feat: implement real escrow creation and wallet-signed funding flow

apps/backend/src/modules/auth/controllers/auth.controller.ts

@@ -7,10 +7,15 @@ import {
   Req,
   HttpCode,
   HttpStatus,
+  Param,
+  BadRequestException,
+  NotFoundException,
 } from '@nestjs/common';
 import { Request } from 'express';
 import { ThrottlerGuard } from '@nestjs/throttler';
+import { StrKey } from '@stellar/stellar-sdk';
 import { AuthService } from '../services/auth.service';
+import { UserService } from '../../user/user.service';
 import {
   ChallengeDto,
   VerifyDto,
@@ -22,7 +27,28 @@ import { AuthGuard } from '../middleware/auth.guard';
 @Controller('auth')
 @UseGuards(ThrottlerGuard)
 export class AuthController {
-  constructor(private readonly authService: AuthService) {}
+  constructor(
+    private readonly authService: AuthService,
+    private readonly userService: UserService,
+  ) {}
+
+  /**
+   * Resolve a Vaultix user id by Stellar wallet address (counterparty must have signed in once).
+   */
+  @Get('wallet/:address')
+  @UseGuards(AuthGuard)
+  async getUserByWallet(@Param('address') address: string) {
+    if (!StrKey.isValidEd25519PublicKey(address)) {
+      throw new BadRequestException('Invalid Stellar address');
+    }
+    const user = await this.userService.findByWalletAddress(address);
+    if (!user) {
+      throw new NotFoundException(
+        'No Vaultix account exists for this wallet address',
+      );
+    }
+    return { id: user.id, walletAddress: user.walletAddress };
+  }
 
   @Post('challenge')
   @HttpCode(HttpStatus.OK)

apps/backend/src/modules/auth/middleware/auth.guard.ts

@@ -21,7 +21,10 @@ export class AuthGuard implements CanActivate {
 
     try {
       const payload = await this.authService.validateToken(token);
-      request['user'] = payload;
+      request['user'] = {
+        ...payload,
+        sub: payload.userId,
+      };
       return true;
     } catch {
       throw new UnauthorizedException('Invalid or expired token');

apps/backend/src/modules/escrow/controllers/escrow.controller.ts

@@ -89,6 +89,22 @@ export class EscrowController {
     return this.escrowService.findOverview(userId, query);
   }
 
+  @Get(':id/fund/prepare')
+  @UseGuards(EscrowAccessGuard)
+  @ApiOperation({
+    summary: 'Get unsigned funding transaction XDR for wallet signing',
+  })
+  async prepareFund(
+    @Param('id') id: string,
+    @Request() req: AuthenticatedRequest,
+  ) {
+    return this.escrowService.prepareFund(
+      id,
+      req.user.sub,
+      req.user.walletAddress,
+    );
+  }
+
   @Get(':id')
   @UseGuards(EscrowAccessGuard)
   async findOne(@Param('id') id: string) {

apps/backend/src/modules/escrow/dto/fund-escrow.dto.ts

@@ -1,7 +1,12 @@
-import { IsNumber, IsPositive } from 'class-validator';
+import { IsNumber, IsOptional, IsPositive, IsString } from 'class-validator';
 
 export class FundEscrowDto {
   @IsNumber()
   @IsPositive()
   amount: number;
+
+  /** Base64-encoded signed transaction envelope (wallet-signed funding tx). */
+  @IsOptional()
+  @IsString()
+  signedTransactionXdr?: string;
 }