Merge pull request #282 from DanielCharis1/fix-issues-260-259-258-270

Fix issues #260, #259, #258, #270: Implement SEO metadata, soft delet…

Author: LaGodxy

prisma/migrations/20260330000000_add_seo_and_soft_delete_fields.sql

@@ -0,0 +1,12 @@
+-- CreateTable
+ALTER TABLE "properties" ADD COLUMN     "deleted_at" TIMESTAMP(3),
+ADD COLUMN     "is_deleted" BOOLEAN NOT NULL DEFAULT false,
+ADD COLUMN     "meta_title" TEXT,
+ADD COLUMN     "meta_description" TEXT,
+ADD COLUMN     "meta_keywords" TEXT[];
+
+-- CreateIndex
+CREATE INDEX "properties_is_deleted_idx" ON "properties"("is_deleted");
+
+-- CreateIndex
+CREATE INDEX "properties_deleted_at_idx" ON "properties"("deleted_at");

prisma/schema.prisma

@@ -110,6 +110,10 @@ model Property {
   createdAt         DateTime       @default(now()) @map("created_at")
   updatedAt         DateTime       @updatedAt @map("updated_at")
 
+  // Soft delete fields for issues #258 and #259
+  deletedAt         DateTime?      @map("deleted_at")
+  isDeleted         Boolean        @default(false) @map("is_deleted")
+
   // Valuation fields
   estimatedValue    Decimal?       @map("estimated_value")
   valuationDate     DateTime?      @map("valuation_date")
@@ -136,6 +140,11 @@ model Property {
 
   rejectionReason   String?        @map("rejection_reason")
 
+  // SEO metadata fields for issue #260
+  metaTitle         String?        @map("meta_title")
+  metaDescription   String?        @map("meta_description")
+  metaKeywords      String[]       @map("meta_keywords")
+
   // Relationships
   reports           PropertyReport[]
   versions          PropertyVersion[]
@@ -151,6 +160,8 @@ model Property {
   @@index([status, createdAt(sort: Desc)]) // For property listings by status and date
   @@index([ownerId, createdAt(sort: Desc)]) // For owner's properties by date
   @@index([status, price]) // For property search by status and price
+  @@index([isDeleted]) // For filtering soft-deleted properties
+  @@index([deletedAt]) // For cleanup of old soft-deleted properties
   @@unique([ownerId, title, location]) // Prevent duplicate properties for same owner with same title and location
   @@unique([latitude, longitude, ownerId]) // Prevent duplicate properties at same coordinates for same owner
   @@map("properties")

src/auth/auth.module.ts

@@ -9,6 +9,8 @@ import { LocalStrategy } from './strategies/local.strategy';
 import { Web3Strategy } from './strategies/web3.strategy';
 import { JwtAuthGuard } from './guards/jwt-auth.guard';
 import { LoginAttemptsGuard } from './guards/login-attempts.guard';
+import { WalletSignatureService } from './wallet-signature.service';
+import { WalletSignatureGuard } from './guards/wallet-signature.guard';
 import { MfaModule } from './mfa/mfa.module';
 import { UsersModule } from '../users/users.module';
 
@@ -35,6 +37,7 @@ import { UsersModule } from '../users/users.module';
     JwtStrategy,
     LocalStrategy,
     Web3Strategy,
+    WalletSignatureService,
     {
       provide: 'JwtAuthGuard',
       useClass: JwtAuthGuard,
@@ -43,9 +46,13 @@ import { UsersModule } from '../users/users.module';
       provide: 'LoginAttemptsGuard',
       useClass: LoginAttemptsGuard,
     },
+    {
+      provide: 'WalletSignatureGuard',
+      useClass: WalletSignatureGuard,
+    },
     // NOTE: Removed UserService here because it's now imported via UsersModule
     // NOTE: Removed RedisService as it's now globally provided by LoggingModule
   ],
-  exports: [AuthService],
+  exports: [AuthService, WalletSignatureService],
 })
 export class AuthModule {}

src/auth/guards/wallet-signature.guard.ts

@@ -0,0 +1,39 @@
+import { Injectable, ExecutionContext, UnauthorizedException } from '@nestjs/common';
+import { Reflector } from '@nestjs/core';
+import { WalletSignatureService } from './wallet-signature.service';
+
+/**
+ * Wallet Signature Guard
+ * 
+ * Protects endpoints by requiring valid wallet signature verification.
+ * This guard addresses issue #270 by ensuring wallet ownership is verified.
+ */
+@Injectable()
+export class WalletSignatureGuard {
+  constructor(
+    private readonly walletSignatureService: WalletSignatureService,
+    private readonly reflector: Reflector,
+  ) {}
+
+  async canActivate(context: ExecutionContext): Promise<boolean> {
+    const request = context.switchToHttp().getRequest();
+    const user = request.user;
+
+    if (!user) {
+      throw new UnauthorizedException('User not authenticated');
+    }
+
+    // Check if user has a wallet address
+    if (!user.walletAddress) {
+      throw new UnauthorizedException('User must have a wallet address for this operation');
+    }
+
+    // Verify wallet ownership using signature
+    try {
+      this.walletSignatureService.verifyWalletOwnership(request, user.walletAddress);
+      return true;
+    } catch (error) {
+      throw new UnauthorizedException('Invalid wallet signature');
+    }
+  }
+}

src/auth/wallet-signature.service.ts

@@ -0,0 +1,123 @@
+import { Injectable, Logger, UnauthorizedException } from '@nestjs/common';
+import { Request } from 'express';
+import * as StellarSdk from 'stellar-sdk';
+
+/**
+ * Wallet Signature Verification Service
+ * 
+ * Handles verification of Stellar wallet signatures to authenticate users.
+ * This service addresses issue #270 by ensuring that wallet address ownership
+ * is verified before allowing sensitive operations like email updates.
+ */
+@Injectable()
+export class WalletSignatureService {
+  private readonly logger = new Logger(WalletSignatureService.name);
+
+  /**
+   * Verify Stellar wallet signature
+   * 
+   * @param signature - The signature from x-signature header
+   * @param walletAddress - The wallet address claiming ownership
+   * @param message - The message that was signed (default: "Login to SoroSusu")
+   * @returns {boolean} True if signature is valid
+   * @throws {UnauthorizedException} If signature is invalid
+   */
+  verifySignature(signature: string, walletAddress: string, message: string = 'Login to SoroSusu'): boolean {
+    try {
+      if (!signature) {
+        throw new UnauthorizedException('Signature is required');
+      }
+
+      if (!walletAddress) {
+        throw new UnauthorizedException('Wallet address is required');
+      }
+
+      // Create a keypair from the wallet address
+      const keypair = StellarSdk.Keypair.fromPublicKey(walletAddress);
+      
+      // Verify the signature
+      const isValid = keypair.verify(message, signature);
+
+      if (!isValid) {
+        this.logger.warn(`Invalid signature for wallet ${walletAddress}`);
+        throw new UnauthorizedException('Invalid signature');
+      }
+
+      this.logger.log(`Signature verified successfully for wallet ${walletAddress}`);
+      return true;
+    } catch (error) {
+      if (error instanceof UnauthorizedException) {
+        throw error;
+      }
+
+      this.logger.error('Signature verification failed', error);
+      throw new UnauthorizedException('Signature verification failed');
+    }
+  }
+
+  /**
+   * Extract signature from request headers
+   * 
+   * @param request - Express request object
+   * @returns {string} The signature from x-signature header
+   * @throws {UnauthorizedException} If signature header is missing
+   */
+  extractSignature(request: Request): string {
+    const signature = request.headers['x-signature'] as string;
+
+    if (!signature) {
+      this.logger.warn('Missing x-signature header in request');
+      throw new UnauthorizedException('x-signature header is required');
+    }
+
+    return signature;
+  }
+
+  /**
+   * Verify wallet ownership for user update operations
+   * 
+   * @param request - Express request object
+   * @param userWalletAddress - The user's stored wallet address
+   * @returns {boolean} True if ownership is verified
+   * @throws {UnauthorizedException} If ownership cannot be verified
+   */
+  verifyWalletOwnership(request: Request, userWalletAddress: string): boolean {
+    try {
+      const signature = this.extractSignature(request);
+      
+      if (!userWalletAddress) {
+        throw new UnauthorizedException('User does not have a wallet address');
+      }
+
+      return this.verifySignature(signature, userWalletAddress);
+    } catch (error) {
+      this.logger.error('Wallet ownership verification failed', error);
+      throw error;
+    }
+  }
+
+  /**
+   * Generate message for signing
+   * 
+   * @param customMessage - Optional custom message
+   * @returns {string} Message to be signed by user
+   */
+  generateSigningMessage(customMessage?: string): string {
+    return customMessage || 'Login to SoroSusu';
+  }
+
+  /**
+   * Validate Stellar address format
+   * 
+   * @param address - The Stellar address to validate
+   * @returns {boolean} True if address is valid
+   */
+  isValidStellarAddress(address: string): boolean {
+    try {
+      StellarSdk.StrKey.decodeEd25519PublicKey(address);
+      return true;
+    } catch (error) {
+      return false;
+    }
+  }
+}

src/jobs/property-cleanup.service.ts

@@ -0,0 +1,130 @@
+import { Injectable, Logger } from '@nestjs/common';
+import { Cron, CronExpression } from '@nestjs/schedule';
+import { PrismaService } from '../database/prisma/prisma.service';
+
+/**
+ * Property Cleanup Service
+ * 
+ * Handles scheduled cleanup tasks for soft-deleted properties.
+ * This service addresses issue #258 by permanently deleting old soft-deleted properties.
+ */
+@Injectable()
+export class PropertyCleanupService {
+  private readonly logger = new Logger(PropertyCleanupService.name);
+
+  constructor(private readonly prisma: PrismaService) {}
+
+  /**
+   * Cleanup old soft-deleted properties
+   * 
+   * Runs daily at 2:00 AM to permanently delete properties that have been soft deleted
+   * for more than 30 days. This addresses issue #258.
+   */
+  @Cron('0 2 * * *') // Daily at 2:00 AM
+  async cleanupOldSoftDeletedProperties(): Promise<void> {
+    this.logger.log('Starting cleanup of old soft-deleted properties');
+
+    try {
+      // Delete properties that have been soft deleted for more than 30 days
+      const thirtyDaysAgo = new Date();
+      thirtyDaysAgo.setDate(thirtyDaysAgo.getDate() - 30);
+
+      const result = await (this.prisma as any).property.deleteMany({
+        where: {
+          isDeleted: true,
+          deletedAt: {
+            lt: thirtyDaysAgo,
+          },
+        },
+      });
+
+      this.logger.log(`Cleaned up ${result.count} old soft-deleted properties`);
+    } catch (error) {
+      this.logger.error('Failed to cleanup old soft-deleted properties', error);
+      throw error;
+    }
+  }
+
+  /**
+   * Manual cleanup trigger for testing/admin purposes
+   * 
+   * @param daysOld - Number of days old to delete (default: 30)
+   */
+  async manualCleanup(daysOld: number = 30): Promise<{ deletedCount: number }> {
+    this.logger.log(`Starting manual cleanup of properties older than ${daysOld} days`);
+
+    try {
+      const cutoffDate = new Date();
+      cutoffDate.setDate(cutoffDate.getDate() - daysOld);
+
+      const result = await (this.prisma as any).property.deleteMany({
+        where: {
+          isDeleted: true,
+          deletedAt: {
+            lt: cutoffDate,
+          },
+        },
+      });
+
+      this.logger.log(`Manual cleanup completed: ${result.count} properties deleted`);
+      return { deletedCount: result.count };
+    } catch (error) {
+      this.logger.error('Manual cleanup failed', error);
+      throw error;
+    }
+  }
+
+  /**
+   * Get statistics about soft-deleted properties
+   */
+  async getSoftDeletedStats(): Promise<{
+    totalSoftDeleted: number;
+    olderThan30Days: number;
+    olderThan60Days: number;
+    oldestDeletion: Date | null;
+  }> {
+    try {
+      const now = new Date();
+      const thirtyDaysAgo = new Date(now.getTime() - 30 * 24 * 60 * 60 * 1000);
+      const sixtyDaysAgo = new Date(now.getTime() - 60 * 24 * 60 * 60 * 1000);
+
+      const [
+        totalSoftDeleted,
+        olderThan30Days,
+        olderThan60Days,
+        oldestProperty,
+      ] = await Promise.all([
+        (this.prisma as any).property.count({
+          where: { isDeleted: true },
+        }),
+        (this.prisma as any).property.count({
+          where: {
+            isDeleted: true,
+            deletedAt: { lt: thirtyDaysAgo },
+          },
+        }),
+        (this.prisma as any).property.count({
+          where: {
+            isDeleted: true,
+            deletedAt: { lt: sixtyDaysAgo },
+          },
+        }),
+        (this.prisma as any).property.findFirst({
+          where: { isDeleted: true },
+          orderBy: { deletedAt: 'asc' },
+          select: { deletedAt: true },
+        }),
+      ]);
+
+      return {
+        totalSoftDeleted,
+        olderThan30Days,
+        olderThan60Days,
+        oldestDeletion: oldestProperty?.deletedAt || null,
+      };
+    } catch (error) {
+      this.logger.error('Failed to get soft-deleted stats', error);
+      throw error;
+    }
+  }
+}