Merge pull request #64 from Junirezz/fix/19-build-tenant-credit-score-aggregator

[#19] Build Tenant_Credit_Score_Aggregator

Author: elizabetheonoja-art

index.js

@@ -49,6 +49,7 @@ const fs = require('fs');
 const sharp = require('sharp');
 const app = express();
 const port = 3000;
+const creditScoreAggregator = new TenantCreditScoreAggregator();
 const listings = [];
 const HORIZON_URL = process.env.HORIZON_URL || 'https://horizon.stellar.org';
 
@@ -376,6 +377,7 @@ app.get('/', (req, res) => {
     }
   });
 
+app.post('/tenant-credit-score', (req, res) => {
   return app;
 }
 
@@ -415,33 +417,23 @@ app.post('/listings', async (req, res) => {
 // Availability endpoints
 app.get('/api/asset/:id/availability', async (req, res) => {
   try {
-    const { id } = req.params;
-
-    if (!id || isNaN(id)) {
-      return res.status(400).json({
-        error: 'Invalid asset ID. Must be a number.',
-        code: 'INVALID_ASSET_ID'
-      });
-    }
-
-    const availability = await availabilityService.getAssetAvailability(id);
-
-    res.json({
-      success: true,
-      data: availability
-    });
-
+    const { tenantId, metrics = {}, cacheTtlSeconds } = req.body || {};
+    const result = creditScoreAggregator.getOrCompute(tenantId, metrics, cacheTtlSeconds);
+    res.status(200).json(result);
   } catch (error) {
-    console.error(`Error fetching availability for asset ${req.params.id}:`, error);
+    res.status(400).json({ error: error.message });
+  }
+});
 
-    res.status(500).json({
-      error: 'Failed to fetch asset availability',
-      code: 'FETCH_ERROR',
-      details: process.env.NODE_ENV === 'development' ? error.message : undefined
-    });
+app.get('/tenant-credit-score/:tenantId', (req, res) => {
+  const cached = creditScoreAggregator.getCached(req.params.tenantId);
+  if (!cached) {
+    return res.status(404).json({ error: 'No cached score found for tenant' });
   }
+  return res.status(200).json(cached);
 });
 
+app.post('/tenant-credit-score/share-token', (req, res) => {
 // Error handling
 app.use((err, req, res, next) => {
   console.error('[App] Unhandled Error:', err);
@@ -450,41 +442,24 @@ app.use((err, req, res, next) => {
 
 app.get('/api/assets/availability', async (req, res) => {
   try {
-    const { ids } = req.query;
-
-    if (ids) {
-      const assetIds = ids.split(',').map(id => id.trim()).filter(id => id && !isNaN(id));
-
-      if (assetIds.length === 0) {
-        return res.status(400).json({
-          error: 'No valid asset IDs provided',
-          code: 'INVALID_ASSET_IDS'
-        });
-      }
-
-      const availability = await availabilityService.getMultipleAssetAvailability(assetIds);
-
-      res.json({
-        success: true,
-        data: availability
-      });
-    } else {
-      const availability = await availabilityService.getAllAssetsAvailability();
+    const { tenantId, tokenTtlSeconds } = req.body || {};
+    const result = creditScoreAggregator.generateShareToken(tenantId, tokenTtlSeconds);
+    res.status(200).json(result);
+  } catch (error) {
+    res.status(400).json({ error: error.message });
+  }
+});
 
-      res.json({
-        success: true,
-        data: availability
-      });
+app.post('/tenant-credit-score/verify-token', (req, res) => {
+  try {
+    const { token } = req.body || {};
+    if (!token) {
+      throw new Error('token is required');
     }
-
+    const payload = creditScoreAggregator.verifyShareToken(token);
+    res.status(200).json({ valid: true, payload });
   } catch (error) {
-    console.error('Error fetching assets availability:', error);
-
-    res.status(500).json({
-      error: 'Failed to fetch assets availability',
-      code: 'FETCH_ERROR',
-      details: process.env.NODE_ENV === 'development' ? error.message : undefined
-    });
+    res.status(400).json({ valid: false, error: error.message });
   }
 });
 

tenantCreditScoreAggregator.js

@@ -0,0 +1,209 @@
+const crypto = require('crypto');
+
+const WEIGHTS = {
+  onTimePayments: 0.5,
+  leaseCompletion: 0.3,
+  successfulDepositReturns: 0.2
+};
+
+const SCORE_RANGE = {
+  min: 300,
+  max: 850
+};
+
+const DEFAULT_CACHE_TTL_SECONDS = 60 * 60;
+const DEFAULT_TOKEN_TTL_SECONDS = 60 * 30;
+
+function safeRatio(numerator, denominator) {
+  if (!Number.isFinite(numerator) || !Number.isFinite(denominator) || denominator <= 0) {
+    return 0;
+  }
+  return Math.max(0, Math.min(1, numerator / denominator));
+}
+
+function getBreakdown(metrics) {
+  const onTimePaymentsRatio = safeRatio(metrics.onTimePayments, metrics.totalPayments);
+  const leaseCompletionRatio = safeRatio(metrics.completedLeases, metrics.totalLeases);
+  const successfulDepositReturnsRatio = safeRatio(
+    metrics.successfulDepositReturns,
+    metrics.totalDepositReturns
+  );
+
+  return {
+    onTimePayments: Math.round(onTimePaymentsRatio * 100),
+    leaseCompletion: Math.round(leaseCompletionRatio * 100),
+    successfulDepositReturns: Math.round(successfulDepositReturnsRatio * 100)
+  };
+}
+
+function calculateScore(metrics) {
+  const breakdown = getBreakdown(metrics);
+  const weightedPercent =
+    breakdown.onTimePayments * WEIGHTS.onTimePayments +
+    breakdown.leaseCompletion * WEIGHTS.leaseCompletion +
+    breakdown.successfulDepositReturns * WEIGHTS.successfulDepositReturns;
+
+  const spread = SCORE_RANGE.max - SCORE_RANGE.min;
+  const score = Math.round(SCORE_RANGE.min + (weightedPercent / 100) * spread);
+
+  return {
+    score,
+    breakdown
+  };
+}
+
+function parseDurationSeconds(value, fallback) {
+  if (!Number.isFinite(value) || value <= 0) {
+    return fallback;
+  }
+  return Math.floor(value);
+}
+
+function toBase64Url(value) {
+  return Buffer.from(value)
+    .toString('base64')
+    .replace(/=/g, '')
+    .replace(/\+/g, '-')
+    .replace(/\//g, '_');
+}
+
+function fromBase64Url(value) {
+  const normalized = value.replace(/-/g, '+').replace(/_/g, '/');
+  const padded = normalized + '==='.slice((normalized.length + 3) % 4);
+  return Buffer.from(padded, 'base64').toString('utf8');
+}
+
+function createSignedToken(payload, secret) {
+  const header = { alg: 'HS256', typ: 'JWT' };
+  const encodedHeader = toBase64Url(JSON.stringify(header));
+  const encodedPayload = toBase64Url(JSON.stringify(payload));
+  const content = `${encodedHeader}.${encodedPayload}`;
+  const signature = crypto
+    .createHmac('sha256', secret)
+    .update(content)
+    .digest('base64')
+    .replace(/=/g, '')
+    .replace(/\+/g, '-')
+    .replace(/\//g, '_');
+  return `${content}.${signature}`;
+}
+
+function verifySignedToken(token, secret) {
+  const parts = String(token || '').split('.');
+  if (parts.length !== 3) {
+    throw new Error('Invalid token format');
+  }
+
+  const [encodedHeader, encodedPayload, signature] = parts;
+  const content = `${encodedHeader}.${encodedPayload}`;
+  const expectedSignature = crypto
+    .createHmac('sha256', secret)
+    .update(content)
+    .digest('base64')
+    .replace(/=/g, '')
+    .replace(/\+/g, '-')
+    .replace(/\//g, '_');
+
+  const expected = Buffer.from(expectedSignature);
+  const received = Buffer.from(signature);
+  if (expected.length !== received.length || !crypto.timingSafeEqual(expected, received)) {
+    throw new Error('Invalid token signature');
+  }
+
+  return JSON.parse(fromBase64Url(encodedPayload));
+}
+
+class TenantCreditScoreAggregator {
+  constructor(options = {}) {
+    this.cacheTtlSeconds = parseDurationSeconds(
+      options.cacheTtlSeconds,
+      DEFAULT_CACHE_TTL_SECONDS
+    );
+    this.tokenTtlSeconds = parseDurationSeconds(
+      options.tokenTtlSeconds,
+      DEFAULT_TOKEN_TTL_SECONDS
+    );
+    this.signingSecret = options.signingSecret || process.env.SHARE_TOKEN_SECRET || 'leaseflow-dev-secret';
+    this.cache = new Map();
+  }
+
+  getCached(tenantId) {
+    const key = String(tenantId || '');
+    const item = this.cache.get(key);
+    if (!item) return null;
+
+    if (Date.now() >= item.expiresAtMs) {
+      this.cache.delete(key);
+      return null;
+    }
+
+    return {
+      tenantId: key,
+      score: item.score,
+      breakdown: item.breakdown,
+      expiresAt: new Date(item.expiresAtMs).toISOString()
+    };
+  }
+
+  computeAndCache(tenantId, metrics, ttlSeconds) {
+    const key = String(tenantId || '').trim();
+    if (!key) {
+      throw new Error('tenantId is required');
+    }
+
+    const { score, breakdown } = calculateScore(metrics);
+    const ttl = parseDurationSeconds(ttlSeconds, this.cacheTtlSeconds);
+    const expiresAtMs = Date.now() + ttl * 1000;
+    this.cache.set(key, { score, breakdown, expiresAtMs });
+
+    return {
+      tenantId: key,
+      score,
+      breakdown,
+      expiresAt: new Date(expiresAtMs).toISOString()
+    };
+  }
+
+  getOrCompute(tenantId, metrics, ttlSeconds) {
+    const cached = this.getCached(tenantId);
+    if (cached) {
+      return { ...cached, cached: true };
+    }
+    const computed = this.computeAndCache(tenantId, metrics, ttlSeconds);
+    return { ...computed, cached: false };
+  }
+
+  generateShareToken(tenantId, tokenTtlSeconds) {
+    const cached = this.getCached(tenantId);
+    if (!cached) {
+      throw new Error('No cached score found for tenant');
+    }
+
+    const nowSeconds = Math.floor(Date.now() / 1000);
+    const ttl = parseDurationSeconds(tokenTtlSeconds, this.tokenTtlSeconds);
+    const payload = {
+      tenantId: cached.tenantId,
+      score: cached.score,
+      breakdown: cached.breakdown,
+      iat: nowSeconds,
+      exp: nowSeconds + ttl
+    };
+
+    const token = createSignedToken(payload, this.signingSecret);
+    return { token, payload };
+  }
+
+  verifyShareToken(token) {
+    const payload = verifySignedToken(token, this.signingSecret);
+    const nowSeconds = Math.floor(Date.now() / 1000);
+    if (!Number.isFinite(payload.exp) || payload.exp < nowSeconds) {
+      throw new Error('Token expired');
+    }
+    return payload;
+  }
+}
+
+module.exports = {
+  TenantCreditScoreAggregator,
+  calculateScore
+};

tests/index.test.js

@@ -545,4 +545,62 @@ describe('LeaseFlow Backend API', () => {
     expect(response.status).toBe(401);
     expect(response.body.error).toBe('Authentication required');
   });
+
+  it('should compute and cache tenant credit score', async () => {
+    const payload = {
+      tenantId: 'tenant-123',
+      metrics: {
+        onTimePayments: 9,
+        totalPayments: 10,
+        completedLeases: 3,
+        totalLeases: 4,
+        successfulDepositReturns: 2,
+        totalDepositReturns: 2
+      }
+    };
+
+    const first = await request(app).post('/tenant-credit-score').send(payload);
+    expect(first.status).toBe(200);
+    expect(first.body.tenantId).toBe('tenant-123');
+    expect(first.body.cached).toBe(false);
+    expect(first.body.score).toBe(781);
+    expect(first.body.breakdown).toEqual({
+      onTimePayments: 90,
+      leaseCompletion: 75,
+      successfulDepositReturns: 100
+    });
+    expect(typeof first.body.expiresAt).toBe('string');
+
+    const second = await request(app).post('/tenant-credit-score').send(payload);
+    expect(second.status).toBe(200);
+    expect(second.body.cached).toBe(true);
+    expect(second.body.score).toBe(781);
+  });
+
+  it('should return cached score for tenant id', async () => {
+    const response = await request(app).get('/tenant-credit-score/tenant-123');
+    expect(response.status).toBe(200);
+    expect(response.body.tenantId).toBe('tenant-123');
+    expect(response.body.score).toBe(781);
+  });
+
+  it('should generate and verify a signed share token', async () => {
+    const tokenResponse = await request(app)
+      .post('/tenant-credit-score/share-token')
+      .send({ tenantId: 'tenant-123' });
+
+    expect(tokenResponse.status).toBe(200);
+    expect(typeof tokenResponse.body.token).toBe('string');
+    expect(tokenResponse.body.payload.tenantId).toBe('tenant-123');
+    expect(tokenResponse.body.payload.score).toBe(781);
+
+    const verifyResponse = await request(app)
+      .post('/tenant-credit-score/verify-token')
+      .send({ token: tokenResponse.body.token });
+
+    expect(verifyResponse.status).toBe(200);
+    expect(verifyResponse.body.valid).toBe(true);
+    expect(verifyResponse.body.payload.tenantId).toBe('tenant-123');
+    expect(verifyResponse.body.payload.score).toBe(781);
+  });
 });