fixed conflicts

Author: lovelgeorge99

.env.example

@@ -0,0 +1,3 @@
+DATABASE_URL=
+WHITELISTED_ORIGINS=
+TUNNEL_DOMAINS=

.gitignore

@@ -41,6 +41,7 @@ lerna-debug.log*
 .env.test.local
 .env.production.local
 .env.local
+!.env.example
 
 # temp directory
 .temp

src/auth/auth.controller.ts

@@ -6,17 +6,24 @@ import { MiniAppWalletAuthSuccessPayload } from '@worldcoin/minikit-js';
 interface IRequestPayload {
   payload: MiniAppWalletAuthSuccessPayload;
 }
+
+function isHttps(req: Request) {
+  return (
+    req.protocol === 'https' || req.headers['x-forwarded-proto'] === 'https'
+  );
+}
+
 @Controller('auth')
 export class AuthController {
   constructor(private readonly authService: AuthService) {}
 
   @Get('nonce')
-  async generateNonce(@Res() res: Response): Promise<any> {
+  generateNonce(@Req() req: Request, @Res() res: Response) {
     const nonce = this.authService.generateNonce();
     res.cookie('siwe', nonce, {
       httpOnly: true,
-      secure: process.env.NODE_ENV === 'production',
-      sameSite: 'strict',
+      secure: process.env.NODE_ENV === 'production' || isHttps(req),
+      sameSite: 'none',
       maxAge: 2 * 60 * 1000, //2 minutes
     });
 
@@ -45,6 +52,7 @@ export class AuthController {
       );
       return res.status(200).json({ isValid: validMessage });
     } catch (error: any) {
+      console.log('Error verifying payload:', error);
       return res
         .status(400)
         .json({ status: 'error', isValid: false, message: error.message });

src/main.ts

@@ -6,13 +6,54 @@ import { ValidationPipe } from '@nestjs/common';
 async function bootstrap() {
   const app = await NestFactory.create(AppModule);
 
-  app.useGlobalPipes(
-    new ValidationPipe({
-      transform: true,
-    }),
-  );
+  const environment = process.env.NODE_ENV || 'development';
+  const rawOrigins = process.env.WHITELISTED_ORIGINS || '';
+  const rawTunnelDomains = process.env.TUNNEL_DOMAINS || '';
+
+  const whiteListedOrigins = rawOrigins
+    .split(',')
+    .map((origin) => origin.trim().replace(/^https?:\/\//, ''))
+    .filter((origin) => !!origin);
+
+  const tunnelDomains = rawTunnelDomains
+    .split(',')
+    .map((domain) => domain.trim())
+    .filter((domain) => !!domain);
+
+  app.enableCors({
+    origin: (
+      origin: string | undefined,
+      callback: (err: Error | null, allow?: boolean) => void,
+    ) => {
+      if (!origin) return callback(null, true);
+
+      try {
+        const { hostname } = new URL(origin);
+
+        const isWhitelisted = whiteListedOrigins.includes(hostname);
+
+        const isTunnelDomain =
+          environment !== 'production' &&
+          tunnelDomains.some((testDomain) => hostname.endsWith(testDomain));
+
+        if (isWhitelisted || isTunnelDomain) {
+          return callback(null, true);
+        }
+
+        console.error(`[CORS ERROR]: Origin ${origin} is not allowed.`);
+        return callback(new Error(`CORS blocked for origin: ${origin}`));
+      } catch (error) {
+        console.error(`[CORS ERROR]: Malformed origin`, error);
+        return callback(new Error(`Invalid origin: ${origin}`));
+      }
+    },
+    credentials: true,
+  });
+
+  app.useGlobalPipes(new ValidationPipe({ transform: true }));
   app.use(cookieParser());
 
   await app.listen(process.env.PORT ?? 3000);
 }
+
 bootstrap();

src/poll/Poll.dto.ts

@@ -12,6 +12,10 @@ import {
 } from 'class-validator';
 
 export class CreatePollDto {
+  @IsString()
+  @IsNotEmpty()
+  worldID: string;
+
   @IsString()
   @IsNotEmpty()
   title: string;
@@ -44,6 +48,10 @@ export class CreatePollDto {
 }
 
 export class GetPollsDto {
+  @IsString()
+  @IsOptional()
+  worldID?: string;
+
   @IsOptional()
   @Type(() => Number)
   @IsInt()
@@ -79,3 +87,9 @@ export class GetPollsDto {
   @IsEnum(['asc', 'desc'])
   sortOrder?: 'asc' | 'desc';
 }
+
+export class DeletePollDto {
+  @IsString()
+  @IsNotEmpty()
+  worldID: string;
+}

src/poll/poll.controller.ts

@@ -10,10 +10,11 @@ import {
   Delete,
   UsePipes,
   ValidationPipe,
+  BadRequestException,
 } from '@nestjs/common';
 import { Response } from 'express';
 import { PollService } from './poll.service';
-import { CreatePollDto, GetPollsDto } from './Poll.dto';
+import { CreatePollDto, DeletePollDto, GetPollsDto } from './Poll.dto';
 
 @Controller('poll')
 export class PollController {
@@ -22,15 +23,24 @@ export class PollController {
   @Post()
   @UsePipes(ValidationPipe)
   create(@Body() createPollDto: CreatePollDto) {
-    const userId = 1; // need to implement Auth
-    return this.pollService.createPoll(userId, createPollDto);
+    return this.pollService.createPoll(createPollDto);
   }
 
   @Get()
   @UsePipes(ValidationPipe)
-  getPolls(@Req() req, @Query() query: GetPollsDto) {
-    const userId = 1;
-    return this.pollService.getPolls(userId, query);
+  async getPolls(
+    @Req() req,
+    @Query() query: GetPollsDto,
+    @Res() res: Response,
+  ) {
+    try {
+      const polls = await this.pollService.getPolls(query);
+      return res.status(200).json(polls);
+    } catch (error: unknown) {
+      const errorMessage =
+        error instanceof Error ? error.message : 'An unexpected error occurred';
+      throw new BadRequestException(errorMessage);
+    }
   }
 
   @Get(':id')
@@ -50,16 +60,19 @@ export class PollController {
   }
 
   @Delete(':id')
-  async deletePoll(@Param('id') id: number, @Res() res: Response) {
-    const userId = 1; // need to implement Auth
+  async deletePoll(
+    @Param('id') id: number,
+    @Body() query: DeletePollDto,
+    @Res() res: Response,
+  ) {
     try {
-      const poll = await this.pollService.deletePoll(userId, Number(id));
+      const poll = await this.pollService.deletePoll(Number(id), query);
 
       return res.status(200).json({ message: 'Poll deleted', poll: poll });
-    } catch (error) {
-      return res
-        .status(500)
-        .json({ message: 'Internal server error', error: error.message });
+    } catch (error: unknown) {
+      const errorMessage =
+        error instanceof Error ? error.message : 'An unexpected error occurred';
+      throw new BadRequestException(errorMessage);
     }
   }
 }

src/poll/poll.service.ts

@@ -1,15 +1,15 @@
 import { BadRequestException, Injectable } from '@nestjs/common';
 import { ActionType, Prisma } from '@prisma/client';
 import { DatabaseService } from 'src/database/database.service';
-import { CreatePollDto, GetPollsDto } from './Poll.dto';
+import { CreatePollDto, DeletePollDto, GetPollsDto } from './Poll.dto';
 
 @Injectable()
 export class PollService {
   constructor(private readonly databaseService: DatabaseService) {}
 
-  async createPoll(userId: number, createPollDto: CreatePollDto) {
+  async createPoll(createPollDto: CreatePollDto) {
     const user = await this.databaseService.user.findUnique({
-      where: { id: userId },
+      where: { worldID: createPollDto.worldID },
     });
     if (!user) {
       throw new BadRequestException('User does not exist');
@@ -30,7 +30,7 @@ export class PollService {
       // Create the poll
       const newPoll = await tx.poll.create({
         data: {
-          authorUserId: userId,
+          authorUserId: user.id,
           title: createPollDto.title,
           description: createPollDto.description,
           options: createPollDto.options,
@@ -45,15 +45,15 @@ export class PollService {
       // Create user action for CREATED
       await tx.userAction.create({
         data: {
-          userId,
+          userId: user.id,
           pollId: newPoll.pollId,
           type: ActionType.CREATED,
         },
       });
 
       // Update user's pollsCreatedCount
       await tx.user.update({
-        where: { id: userId },
+        where: { worldID: createPollDto.worldID },
         data: {
           pollsCreatedCount: {
             increment: 1,
@@ -65,7 +65,7 @@ export class PollService {
     });
   }
 
-  async getPolls(userId: number, query: GetPollsDto) {
+  async getPolls(query: GetPollsDto) {
     const {
       page = 1,
       limit = 10,
@@ -78,6 +78,8 @@ export class PollService {
     const skip = (page - 1) * limit;
     const now = new Date();
     const filters: any = {};
+    let userId: number | undefined;
+
     if (isActive) {
       filters.startDate = { lte: now };
       filters.endDate = { gt: now };
@@ -86,6 +88,20 @@ export class PollService {
     if (isActive === false) {
       filters.OR = [{ startDate: { gt: now } }, { endDate: { lte: now } }];
     }
+    if ((userCreated || userVoted) && query.worldID) {
+      const user = await this.databaseService.user.findUnique({
+        where: { worldID: query.worldID },
+        select: { id: true },
+      });
+
+      if (!user) {
+        throw new Error('User not found');
+      }
+      userId = user.id;
+    } else if (userCreated || userVoted) {
+      throw new Error('worldId Not Provided');
+    }
+
     if (userCreated) {
       filters.authorUserId = userId;
     }
@@ -139,15 +155,24 @@ export class PollService {
     return { user, poll, isActive };
   }
 
-  async deletePoll(userId: number, pollId: number) {
+  async deletePoll(pollId: number, query: DeletePollDto) {
+    const user = await this.databaseService.user.findUnique({
+      where: { worldID: query.worldID },
+      select: { id: true },
+    });
+
+    if (!user) {
+      throw new Error('User not found');
+    }
+
     const poll = await this.databaseService.poll.findUnique({
       where: { pollId },
     });
 
     if (!poll) {
       throw new Error('Poll not found');
     }
-    if (poll.authorUserId !== userId) {
+    if (poll.authorUserId !== user.id) {
       throw new Error('User Not Authorized');
     }
 

src/user/user.controller.ts

@@ -5,9 +5,13 @@ import {
   Get,
   Post,
   Query,
+  UsePipes,
+  ValidationPipe,
 } from '@nestjs/common';
 import { UserService } from './user.service';
 import {
+  CreateUserDto,
+  CreateUserResponseDto,
   EditVoteDto,
   EditVoteResponseDto,
   GetUserActivitiesDto,
@@ -84,4 +88,15 @@ export class UserController {
       throw new BadRequestException(errorMessage);
     }
   }
+
+  @Post('createUser')
+  async createUser(@Body() dto: CreateUserDto): Promise<CreateUserResponseDto> {
+    try {
+      return await this.userService.createUser(dto);
+    } catch (error: unknown) {
+      const errorMessage =
+        error instanceof Error ? error.message : 'An unexpected error occurred';
+      throw new BadRequestException(errorMessage);
+    }
+  }
 }

src/user/user.dto.ts

@@ -1,3 +1,5 @@
+import { IsNotEmpty, IsOptional, IsString } from 'class-validator';
+
 export class GetUserDataDto {
   worldID: string;
 }
@@ -61,3 +63,21 @@ export class EditVoteDto {
 export class EditVoteResponseDto {
   actionId: number;
 }
+
+export class CreateUserDto {
+  @IsString()
+  @IsNotEmpty()
+  name: string;
+
+  @IsString()
+  @IsNotEmpty()
+  worldID: string;
+
+  @IsString()
+  @IsOptional()
+  profilePicture?: string;
+}
+
+export class CreateUserResponseDto {
+  userId: number;
+}