Merge pull request #210 from Sendi0011/feature/insurance-contract-read-layer

feat(insurance): add Soroban contract read layer and REST API routes

Author: Baskarayelu

app/api/insurance/[id]/route.ts

@@ -0,0 +1,32 @@
+import { NextRequest, NextResponse } from "next/server";
+import { getPolicy } from "@/lib/contracts/insurance";
+import { validateAuth, unauthorizedResponse } from "@/lib/auth";
+
+// GET /api/insurance/:id
+export async function GET(
+  request: NextRequest,
+  { params }: { params: { id: string } }
+) {
+  if (!validateAuth(request)) {
+    return unauthorizedResponse();
+  }
+
+  try {
+    const policy = await getPolicy(params.id);
+    return NextResponse.json({ policy });
+  } catch (error: unknown) {
+    if (
+      typeof error === "object" &&
+      error !== null &&
+      (error as { code?: string }).code === "NOT_FOUND"
+    ) {
+      return NextResponse.json({ error: "Policy not found" }, { status: 404 });
+    }
+
+    console.error("[GET /api/insurance/[id]]", error);
+    return NextResponse.json(
+      { error: "Failed to fetch policy from contract" },
+      { status: 502 }
+    );
+  }
+}

app/api/insurance/route.ts

@@ -0,0 +1,39 @@
+import { NextRequest, NextResponse } from "next/server";
+import { getActivePolicies } from "@/lib/contracts/insurance";
+import { validateAuth, unauthorizedResponse } from "@/lib/auth";
+
+// GET /api/insurance
+// Returns active policies for the authenticated owner.
+// Query param: ?owner=G... (Stellar account address)
+export async function GET(request: NextRequest) {
+  if (!validateAuth(request)) {
+    return unauthorizedResponse();
+  }
+
+  const { searchParams } = new URL(request.url);
+  const owner = searchParams.get("owner");
+
+  if (!owner) {
+    return NextResponse.json(
+      { error: "Missing required query parameter: owner" },
+      { status: 400 }
+    );
+  }
+
+  try {
+    const policies = await getActivePolicies(owner);
+    return NextResponse.json({ policies });
+  } catch (error: unknown) {
+    const err = error as { code?: string };
+
+    if (err.code === "INVALID_ADDRESS") {
+      return NextResponse.json({ error: "Invalid Stellar address" }, { status: 400 });
+    }
+
+    console.error("[GET /api/insurance]", error);
+    return NextResponse.json(
+      { error: "Failed to fetch policies from contract" },
+      { status: 502 }
+    );
+  }
+}

app/api/insurance/total-premium/route.ts

@@ -0,0 +1,37 @@
+import { NextRequest, NextResponse } from "next/server";
+import { getTotalMonthlyPremium } from "@/lib/contracts/insurance";
+import { validateAuth, unauthorizedResponse } from "@/lib/auth";
+
+// GET /api/insurance/total-premium?owner=G...
+export async function GET(request: NextRequest) {
+  if (!validateAuth(request)) {
+    return unauthorizedResponse();
+  }
+
+  const { searchParams } = new URL(request.url);
+  const owner = searchParams.get("owner");
+
+  if (!owner) {
+    return NextResponse.json(
+      { error: "Missing required query parameter: owner" },
+      { status: 400 }
+    );
+  }
+
+  try {
+    const totalMonthlyPremium = await getTotalMonthlyPremium(owner);
+    return NextResponse.json({ totalMonthlyPremium });
+  } catch (error: unknown) {
+    const err = error as { code?: string };
+
+    if (err.code === "INVALID_ADDRESS") {
+      return NextResponse.json({ error: "Invalid Stellar address" }, { status: 400 });
+    }
+
+    console.error("[GET /api/insurance/total-premium]", error);
+    return NextResponse.json(
+      { error: "Failed to fetch total premium from contract" },
+      { status: 502 }
+    );
+  }
+}

lib/auth.ts

@@ -0,0 +1,23 @@
+import { NextRequest } from "next/server";
+
+/**
+ * Validates the Authorization header.
+ * Expects:  Authorization: Bearer <token>
+ * The token is checked against the AUTH_SECRET env variable.
+ */
+export function validateAuth(request: NextRequest): boolean {
+  const authHeader = request.headers.get("authorization") ?? "";
+  const token = authHeader.startsWith("Bearer ")
+    ? authHeader.slice(7).trim()
+    : null;
+
+  if (!token) return false;
+  return token === process.env.AUTH_SECRET;
+}
+
+export function unauthorizedResponse() {
+  return new Response(JSON.stringify({ error: "Unauthorized" }), {
+    status: 401,
+    headers: { "Content-Type": "application/json" },
+  });
+}

lib/contracts/insurance.ts

@@ -1,84 +1,154 @@
-import { Server, Networks, Account, TransactionBuilder, Operation, BASE_FEE, StrKey } from '@stellar/stellar-sdk'
-
-const HORIZON_URL = process.env.HORIZON_URL || 'https://horizon-testnet.stellar.org'
-const NETWORK_PASSPHRASE = process.env.NETWORK_PASSPHRASE || Networks.TESTNET
-const server = new Server(HORIZON_URL)
-
-function validatePublicKey(pk: string) {
-  try {
-    return StrKey.isValidEd25519PublicKey(pk)
-  } catch (e) {
-    return false
+import {
+    Contract,
+    Horizon,
+    nativeToScVal,
+    scValToNative,
+    xdr,
+  } from "@stellar/stellar-sdk";
+  
+  // ── Config ──────────────────────────────────────────────────────────────────
+  const SOROBAN_RPC_URL =
+    process.env.SOROBAN_RPC_URL ?? "https://soroban-testnet.stellar.org";
+  const INSURANCE_CONTRACT_ID = process.env.INSURANCE_CONTRACT_ID ?? "";
+  const NETWORK_PASSPHRASE =
+    process.env.STELLAR_NETWORK_PASSPHRASE ??
+    "Test SDF Network ; September 2015";
+  
+  // ── Types ────────────────────────────────────────────────────────────────────
+  export interface Policy {
+    id: string;
+    name: string;
+    coverageType: string;
+    monthlyPremium: number;
+    coverageAmount: number;
+    active: boolean;
+    nextPaymentDate: string;
   }
+  
+  // ── RPC Client ───────────────────────────────────────────────────────────────
+  function getRpcServer() {
+  const { rpc } = require("@stellar/stellar-sdk") as {
+    rpc: {
+      Server: new (url: string) => {
+        simulateTransaction: (tx: unknown) => Promise<unknown>;
+      };
+    };
+  };
+  return new rpc.Server(SOROBAN_RPC_URL);
 }
-
-async function loadAccount(accountId: string) {
-  if (!validatePublicKey(accountId)) throw new Error('invalid-account')
-  return await server.loadAccount(accountId)
-}
-
-export async function buildCreatePolicyTx(owner: string, name: string, coverageType: string, monthlyPremium: number, coverageAmount: number) {
-  if (!validatePublicKey(owner)) throw new Error('invalid-owner')
-  if (!name || typeof name !== 'string') throw new Error('invalid-name')
-  if (!coverageType || typeof coverageType !== 'string') throw new Error('invalid-coverageType')
-  if (!(monthlyPremium > 0)) throw new Error('invalid-monthlyPremium')
-  if (!(coverageAmount > 0)) throw new Error('invalid-coverageAmount')
-
-  const acctResp = await loadAccount(owner)
-  const source = new Account(owner, acctResp.sequence)
-
-  const txBuilder = new TransactionBuilder(source, {
-    fee: BASE_FEE,
-    networkPassphrase: NETWORK_PASSPHRASE,
-  })
-
-  txBuilder.addOperation(Operation.manageData({ name: 'policy:name', value: name.slice(0, 64) }))
-  txBuilder.addOperation(Operation.manageData({ name: 'policy:coverageType', value: coverageType.slice(0, 64) }))
-  txBuilder.addOperation(Operation.manageData({ name: 'policy:monthlyPremium', value: String(monthlyPremium) }))
-  txBuilder.addOperation(Operation.manageData({ name: 'policy:coverageAmount', value: String(coverageAmount) }))
-
-  const tx = txBuilder.setTimeout(300).build()
-  return tx.toXDR()
-}
-
-export async function buildPayPremiumTx(caller: string, policyId: string) {
-  if (!validatePublicKey(caller)) throw new Error('invalid-caller')
-  if (!policyId) throw new Error('invalid-policyId')
-
-  const acctResp = await loadAccount(caller)
-  const source = new Account(caller, acctResp.sequence)
-
-  const txBuilder = new TransactionBuilder(source, {
-    fee: BASE_FEE,
-    networkPassphrase: NETWORK_PASSPHRASE,
-  })
-
-  txBuilder.addOperation(Operation.manageData({ name: `policy:pay:${policyId}`, value: '1' }))
-
-  const tx = txBuilder.setTimeout(300).build()
-  return tx.toXDR()
-}
-
-export async function buildDeactivatePolicyTx(caller: string, policyId: string) {
-  if (!validatePublicKey(caller)) throw new Error('invalid-caller')
-  if (!policyId) throw new Error('invalid-policyId')
-
-  const acctResp = await loadAccount(caller)
-  const source = new Account(caller, acctResp.sequence)
-
-  const txBuilder = new TransactionBuilder(source, {
-    fee: BASE_FEE,
-    networkPassphrase: NETWORK_PASSPHRASE,
-  })
-
-  txBuilder.addOperation(Operation.manageData({ name: `policy:deactivate:${policyId}`, value: '1' }))
-
-  const tx = txBuilder.setTimeout(300).build()
-  return tx.toXDR()
-}
-
-export default {
-  buildCreatePolicyTx,
-  buildPayPremiumTx,
-  buildDeactivatePolicyTx,
-}
+  
+  // ── Raw contract call helper ─────────────────────────────────────────────────
+  async function callContractView(
+    method: string,
+    args: xdr.ScVal[]
+  ): Promise<xdr.ScVal> {
+    const { Transaction, TransactionBuilder, Account, BASE_FEE } = await import(
+      "@stellar/stellar-sdk"
+    );
+  
+    const contract = new Contract(INSURANCE_CONTRACT_ID);
+    const server = getRpcServer();
+  
+    // A "view" simulation doesn't need a real source account funded on-chain;
+    // we use a well-known testnet account as the simulation source.
+    const sourceAccount = new Account(
+      "GAAZI4TCR3TY5OJHCTJC2A4QSY6CJWJH5IAJTGKIN2ER7LBNVKOCCWN",
+      "0"
+    );
+  
+    const tx = new TransactionBuilder(sourceAccount, {
+      fee: BASE_FEE,
+      networkPassphrase: NETWORK_PASSPHRASE,
+    })
+      .addOperation(contract.call(method, ...args))
+      .setTimeout(30)
+      .build();
+  
+    const result = (await server.simulateTransaction(tx)) as {
+      result?: { retval: xdr.ScVal };
+      error?: string;
+    };
+  
+    if (result.error) {
+      throw new Error(`Soroban simulation error: ${result.error}`);
+    }
+  
+    if (!result.result?.retval) {
+      throw new Error(`No return value from contract method: ${method}`);
+    }
+  
+    return result.result.retval;
+  }
+  
+  // ── Mapper ───────────────────────────────────────────────────────────────────
+  function mapScValToPolicy(raw: unknown): Policy {
+    // The contract is expected to return a map/struct with these keys.
+    // scValToNative converts Soroban ScVal → plain JS object.
+    const obj = scValToNative(raw as xdr.ScVal) as Record<string, unknown>;
+  
+    return {
+      id: String(obj.id),
+      name: String(obj.name),
+      coverageType: String(obj.coverage_type ?? obj.coverageType),
+      monthlyPremium: Number(obj.monthly_premium ?? obj.monthlyPremium),
+      coverageAmount: Number(obj.coverage_amount ?? obj.coverageAmount),
+      active: Boolean(obj.active),
+      nextPaymentDate: String(obj.next_payment_date ?? obj.nextPaymentDate),
+    };
+  }
+  
+  // ── Public API ────────────────────────────────────────────────────────────────
+  
+  /**
+   * Fetch a single policy by ID.
+   * Throws a { code: 'NOT_FOUND' } error if the contract returns nothing.
+   */
+  export async function getPolicy(id: string): Promise<Policy> {
+    const scVal = await callContractView("get_policy", [
+      nativeToScVal(id, { type: "string" }),
+    ]);
+  
+    const native = scValToNative(scVal);
+    if (!native) {
+      const err = new Error(`Policy not found: ${id}`) as Error & {
+        code: string;
+      };
+      err.code = "NOT_FOUND";
+      throw err;
+    }
+  
+    return mapScValToPolicy(scVal);
+  }
+  
+  /**
+   * Fetch all active policies for a given Stellar account address (owner).
+   */
+  export async function getActivePolicies(owner: string): Promise<Policy[]> {
+    if (!owner || !/^G[A-Z0-9]{55}$/.test(owner)) {
+      throw Object.assign(new Error("Invalid Stellar address"), { code: "INVALID_ADDRESS" });
+    }
+  
+    const scVal = await callContractView("get_active_policies", [
+      nativeToScVal(owner, { type: "address" }),
+    ]);
+  
+    const list = scValToNative(scVal) as unknown[];
+    if (!Array.isArray(list)) return [];
+  
+    return list.map(mapScValToPolicy);
+  }
+  
+  /**
+   * Returns the sum of monthly premiums for all active policies of the owner.
+   */
+  export async function getTotalMonthlyPremium(owner: string): Promise<number> {
+    if (!owner || !/^G[A-Z0-9]{55}$/.test(owner)) {
+      throw Object.assign(new Error("Invalid Stellar address"), { code: "INVALID_ADDRESS" });
+    }
+  
+    const scVal = await callContractView("get_total_monthly_premium", [
+      nativeToScVal(owner, { type: "address" }),
+    ]);
+  
+    return Number(scValToNative(scVal));
+  }