Fix GET /reputation/me — unreachable route and missing auth guard#122
Open
BrayanMQ wants to merge 2 commits into
Open
Fix GET /reputation/me — unreachable route and missing auth guard#122BrayanMQ wants to merge 2 commits into
BrayanMQ wants to merge 2 commits into
Conversation
Move the me route above :wallet so it is no longer swallowed by the wallet param matcher, and add JwtAuthGuard + CurrentUser so the handler actually receives an authenticated wallet instead of always throwing UnauthorizedException.
Update unit and e2e specs to mock JwtAuthGuard the same way users.controller does, and assert that GET /reputation/me returns score for an authenticated caller, 401 without a token, and is never captured by the :wallet route.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
🔗 Related Issue
Closes #115
🔖 Title
Fix
GET /reputation/me— unreachable route and missing auth guard📝 Description
GET /reputation/mewas permanently unreachable and would not have worked even if reached, due to two separate bugs:@Get(':wallet')was declared before@Get('me'), so Fastify matched/reputation/meagainst the:wallethandler first. The wallet regex rejects"me", so the endpoint always 400'd.req.user?.walletdirectly with no@UseGuards(JwtAuthGuard), soreq.userwas alwaysundefinedand the endpoint always threwUnauthorizedException.🔄 Changes Made
@Get('me')above@Get(':wallet')inreputation.controller.ts@UseGuards(JwtAuthGuard)+@ApiBearerAuth()toGET /reputation/me@Request() reqwith@CurrentUser() user, matching theGET /users/mepatternPassportModuleandJwtModuleinreputation.module.tsreputation.controller.spec.ts: authenticated call returns score, guard-mocked, errors propagatereputation.e2e-spec.ts: valid token → 200, no token → 401, malformed header → 401, route precedence (/menot swallowed by:wallet)📸 Screenshots (if applicable)
N/A — backend-only change, no UI impact.
✅ Test Evidence
Unit tests (
npx jest) — full suite, no regressions:Reputation unit tests (
npx jest reputation):Reputation e2e tests (
npx jest --config ./test/jest-e2e.json reputation):All 6
/reputation/mecases (the scope of this issue) pass. The 3 failures underGET /reputation/:walletare pre-existing onmain— the test file mocksReputationContractClient/SorobanService, butReputationService.getReputationScoreactually derives the score from an internal deterministic hash and never calls those clients. Confirmed by running the same suite againstmainbefore this branch's changes — identical 3 failures. Out of scope for this issue; left untouched to avoid scope creep.🗒️ Additional Notes
PassportModule/JwtModulewere added toreputation.module.tsper the issue checklist. Functionally,AuthGuard('jwt')already works without them (the'jwt'Passport strategy registers globally onceAuthModuleloads inAppModule— this is whyUsersModuleworks without importing them), but they're included explicitly per the issue's acceptance criteria and for clarity/robustness.npm run lintcurrently fails onmainitself (ESLint couldn't find a configuration file), unrelated to this PR.