations
+
+from pydantic_settings import BaseSettings, SettingsConfigDict
+
+
+class Settings(BaseSettings):
+    supabase_url: str = ""
+    supabase_key: str = ""
+
+    jwt_secret: str = ""
+    jwt_expire_minutes: int = 60 * 24
+    cors_origins: str = "*"
+
+    pinata_jwt: str = ""
+    pinata_gateway: str = "gateway.pinata.cloud"
+
+    algod_address: str = "https://testnet-api.algonode.cloud"
+    algod_token: str = ""
+    algorand_mnemonic: str = ""
+    platform_wallet: str = ""
+
+    asset_id: int = 0
+    app_id: int = 0
+    token_decimals: int = 6
+    settlement_fee_bps: int = 200
+    use_contract_settlement: bool = False
+
+    reward_interval_minutes: int = 60
+    scheduler_enabled: bool = True
+
+    view_min_watch_seconds: int = 30
+    view_wallet_cooldown_seconds: int = 3600
+    view_ip_hourly_limit: int = 120
+    view_fingerprint_hourly_limit: int = 60
+
+    model_config = SettingsConfigDict(env_file=".env", case_sensitive=False)
+
+    @property
+    def effective_jwt_secret(self) -> str:
+        return self.jwt_secret or self.supabase_key
+
+    @property
+    def cors_origin_list(self) -> list[str]:
+        if not self.cors_origins.strip():
+            return ["*"]
+        origins = [origin.strip() for origin in self.cors_origins.split(",") if origin.strip()]
+        return origins or ["*"]
+
+
+settings = Settings()

app/database.py

@@ -0,0 +1,18 @@
+from __future__ import annotations
+
+from functools import lru_cache
+
+from supabase import Client, create_client
+
+from .config import settings
+
+
+@lru_cache
+def _build_client() -> Client:
+    if not settings.supabase_url or not settings.supabase_key:
+        raise RuntimeError("SUPABASE_URL and SUPABASE_KEY must be configured.")
+    return create_client(settings.supabase_url, settings.supabase_key)
+
+
+def get_db() -> Client:
+    return _build_client()

app/main.py

@@ -0,0 +1,37 @@
+from contextlib import asynccontextmanager
+
+from fastapi import FastAPI
+from fastapi.middleware.cors import CORSMiddleware
+
+from .config import settings
+from .routes import ads, auth, settlement, videos, views, wallets
+from .services import reward_engine
+
+
+@asynccontextmanager
+async def lifespan(app: FastAPI):
+    reward_engine.start()
+    yield
+
+
+app = FastAPI(title="Rift Decentralized Video Platform", lifespan=lifespan)
+
+app.add_middleware(
+    CORSMiddleware,
+    allow_origins=settings.cors_origin_list,
+    allow_credentials=True,
+    allow_methods=["*"],
+    allow_headers=["*"],
+)
+
+app.include_router(auth.router, prefix="/auth", tags=["Auth"])
+app.include_router(videos.router, prefix="/videos", tags=["Videos"])
+app.include_router(views.router, prefix="/views", tags=["Views"])
+app.include_router(ads.router, prefix="/ads", tags=["Ads"])
+app.include_router(settlement.router, prefix="/settlement", tags=["Settlement"])
+app.include_router(wallets.router, prefix="/wallets", tags=["Wallets"])
+
+
+@app.get("/")
+def read_root():
+    return {"message": "Welcome to Rift API", "storage": "Pinata", "network": "Algorand"}

app/models.py

@@ -0,0 +1,5 @@
+# Models are handled via direct Supabase calls in this MVP.
+# This file is reserved for future ORM models (e.g. SQLAlchemy or SQLModel) if needed.
+
+class Base:
+    pass

app/routes/ads.py

@@ -0,0 +1,216 @@
+from __future__ import annotations
+
+from datetime import date
+from decimal import Decimal, InvalidOperation
+
+from fastapi import APIRouter, Depends, File, Form, HTTPException, UploadFile
+
+from ..database import get_db
+from ..services import algorand_service, storage_service
+from .auth import get_current_user
+
+
+router = APIRouter()
+
+
+def _to_decimal(value: str | float) -> Decimal:
+    try:
+        return Decimal(str(value))
+    except InvalidOperation as exc:
+        raise HTTPException(status_code=400, detail="Invalid numeric value.") from exc
+
+
+@router.post("/create")
+async def create_campaign(
+    video_id: str = Form(...),
+    budget: float = Form(...),
+    reward_per_view: float = Form(...),
+    file: UploadFile | None = File(None),
+    current_user: dict = Depends(get_current_user),
+):
+    budget_dec = _to_decimal(budget)
+    reward_per_view_dec = _to_decimal(reward_per_view)
+    if budget_dec <= 0 or reward_per_view_dec <= 0:
+        raise HTTPException(status_code=400, detail="budget and reward_per_view must be > 0.")
+    if reward_per_view_dec > budget_dec:
+        raise HTTPException(status_code=400, detail="reward_per_view cannot exceed budget.")
+
+    db = get_db()
+    video = db.table("videos").select("id").eq("id", video_id).limit(1).execute()
+    if not video.data:
+        raise HTTPException(status_code=404, detail="Video not found.")
+
+    ad_cid = None
+    if file:
+        content = await file.read()
+        if not content:
+            raise HTTPException(status_code=400, detail="Ad file is empty.")
+        ad_cid = storage_service.upload_file(content, file.filename or "ad-video.mp4")
+
+    created = db.table("ad_campaigns").insert(
+        {
+            "advertiser_wallet": current_user["wallet_address"],
+            "video_id": video_id,
+            "budget": float(budget_dec),
+            "remaining_budget": float(budget_dec),
+            "reward_per_view": float(reward_per_view_dec),
+            "active": True,
+            "ad_video_cid": ad_cid,
+        }
+    ).execute()
+    if not created.data:
+        raise HTTPException(status_code=500, detail="Failed to create ad campaign.")
+
+    return {
+        "status": "success",
+        "campaign_id": created.data[0]["id"],
+        "ad_cid": ad_cid,
+    }
+
+
+@router.get("/active")
+async def list_active_campaigns():
+    db = get_db()
+    res = db.table("ad_campaigns").select("*").eq("active", True).gt("remaining_budget", 0).execute()
+    return res.data or []
+
+
+@router.get("/me")
+async def list_my_campaigns(current_user: dict = Depends(get_current_user)):
+    db = get_db()
+    res = (
+        db.table("ad_campaigns")
+        .select("*, videos(title)")
+        .eq("advertiser_wallet", current_user["wallet_address"])
+        .order("created_at", desc=True)
+        .execute()
+    )
+    return res.data or []
+
+
+@router.post("/campaign/{campaign_id}/withdraw")
+async def withdraw_unused_budget(campaign_id: str, current_user: dict = Depends(get_current_user)):
+    db = get_db()
+    campaign_res = (
+        db.table("ad_campaigns")
+        .select("*")
+        .eq("id", campaign_id)
+        .eq("advertiser_wallet", current_user["wallet_address"])
+        .limit(1)
+        .execute()
+    )
+    if not campaign_res.data:
+        raise HTTPException(status_code=404, detail="Campaign not found.")
+
+    campaign = campaign_res.data[0]
+    remaining_budget = _to_decimal(campaign.get("remaining_budget", 0))
+    if remaining_budget <= 0:
+        raise HTTPException(status_code=400, detail="No remaining budget to withdraw.")
+
+    tx_hash = algorand_service.withdraw_unused(current_user["wallet_address"], remaining_budget)
+    db.table("ad_campaigns").update({"remaining_budget": 0, "active": False}).eq("id", campaign_id).execute()
+
+    return {"status": "success", "tx_hash": tx_hash, "withdrawn_amount": float(remaining_budget)}
+
+
+@router.post("/banner/create")
+async def create_banner_campaign(
+    tier: str = Form(...),
+    fixed_price: float = Form(...),
+    start_date: str = Form(...),
+    end_date: str = Form(...),
+    current_user: dict = Depends(get_current_user),
+):
+    if tier not in {"1m", "3m", "6m"}:
+        raise HTTPException(status_code=400, detail="tier must be one of: 1m, 3m, 6m.")
+
+    fixed_price_dec = _to_decimal(fixed_price)
+    if fixed_price_dec <= 0:
+        raise HTTPException(status_code=400, detail="fixed_price must be > 0.")
+
+    try:
+        parsed_start = date.fromisoformat(start_date)
+        parsed_end = date.fromisoformat(end_date)
+    except ValueError as exc:
+        raise HTTPException(status_code=400, detail="Dates must be ISO format (YYYY-MM-DD).") from exc
+
+    if parsed_end <= parsed_start:
+        raise HTTPException(status_code=400, detail="end_date must be later than start_date.")
+
+    db = get_db()
+    created = db.table("banner_campaigns").insert(
+        {
+            "advertiser_wallet": current_user["wallet_address"],
+            "tier": tier,
+            "fixed_price": float(fixed_price_dec),
+            "start_date": parsed_start.isoformat(),
+            "end_date": parsed_end.isoformat(),
+            "active": True,
+            "distributed": False,
+        }
+    ).execute()
+    if not created.data:
+        raise HTTPException(status_code=500, detail="Failed to create banner campaign.")
+    return {"status": "success", "banner_campaign_id": created.data[0]["id"]}
+
+
+@router.get("/banner/active")
+async def list_active_banner_campaigns():
+    db = get_db()
+    campaigns = db.table("banner_campaigns").select("*").eq("active", True).execute()
+    return campaigns.data or []
+
+
+@router.get("/banner/me")
+async def list_my_banner_campaigns(current_user: dict = Depends(get_current_user)):
+    db = get_db()
+    campaigns = (
+        db.table("banner_campaigns")
+        .select("*")
+        .eq("advertiser_wallet", current_user["wallet_address"])
+        .order("created_at", desc=True)
+        .execute()
+    )
+    return campaigns.data or []
+
+
+@router.get("/summary")
+async def advertiser_spend_summary(current_user: dict = Depends(get_current_user)):
+    db = get_db()
+
+    ad_campaigns = (
+        db.table("ad_campaigns")
+        .select("budget, remaining_budget")
+        .eq("advertiser_wallet", current_user["wallet_address"])
+        .execute()
+        .data
+        or []
+    )
+    total_budget = sum(_to_decimal(c.get("budget")) for c in ad_campaigns)
+    total_remaining = sum(_to_decimal(c.get("remaining_budget")) for c in ad_campaigns)
+    total_spent = total_budget - total_remaining
+    if total_spent < 0:
+        total_spent = _to_decimal(0)
+
+    banner_campaigns = (
+        db.table("banner_campaigns")
+        .select("fixed_price, distributed")
+        .eq("advertiser_wallet", current_user["wallet_address"])
+        .execute()
+        .data
+        or []
+    )
+    banner_committed = sum(_to_decimal(c.get("fixed_price")) for c in banner_campaigns)
+    banner_distributed = sum(_to_decimal(c.get("fixed_price")) for c in banner_campaigns if c.get("distributed"))
+
+    return {
+        "video_ads": {
+            "total_budget": float(total_budget),
+            "total_remaining": float(total_remaining),
+            "total_spent": float(total_spent),
+        },
+        "banner_ads": {
+            "total_committed": float(banner_committed),
+            "total_distributed": float(banner_distributed),
+        },
+    }

app/routes/auth.py

@@ -0,0 +1,209 @@
+from __future__ import annotations
+
+import secrets
+from datetime import datetime, timedelta, timezone
+from typing import Any
+
+from fastapi import APIRouter, Depends, HTTPException, status
+from fastapi.security import OAuth2PasswordBearer
+from jose import JWTError, jwt
+from pydantic import BaseModel, Field
+
+from ..config import settings
+from ..database import get_db
+from ..services import algorand_service
+
+
+router = APIRouter()
+oauth2_scheme = OAuth2PasswordBearer(tokenUrl="auth/login")
+
+ALGORITHM = "HS256"
+CHALLENGE_TTL_SECONDS = 5 * 60
+challenge_store: dict[str, dict[str, Any]] = {}
+
+
+class ChallengeRequest(BaseModel):
+    wallet_address: str
+
+
+class ChallengeResponse(BaseModel):
+    message: str
+    expires_at: str
+
+
+class LoginRequest(BaseModel):
+    wallet_address: str
+    signature: str
+    message: str
+
+
+class SignupRequest(BaseModel):
+    wallet_address: str
+    signature: str
+    message: str
+    username: str = Field(min_length=2, max_length=32)
+    role: str = "viewer"
+
+
+class Token(BaseModel):
+    access_token: str
+    token_type: str
+
+
+def _now() -> datetime:
+    return datetime.now(timezone.utc)
+
+
+def _normalize_wallet(wallet: str) -> str:
+    return wallet.strip()
+
+
+def _cleanup_challenges() -> None:
+    now = _now()
+    expired_wallets = [wallet for wallet, payload in challenge_store.items() if payload["expires_at"] <= now]
+    for wallet in expired_wallets:
+        challenge_store.pop(wallet, None)
+
+
+def _issue_challenge(wallet_address: str) -> ChallengeResponse:
+    _cleanup_challenges()
+    nonce = secrets.token_urlsafe(24)
+    issued_at = _now()
+    expires_at = issued_at + timedelta(seconds=CHALLENGE_TTL_SECONDS)
+    message = f"RIFT_AUTH:{nonce}:{int(issued_at.timestamp())}"
+
+    challenge_store[_normalize_wallet(wallet_address)] = {
+        "message": message,
+        "expires_at": expires_at,
+        "used": False,
+    }
+    return ChallengeResponse(message=message, expires_at=expires_at.isoformat())
+
+
+def _validate_challenge(wallet_address: str, message: str) -> bool:
+    _cleanup_challenges()
+    payload = challenge_store.get(_normalize_wallet(wallet_address))
+    if not payload:
+        return False
+    if payload["used"]:
+        return False
+    if payload["expires_at"] <= _now():
+        return False
+    if payload["message"] != message:
+        return False
+    payload["used"] = True
+    return True
+
+
+def _create_access_token(data: dict[str, Any]) -> str:
+    expires_at = _now() + timedelta(minutes=settings.jwt_expire_minutes)
+    token_payload = {**data, "exp": int(expires_at.timestamp())}
+    return jwt.encode(token_payload, settings.effective_jwt_secret, algorithm=ALGORITHM)
+
+
+def _validate_role(role: str) -> str:
+    allowed_roles = {"creator", "viewer", "advertiser"}
+    normalized = (role or "viewer").lower()
+    if normalized not in allowed_roles:
+        raise HTTPException(status_code=400, detail="Invalid role.")
+    return normalized
+
+
+@router.post("/challenge", response_model=ChallengeResponse)
+async def auth_challenge(request: ChallengeRequest):
+    wallet_address = _normalize_wallet(request.wallet_address)
+    if not wallet_address:
+        raise HTTPException(status_code=400, detail="wallet_address is required.")
+    return _issue_challenge(wallet_address)
+
+
+@router.post("/signup", response_model=Token)
+async def signup(request: SignupRequest):
+    wallet_address = _normalize_wallet(request.wallet_address)
+    role = _validate_role(request.role)
+
+    if not _validate_challenge(wallet_address, request.message):
+        raise HTTPException(status_code=401, detail="Invalid or expired challenge.")
+
+    if not algorand_service.verify_signature(wallet_address, request.message, request.signature):
+        raise HTTPException(status_code=401, detail="Invalid signature.")
+
+    db = get_db()
+    existing_user = db.table("users").select("id").eq("wallet_address", wallet_address).execute()
+    if existing_user.data:
+        raise HTTPException(status_code=400, detail="User already exists. Please login.")
+
+    created = db.table("users").insert(
+        {
+            "wallet_address": wallet_address,
+            "username": request.username.strip(),
+            "role": role,
+            "subscribers_count": 0,
+        }
+    ).execute()
+    if not created.data:
+        raise HTTPException(status_code=500, detail="Failed to create user.")
+
+    user = created.data[0]
+    token = _create_access_token(
+        {
+            "sub": wallet_address,
+            "user_id": user["id"],
+            "role": user.get("role", role),
+        }
+    )
+    return Token(access_token=token, token_type="bearer")
+
+
+@router.post("/login", response_model=Token)
+async def login(request: LoginRequest):
+    wallet_address = _normalize_wallet(request.wallet_address)
+
+    if not _validate_challenge(wallet_address, request.message):
+        raise HTTPException(status_code=401, detail="Invalid or expired challenge.")
+
+    if not algorand_service.verify_signature(wallet_address, request.message, request.signature):
+        raise HTTPException(status_code=401, detail="Invalid signature.")
+
+    db = get_db()
+    user_res = db.table("users").select("*").eq("wallet_address", wallet_address).execute()
+    if not user_res.data:
+        raise HTTPException(status_code=404, detail="User not found. Please sign up.")
+
+    user = user_res.data[0]
+    token = _create_access_token(
+        {
+            "sub": wallet_address,
+            "user_id": user["id"],
+            "role": user.get("role", "viewer"),
+        }
+    )
+    return Token(access_token=token, token_type="bearer")
+
+
+async def get_current_user(token: str = Depends(oauth2_scheme)) -> dict[str, str]:
+    credentials_exception = HTTPException(
+        status_code=status.HTTP_401_UNAUTHORIZED,
+        detail="Could not validate credentials",
+        headers={"WWW-Authenticate": "Bearer"},
+    )
+    try:
+        payload = jwt.decode(token, settings.effective_jwt_secret, algorithms=[ALGORITHM])
+    except JWTError:
+        raise credentials_exception
+
+    wallet_address = payload.get("sub")
+    user_id = payload.get("user_id")
+    role = payload.get("role", "viewer")
+    if not wallet_address or not user_id:
+        raise credentials_exception
+    return {"wallet_address": wallet_address, "user_id": user_id, "role": role}
+
+
+@router.get("/me")
+async def get_me(current_user: dict[str, str] = Depends(get_current_user)):
+    db = get_db()
+    user_res = db.table("users").select("*").eq("id", current_user["user_id"]).limit(1).execute()
+    if not user_res.data:
+        raise HTTPException(status_code=404, detail="User not found.")
+    return user_res.data[0]

app/routes/settlement.py

@@ -0,0 +1,96 @@
+from __future__ import annotations
+
+from decimal import Decimal
+
+from fastapi import APIRouter, Depends, HTTPException
+
+from ..config import settings
+from ..database import get_db
+from ..services import banner_engine, reward_engine
+from .auth import get_current_user
+
+
+router = APIRouter()
+
+
+def _require_platform_operator(current_user: dict) -> None:
+    configured_platform = (settings.platform_wallet or "").strip().lower()
+    if not configured_platform:
+        return
+
+    wallet = current_user["wallet_address"].strip().lower()
+    if wallet != configured_platform:
+        raise HTTPException(status_code=403, detail="Only platform wallet can trigger settlement.")
+
+
+@router.get("/")
+async def get_settlements(limit: int = 100):
+    db = get_db()
+    result = (
+        db.table("settlements")
+        .select("*")
+        .order("timestamp", desc=True)
+        .limit(min(max(limit, 1), 500))
+        .execute()
+    )
+    return result.data or []
+
+
+@router.post("/trigger")
+async def trigger_settlement(current_user: dict = Depends(get_current_user)):
+    _require_platform_operator(current_user)
+    try:
+        report = reward_engine.calculate_and_settle()
+        return {"status": "success", "report": report}
+    except Exception as exc:
+        raise HTTPException(status_code=500, detail=str(exc)) from exc
+
+
+@router.post("/trigger-banner")
+async def trigger_banner_distribution(current_user: dict = Depends(get_current_user)):
+    _require_platform_operator(current_user)
+    try:
+        report = banner_engine.distribute_banner_rewards()
+        return {"status": "success", "report": report}
+    except Exception as exc:
+        raise HTTPException(status_code=500, detail=str(exc)) from exc
+
+
+@router.get("/summary")
+async def settlement_summary():
+    db = get_db()
+    settlements = db.table("settlements").select("*").order("timestamp", desc=True).limit(1000).execute().data or []
+    banner_campaigns = db.table("banner_campaigns").select("fixed_price, distributed").execute().data or []
+
+    totals = {
+        "video_ad_creator_payout": Decimal("0"),
+        "video_ad_platform_fee": Decimal("0"),
+        "banner_creator_payout": Decimal("0"),
+        "banner_revenue": Decimal("0"),
+        "banner_platform_share": Decimal("0"),
+        "count": len(settlements),
+    }
+
+    for settlement in settlements:
+        settlement_type = settlement.get("settlement_type", "video_ad")
+        amount = Decimal(str(settlement.get("amount", 0)))
+        platform_fee = Decimal(str(settlement.get("platform_fee", 0)))
+
+        if settlement_type == "banner":
+            totals["banner_creator_payout"] += amount
+        else:
+            totals["video_ad_creator_payout"] += amount
+            totals["video_ad_platform_fee"] += platform_fee
+
+    banner_revenue = sum(Decimal(str(campaign.get("fixed_price", 0))) for campaign in banner_campaigns if campaign.get("distributed"))
+    totals["banner_revenue"] = banner_revenue
+    totals["banner_platform_share"] = (banner_revenue * Decimal("0.30")).quantize(Decimal("0.000001"))
+
+    return {
+        "count": totals["count"],
+        "video_ad_creator_payout": float(totals["video_ad_creator_payout"]),
+        "video_ad_platform_fee": float(totals["video_ad_platform_fee"]),
+        "banner_creator_payout": float(totals["banner_creator_payout"]),
+        "banner_revenue": float(totals["banner_revenue"]),
+        "banner_platform_share": float(totals["banner_platform_share"]),
+    }

app/routes/videos.py

@@ -0,0 +1,85 @@
+from __future__ import annotations
+
+from fastapi import APIRouter, Depends, File, Form, HTTPException, UploadFile
+
+from ..database import get_db
+from ..services import storage_service
+from .auth import get_current_user
+
+
+router = APIRouter()
+
+
+@router.post("/upload")
+async def upload_video(
+    title: str = Form(...),
+    description: str = Form(""),
+    file: UploadFile = File(...),
+    current_user: dict = Depends(get_current_user),
+):
+    file_content = await file.read()
+    if not file_content:
+        raise HTTPException(status_code=400, detail="Video file is empty.")
+
+    try:
+        cid = storage_service.upload_file(file_content, file.filename or "video.mp4")
+    except Exception as exc:
+        raise HTTPException(status_code=500, detail=f"Pinata upload failed: {exc}") from exc
+
+    db = get_db()
+    insert_payload = {
+        "creator_id": current_user["user_id"],
+        "cid": cid,
+        "title": title.strip(),
+        "description": description.strip(),
+        "ads_enabled": True,
+    }
+    created = db.table("videos").insert(insert_payload).execute()
+    if not created.data:
+        raise HTTPException(status_code=500, detail="Failed to save video metadata.")
+
+    created_video = created.data[0]
+    return {
+        "status": "success",
+        "video_id": created_video["id"],
+        "cid": cid,
+        "ipfs_url": storage_service.build_ipfs_url(cid),
+    }
+
+
+@router.get("/list")
+async def list_videos():
+    db = get_db()
+    videos = db.table("videos").select("*, users(username, wallet_address)").order("created_at", desc=True).execute()
+    return videos.data or []
+
+
+@router.get("/me")
+async def list_my_videos(current_user: dict = Depends(get_current_user)):
+    db = get_db()
+    videos = (
+        db.table("videos")
+        .select("*")
+        .eq("creator_id", current_user["user_id"])
+        .order("created_at", desc=True)
+        .execute()
+    )
+    return videos.data or []
+
+
+@router.get("/{video_id}")
+async def get_video(video_id: str):
+    db = get_db()
+    result = (
+        db.table("videos")
+        .select("*, users(username, wallet_address)")
+        .eq("id", video_id)
+        .limit(1)
+        .execute()
+    )
+    if not result.data:
+        raise HTTPException(status_code=404, detail="Video not found.")
+
+    video = result.data[0]
+    video["ipfs_url"] = storage_service.build_ipfs_url(video["cid"])
+    return video

app/routes/views.py

@@ -0,0 +1,77 @@
+from __future__ import annotations
+
+from datetime import datetime, timezone
+
+from fastapi import APIRouter, Depends, HTTPException, Request
+from pydantic import BaseModel
+
+from ..database import get_db
+from ..utils import anti_bot
+from .auth import get_current_user
+
+
+router = APIRouter()
+
+
+class TrackViewRequest(BaseModel):
+    video_id: str
+    watch_seconds: int
+    wallet: str | None = None
+    device_fingerprint: str | None = None
+
+
+@router.post("/track")
+async def track_view(
+    payload: TrackViewRequest,
+    request: Request,
+    current_user: dict = Depends(get_current_user),
+):
+    wallet_address = current_user["wallet_address"]
+    if payload.wallet and payload.wallet != wallet_address:
+        raise HTTPException(status_code=403, detail="Wallet mismatch.")
+
+    ip_address = request.client.host if request.client else None
+    fingerprint = payload.device_fingerprint or request.headers.get("x-device-fingerprint")
+
+    is_valid, reason = anti_bot.validate_view(
+        wallet=wallet_address,
+        video_id=payload.video_id,
+        watch_seconds=payload.watch_seconds,
+        ip_address=ip_address,
+        device_fingerprint=fingerprint,
+    )
+    if not is_valid:
+        return {"status": "ignored", "reason": reason}
+
+    db = get_db()
+    video_res = (
+        db.table("videos")
+        .select("id, total_views, total_watch_time, ads_enabled")
+        .eq("id", payload.video_id)
+        .limit(1)
+        .execute()
+    )
+    if not video_res.data:
+        raise HTTPException(status_code=404, detail="Video not found.")
+
+    video = video_res.data[0]
+    insert_payload = {
+        "video_id": payload.video_id,
+        "viewer_wallet": wallet_address,
+        "watch_seconds": payload.watch_seconds,
+        "settled": False,
+        "viewer_fingerprint": fingerprint,
+        "timestamp": datetime.now(timezone.utc).isoformat(),
+    }
+    created = db.table("views").insert(insert_payload).execute()
+    if not created.data:
+        raise HTTPException(status_code=500, detail="Failed to store view.")
+
+    db.table("videos").update(
+        {
+            "total_views": int(video.get("total_views", 0)) + 1,
+            "total_watch_time": int(video.get("total_watch_time", 0)) + int(payload.watch_seconds),
+        }
+    ).eq("id", payload.video_id).execute()
+
+    return {"status": "recorded"}

app/routes/wallets.py

@@ -0,0 +1,55 @@
+from __future__ import annotations
+
+from decimal import Decimal
+
+from fastapi import APIRouter, Depends, HTTPException
+
+from ..config import settings
+from ..services import algorand_service
+from .auth import get_current_user
+
+
+router = APIRouter()
+
+
+def _require_platform_operator(current_user: dict) -> None:
+    configured_platform = (settings.platform_wallet or "").strip().lower()
+    if not configured_platform:
+        raise HTTPException(status_code=500, detail="PLATFORM_WALLET is not configured.")
+
+    wallet = current_user["wallet_address"].strip().lower()
+    if wallet != configured_platform:
+        raise HTTPException(status_code=403, detail="Only platform wallet can access this resource.")
+
+
+def _to_float(value: Decimal) -> float:
+    return float(value.quantize(Decimal("0.000001")))
+
+
+@router.get("/balance")
+async def get_my_wallet_balance(current_user: dict = Depends(get_current_user)):
+    wallet = current_user["wallet_address"]
+    try:
+        balance = algorand_service.get_asset_balance(wallet)
+    except Exception as exc:
+        raise HTTPException(status_code=502, detail=str(exc)) from exc
+    return {
+        "wallet_address": wallet,
+        "asset_id": settings.asset_id,
+        "balance": _to_float(balance),
+    }
+
+
+@router.get("/platform-balance")
+async def get_platform_wallet_balance(current_user: dict = Depends(get_current_user)):
+    _require_platform_operator(current_user)
+    platform_wallet = (settings.platform_wallet or "").strip()
+    try:
+        balance = algorand_service.get_asset_balance(platform_wallet)
+    except Exception as exc:
+        raise HTTPException(status_code=502, detail=str(exc)) from exc
+    return {
+        "wallet_address": platform_wallet,
+        "asset_id": settings.asset_id,
+        "balance": _to_float(balance),
+    }

app/schemas.py

@@ -0,0 +1,81 @@
+from __future__ import annotations
+
+from datetime import datetime
+
+from pydantic import BaseModel, ConfigDict
+
+
+class User(BaseModel):
+    id: str
+    wallet_address: str
+    username: str | None = None
+    role: str
+    subscribers_count: int
+    created_at: datetime
+
+    model_config = ConfigDict(from_attributes=True)
+
+
+class Video(BaseModel):
+    id: str
+    creator_id: str
+    cid: str
+    title: str
+    description: str | None = ""
+    ads_enabled: bool
+    total_views: int
+    total_watch_time: int
+    created_at: datetime
+
+    model_config = ConfigDict(from_attributes=True)
+
+
+class View(BaseModel):
+    id: str
+    video_id: str
+    viewer_wallet: str
+    watch_seconds: int
+    settled: bool
+    timestamp: datetime
+
+    model_config = ConfigDict(from_attributes=True)
+
+
+class AdCampaign(BaseModel):
+    id: str
+    advertiser_wallet: str
+    video_id: str
+    budget: float
+    remaining_budget: float
+    reward_per_view: float
+    active: bool
+    ad_video_cid: str | None = None
+    created_at: datetime
+
+    model_config = ConfigDict(from_attributes=True)
+
+
+class BannerCampaign(BaseModel):
+    id: str
+    advertiser_wallet: str
+    tier: str
+    fixed_price: float
+    start_date: str
+    end_date: str
+    active: bool
+    distributed: bool
+    created_at: datetime
+
+    model_config = ConfigDict(from_attributes=True)
+
+
+class Settlement(BaseModel):
+    id: str
+    creator_wallet: str
+    amount: float
+    platform_fee: float
+    tx_hash: str | None = None
+    settlement_type: str
+    timestamp: datetime
+
+    model_config = ConfigDict(from_attributes=True)

app/services/algorand_service.py

@@ -0,0 +1,219 @@
+from __future__ import annotations
+
+import base64
+from decimal import Decimal, ROUND_DOWN
+from typing import Any
+
+from algosdk import account, mnemonic, util
+from algosdk.transaction import AssetTransferTxn, wait_for_confirmation
+from algosdk.v2client import algod
+from algosdk import transaction
+
+from ..config import settings
+
+
+def get_algod_client() -> algod.AlgodClient:
+    return algod.AlgodClient(settings.algod_token, settings.algod_address)
+
+
+def _token_scale() -> Decimal:
+    return Decimal(10) ** settings.token_decimals
+
+
+def _token_quantizer() -> Decimal:
+    if settings.token_decimals <= 0:
+        return Decimal("1")
+    return Decimal(f"1.{'0' * settings.token_decimals}")
+
+
+def to_base_units(amount_tokens: Decimal | float | int | str) -> int:
+    amount = Decimal(str(amount_tokens))
+    if amount <= 0:
+        return 0
+    scaled = (amount * _token_scale()).quantize(Decimal("1"), rounding=ROUND_DOWN)
+    return int(scaled)
+
+
+def from_base_units(amount_base_units: int) -> Decimal:
+    if amount_base_units <= 0:
+        return Decimal("0").quantize(_token_quantizer())
+    return (Decimal(amount_base_units) / _token_scale()).quantize(_token_quantizer())
+
+
+def get_asset_balance(wallet_address: str) -> Decimal:
+    wallet = (wallet_address or "").strip()
+    if not wallet:
+        return Decimal("0").quantize(_token_quantizer())
+    if settings.asset_id <= 0:
+        return Decimal("0").quantize(_token_quantizer())
+
+    client = get_algod_client()
+    info = client.account_info(wallet)
+    holdings = info.get("assets") or []
+    for holding in holdings:
+        if int(holding.get("asset-id", 0)) == int(settings.asset_id):
+            amount = int(holding.get("amount", 0))
+            return from_base_units(amount)
+    return Decimal("0").quantize(_token_quantizer())
+
+
+def _decode_signature(signature: str) -> bytes:
+    try:
+        return base64.b64decode(signature)
+    except Exception:
+        try:
+            return bytes.fromhex(signature)
+        except Exception:
+            return signature.encode("utf-8")
+
+
+def verify_signature(wallet_address: str, message: str, signature: str) -> bool:
+    if not wallet_address or not message or not signature:
+        return False
+
+    try:
+        signature_bytes = _decode_signature(signature)
+        return util.verify_bytes(message.encode("utf-8"), signature_bytes, wallet_address)
+    except Exception:
+        return False
+
+
+def _get_signer() -> tuple[str, str]:
+    if not settings.algorand_mnemonic:
+        raise RuntimeError("ALGORAND_MNEMONIC is not configured.")
+
+    private_key = mnemonic.to_private_key(settings.algorand_mnemonic)
+    sender_address = account.address_from_private_key(private_key)
+    return private_key, sender_address
+
+
+def _send_asset_transfer(receiver_wallet: str, amount_base_units: int, note: str | None = None) -> str:
+    if settings.asset_id <= 0:
+        raise RuntimeError("ASSET_ID is not configured.")
+    if amount_base_units <= 0:
+        raise RuntimeError("Transfer amount must be > 0.")
+
+    client = get_algod_client()
+    private_key, sender_address = _get_signer()
+    params = client.suggested_params()
+
+    txn = AssetTransferTxn(
+        sender=sender_address,
+        sp=params,
+        receiver=receiver_wallet,
+        amt=amount_base_units,
+        index=settings.asset_id,
+        note=note.encode("utf-8") if note else None,
+    )
+    signed_txn = txn.sign(private_key)
+    txid = client.send_transaction(signed_txn)
+    wait_for_confirmation(client, txid, 4)
+    return txid
+
+
+def _call_settle_contract(creator_wallet: str, gross_amount_base_units: int) -> str:
+    if settings.app_id <= 0:
+        raise RuntimeError("APP_ID is not configured.")
+    if settings.asset_id <= 0:
+        raise RuntimeError("ASSET_ID is not configured.")
+
+    client = get_algod_client()
+    private_key, sender_address = _get_signer()
+    params = client.suggested_params()
+
+    txn = transaction.ApplicationNoOpTxn(
+        sender=sender_address,
+        sp=params,
+        index=settings.app_id,
+        app_args=[b"settle_reward", gross_amount_base_units.to_bytes(8, "big")],
+        accounts=[creator_wallet],
+        foreign_assets=[settings.asset_id],
+    )
+    signed_txn = txn.sign(private_key)
+    txid = client.send_transaction(signed_txn)
+    wait_for_confirmation(client, txid, 4)
+    return txid
+
+
+def _call_withdraw_contract(advertiser_wallet: str, amount_base_units: int) -> str:
+    if settings.app_id <= 0:
+        raise RuntimeError("APP_ID is not configured.")
+    if settings.asset_id <= 0:
+        raise RuntimeError("ASSET_ID is not configured.")
+
+    client = get_algod_client()
+    private_key, sender_address = _get_signer()
+    params = client.suggested_params()
+
+    txn = transaction.ApplicationNoOpTxn(
+        sender=sender_address,
+        sp=params,
+        index=settings.app_id,
+        app_args=[b"withdraw_unused", amount_base_units.to_bytes(8, "big")],
+        accounts=[advertiser_wallet],
+        foreign_assets=[settings.asset_id],
+    )
+    signed_txn = txn.sign(private_key)
+    txid = client.send_transaction(signed_txn)
+    wait_for_confirmation(client, txid, 4)
+    return txid
+
+
+def settle_reward(creator_wallet: str, gross_amount_tokens: Decimal | float | int | str) -> dict[str, Any]:
+    gross_base_units = to_base_units(gross_amount_tokens)
+    if gross_base_units <= 0:
+        raise RuntimeError("Settlement amount too small.")
+
+    fee_base_units = (gross_base_units * settings.settlement_fee_bps) // 10000
+    creator_base_units = gross_base_units - fee_base_units
+    if creator_base_units <= 0:
+        raise RuntimeError("Settlement amount too small after fee.")
+
+    if settings.use_contract_settlement and settings.app_id > 0:
+        tx_hash = _call_settle_contract(creator_wallet, gross_base_units)
+    else:
+        # Fallback path: transfer creator share from platform wallet.
+        # Fee remains in platform-controlled wallet balance.
+        tx_hash = _send_asset_transfer(
+            creator_wallet,
+            creator_base_units,
+            note="rift:video-settlement",
+        )
+
+    return {
+        "tx_hash": tx_hash,
+        "gross_amount": from_base_units(gross_base_units),
+        "platform_fee": from_base_units(fee_base_units),
+        "creator_amount": from_base_units(creator_base_units),
+    }
+
+
+def transfer_tokens(receiver_wallet: str, amount_tokens: Decimal | float | int | str) -> dict[str, Any]:
+    amount_base_units = to_base_units(amount_tokens)
+    if amount_base_units <= 0:
+        raise RuntimeError("Transfer amount too small.")
+
+    tx_hash = _send_asset_transfer(
+        receiver_wallet,
+        amount_base_units,
+        note="rift:banner-distribution",
+    )
+    return {
+        "tx_hash": tx_hash,
+        "amount": from_base_units(amount_base_units),
+    }
+
+
+def withdraw_unused(advertiser_wallet: str, amount_tokens: Decimal | float | int | str) -> str:
+    amount_base_units = to_base_units(amount_tokens)
+    if amount_base_units <= 0:
+        raise RuntimeError("Withdrawal amount too small.")
+
+    if settings.use_contract_settlement and settings.app_id > 0:
+        return _call_withdraw_contract(advertiser_wallet, amount_base_units)
+
+    return _send_asset_transfer(
+        advertiser_wallet,
+        amount_base_units,
+        note="rift:withdraw-unused",
+    )

app/services/banner_engine.py

@@ -0,0 +1,109 @@
+from __future__ import annotations
+
+from datetime import date, datetime, timezone
+from decimal import Decimal, ROUND_DOWN
+
+from ..database import get_db
+from . import algorand_service
+
+
+def _to_decimal(value: object) -> Decimal:
+    return Decimal(str(value or 0))
+
+
+def _token_quantizer() -> Decimal:
+    return Decimal("0.000001")
+
+
+def _eligible_banner_campaigns(campaigns: list[dict]) -> list[dict]:
+    today = date.today()
+    eligible: list[dict] = []
+    for campaign in campaigns:
+        if campaign.get("distributed"):
+            continue
+        end_date_raw = campaign.get("end_date")
+        if not end_date_raw:
+            eligible.append(campaign)
+            continue
+        try:
+            end_date = date.fromisoformat(str(end_date_raw))
+        except ValueError:
+            eligible.append(campaign)
+            continue
+        if end_date <= today:
+            eligible.append(campaign)
+    return eligible
+
+
+def distribute_banner_rewards() -> dict[str, int | float]:
+    db = get_db()
+    campaigns = db.table("banner_campaigns").select("*").eq("active", True).execute().data or []
+    eligible_campaigns = _eligible_banner_campaigns(campaigns)
+    if not eligible_campaigns:
+        return {
+            "campaigns_distributed": 0,
+            "creators_paid": 0,
+            "creator_pool": 0.0,
+            "platform_share": 0.0,
+        }
+
+    total_revenue = sum(_to_decimal(campaign.get("fixed_price")) for campaign in eligible_campaigns)
+    if total_revenue <= 0:
+        return {
+            "campaigns_distributed": 0,
+            "creators_paid": 0,
+            "creator_pool": 0.0,
+            "platform_share": 0.0,
+        }
+
+    platform_share = (total_revenue * Decimal("0.30")).quantize(_token_quantizer(), rounding=ROUND_DOWN)
+    creator_pool = (total_revenue * Decimal("0.70")).quantize(_token_quantizer(), rounding=ROUND_DOWN)
+    if creator_pool <= 0:
+        return {
+            "campaigns_distributed": 0,
+            "creators_paid": 0,
+            "creator_pool": float(creator_pool),
+            "platform_share": float(platform_share),
+        }
+
+    creators = db.table("users").select("id, wallet_address, subscribers_count").eq("role", "creator").execute().data or []
+    eligible_creators = [creator for creator in creators if int(creator.get("subscribers_count") or 0) > 0]
+    total_subscribers = sum(int(creator["subscribers_count"]) for creator in eligible_creators)
+    if total_subscribers <= 0:
+        return {
+            "campaigns_distributed": 0,
+            "creators_paid": 0,
+            "creator_pool": float(creator_pool),
+            "platform_share": float(platform_share),
+        }
+
+    creators_paid = 0
+    for creator in eligible_creators:
+        subscribers_count = int(creator["subscribers_count"])
+        ratio = Decimal(subscribers_count) / Decimal(total_subscribers)
+        creator_reward = (creator_pool * ratio).quantize(_token_quantizer(), rounding=ROUND_DOWN)
+        if creator_reward <= 0:
+            continue
+
+        transfer = algorand_service.transfer_tokens(creator["wallet_address"], creator_reward)
+        db.table("settlements").insert(
+            {
+                "creator_wallet": creator["wallet_address"],
+                "amount": float(transfer["amount"]),
+                "platform_fee": 0.0,
+                "tx_hash": transfer["tx_hash"],
+                "timestamp": datetime.now(timezone.utc).isoformat(),
+                "settlement_type": "banner",
+            }
+        ).execute()
+        creators_paid += 1
+
+    campaign_ids = [campaign["id"] for campaign in eligible_campaigns]
+    db.table("banner_campaigns").update({"distributed": True, "active": False}).in_("id", campaign_ids).execute()
+
+    return {
+        "campaigns_distributed": len(eligible_campaigns),
+        "creators_paid": creators_paid,
+        "creator_pool": float(creator_pool),
+        "platform_share": float(platform_share),
+    }

app/services/reward_engine.py

@@ -0,0 +1,133 @@
+from __future__ import annotations
+
+from datetime import datetime, timezone
+from decimal import Decimal, ROUND_DOWN
+
+from apscheduler.schedulers.background import BackgroundScheduler
+
+from ..config import settings
+from ..database import get_db
+from . import algorand_service, banner_engine
+
+
+_scheduler: BackgroundScheduler | None = None
+
+
+def _to_decimal(value: object) -> Decimal:
+    return Decimal(str(value or 0))
+
+
+def calculate_and_settle() -> dict[str, int]:
+    db = get_db()
+    campaigns = (
+        db.table("ad_campaigns")
+        .select("*")
+        .eq("active", True)
+        .gt("remaining_budget", 0)
+        .execute()
+        .data
+        or []
+    )
+
+    report = {
+        "campaigns_processed": len(campaigns),
+        "campaigns_settled": 0,
+        "views_settled": 0,
+        "settlements_created": 0,
+    }
+
+    for campaign in campaigns:
+        try:
+            campaign_id = campaign["id"]
+            video_id = campaign["video_id"]
+            reward_per_view = _to_decimal(campaign.get("reward_per_view"))
+            remaining_budget = _to_decimal(campaign.get("remaining_budget"))
+
+            if reward_per_view <= 0 or remaining_budget <= 0:
+                db.table("ad_campaigns").update({"active": False}).eq("id", campaign_id).execute()
+                continue
+
+            views = (
+                db.table("views")
+                .select("id")
+                .eq("video_id", video_id)
+                .eq("settled", False)
+                .gte("watch_seconds", settings.view_min_watch_seconds)
+                .order("timestamp", desc=False)
+                .execute()
+                .data
+                or []
+            )
+            if not views:
+                continue
+
+            max_affordable_views = int((remaining_budget / reward_per_view).to_integral_value(rounding=ROUND_DOWN))
+            if max_affordable_views <= 0:
+                db.table("ad_campaigns").update({"active": False, "remaining_budget": 0}).eq("id", campaign_id).execute()
+                continue
+
+            payable_views = views[:max_affordable_views]
+            payable_view_count = len(payable_views)
+            if payable_view_count <= 0:
+                continue
+
+            creator_earnings = reward_per_view * Decimal(payable_view_count)
+            new_remaining_budget = remaining_budget - creator_earnings
+            if new_remaining_budget < 0:
+                new_remaining_budget = Decimal("0")
+
+            video_res = db.table("videos").select("creator_id").eq("id", video_id).limit(1).execute()
+            if not video_res.data:
+                continue
+            creator_id = video_res.data[0]["creator_id"]
+
+            creator_res = db.table("users").select("wallet_address").eq("id", creator_id).limit(1).execute()
+            if not creator_res.data:
+                continue
+            creator_wallet = creator_res.data[0]["wallet_address"]
+
+            settlement = algorand_service.settle_reward(creator_wallet, creator_earnings)
+            tx_hash = settlement["tx_hash"]
+
+            view_ids = [row["id"] for row in payable_views]
+            db.table("views").update({"settled": True}).in_("id", view_ids).execute()
+
+            db.table("settlements").insert(
+                {
+                    "creator_wallet": creator_wallet,
+                    "amount": float(settlement["creator_amount"]),
+                    "platform_fee": float(settlement["platform_fee"]),
+                    "tx_hash": tx_hash,
+                    "timestamp": datetime.now(timezone.utc).isoformat(),
+                    "settlement_type": "video_ad",
+                    "campaign_id": campaign_id,
+                }
+            ).execute()
+
+            db.table("ad_campaigns").update(
+                {
+                    "remaining_budget": float(new_remaining_budget),
+                    "active": bool(new_remaining_budget > 0),
+                }
+            ).eq("id", campaign_id).execute()
+
+            report["campaigns_settled"] += 1
+            report["views_settled"] += payable_view_count
+            report["settlements_created"] += 1
+        except Exception:
+            continue
+
+    return report
+
+
+def start() -> None:
+    global _scheduler
+    if not settings.scheduler_enabled:
+        return
+    if _scheduler and _scheduler.running:
+        return
+
+    _scheduler = BackgroundScheduler()
+    _scheduler.add_job(calculate_and_settle, "interval", minutes=max(1, settings.reward_interval_minutes))
+    _scheduler.add_job(banner_engine.distribute_banner_rewards, "cron", day=1, hour=0, minute=5)
+    _scheduler.start()

app/services/settlement_service.py

@@ -0,0 +1,10 @@
+from __future__ import annotations
+
+from decimal import Decimal
+from typing import Any
+
+from . import algorand_service
+
+
+def settle_rewards(creator_wallet: str, amount_tokens: Decimal | float | int | str) -> dict[str, Any]:
+    return algorand_service.settle_reward(creator_wallet, amount_tokens)

app/services/storage_service.py

@@ -0,0 +1,32 @@
+from __future__ import annotations
+
+import requests
+
+from ..config import settings
+
+
+def upload_file(file_content: bytes, filename: str) -> str:
+    if not settings.pinata_jwt:
+        raise RuntimeError("PINATA_JWT is not configured.")
+
+    response = requests.post(
+        "https://api.pinata.cloud/pinning/pinFileToIPFS",
+        headers={"Authorization": f"Bearer {settings.pinata_jwt}"},
+        files={"file": (filename, file_content)},
+        timeout=120,
+    )
+    response.raise_for_status()
+    payload = response.json()
+    cid = payload.get("IpfsHash")
+    if not cid:
+        raise RuntimeError("Pinata response missing IpfsHash.")
+    return cid
+
+
+def build_ipfs_url(cid: str) -> str:
+    gateway = settings.pinata_gateway.strip()
+    if gateway.startswith("http://") or gateway.startswith("https://"):
+        base = gateway.rstrip("/")
+    else:
+        base = f"https://{gateway.rstrip('/')}"
+    return f"{base}/ipfs/{cid}"

app/utils/anti_bot.py

@@ -0,0 +1,55 @@
+from __future__ import annotations
+
+from collections import defaultdict, deque
+from datetime import datetime, timedelta, timezone
+from typing import Deque
+
+from ..config import settings
+
+
+wallet_video_last_seen: dict[str, datetime] = {}
+ip_events: defaultdict[str, Deque[datetime]] = defaultdict(deque)
+fingerprint_events: defaultdict[str, Deque[datetime]] = defaultdict(deque)
+
+
+def _trim_old(events: Deque[datetime], now: datetime, window: timedelta) -> None:
+    while events and now - events[0] > window:
+        events.popleft()
+
+
+def validate_view(
+    wallet: str,
+    video_id: str,
+    watch_seconds: int,
+    ip_address: str | None = None,
+    device_fingerprint: str | None = None,
+) -> tuple[bool, str]:
+    if watch_seconds < settings.view_min_watch_seconds:
+        return False, "min_watch_time_not_met"
+
+    now = datetime.now(timezone.utc)
+    cooldown = timedelta(seconds=settings.view_wallet_cooldown_seconds)
+    wallet_key = f"{wallet}:{video_id}"
+
+    last_view = wallet_video_last_seen.get(wallet_key)
+    if last_view and (now - last_view) < cooldown:
+        return False, "wallet_rate_limited"
+    wallet_video_last_seen[wallet_key] = now
+
+    one_hour = timedelta(hours=1)
+
+    if ip_address:
+        ip_log = ip_events[ip_address]
+        _trim_old(ip_log, now, one_hour)
+        if len(ip_log) >= settings.view_ip_hourly_limit:
+            return False, "ip_rate_limited"
+        ip_log.append(now)
+
+    if device_fingerprint:
+        fingerprint_log = fingerprint_events[device_fingerprint]
+        _trim_old(fingerprint_log, now, one_hour)
+        if len(fingerprint_log) >= settings.view_fingerprint_hourly_limit:
+            return False, "fingerprint_rate_limited"
+        fingerprint_log.append(now)
+
+    return True, "ok"

approval.teal

@@ -0,0 +1,138 @@
+#pragma version 6
+txn ApplicationID
+int 0
+==
+bnz main_l16
+txn OnCompletion
+int DeleteApplication
+==
+bnz main_l15
+txn OnCompletion
+int UpdateApplication
+==
+bnz main_l14
+txn OnCompletion
+int CloseOut
+==
+bnz main_l13
+txn OnCompletion
+int OptIn
+==
+bnz main_l12
+txna ApplicationArgs 0
+byte "update_wallet"
+==
+bnz main_l11
+txna ApplicationArgs 0
+byte "optin_asset"
+==
+bnz main_l10
+txna ApplicationArgs 0
+byte "settle"
+==
+bnz main_l9
+err
+main_l9:
+txn Sender
+byte "admin"
+app_global_get
+==
+assert
+int 2
+txnas Accounts
+byte "platform_wallet"
+app_global_get
+==
+assert
+itxn_begin
+int axfer
+itxn_field TypeEnum
+txna Assets 0
+itxn_field XferAsset
+int 1
+txnas Accounts
+itxn_field AssetReceiver
+txna ApplicationArgs 1
+btoi
+txna ApplicationArgs 1
+btoi
+int 200
+*
+int 10000
+/
+-
+itxn_field AssetAmount
+itxn_next
+int axfer
+itxn_field TypeEnum
+txna Assets 0
+itxn_field XferAsset
+int 2
+txnas Accounts
+itxn_field AssetReceiver
+txna ApplicationArgs 1
+btoi
+int 200
+*
+int 10000
+/
+itxn_field AssetAmount
+itxn_submit
+int 1
+return
+main_l10:
+txn Sender
+byte "admin"
+app_global_get
+==
+assert
+itxn_begin
+int axfer
+itxn_field TypeEnum
+txna Assets 0
+itxn_field XferAsset
+global CurrentApplicationAddress
+itxn_field AssetReceiver
+int 0
+itxn_field AssetAmount
+itxn_submit
+int 1
+return
+main_l11:
+txn Sender
+byte "admin"
+app_global_get
+==
+assert
+byte "platform_wallet"
+txna Accounts 1
+app_global_put
+int 1
+return
+main_l12:
+int 1
+return
+main_l13:
+int 1
+return
+main_l14:
+txn Sender
+byte "admin"
+app_global_get
+==
+return
+main_l15:
+txn Sender
+byte "admin"
+app_global_get
+==
+return
+main_l16:
+byte "admin"
+txn Sender
+app_global_put
+byte "platform_wallet"
+txn Sender
+app_global_put
+int 1
+return

clear.teal

@@ -0,0 +1,3 @@
+#pragma version 6
+int 1
+return

contracts/smart_contract.py

@@ -0,0 +1,145 @@
+from pyteal import *
+
+
+def approval_program():
+    fee_bps = Int(200)
+    bps_denominator = Int(10000)
+
+    token_key = Bytes("token_id")
+    platform_key = Bytes("platform_wallet")
+    admin_key = Bytes("admin")
+
+    on_create = Seq(
+        App.globalPut(admin_key, Txn.sender()),
+        App.globalPut(
+            token_key,
+            If(Txn.application_args.length() >= Int(1), Btoi(Txn.application_args[0]), Int(0)),
+        ),
+        App.globalPut(
+            platform_key,
+            If(Txn.application_args.length() >= Int(2), Txn.application_args[1], Txn.sender()),
+        ),
+        Approve(),
+    )
+
+    is_admin = Txn.sender() == App.globalGet(admin_key)
+
+    set_config = Seq(
+        Assert(is_admin),
+        Assert(Txn.application_args.length() >= Int(2)),
+        App.globalPut(token_key, Btoi(Txn.application_args[1])),
+        App.globalPut(
+            platform_key,
+            If(Txn.accounts.length() >= Int(1), Txn.accounts[1], App.globalGet(platform_key)),
+        ),
+        Approve(),
+    )
+
+    opt_in_asset = Seq(
+        Assert(is_admin),
+        Assert(Txn.assets[0] == App.globalGet(token_key)),
+        InnerTxnBuilder.Begin(),
+        InnerTxnBuilder.SetFields(
+            {
+                TxnField.type_enum: TxnType.AssetTransfer,
+                TxnField.xfer_asset: Txn.assets[0],
+                TxnField.asset_receiver: Global.current_application_address(),
+                TxnField.asset_amount: Int(0),
+            }
+        ),
+        InnerTxnBuilder.Submit(),
+        Approve(),
+    )
+
+    deposit = Seq(
+        Assert(Global.group_size() == Int(2)),
+        Assert(Txn.group_index() == Int(1)),
+        Assert(Gtxn[0].type_enum() == TxnType.AssetTransfer),
+        Assert(Gtxn[0].sender() == Txn.sender()),
+        Assert(Gtxn[0].xfer_asset() == App.globalGet(token_key)),
+        Assert(Gtxn[0].asset_receiver() == Global.current_application_address()),
+        Assert(Gtxn[0].asset_amount() > Int(0)),
+        Approve(),
+    )
+
+    total_amount = Btoi(Txn.application_args[1])
+    platform_fee = (total_amount * fee_bps) / bps_denominator
+    creator_amount = total_amount - platform_fee
+
+    settle_reward = Seq(
+        Assert(is_admin),
+        Assert(Txn.application_args.length() >= Int(2)),
+        Assert(Txn.assets[0] == App.globalGet(token_key)),
+        Assert(Txn.accounts.length() >= Int(1)),
+        Assert(total_amount > Int(0)),
+        Assert(creator_amount > Int(0)),
+        InnerTxnBuilder.Begin(),
+        InnerTxnBuilder.SetFields(
+            {
+                TxnField.type_enum: TxnType.AssetTransfer,
+                TxnField.xfer_asset: Txn.assets[0],
+                TxnField.asset_receiver: Txn.accounts[1],
+                TxnField.asset_amount: creator_amount,
+            }
+        ),
+        InnerTxnBuilder.Submit(),
+        If(platform_fee > Int(0)).Then(
+            Seq(
+                InnerTxnBuilder.Begin(),
+                InnerTxnBuilder.SetFields(
+                    {
+                        TxnField.type_enum: TxnType.AssetTransfer,
+                        TxnField.xfer_asset: Txn.assets[0],
+                        TxnField.asset_receiver: App.globalGet(platform_key),
+                        TxnField.asset_amount: platform_fee,
+                    }
+                ),
+                InnerTxnBuilder.Submit(),
+            )
+        ),
+        Approve(),
+    )
+
+    withdraw_unused = Seq(
+        Assert(is_admin),
+        Assert(Txn.application_args.length() >= Int(2)),
+        Assert(Txn.assets[0] == App.globalGet(token_key)),
+        Assert(Txn.accounts.length() >= Int(1)),
+        Assert(Btoi(Txn.application_args[1]) > Int(0)),
+        InnerTxnBuilder.Begin(),
+        InnerTxnBuilder.SetFields(
+            {
+                TxnField.type_enum: TxnType.AssetTransfer,
+                TxnField.xfer_asset: Txn.assets[0],
+                TxnField.asset_receiver: Txn.accounts[1],
+                TxnField.asset_amount: Btoi(Txn.application_args[1]),
+            }
+        ),
+        InnerTxnBuilder.Submit(),
+        Approve(),
+    )
+
+    return Cond(
+        [Txn.application_id() == Int(0), on_create],
+        [Txn.on_completion() == OnComplete.DeleteApplication, Return(is_admin)],
+        [Txn.on_completion() == OnComplete.UpdateApplication, Return(is_admin)],
+        [Txn.on_completion() == OnComplete.CloseOut, Approve()],
+        [Txn.on_completion() == OnComplete.OptIn, Approve()],
+        [Txn.application_args[0] == Bytes("set_config"), set_config],
+        [Txn.application_args[0] == Bytes("optin_asset"), opt_in_asset],
+        [Txn.application_args[0] == Bytes("deposit"), deposit],
+        [Txn.application_args[0] == Bytes("settle_reward"), settle_reward],
+        [Txn.application_args[0] == Bytes("withdraw_unused"), withdraw_unused],
+    )
+
+
+def clear_state_program():
+    return Approve()
+
+
+if __name__ == "__main__":
+    with open("approval.teal", "w") as approval_file:
+        approval_file.write(compileTeal(approval_program(), mode=Mode.Application, version=6))
+
+    with open("clear.teal", "w") as clear_file:
+        clear_file.write(compileTeal(clear_state_program(), mode=Mode.Application, version=6))

requirements.txt

@@ -0,0 +1,15 @@
+fastapi
+uvicorn
+supabase
+requests
+py-algorand-sdk
+pyteal
+python-dotenv
+pydantic
+pydantic-settings
+apscheduler
+passlib
+python-multipart
+httpx
+pytest
+python-jose[cryptography]

schema.sql

@@ -0,0 +1,102 @@
+create extension if not exists "uuid-ossp";
+
+create table if not exists public.users (
+  id uuid primary key default uuid_generate_v4(),
+  wallet_address text not null unique,
+  username text,
+  role text not null default 'viewer' check (role in ('creator', 'viewer', 'advertiser')),
+  subscribers_count bigint not null default 0,
+  created_at timestamptz not null default timezone('utc', now())
+);
+
+create table if not exists public.videos (
+  id uuid primary key default uuid_generate_v4(),
+  creator_id uuid not null references public.users(id) on delete cascade,
+  cid text not null,
+  title text not null,
+  description text default '',
+  ads_enabled boolean not null default true,
+  total_views bigint not null default 0,
+  total_watch_time bigint not null default 0,
+  created_at timestamptz not null default timezone('utc', now())
+);
+
+create table if not exists public.subscriptions (
+  id uuid primary key default uuid_generate_v4(),
+  subscriber_id uuid not null references public.users(id) on delete cascade,
+  creator_id uuid not null references public.users(id) on delete cascade,
+  created_at timestamptz not null default timezone('utc', now()),
+  constraint subscriptions_unique unique(subscriber_id, creator_id),
+  constraint subscriptions_self_guard check (subscriber_id <> creator_id)
+);
+
+create table if not exists public.views (
+  id uuid primary key default uuid_generate_v4(),
+  video_id uuid not null references public.videos(id) on delete cascade,
+  viewer_wallet text not null,
+  viewer_fingerprint text,
+  watch_seconds int not null default 0 check (watch_seconds >= 0),
+  settled boolean not null default false,
+  timestamp timestamptz not null default timezone('utc', now())
+);
+
+create table if not exists public.ad_campaigns (
+  id uuid primary key default uuid_generate_v4(),
+  advertiser_wallet text not null,
+  video_id uuid not null references public.videos(id) on delete cascade,
+  budget numeric(20, 6) not null check (budget >= 0),
+  remaining_budget numeric(20, 6) not null check (remaining_budget >= 0),
+  reward_per_view numeric(20, 6) not null check (reward_per_view > 0),
+  active boolean not null default true,
+  ad_video_cid text,
+  created_at timestamptz not null default timezone('utc', now())
+);
+
+create table if not exists public.banner_campaigns (
+  id uuid primary key default uuid_generate_v4(),
+  advertiser_wallet text not null,
+  tier text not null check (tier in ('1m', '3m', '6m')),
+  fixed_price numeric(20, 6) not null check (fixed_price > 0),
+  start_date date not null,
+  end_date date not null,
+  active boolean not null default true,
+  distributed boolean not null default false,
+  created_at timestamptz not null default timezone('utc', now())
+);
+
+create table if not exists public.settlements (
+  id uuid primary key default uuid_generate_v4(),
+  creator_wallet text not null,
+  amount numeric(20, 6) not null,
+  platform_fee numeric(20, 6) not null default 0,
+  tx_hash text,
+  settlement_type text not null default 'video_ad',
+  campaign_id uuid,
+  timestamp timestamptz not null default timezone('utc', now())
+);
+
+create index if not exists idx_videos_creator_id on public.videos(creator_id);
+create index if not exists idx_views_video_id on public.views(video_id);
+create index if not exists idx_views_settled on public.views(settled);
+create index if not exists idx_ad_campaigns_video_id on public.ad_campaigns(video_id);
+create index if not exists idx_settlements_timestamp on public.settlements(timestamp desc);
+
+alter table public.users enable row level security;
+alter table public.videos enable row level security;
+alter table public.subscriptions enable row level security;
+alter table public.views enable row level security;
+alter table public.ad_campaigns enable row level security;
+alter table public.banner_campaigns enable row level security;
+alter table public.settlements enable row level security;
+
+drop policy if exists "Public read users" on public.users;
+drop policy if exists "Public read videos" on public.videos;
+drop policy if exists "Public read ad campaigns" on public.ad_campaigns;
+drop policy if exists "Public read banner campaigns" on public.banner_campaigns;
+drop policy if exists "Public read settlements" on public.settlements;
+
+create policy "Public read users" on public.users for select using (true);
+create policy "Public read videos" on public.videos for select using (true);
+create policy "Public read ad campaigns" on public.ad_campaigns for select using (true);
+create policy "Public read banner campaigns" on public.banner_campaigns for select using (true);
+create policy "Public read settlements" on public.settlements for select using (true);

scripts/_route_test_tmp.py

@@ -0,0 +1,262 @@
+import base64
+import random
+import string
+from datetime import date, timedelta
+
+import requests
+from algosdk import account, mnemonic, util
+
+BASE_URL = "http://localhost:8000"
+REQ_TIMEOUT = 20
+
+
+class SimpleResp:
+    def __init__(self, status_code, text=""):
+        self.status_code = status_code
+        self.text = text
+
+    def json(self):
+        raise ValueError("no json body")
+
+
+def safe_request(method, url, **kwargs):
+    if "timeout" not in kwargs:
+        kwargs["timeout"] = REQ_TIMEOUT
+    try:
+        return requests.request(method, url, **kwargs)
+    except Exception as exc:
+        return SimpleResp(599, str(exc))
+
+
+def parse_env(path):
+    data = {}
+    try:
+        with open(path, "r", encoding="utf-8") as f:
+            for line in f:
+                line = line.strip()
+                if not line or line.startswith("#"):
+                    continue
+                if "=" not in line:
+                    continue
+                key, val = line.split("=", 1)
+                key = key.strip()
+                val = val.strip().strip("\"").strip("'")
+                data[key] = val
+    except FileNotFoundError:
+        pass
+    return data
+
+
+env = parse_env("/home/chidori/Projects/rift/backend/.env")
+platform_wallet = (env.get("PLATFORM_WALLET") or "").strip()
+algorand_mnemonic = (env.get("ALGORAND_MNEMONIC") or "").strip()
+
+
+def rand_name(prefix):
+    return prefix + "_" + "".join(random.choices(string.ascii_lowercase + string.digits, k=6))
+
+
+def issue_challenge(wallet_address):
+    return safe_request("POST", f"{BASE_URL}/auth/challenge", json={"wallet_address": wallet_address})
+
+
+def sign_message(private_key, message):
+    sig = util.sign_bytes(message.encode("utf-8"), private_key)
+    if isinstance(sig, str):
+        sig = sig.encode("utf-8")
+    return base64.b64encode(sig).decode("utf-8")
+
+
+def signup(wallet_address, private_key, username, role):
+    chall = issue_challenge(wallet_address)
+    if chall.status_code != 200:
+        return None, chall
+    try:
+        message = chall.json()["message"]
+    except Exception:
+        return None, SimpleResp(599, "challenge missing json")
+    signature = sign_message(private_key, message)
+    payload = {
+        "wallet_address": wallet_address,
+        "signature": signature,
+        "message": message,
+        "username": username,
+        "role": role,
+    }
+    res = safe_request("POST", f"{BASE_URL}/auth/signup", json=payload)
+    return res, None
+
+
+def login(wallet_address, private_key):
+    chall = issue_challenge(wallet_address)
+    if chall.status_code != 200:
+        return None, chall
+    try:
+        message = chall.json()["message"]
+    except Exception:
+        return None, SimpleResp(599, "challenge missing json")
+    signature = sign_message(private_key, message)
+    payload = {
+        "wallet_address": wallet_address,
+        "signature": signature,
+        "message": message,
+    }
+    res = safe_request("POST", f"{BASE_URL}/auth/login", json=payload)
+    return res, None
+
+
+def get_token_for_new_user(role):
+    private_key, address = account.generate_account()
+    username = rand_name(role)
+    res, chall_err = signup(address, private_key, username, role)
+    if chall_err is not None:
+        return None, address, private_key, chall_err
+    if res.status_code == 200:
+        try:
+            return res.json()["access_token"], address, private_key, None
+        except Exception:
+            return None, address, private_key, SimpleResp(599, "signup missing json")
+    if res.status_code == 400 and "User already exists" in res.text:
+        res2, chall_err2 = login(address, private_key)
+        if chall_err2 is not None:
+            return None, address, private_key, chall_err2
+        if res2.status_code == 200:
+            try:
+                return res2.json()["access_token"], address, private_key, None
+            except Exception:
+                return None, address, private_key, SimpleResp(599, "login missing json")
+        return None, address, private_key, res2
+    return None, address, private_key, res
+
+
+results = []
+
+
+def record(name, res, extra=None):
+    if res is None:
+        results.append((name, "SKIP", extra or ""))
+        return
+    status = "PASS" if res.status_code < 400 else "FAIL"
+    detail = f"{res.status_code}"
+    if res.status_code >= 400:
+        detail += f" {res.text[:300]}"
+    if extra:
+        detail += f" | {extra}"
+    results.append((name, status, detail))
+
+
+record("GET /", safe_request("GET", f"{BASE_URL}/"))
+
+# Creator
+creator_token, creator_addr, creator_pk, err = get_token_for_new_user("creator")
+if not creator_token:
+    if err is None:
+        results.append(("creator token", "FAIL", "unknown error"))
+    else:
+        results.append(("creator token", "FAIL", f"{err.status_code} {err.text[:300]}"))
+else:
+    headers_creator = {"Authorization": f"Bearer {creator_token}"}
+    record("GET /auth/me", safe_request("GET", f"{BASE_URL}/auth/me", headers=headers_creator))
+
+    files = {"file": ("test_video.mp4", b"dummy_video_content_bytes", "video/mp4")}
+    data = {"title": f"Test Video {rand_name('v')}", "description": "Automated test"}
+    res_upload = safe_request("POST", f"{BASE_URL}/videos/upload", headers=headers_creator, files=files, data=data)
+    record("POST /videos/upload", res_upload)
+    video_id = None
+    if res_upload.status_code == 200:
+        try:
+            video_id = res_upload.json().get("video_id")
+        except Exception:
+            video_id = None
+
+    record("GET /videos/list", safe_request("GET", f"{BASE_URL}/videos/list"))
+    record("GET /videos/me", safe_request("GET", f"{BASE_URL}/videos/me", headers=headers_creator))
+    if video_id:
+        record("GET /videos/{id}", safe_request("GET", f"{BASE_URL}/videos/{video_id}"))
+
+    if video_id:
+        res_view = safe_request(
+            "POST",
+            f"{BASE_URL}/views/track",
+            headers=headers_creator,
+            json={"video_id": video_id, "watch_seconds": 30},
+        )
+        record("POST /views/track", res_view)
+
+    record("GET /wallets/balance", safe_request("GET", f"{BASE_URL}/wallets/balance", headers=headers_creator))
+
+# Advertiser
+advertiser_token, advertiser_addr, advertiser_pk, err = get_token_for_new_user("advertiser")
+if not advertiser_token:
+    if err is None:
+        results.append(("advertiser token", "FAIL", "unknown error"))
+    else:
+        results.append(("advertiser token", "FAIL", f"{err.status_code} {err.text[:300]}"))
+else:
+    headers_ad = {"Authorization": f"Bearer {advertiser_token}"}
+    record("GET /auth/me (advertiser)", safe_request("GET", f"{BASE_URL}/auth/me", headers=headers_ad))
+    if 'video_id' in locals() and video_id:
+        res_campaign = safe_request(
+            "POST",
+            f"{BASE_URL}/ads/create",
+            headers=headers_ad,
+            data={"video_id": video_id, "budget": "100", "reward_per_view": "1"},
+        )
+        record("POST /ads/create", res_campaign)
+
+    record("GET /ads/active", safe_request("GET", f"{BASE_URL}/ads/active"))
+    record("GET /ads/me", safe_request("GET", f"{BASE_URL}/ads/me", headers=headers_ad))
+    record("GET /ads/summary", safe_request("GET", f"{BASE_URL}/ads/summary", headers=headers_ad))
+
+    start = date.today().isoformat()
+    end = (date.today() + timedelta(days=1)).isoformat()
+    res_banner = safe_request(
+        "POST",
+        f"{BASE_URL}/ads/banner/create",
+        headers=headers_ad,
+        data={"tier": "1m", "fixed_price": "25", "start_date": start, "end_date": end},
+    )
+    record("POST /ads/banner/create", res_banner)
+    record("GET /ads/banner/active", safe_request("GET", f"{BASE_URL}/ads/banner/active"))
+    record("GET /ads/banner/me", safe_request("GET", f"{BASE_URL}/ads/banner/me", headers=headers_ad))
+
+# Settlement (public)
+record("GET /settlement/", safe_request("GET", f"{BASE_URL}/settlement/"))
+record("GET /settlement/summary", safe_request("GET", f"{BASE_URL}/settlement/summary"))
+
+# Platform-only
+platform_token = None
+platform_pk = None
+platform_addr = None
+if platform_wallet and algorand_mnemonic:
+    try:
+        platform_pk = mnemonic.to_private_key(algorand_mnemonic)
+        platform_addr = account.address_from_private_key(platform_pk)
+        if platform_addr == platform_wallet:
+            res, err = signup(platform_addr, platform_pk, rand_name("platform"), "viewer")
+            if err is None and res.status_code == 200:
+                platform_token = res.json()["access_token"]
+            else:
+                res2, err2 = login(platform_addr, platform_pk)
+                if err2 is None and res2.status_code == 200:
+                    platform_token = res2.json()["access_token"]
+        else:
+            results.append(("platform auth", "SKIP", "PLATFORM_WALLET does not match ALGORAND_MNEMONIC address"))
+    except Exception as exc:
+        results.append(("platform auth", "SKIP", f"error: {exc}"))
+else:
+    results.append(("platform auth", "SKIP", "PLATFORM_WALLET or ALGORAND_MNEMONIC not set"))
+
+if platform_token:
+    headers_platform = {"Authorization": f"Bearer {platform_token}"}
+    record("GET /wallets/platform-balance", safe_request("GET", f"{BASE_URL}/wallets/platform-balance", headers=headers_platform))
+    record("POST /settlement/trigger", safe_request("POST", f"{BASE_URL}/settlement/trigger", headers=headers_platform))
+    record("POST /settlement/trigger-banner", safe_request("POST", f"{BASE_URL}/settlement/trigger-banner", headers=headers_platform))
+else:
+    record("GET /wallets/platform-balance", None, "no platform token")
+    record("POST /settlement/trigger", None, "no platform token")
+    record("POST /settlement/trigger-banner", None, "no platform token")
+
+print("\n=== Route Test Summary ===")
+for name, status, detail in results:
+    print(f"{status:<5} {name} -> {detail}")

scripts/check_schema.py

@@ -0,0 +1,31 @@
+
+import os
+import sys
+from dotenv import load_dotenv
+
+# Add backend directory to sys.path
+sys.path.append(os.path.abspath(os.path.join(os.path.dirname(__file__), '..')))
+
+# Load env
+load_dotenv(os.path.join(os.path.dirname(__file__), '..', '.env'))
+
+from app.database import get_db
+
+def main():
+    print("Checking Users Table Schema...")
+    db = get_db()
+    
+    try:
+        # Try to select one item
+        res = db.table("users").select("*").limit(1).execute()
+        if res.data:
+            print("Row 1 keys:", res.data[0].keys())
+        else:
+            print("Table is empty, cannot infer schema directly from rows.")
+            # Try inserting a dummy with username to see if it fails?
+            # Or just assume we need to add it.
+    except Exception as e:
+        print(f"Error selecting: {e}")
+
+if __name__ == "__main__":
+    main()

scripts/create_asset.py

@@ -0,0 +1,78 @@
+
+import os
+import sys
+from dotenv import load_dotenv
+from algosdk import account, mnemonic
+from algosdk.v2client import algod
+from algosdk.transaction import AssetConfigTxn, wait_for_confirmation
+
+# Add backend directory to sys.path
+sys.path.append(os.path.abspath(os.path.join(os.path.dirname(__file__), '..')))
+
+# Load env BEFORE importing settings
+load_dotenv(os.path.join(os.path.dirname(__file__), '..', '.env'))
+
+from app.config import settings
+
+def main():
+    print("--- Creating ADMC Asset ---")
+    
+    # Client
+    algod_address = "https://testnet-api.algonode.cloud"
+    algod_token = ""
+    client = algod.AlgodClient(algod_token, algod_address)
+    
+    mnemonic_phrase = settings.algorand_mnemonic
+    if not mnemonic_phrase:
+        print("ERROR: ALGORAND_MNEMONIC is empty in .env")
+        return
+
+    private_key = mnemonic.to_private_key(mnemonic_phrase)
+    address = account.address_from_private_key(private_key)
+    print(f"Creator Address: {address}")
+
+    # Asset Details
+    # ADMC: "Ad Me Coin" or similar? The prompt mentioned "ADMC".
+    # Let's call it "Rift Ad Token" (ADMC)
+    # Total Supply: 1,000,000,000
+    # Decimals: 0 for simplicity in this MVP, or 6?
+    # Script assumes int amounts, so 0 decimals is easier for verification logic unless specified.
+    # Let's use 0 decimals.
+    
+    params = client.suggested_params()
+    
+    txn = AssetConfigTxn(
+        sender=address,
+        sp=params,
+        total=1_000_000_000,
+        default_frozen=False,
+        unit_name="ADMC",
+        asset_name="Rift Ad Token",
+        manager=address,
+        reserve=address,
+        freeze=address,
+        clawback=address,
+        url="https://rift-platform.com", 
+        decimals=0
+    )
+    
+    signed_txn = txn.sign(private_key)
+    try:
+        txid = client.send_transaction(signed_txn)
+        print(f"Transaction Sent: {txid}")
+        
+        wait_for_confirmation(client, txid, 4)
+        
+        try:
+            ptx = client.pending_transaction_info(txid)
+            asset_id = ptx["asset-index"]
+            print(f"Asset Created! Asset ID: {asset_id}")
+            print(f"PLEASE UPDATE .env WITH: ASSET_ID={asset_id}")
+        except Exception as e:
+            print(f"Error getting asset ID: {e}")
+            
+    except Exception as e:
+        print(f"Failed to create asset: {e}")
+
+if __name__ == "__main__":
+    main()

scripts/create_token.py

@@ -0,0 +1,63 @@
+import os
+from algosdk import account, mnemonic
+from algosdk.v2client import algod
+from algosdk.transaction import AssetConfigTxn, wait_for_confirmation
+from dotenv import load_dotenv
+
+load_dotenv()
+
+# Configure Algorand Client (Testnet)
+# You can use a free API key from AlgoNode or PureStake, or a local node
+ALGOD_ADDRESS = "https://testnet-api.algonode.cloud"
+ALGOD_TOKEN = ""
+
+def create_admc_token():
+    # Helper function to get the private key and address
+    mnemonic_phrase = os.getenv("ALGORAND_MNEMONIC")
+    if not mnemonic_phrase:
+        print("Please set ALGORAND_MNEMONIC in .env")
+        return
+
+    private_key = mnemonic.to_private_key(mnemonic_phrase)
+    sender_address = account.address_from_private_key(private_key)
+    print(f"Sender Address: {sender_address}")
+
+    # Initialize Algod Client
+    algod_client = algod.AlgodClient(ALGOD_TOKEN, ALGOD_ADDRESS)
+
+    # Asset Creation Transaction
+    params = algod_client.suggested_params()
+    
+    txn = AssetConfigTxn(
+        sender=sender_address,
+        sp=params,
+        total=1_000_000_000, # 1 billion tokens
+        decimals=6,
+        default_frozen=False,
+        unit_name="ADMC",
+        asset_name="AdMarket Coin",
+        manager=sender_address,
+        reserve=sender_address,
+        freeze=sender_address,
+        clawback=sender_address,
+        url="https://rift.video", # Placeholder URL
+    )
+
+    # Sign transaction
+    signed_txn = txn.sign(private_key)
+
+    # Send transaction
+    txid = algod_client.send_transaction(signed_txn)
+    print(f"Transaction sent with ID: {txid}")
+
+    # Wait for confirmation
+    confirmed_txn = wait_for_confirmation(algod_client, txid, 4)
+    print(f"Result confirmed in round: {confirmed_txn['confirmed-round']}")
+
+    asset_id = confirmed_txn["asset-index"]
+    print(f"Created Asset ID: {asset_id}")
+    
+    return asset_id
+
+if __name__ == "__main__":
+    create_admc_token()

scripts/show_wallet.py

@@ -0,0 +1,59 @@
+
+import os
+import sys
+from dotenv import load_dotenv
+from algosdk import account, mnemonic
+from algosdk.v2client import algod
+
+# Add backend directory to sys.path
+sys.path.append(os.path.abspath(os.path.join(os.path.dirname(__file__), '..')))
+
+# Load env
+load_dotenv(os.path.join(os.path.dirname(__file__), '..', '.env'))
+
+from app.config import settings
+
+def main():
+    print("--- Platform Wallet Info ---")
+    
+    # Client
+    algod_address = "https://testnet-api.algonode.cloud"
+    algod_token = ""
+    client = algod.AlgodClient(algod_token, algod_address)
+    
+    mnemonic_phrase = settings.algorand_mnemonic
+    if not mnemonic_phrase:
+        print("ERROR: ALGORAND_MNEMONIC is empty in .env")
+        return
+
+    try:
+        private_key = mnemonic.to_private_key(mnemonic_phrase)
+        address = account.address_from_private_key(private_key)
+        print(f"Address: {address}")
+        
+        info = client.account_info(address)
+        algo_balance = info.get('amount') / 1_000_000
+        print(f"ALGO Balance: {algo_balance} ALGO")
+        
+        asset_id = settings.asset_id
+        print(f"Target Asset ID: {asset_id}")
+        
+        assets = info.get('assets', [])
+        admc_balance = 0
+        found = False
+        for asset in assets:
+            if asset['asset-id'] == asset_id:
+                admc_balance = asset['amount']
+                found = True
+                break
+        
+        if found:
+            print(f"ADMC Balance: {admc_balance}")
+        else:
+            print(f"ADMC Balance: 0 (Not opted in or 0 balance)")
+            
+    except Exception as e:
+        print(f"Error retrieving info: {e}")
+
+if __name__ == "__main__":
+    main()

scripts/test_all_routes.py

@@ -0,0 +1,143 @@
+
+import requests
+import os
+import sys
+import random
+import string
+import time
+from algosdk import account, util
+
+# Configuration
+BASE_URL = "http://localhost:8000"
+
+def generate_username():
+    return "tester_" + ''.join(random.choices(string.ascii_lowercase + string.digits, k=5))
+
+def sign_message(private_key, message):
+    return util.sign_bytes(message.encode('utf-8'), private_key)
+
+def print_step(step_name):
+    print(f"\n{'='*20}\n{step_name}\n{'='*20}")
+
+def test_api():
+    print("Starting Comprehensive API Test...")
+    
+    # --- 1. Authenticaton ---
+    print_step("1. Authentication")
+    
+    # Generate User
+    private_key, address = account.generate_account()
+    username = generate_username()
+    print(f"User: {username} ({address})")
+    
+    # Signup
+    message = "Sign up for Rift"
+    signature = sign_message(private_key, message)
+    
+    signup_payload = {
+        "wallet_address": address,
+        "signature": signature,
+        "message": message,
+        "username": username
+    }
+    
+    print("-> Signing Up...")
+    res = requests.post(f"{BASE_URL}/auth/signup", json=signup_payload)
+    if res.status_code != 200:
+        print(f"FAILED: Signup {res.status_code} {res.text}")
+        return
+    token = res.json()["access_token"]
+    print("SUCCESS: Signed Up. Token received.")
+    
+    headers = {"Authorization": f"Bearer {token}"}
+
+    # --- 2. Video Upload ---
+    print_step("2. Video Upload")
+    
+    # Create dummy video content
+    files = {
+        'file': ('test_video.mp4', b'dummy_video_content_bytes', 'video/mp4')
+    }
+    data = {
+        'title': 'Test Video ' + username,
+        'description': 'This is an automated test video.'
+    }
+    
+    print("-> Uploading Video...")
+    res = requests.post(f"{BASE_URL}/videos/upload", headers=headers, files=files, data=data)
+    
+    if res.status_code != 200:
+        print(f"FAILED: Upload {res.status_code} {res.text}")
+        return
+        
+    video_id = res.json()["video_id"]
+    cid = res.json()["cid"]
+    print(f"SUCCESS: Video Uploaded. ID: {video_id}, CID: {cid}")
+    
+    # --- 3. List Videos ---
+    print_step("3. List Videos")
+    res = requests.get(f"{BASE_URL}/videos/list")
+    if res.status_code != 200:
+        print(f"FAILED: List Videos {res.status_code} {res.text}")
+        return
+    videos = res.json()
+    print(f"SUCCESS: Retrieved {len(videos)} videos.")
+    
+    # --- 4. Track View ---
+    print_step("4. Track View")
+    
+    # View the video we just uploaded
+    view_payload = {
+        "video_id": video_id,
+        "watch_seconds": 30
+    }
+    
+    print(f"-> Tracking view for video {video_id}...")
+    res = requests.post(f"{BASE_URL}/views/track", headers=headers, json=view_payload)
+    
+    if res.status_code != 200:
+        print(f"FAILED: Track View {res.status_code} {res.text}")
+    else:
+        print(f"SUCCESS: View recorded. Status: {res.json()}")
+
+    # --- 5. Create Ad Campaign ---
+    print_step("5. Create Ad Campaign")
+    
+    campaign_payload = {
+        "video_id": video_id,
+        "budget": 100.0,
+        "reward_per_view": 1.0 # 1 ADMC per view
+    }
+    
+    print("-> Creating Campaign...")
+    res = requests.post(f"{BASE_URL}/ads/create", headers=headers, json=campaign_payload)
+    
+    if res.status_code != 200:
+        print(f"FAILED: Create Campaign {res.status_code} {res.text}")
+    else:
+        campaign_id = res.json()["campaign_id"]
+        print(f"SUCCESS: Campaign Created. ID: {campaign_id}")
+        
+    # --- 6. Trigger Settlement ---
+    print_step("6. Trigger Settlement")
+    
+    print("-> Triggering Settlement Engine...")
+    res = requests.post(f"{BASE_URL}/settlement/trigger")
+    
+    if res.status_code != 200:
+        print(f"FAILED: Trigger Settlement {res.status_code} {res.text}")
+    else:
+        print(f"SUCCESS: Settlement Triggered. Response: {res.json()}")
+
+    # --- 7. Check Settlement History ---
+    print_step("7. Settlement History")
+    res = requests.get(f"{BASE_URL}/settlement/")
+    if res.status_code != 200:
+        print(f"FAILED: Get Settlements {res.status_code} {res.text}")
+    else:
+        print(f"SUCCESS: Retrieved latest settlements. Count: {len(res.json())}")
+
+    print("\nAPI Test Complete.")
+
+if __name__ == "__main__":
+    test_api()

scripts/test_auth.py

@@ -0,0 +1,92 @@
+
+import requests
+import time
+from algosdk import account, mnemonic, util
+import sys
+import os
+import random
+import string
+
+# URL
+BASE_URL = "http://localhost:8000"
+
+def generate_username():
+    return "user_" + ''.join(random.choices(string.ascii_lowercase + string.digits, k=6))
+
+def sign_message(private_key, message):
+    # Determine how backend expects signature.
+    # algorand_service.verify_signature uses util.verify_bytes
+    # which expects the signature of the byte encoded message.
+    # We need to sign the bytes of the message.
+    
+    # In Pera/standard dApps, usually we sign "MX..." if it's a specific format
+    # But here backend does: util.verify_bytes(message.encode('utf-8'), signature, wallet_address)
+    # So we just sign the raw bytes.
+    
+    signature = util.sign_bytes(message.encode('utf-8'), private_key)
+    return signature
+
+def test_signup_login():
+    print("--- Testing Auth Flow ---")
+    
+    # 1. Generate Wallet
+    private_key, address = account.generate_account()
+    print(f"Generated Wallet: {address}")
+    
+    username = generate_username()
+    print(f"Username: {username}")
+    
+    message = "Login to Rift" # In real app, this should be a nonce
+    signature = sign_message(private_key, message)
+    
+    # 2. Test Login (Unregistered) -> Should Fail
+    print("\n[Test 1] Login Unregistered User...")
+    login_payload = {
+        "wallet_address": address,
+        "signature": signature,
+        "message": message
+    }
+    
+    res = requests.post(f"{BASE_URL}/auth/login", json=login_payload)
+    if res.status_code == 404:
+        print("SUCCESS: Login failed as expected (404 User not found).")
+    else:
+        print(f"FAILURE: Login unexpected response: {res.status_code} {res.text}")
+        return
+
+    # 3. Test Signup -> Should Success
+    print("\n[Test 2] Signup New User...")
+    signup_payload = {
+        "wallet_address": address,
+        "signature": signature,
+        "message": message,
+        "username": username
+    }
+    
+    res = requests.post(f"{BASE_URL}/auth/signup", json=signup_payload)
+    if res.status_code == 200:
+        print("SUCCESS: Signup successful.")
+        token = res.json().get("access_token")
+        print(f"Token received: {token[:10]}...")
+    else:
+        print(f"FAILURE: Signup failed: {res.status_code} {res.text}")
+        return
+
+    # 4. Test Login (Registered) -> Should Success
+    print("\n[Test 3] Login Registered User...")
+    res = requests.post(f"{BASE_URL}/auth/login", json=login_payload)
+    if res.status_code == 200:
+        print("SUCCESS: Login successful.")
+    else:
+        print(f"FAILURE: Login failed: {res.status_code} {res.text}")
+        
+    # 5. Test Signup (Duplicate) -> Should Fail
+    print("\n[Test 4] Signup Duplicate User...")
+    res = requests.post(f"{BASE_URL}/auth/signup", json=signup_payload)
+    if res.status_code == 400:
+        print("SUCCESS: Duplicate signup failed as expected (400).")
+    else:
+        print(f"FAILURE: Duplicate signup unexpected response: {res.status_code} {res.text}")
+
+if __name__ == "__main__":
+    test_signup_login()

scripts/test_insert.py

@@ -0,0 +1,46 @@
+
+import os
+import sys
+import random
+import string
+from dotenv import load_dotenv
+
+# Add backend directory to sys.path
+sys.path.append(os.path.abspath(os.path.join(os.path.dirname(__file__), '..')))
+
+# Load env
+load_dotenv(os.path.join(os.path.dirname(__file__), '..', '.env'))
+
+from app.database import get_db
+
+def generate_wallet():
+    return "test_wallet_" + ''.join(random.choices(string.ascii_lowercase + string.digits, k=10))
+
+def main():
+    print("Testing Insert...")
+    db = get_db()
+    
+    # Test 1: Minimal Insert (just wallet_address, assuming it exists)
+    w1 = generate_wallet()
+    print(f"1. Inserting {w1} (no username)...")
+    try:
+        res = db.table("users").insert({"wallet_address": w1}).execute()
+        print("Success!", res.data)
+    except Exception as e:
+        with open("error.log", "w") as f:
+            f.write(str(e))
+        print(f"Failed: {e}")
+
+    # Test 2: Insert with username
+    w2 = generate_wallet()
+    print(f"2. Inserting {w2} WITH username...")
+    try:
+        res = db.table("users").insert({"wallet_address": w2, "username": "testuser"}).execute()
+        print("Success!", res.data)
+    except Exception as e:
+        with open("error_username.log", "w") as f:
+            f.write(str(e))
+        print(f"Failed: {e}")
+
+if __name__ == "__main__":
+    main()

scripts/verify_algorand.py

@@ -0,0 +1,139 @@
+
+import os
+import sys
+import time
+from dotenv import load_dotenv
+from algosdk import account, mnemonic, util
+from algosdk.v2client import algod
+from algosdk.transaction import AssetTransferTxn, PaymentTxn, AssetOptInTxn, wait_for_confirmation
+
+# Add backend directory to sys.path to import services
+sys.path.append(os.path.abspath(os.path.join(os.path.dirname(__file__), '..')))
+
+# Load env
+load_dotenv(os.path.join(os.path.dirname(__file__), '..', '.env'))
+
+from app.services import algorand_service
+from app.config import settings
+
+def main():
+    print("Starting Algorand Verification...")
+    
+    # 1. Initialize Client
+    client = algorand_service.get_algod_client()
+    try:
+        status = client.status()
+        print(f"Connected to Algorand TestNet. Last Round: {status['last-round']}")
+    except Exception as e:
+        print(f"Failed to connect to Algorand: {e}")
+        return
+
+    # 2. Check Platform Wallet
+    platform_mnemonic = settings.algorand_mnemonic
+    if not platform_mnemonic:
+        print("Error: ALGORAND_MNEMONIC not set in .env")
+        return
+
+    platform_private_key = mnemonic.to_private_key(platform_mnemonic)
+    platform_address = account.address_from_private_key(platform_private_key)
+    print(f"Platform Wallet: {platform_address}")
+
+    account_info = client.account_info(platform_address)
+    algo_balance = account_info.get('amount') / 1_000_000
+    print(f"Platform ALGO Balance: {algo_balance} ALGO")
+
+    if algo_balance < 1:
+        print("Warning: Low ALGO balance. Might fail to fund receivers.")
+
+    # Check Asset Balance
+    asset_id = settings.asset_id
+    assets = account_info.get('assets', [])
+    platform_asset_balance = 0
+    for asset in assets:
+        if asset['asset-id'] == asset_id:
+            platform_asset_balance = asset['amount']
+            break
+    
+    print(f"Platform ADMC Balance: {platform_asset_balance} (Asset ID: {asset_id})")
+
+    if platform_asset_balance < 100:
+        print("Error: Insufficient ADMC in Platform Wallet to test.")
+        return
+
+    # 3. Setup Receiver
+    receiver_private_key, receiver_address = account.generate_account()
+    print(f"\nGenerated Test Receiver: {receiver_address}")
+
+    # Fund Receiver with ALGO (for opt-in fees)
+    print("Funding Receiver with 0.3 ALGO...")
+    params = client.suggested_params()
+    pay_txn = PaymentTxn(platform_address, params, receiver_address, 300_000) # 0.3 ALGO
+    signed_pay_txn = pay_txn.sign(platform_private_key)
+    try:
+        txid = client.send_transaction(signed_pay_txn)
+        wait_for_confirmation(client, txid, 4)
+        print(f"Funded Receiver. TxID: {txid}")
+    except Exception as e:
+        print(f"Failed to fund receiver: {e}")
+        return
+
+    # 4. Opt-In Receiver to ADMC
+    print("Receiver opting in to ADMC...")
+    params = client.suggested_params()
+    optin_txn = AssetOptInTxn(receiver_address, params, asset_id)
+    signed_optin_txn = optin_txn.sign(receiver_private_key)
+    try:
+        txid = client.send_transaction(signed_optin_txn)
+        wait_for_confirmation(client, txid, 4)
+        print(f"Receiver Opted-in. TxID: {txid}")
+    except Exception as e:
+        print(f"Failed to opt-in: {e}")
+        return
+
+    # 5. Test Settlement (Transfer from Platform to Receiver)
+    print("\nTesting settle_rewards (10 ADMC)...")
+    try:
+        # Note: settle_rewards takes amount, calculates 2% fee, sends rest.
+        # If we send 10, Fee is 0.2, Receiver gets 9.8. 
+        # But wait, algorand_service.py logic:
+        # platform_fee = int(amount * 0.02)
+        # creator_final = amount - platform_fee
+        # It sends creator_final.
+        
+        # Let's try sending 100 raw units of ADMC (assuming 0 decimals or handling it)
+        # If ADMC has decimals, we need to account for that. 
+        # Verification script should just use raw integers for now as logic seems to expect int.
+        
+        test_amount = 100 # Raw units
+        txid = algorand_service.settle_rewards(receiver_address, test_amount)
+        
+        if txid:
+            print(f"Settlement Successful. TxID: {txid}")
+        else:
+            print("Settlement Failed (returned None).")
+            return
+
+    except Exception as e:
+        print(f"Settlement Exception: {e}")
+        return
+
+    # 6. Verify Final Balance
+    print("\nVerifying Receiver Balance...")
+    receiver_info = client.account_info(receiver_address)
+    receiver_assets = receiver_info.get('assets', [])
+    receiver_admc = 0
+    for asset in receiver_assets:
+        if asset['asset-id'] == asset_id:
+            receiver_admc = asset['amount']
+            break
+            
+    print(f"Receiver ADMC Balance: {receiver_admc}")
+    
+    expected = 100 - int(100 * 0.02)
+    if receiver_admc == expected:
+        print("SUCCESS: Balance matches expected amount (Amount - 2% fee).")
+    else:
+        print(f"FAILURE: Balance {receiver_admc} does not match expected {expected}.")
+
+if __name__ == "__main__":
+    main()