Feat: Re implement functional authcontroller and connect use cases

[FabianSanchezD]

🚀 Volunchain Pull Request

Mark with an x all the checkboxes that apply (like [x])

• Closes Re-Implement Functional AuthController and Connect Use Cases #146
• Added tests (if necessary)
• Run tests
• Run formatting
• Evidence attached
• Commented the code

---

📌 Type of Change

• Documentation (updates to README, docs, or comments)
• Bug fix (non-breaking change which fixes an issue)
• Enhancement (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)

---

📝 Changes description

Implemented a function AuthController that doesn't return 501 error codes everytime. Each API endpoint corresponds to its specific usecase. Replaced stub methods with real implementations. Wired up request DTOs to use cases correctly.

Created 2 new usecases: Wallet Format Verification and Wallet Validation (Stellar SDK).

---

📸 Evidence (A photo is required as evidence)

API implemented.

---

⏰ Time spent breakdown

4 hours (mostly in the Wallet Validation Use Case)

---

🌌 Comments

Any comments, code reviews and feedback is appreciated! Anything I missed or something that could be included, don't doubt to contact me!

---

Thank you for contributing to Volunchain, we are glad that you have chosen us as your project of choice and we hope that you continue to contribute to this great project, so that together we can make our mark at the top!

Summary by CodeRabbit

• New Features

  • Introduced a messaging system, allowing users to send and receive messages within the platform.
  • Added wallet verification and wallet format validation endpoints for enhanced security.
  • Added tracking of hours contributed for volunteers and set a maximum number of volunteers per opportunity.
  • Projects now include a status indicator.

• Bug Fixes

  • Improved authentication endpoints for registration, login, and email verification.

• Chores

  • Updated authentication routes to use the new functional controller.
  • Made database schema enhancements for better data integrity and performance.

[coderabbitai]

Important

Review skipped

Review was skipped due to path filters

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

CodeRabbit blocks several paths by default. You can override this behavior by explicitly including those paths in the path filters. For example, including **/dist/** will override the default block on the dist directory, by removing the pattern from both the lists.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Walkthrough

This change replaces the stubbed authentication controller with a fully functional implementation, connecting all authentication endpoints to their respective use cases. It introduces new use cases for wallet verification and wallet format validation, updates authentication routes to use the new controller, and removes the stub controller. A minor update is made to a utility import in the certificate module. No changes are made to DTOs or utility helpers.

Changes

Cohort / File(s)	Change Summary
Database Migration prisma/migrations/20250808020526_init/migration.sql	Alters schema: adds/changes columns in several tables, creates new Message table, modifies keys and indexes.
Auth Controller Implementation src/modules/auth/presentation/controllers/Auth.controller.ts	Adds a fully implemented AuthController with endpoints wired to use cases, input validation, and proper error handling.
Auth Controller Stub Removal src/modules/auth/presentation/controllers/Auth.controller.stub.ts	Deletes the stub AuthController that returned 501 errors for all endpoints.
Wallet Use Cases src/modules/auth/use-cases/verify-wallet.usecase.ts, src/modules/auth/use-cases/wallet-format-validation.usecase.ts	Adds use cases for verifying wallet signatures and validating wallet format, with error handling and validation logic.
Auth Routes Update src/routes/authRoutes.ts	Switches route controller import from stub to the new functional AuthController.
Certificate Utility Minor Change src/modules/certificate/infrastructure/utils/pdfGenerator.ts	Comments out import of generateQRCode; no functional code changes.

Sequence Diagram(s)

sequenceDiagram
    participant Client
    participant AuthController
    participant UseCase
    participant Repository

    Client->>AuthController: POST /api/v1/auth/register (RegisterDto)
    AuthController->>UseCase: SendVerificationEmailUseCase.execute(RegisterDto)
    UseCase->>Repository: Create user, send email
    Repository-->>UseCase: Result
    UseCase-->>AuthController: Success/Error
    AuthController-->>Client: HTTP 200/400/500

    Client->>AuthController: POST /api/v1/auth/verify-wallet (WalletVerificationRequestDto)
    AuthController->>UseCase: VerifyWalletUseCase.execute(WalletVerificationRequestDto)
    UseCase->>External: Stellar Horizon API
    UseCase-->>AuthController: Verification result
    AuthController-->>Client: HTTP 200/400/500

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~40 minutes

Assessment against linked issues

Objective	Addressed	Explanation
Replace stub methods with real implementations (#146)	✅
Wire up request DTOs to use cases correctly (#146)	✅
Ensure responses match Swagger documentation and return proper HTTP codes (#146)	✅
Maintain separation of concerns and follow DDD practices (#146)	✅
All AuthController endpoints connected to their use cases and return actual results (#146)	✅

Assessment against linked issues: Out-of-scope changes

Code Change (file_path)	Explanation
Commenting out generateQRCode import (src/modules/certificate/infrastructure/utils/pdfGenerator.ts)	This change is unrelated to the AuthController objectives and not mentioned in the linked issue.

Possibly related PRs

• Move controllers to module structure and add controller-level tests #136: Refactors controllers into a module structure and adds controller-level tests, which is related to the new AuthController’s implementation and structure.

Suggested reviewers

• Villarley

Poem

A bunny hops with nimble feet,
The stub is gone—auth’s now complete!
Wallets checked and emails sent,
Use cases wired, controllers meant.
DTOs in line, responses true,
This code review is just for you!
🐇✨

✨ Finishing Touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai generate unit tests to generate unit tests for this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 3

🔭 Outside diff range comments (1)

src/modules/certificate/infrastructure/utils/pdfGenerator.ts (1)

25-29: Use a resilient asset path resolver instead of a brittle __dirname-based relative path

The code currently embeds the logo with:

const logoBytes = fs.readFileSync(
  path.join(__dirname, "../../../../assets/VolunChain.png")
);

Because your assets/VolunChain.png folder lives at the repo root (not under src), this four-level .. traverse actually resolves to src/assets/... and will almost certainly break once you transpile or bundle into dist. Instead, resolve against the project root (or a configurable base path) and ensure assets are copied into your final output:

• File: src/modules/certificate/infrastructure/utils/pdfGenerator.ts
Lines: 25–29

Suggested change:

- const logoBytes = fs.readFileSync(
-   path.join(__dirname, "../../../../assets/VolunChain.png")
- );
+ // Resolve from project root so path remains correct after build
+ const logoPath = path.resolve(process.cwd(), "assets", "VolunChain.png");
+ const logoBytes = fs.readFileSync(logoPath);

Also verify your build/post‐build steps copy the entire assets/ directory into dist/ (e.g., via a copy plugin or script) so that process.cwd() continues to point to a folder containing assets/VolunChain.png.

🧹 Nitpick comments (9)

src/modules/certificate/infrastructure/utils/pdfGenerator.ts (4)

30-34: Make QR generation non-fatal (graceful fallback)

Even with the import fixed, QR generation may fail (missing asset, library, network, etc.). Don’t fail certificate creation because of QR. Wrap it and proceed without QR when unavailable.

-  const qrBuffer = await generateQRCode(
-    `https://volunchain.org/verify/${uniqueId}`
-  );
-  const qrImage = await pdfDoc.embedPng(qrBuffer);
+  let qrImage: any;
+  try {
+    const qrBuffer = await generateQRCode(
+      `https://volunchain.org/verify/${uniqueId}`
+    );
+    qrImage = await pdfDoc.embedPng(qrBuffer);
+  } catch {
+    qrImage = undefined; // QR is optional; continue without it
+  }

---

39-41: Guard against undefined QR image when computing dimensions

Avoid accessing .scale on an undefined qrImage.

-  const qrDims = qrImage.scale(0.4);
+  const qrDims = qrImage ? qrImage.scale(0.4) : undefined;

---

124-130: Draw QR only if it exists

Prevent runtime errors and render without QR when generation fails.

-  page.drawImage(qrImage, {
-    x: 842 - qrDims.width - 40,
-    y: 40,
-    width: qrDims.width,
-    height: qrDims.height,
-  });
+  if (qrImage && qrDims) {
+    page.drawImage(qrImage, {
+      x: 842 - qrDims.width - 40,
+      y: 40,
+      width: qrDims.width,
+      height: qrDims.height,
+    });
+  }

---

5-5: Avoid “Invalid Date” in PDFs; handle bad eventDate values

Formatting an invalid date shows “Invalid Date”. Fall back to the raw input (or another default) when parsing fails.

-import { format } from "date-fns";
+import { format, isValid } from "date-fns";

-  const eventDateFormatted = format(new Date(eventDate), "EEEE do MMMM yyyy");
+  const dateObj = new Date(eventDate);
+  const eventDateFormatted = isValid(dateObj)
+    ? format(dateObj, "EEEE do MMMM yyyy")
+    : eventDate;

Also applies to: 93-101

src/modules/auth/use-cases/wallet-format-validation.usecase.ts (1)

12-23: Flatten nested validation errors & avoid double-validation

execute() re-validates a payload that was already validated in the controller and only surfaces root–level constraints, so nested DTOs (or future additions) will silently drop their error messages.

Consider:

-const messages = errors.flatMap((e) =>
-  Object.values(e.constraints ?? {})
-);
+import { ValidationError } from "class-validator";
+
+function collectMessages(errs: ValidationError[]): string[] {
+  return errs.flatMap(e =>
+    e.constraints ? Object.values(e.constraints) : collectMessages(e.children ?? [])
+  );
+}
+const messages = collectMessages(errors);

or rely on the controller’s first validation and accept a typed ValidateWalletFormatDto here to avoid the extra pass.

src/modules/auth/use-cases/verify-wallet.usecase.ts (1)

50-59: Strengthen signature decoding

Buffer.from(signature, "base64") almost never throws; invalid input silently yields an empty or truncated buffer.
Recommend explicit validation:

const sig = Buffer.from(signature, "base64");
if (sig.length !== 64) {
  return { verified: false, walletAddress, error: "Invalid signature length" };
}

This avoids passing malformed data into Keypair.verify.

src/routes/authRoutes.ts (1)

16-20: Route duplication may cause confusion

Both
POST /send-verification-email and POST /resend-verification call the same controller method.
If both are required, add comments clarifying their intended difference; otherwise remove one to keep the public API surface minimal.

src/modules/auth/presentation/controllers/Auth.controller.ts (2)

41-50: Do not leak raw class-validator objects to clients

validateOr400 returns the entire ValidationError[], exposing internal property names and validation metadata.
Return only the human-readable constraint messages or a custom error schema to avoid coupling clients to implementation details.

---

64-69: Status code mapping looks inverted for registration failures

During registration the only expected failure from SendVerificationEmailUseCase is usually “User already exists”, not “User not found”.
Map known conditions explicitly and default to 500 for unexpected ones:

const status =
  message === "User already exists" ? 409 : 500;

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 5e4de23 and 0b7397e.

📒 Files selected for processing (7)

• prisma/migrations/20250808020526_init/migration.sql (1 hunks)
• src/modules/auth/presentation/controllers/Auth.controller.stub.ts (0 hunks)
• src/modules/auth/presentation/controllers/Auth.controller.ts (1 hunks)
• src/modules/auth/use-cases/verify-wallet.usecase.ts (1 hunks)
• src/modules/auth/use-cases/wallet-format-validation.usecase.ts (1 hunks)
• src/modules/certificate/infrastructure/utils/pdfGenerator.ts (1 hunks)
• src/routes/authRoutes.ts (2 hunks)

💤 Files with no reviewable changes (1)

• src/modules/auth/presentation/controllers/Auth.controller.stub.ts

🧰 Additional context used

🧬 Code Graph Analysis (1)

src/modules/auth/use-cases/wallet-format-validation.usecase.ts (1)

src/modules/auth/dto/wallet-validation.dto.ts (1)

• ValidateWalletFormatDto (3-15)

[coderabbitai]

⚠️ Potential issue

Referential integrity lost – foreign keys dropped but never re-added

The migration removes every FK on Certificate, NFT, Project, UserVolunteer, Volunteer and escrows yet does not recreate them afterwards.
This leaves the DB without critical constraints, allowing orphaned rows and breaking Prisma’s relation expectations.

Re-add the FKs (with ON DELETE … clauses matching domain rules) in the same migration or a follow-up script before shipping.

🤖 Prompt for AI Agents

In prisma/migrations/20250808020526_init/migration.sql between lines 8 and 37,
the migration drops multiple foreign key constraints but does not re-add them,
which breaks referential integrity. To fix this, add SQL statements after the
DROP CONSTRAINT commands to recreate each foreign key constraint with
appropriate ON DELETE rules that reflect the domain logic, ensuring the database
maintains proper relational integrity and aligns with Prisma's expectations.

[coderabbitai]

⚠️ Potential issue

Horizon.Server is not part of @stellar/stellar-sdk runtime

@stellar/stellar-sdk exports Server directly; the Horizon namespace only contains types. At runtime new Horizon.Server() will throw TypeError: Cannot read properties of undefined.

-import { Keypair, StrKey, Horizon } from "@stellar/stellar-sdk";
+import { Keypair, StrKey, Server } from "@stellar/stellar-sdk";

-const server = new Horizon.Server(horizonConfig.url, {
+const server = new Server(horizonConfig.url, {
   allowHttp: horizonConfig.url.startsWith("http://"),
 });

Update the import and instantiation to prevent a production crash.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	import { Keypair, StrKey, Horizon } from "@stellar/stellar-sdk";
	import { VerifyWalletDto } from "../dto/wallet-validation.dto";
	import { horizonConfig } from "../../../config/horizon.config";
	type WalletVerificationResult = {
	verified: boolean;
	walletAddress: string;
	error?: string;
	};
	export class VerifyWalletUseCase {
	async execute(input: VerifyWalletDto): Promise<WalletVerificationResult> {
	const { walletAddress, signature, message } = input;
	// Validate public key format
	if (!StrKey.isValidEd25519PublicKey(walletAddress)) {
	return {
	verified: false,
	walletAddress,
	error: "Invalid Stellar public key",
	};
	}
	// Check that account exists on Horizon network before signature verification
	try {
	const server = new Horizon.Server(horizonConfig.url, {
	allowHttp: horizonConfig.url.startsWith("http://"),
	});
	await server.accounts().accountId(walletAddress).call();
	} catch (err: unknown) {
	import { Keypair, StrKey, Server } from "@stellar/stellar-sdk";
	import { VerifyWalletDto } from "../dto/wallet-validation.dto";
	import { horizonConfig } from "../../../config/horizon.config";
	type WalletVerificationResult = {
	verified: boolean;
	walletAddress: string;
	error?: string;
	};
	export class VerifyWalletUseCase {
	async execute(input: VerifyWalletDto): Promise<WalletVerificationResult> {
	const { walletAddress, signature, message } = input;
	// Validate public key format
	if (!StrKey.isValidEd25519PublicKey(walletAddress)) {
	return {
	verified: false,
	walletAddress,
	error: "Invalid Stellar public key",
	};
	}
	// Check that account exists on Horizon network before signature verification
	try {
	const server = new Server(horizonConfig.url, {
	allowHttp: horizonConfig.url.startsWith("http://"),
	});
	await server.accounts().accountId(walletAddress).call();
	} catch (err: unknown) {
	// …existing error handling…
	}
	}
	}

🤖 Prompt for AI Agents

In src/modules/auth/use-cases/verify-wallet.usecase.ts lines 1 to 30, the code
imports Horizon from "@stellar/stellar-sdk" and tries to instantiate the server
with new Horizon.Server(), but Horizon.Server is undefined at runtime causing a
crash. Fix this by importing Server directly from "@stellar/stellar-sdk" and
instantiate it with new Server(...) instead of new Horizon.Server(...).

[coderabbitai]

💡 Verification agent

🧩 Analysis chain

Critical: Commented-out QR import breaks build

generateQRCode is still used (Lines 30–34) but its import was commented out. This will fail TypeScript compilation at minimum and break PDF generation at runtime.

Apply this minimal fix to restore functionality:

-// import { generateQRCode } from "./qrGenerator"; //Function not found, commented out
+import { generateQRCode } from "./qrGenerator";

If the module path truly changed or the file is missing, please locate or re-add it. You can verify with:

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "Searching for qrGenerator module files..."
fd -a -t f 'qrGenerator.(ts|js)'

echo "Searching for generateQRCode definitions..."
rg -n 'export\s+(?:async\s+)?function\s+generateQRCode|export\s+const\s+generateQRCode|module\.exports\s*=\s*{[^}]*generateQRCode'

Length of output: 751

---

We need to inspect the qrGenerator.ts to confirm the exported function and correct import path before updating. Let’s dump its contents:

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

# Locate the qrGenerator file
file_path=$(fd -a -t f 'qrGenerator.ts' | head -n1)
echo "Found qrGenerator at: $file_path"

# Show the first 50 lines to confirm the export
sed -n '1,50p' "$file_path"

Length of output: 558

---

Let’s inspect pdfGenerator.ts to confirm the current imports and where generateQRCode is used:

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "=== Top of pdfGenerator.ts ==="
sed -n '1,20p' src/modules/certificate/infrastructure/utils/pdfGenerator.ts

echo
echo "=== Occurrences of generateQRCode ==="
grep -R -n 'generateQRCode' src/modules/certificate/infrastructure/utils/pdfGenerator.ts

Length of output: 1004

---

Restore and correct QRCode import

The generateQRCode function is still invoked around line 30, but its import was commented out and pointed to a non-existent file. Replace it with the correct relative path into src/shared/infrastructure/utils/qrGenerator.ts:

- // import { generateQRCode } from "./qrGenerator"; //Function not found, commented out
+ import { generateQRCode } from "../../../../shared/infrastructure/utils/qrGenerator";

Make sure that this path aligns with your tsconfig (e.g. adjust for any baseUrl or path aliases).

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	// import { generateQRCode } from "./qrGenerator"; //Function not found, commented out
	-import { generateQRCode } from "./qrGenerator"; //Function not found, commented out
	+import { generateQRCode } from "../../../../shared/infrastructure/utils/qrGenerator";

🤖 Prompt for AI Agents

In src/modules/certificate/infrastructure/utils/pdfGenerator.ts at line 4, the
import for generateQRCode is commented out and points to a non-existent file,
but the function is still used around line 30. Restore the import statement and
update its path to the correct relative location:
src/shared/infrastructure/utils/qrGenerator.ts. Verify and adjust the import
path according to your tsconfig settings, such as baseUrl or path aliases, to
ensure it resolves correctly.