Merge pull request #173 from EDOHWARES/chore/stellar-address-validation

add stellar addr val

Author: greatest0fallt1me

src/__test__/adminAuth.test.ts

@@ -1,7 +1,7 @@
 import express from "express";
 import request from "supertest";
 import { adminAuth, ADMIN_KEY_HEADER } from "../middleware/adminAuth.js";
-import { afterEach, beforeEach } from "node:test";
+import { describe, it, expect, beforeEach, afterEach } from "vitest";
 
 const SECRET = "test-admin-secret-key";
 

src/__tests__/index.test.ts

@@ -24,8 +24,11 @@ describe('Main Application', () => {
       .expect(200);
 
     expect(response.body).toEqual({
-      status: 'ok',
-      service: 'creditra-backend'
+      data: {
+        status: 'ok',
+        service: 'creditra-backend'
+      },
+      error: null
     });
 
     // Restore original PORT
@@ -43,17 +46,17 @@ describe('Main Application', () => {
       .get('/api/credit/lines')
       .expect(200);
 
-    expect(response.body.creditLines).toBeDefined();
+    expect(response.body.data.creditLines).toBeDefined();
   });
 
   it('should handle risk routes', async () => {
     const { default: app } = await import('../index.js');
 
     const response = await request(app)
       .post('/api/risk/evaluate')
-      .send({ walletAddress: 'test-wallet' })
+      .send({ walletAddress: 'GBAHQCUPC7G2B4D2F2I2K2M2O2Q2S2U2W2Y2A2C2E2G2I2K2M2O2Q2S1' })
       .expect(200);
 
-    expect(response.body.walletAddress).toBe('test-wallet');
+    expect(response.body.data.walletAddress).toBe('GBAHQCUPC7G2B4D2F2I2K2M2O2Q2S2U2W2Y2A2C2E2G2I2K2M2O2Q2S1');
   });
 });

src/__tests__/risk.test.ts

@@ -14,33 +14,44 @@ afterAll(() => {
 });
 
 describe('POST /api/risk/evaluate (public)', () => {
-    it('returns 200 with a valid walletAddress', async () => {
+    it('returns 200 with a valid Stellar walletAddress', async () => {
+        const validAddress = 'GBAHQCUPC7G2B4D2F2I2K2M2O2Q2S2U2W2Y2A2C2E2G2I2K2M2O2Q2S2';
         const res = await request(app)
             .post('/api/risk/evaluate')
-            .send({ walletAddress: '0xDeAdBeEf' });
+            .send({ walletAddress: validAddress });
         expect(res.status).toBe(200);
-        expect(res.body.walletAddress).toBe('0xDeAdBeEf');
+        expect(res.body.walletAddress).toBe(validAddress);
         expect(res.body).toHaveProperty('riskScore');
         expect(res.body).toHaveProperty('creditLimit');
         expect(res.body).toHaveProperty('interestRateBps');
     });
 
+    it('returns 400 with an invalid Stellar walletAddress', async () => {
+        const res = await request(app)
+            .post('/api/risk/evaluate')
+            .send({ walletAddress: 'invalid-address' });
+        expect(res.status).toBe(400);
+        expect(res.body.error).toBe('Validation failed');
+        expect(res.body.details[0].message).toBe('Invalid Stellar wallet address');
+    });
+
     it('returns 400 when walletAddress is missing', async () => {
         const res = await request(app).post('/api/risk/evaluate').send({});
         expect(res.status).toBe(400);
-        expect(res.body).toEqual({ error: 'walletAddress required' });
+        expect(res.body.error).toBe('Validation failed');
+        expect(res.body.details[0].message).toBe('walletAddress is required');
     });
 
     it('returns 400 when body is empty', async () => {
-        const res = await request(app).post('/api/risk/evaluate');
+        const res = await request(app).post('/api/risk/evaluate').send({});
         expect(res.status).toBe(400);
-        expect(res.body).toEqual({ error: 'walletAddress required' });
+        expect(res.body.error).toBe('Validation failed');
     });
 
     it('does not require an API key', async () => {
         const res = await request(app)
             .post('/api/risk/evaluate')
-            .send({ walletAddress: '0x1234' });
+            .send({ walletAddress: 'GBAHQCUPC7G2B4D2F2I2K2M2O2Q2S2U2W2Y2A2C2E2G2I2K2M2O2Q2S2' });
         expect(res.status).toBe(200);
     });
 });

src/__tests__/stellar_validation.test.ts

@@ -0,0 +1,87 @@
+import { describe, it, expect, beforeAll } from 'vitest';
+import request from 'supertest';
+import { app } from '../index.js';
+
+const VALID_ADDRESS = 'GBAHQCUPC7G2B4D2F2I2K2M2O2Q2S2U2W2Y2A2C2E2G2I2K2M2O2Q2S2';
+const INVALID_ADDRESS = 'invalid-stellar-address';
+
+describe('Stellar Address Validation', () => {
+  beforeAll(() => {
+    process.env.NODE_ENV = 'test';
+  });
+
+  describe('POST /api/risk/evaluate', () => {
+    it('should accept a valid Stellar address', async () => {
+      const res = await request(app)
+        .post('/api/risk/evaluate')
+        .send({ walletAddress: VALID_ADDRESS });
+      expect(res.status).toBe(200);
+    });
+
+    it('should reject an invalid Stellar address', async () => {
+      const res = await request(app)
+        .post('/api/risk/evaluate')
+        .send({ walletAddress: INVALID_ADDRESS });
+      expect(res.status).toBe(400);
+      expect(res.body.error).toBe('Validation failed');
+      expect(res.body.details[0].message).toBe('Invalid Stellar wallet address');
+    });
+  });
+
+  describe('POST /api/credit/lines', () => {
+    it('should accept a valid Stellar address', async () => {
+      const res = await request(app)
+        .post('/api/credit/lines')
+        .send({ walletAddress: VALID_ADDRESS, requestedLimit: '1000' });
+      expect(res.status).toBe(201);
+    });
+
+    it('should reject an invalid Stellar address', async () => {
+      const res = await request(app)
+        .post('/api/credit/lines')
+        .send({ walletAddress: INVALID_ADDRESS, requestedLimit: '1000' });
+      expect(res.status).toBe(400);
+      expect(res.body.error).toBe('Validation failed');
+    });
+  });
+
+  describe('GET /api/credit/wallet/:walletAddress/lines', () => {
+    it('should accept a valid Stellar address', async () => {
+      const res = await request(app).get(`/api/credit/wallet/${VALID_ADDRESS}/lines`);
+      expect(res.status).toBe(200);
+    });
+
+    it('should reject an invalid Stellar address', async () => {
+      const res = await request(app).get(`/api/credit/wallet/${INVALID_ADDRESS}/lines`);
+      expect(res.status).toBe(400);
+      expect(res.body.error).toBe('Validation failed');
+    });
+  });
+
+  describe('GET /api/risk/wallet/:walletAddress/latest', () => {
+    it('should accept a valid Stellar address', async () => {
+      const res = await request(app).get(`/api/risk/wallet/${VALID_ADDRESS}/latest`);
+      // It might return 404 if not found, but it should pass validation
+      expect([200, 404]).toContain(res.status);
+    });
+
+    it('should reject an invalid Stellar address', async () => {
+      const res = await request(app).get(`/api/risk/wallet/${INVALID_ADDRESS}/latest`);
+      expect(res.status).toBe(400);
+      expect(res.body.error).toBe('Validation failed');
+    });
+  });
+
+  describe('GET /api/risk/wallet/:walletAddress/history', () => {
+    it('should accept a valid Stellar address', async () => {
+      const res = await request(app).get(`/api/risk/wallet/${VALID_ADDRESS}/history`);
+      expect(res.status).toBe(200);
+    });
+
+    it('should reject an invalid Stellar address', async () => {
+      const res = await request(app).get(`/api/risk/wallet/${INVALID_ADDRESS}/history`);
+      expect(res.status).toBe(400);
+      expect(res.body.error).toBe('Validation failed');
+    });
+  });
+});

src/middleware/validate.ts

@@ -61,3 +61,25 @@ export function validateQuery<T>(schema: z.ZodType<T>) {
     next();
   };
 }
+
+/**
+ * Express middleware factory that validates `req.params` against a Zod schema.
+ */
+export function validateParams<T>(schema: z.ZodType<T>) {
+  return (req: Request, res: Response, next: NextFunction): void => {
+    const result = schema.safeParse(req.params);
+
+    if (!result.success) {
+      const details = result.error.issues.map((issue) => ({
+        field: issue.path.join('.'),
+        message: issue.message,
+      }));
+
+      res.status(400).json({ error: 'Validation failed', details });
+      return;
+    }
+
+    req.params = result.data as any;
+    next();
+  };
+}

src/models/CreditLine.ts

@@ -3,6 +3,7 @@ export interface CreditLine {
   walletAddress: string;
   creditLimit: string; // Using string for precise decimal handling
   availableCredit: string;
+  utilized: string;
   interestRateBps: number; // Basis points (e.g., 500 = 5%)
   status: CreditLineStatus;
   createdAt: Date;
@@ -26,4 +27,5 @@ export interface UpdateCreditLineRequest {
   creditLimit?: string;
   interestRateBps?: number;
   status?: CreditLineStatus;
+  utilized?: string;
 }

src/openapi.yaml

@@ -1071,6 +1071,87 @@ paths:
                 error: Risk evaluation not found
                 id: "abc123"
 
+  /api/risk/wallet/{walletAddress}/latest:
+    get:
+      tags: [Risk]
+      operationId: getLatestRiskEvaluation
+      summary: Get the latest risk evaluation for a wallet
+      parameters:
+        - name: walletAddress
+          in: path
+          required: true
+          schema:
+            type: string
+            pattern: '^G[A-Z2-7]{55}$'
+          description: Stellar public key
+      responses:
+        "200":
+          description: Risk evaluation found
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/RiskEvaluateResponse"
+        "400":
+          description: Invalid wallet address
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/ErrorResponse"
+        "404":
+          description: No risk evaluation found for wallet
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/ErrorResponse"
+
+  /api/risk/wallet/{walletAddress}/history:
+    get:
+      tags: [Risk]
+      operationId: getRiskEvaluationHistory
+      summary: Get risk evaluation history for a wallet
+      parameters:
+        - name: walletAddress
+          in: path
+          required: true
+          schema:
+            type: string
+            pattern: '^G[A-Z2-7]{55}$'
+          description: Stellar public key
+        - name: offset
+          in: query
+          required: false
+          schema:
+            type: integer
+            minimum: 0
+          description: Pagination offset
+        - name: limit
+          in: query
+          required: false
+          schema:
+            type: integer
+            minimum: 1
+            maximum: 100
+          description: Pagination limit
+      responses:
+        "200":
+          description: Array of risk evaluations
+          content:
+            application/json:
+              schema:
+                type: object
+                properties:
+                  evaluations:
+                    type: array
+                    items:
+                      $ref: "#/components/schemas/RiskEvaluation"
+        "400":
+          description: Invalid parameters
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/ErrorResponse"
+
+
 components:
   schemas:
     HealthResponse:
@@ -1120,8 +1201,9 @@ components:
       properties:
         walletAddress:
           type: string
-          description: EVM-compatible wallet address
-          example: "0xAbC1234567890abcdef1234567890abcdef123456"
+          description: Stellar public key (G...)
+          pattern: '^G[A-Z2-7]{55}$'
+          example: "GBAHQCUPC7G2B4D2F2I2K2M2O2Q2S2U2W2Y2A2C2E2G2I2K2M2O2Q2S2"
         forceRefresh:
           type: boolean
           description: Optional hint to bypass cache and recalculate risk

src/repositories/memory/InMemoryCreditLineRepository.ts

@@ -14,6 +14,7 @@ export class InMemoryCreditLineRepository implements CreditLineRepository {
       walletAddress: request.walletAddress,
       creditLimit: request.creditLimit,
       availableCredit: request.creditLimit, // Initially full credit available
+      utilized: '0',
       interestRateBps: request.interestRateBps,
       status: CreditLineStatus.ACTIVE,
       createdAt: now,
@@ -101,6 +102,12 @@ export class InMemoryCreditLineRepository implements CreditLineRepository {
       updatedAt: new Date()
     };
 
+    // Keep availableCredit in sync if utilized changes
+    if (request.utilized !== undefined) {
+      const limit = parseFloat(updated.creditLimit);
+      const utilized = parseFloat(request.utilized);
+      updated.availableCredit = (limit - utilized).toString();
+    }
     // If credit limit changed, adjust available credit proportionally
     if (request.creditLimit && request.creditLimit !== existing.creditLimit) {
       const oldLimit = parseFloat(existing.creditLimit);