Skip to content

feat: domain exceptions admin auth asset validation owner nfts#374

Merged
Oluwaseyi89 merged 10 commits into
NFTopia-Foundation:mainfrom
titilayo967:feature/domain-exceptions-admin-auth-asset-validation-owner-nfts
Jul 6, 2026
Merged

feat: domain exceptions admin auth asset validation owner nfts#374
Oluwaseyi89 merged 10 commits into
NFTopia-Foundation:mainfrom
titilayo967:feature/domain-exceptions-admin-auth-asset-validation-owner-nfts

Conversation

@titilayo967

Copy link
Copy Markdown
Contributor

Implement domain exceptions, admin authorization, asset validation, and owner NFT integration

Overview

This PR replaces generic Error throws with domain-specific exceptions in marketplace-settlement, implements real admin authorization checks in GraphQL resolvers, enforces asset whitelist validation in smart contracts, and integrates owner NFT fetching with pagination.

Changes

Domain Exceptions in Marketplace Settlement (#294)

  • Replace all throw new Error() statements with typed NestJS HttpException subclasses
  • Map contract errors to appropriate status codes (BadRequest, PaymentRequired, NotFound, GatewayTimeout)
  • Update withRetry helper to preserve exception types when re-throwing
  • Add typed error classes (SorobanContractError, SorobanRpcError) extending HttpException
  • Ensure error responses include proper code field for client-side handling
  • Add proper error logging before throwing domain exceptions

Admin Authorization in Order Resolver (#293)

  • Add @Roles(UserRole.ADMIN, UserRole.MODERATOR) decorator to salesAnalytics resolver
  • Extend GraphqlContext interface to include user role from JWT payload
  • Create GqlRolesGuard for GraphQL resolvers with proper context extraction
  • Replace TODO comment with real role check logic
  • Implement real sales analytics aggregating actual order data
  • Add unit tests for all authorization scenarios (admin, moderator, user, unauthenticated)

Real Asset Validation in Smart Contract (#242)

  • Implement validate_asset() with real membership check against whitelist
  • Add SUPPORTED_ASSETS_KEY persistent storage key
  • Implement admin-gated add_supported_asset, remove_supported_asset, get_supported_assets functions
  • Replace empty whitelist with storage-backed list in create_sale, create_auction, create_bundle
  • Add unit tests covering empty list, asset in list, asset not in list, duplicate add, remove non-existent, unauthorized caller

My NFTs Integration (#221)

  • Fetch owner NFTs via GET /nfts?ownerId={id}&page={page}&limit={limit} on page load
  • Render NFT cards with image preview, name, tokenId, and collection badge
  • Implement pagination controls (next/previous) with proper disable logic
  • Add loading, empty, and error states with retry functionality
  • Use authenticated user id from session

Files Added

  • GqlRolesGuard for GraphQL authorization
  • Typed error classes (SorobanContractError, SorobanRpcError)
  • Storage key constant for asset whitelist
  • My NFTs page tests

Files Modified

  • marketplace-settlement.client.ts (domain exceptions)
  • order.resolver.ts (admin authorization)
  • order.service.ts (real sales analytics)
  • GraphqlContext interface (user role)
  • asset_utils.rs (real validation)
  • settlement_core.rs (admin entry points, storage wiring)
  • my-nfts/page.tsx (real API integration)

Closes #294
Closes #293
Closes #242
Closes #221

…ptions-admin-auth-asset-validation-owner-nfts
- Add custom error classes extending HttpException for better error discrimination:
  - SorobanContractError (ContractError) for contract execution failures
  - SorobanRpcError (SorobanRpcError) for RPC service issues
  - InsufficientBalanceError (InsufficientBalanceError) for balance errors
  - InvalidSignatureError (InvalidSignatureError) for signature validation
  - TransactionFailedError (TransactionFailedError) for transaction failures
- Update withRetry helper to preserve HttpException types when re-throwing
- Replace handleContractError with proper domain-specific exception mapping
- Add proper error logging before throwing domain exceptions
- Wrap getEventsSince error handling with typed exception mapping
- Remove all throw new Error() statements in favor of HttpException subclasses
- Export error classes for use in other modules

This ensures StellarErrorInterceptor can properly map errors using ERROR_MAP
based on error names, returning correct HTTP status codes and error codes.
…xception

- Replace PaymentRequiredException with HttpException(402) as it doesn't exist in @nestjs/common
- Add HttpException to imports for InsufficientBalanceError
- Remove duplicate export block at bottom of file (classes already exported at top)
- Fix TypeScript compilation errors (TS2305, TS2323, TS2484)
- Add GqlRolesGuard for GraphQL-specific role-based authorization
- Add role field to GraphqlUser interface and JWT strategy
- Update JwtStrategy to include role and stellarAddress from payload
- Update GqlAuthGuard handleRequest to preserve role in user object
- Apply @roles(ADMIN, MODERATOR) to salesAnalytics query
- Remove TODO comment and implement proper admin authorization
- Add security audit logging for unauthorized access attempts
- Fix handleRequest signature with missing context parameter
- Improve type safety in GqlRolesGuard with RequestUser interface
…agement

- Add supported_assets_key helper function for persistent storage
- Initialize empty asset whitelist during contract initialization
- Add get_supported_assets view function to query whitelist
- Add add_supported_asset admin function with duplicate detection
- Add remove_supported_asset admin function with existence check
- Replace empty Vec with storage-backed whitelist in create_sale
- Replace empty Vec with storage-backed whitelist in create_auction
- Replace empty Vec with storage-backed whitelist in create_bundle
- Enforce asset validation against admin-managed whitelist
- Add NFT types (NFT, NFTAttribute, NFTPaginationResponse, NFTQueryParams)
- Create NFTService with getOwnerNFTs and getNFT methods
- Implement NFTGrid component with loading, empty, and error states
- Build full My NFTs page with pagination, search, and wallet integration
- Add user support to wallet store with WalletUser interface
- Add convenience selectors for wallet store access
- Replace placeholder Coming Soon page with fully functional NFT gallery
- Include debounced search, pagination controls, and responsive grid layout
- Add asset to supported assets list before creating bundle
- Register NFT contract in test setup
- Use proper asset variable instead of underscore
- Add newline at end of settlement_core.rs
@drips-wave

drips-wave Bot commented Jul 6, 2026

Copy link
Copy Markdown

@titilayo967 Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits.

You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀

Learn more about application limits

@Oluwaseyi89 Oluwaseyi89 merged commit 698e255 into NFTopia-Foundation:main Jul 6, 2026
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

2 participants