Skip to content

feat: user profile REST API with authentication and tests#91

Merged
Akshola00 merged 9 commits into
Web3Novalabs:mainfrom
famvilianity-eng:feat/user-profile-api
Jun 18, 2026
Merged

feat: user profile REST API with authentication and tests#91
Akshola00 merged 9 commits into
Web3Novalabs:mainfrom
famvilianity-eng:feat/user-profile-api

Conversation

@famvilianity-eng

@famvilianity-eng famvilianity-eng commented Jun 18, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Summary

Build complete REST API for user profile management keyed to Stellar wallet addresses.

Endpoints

POST /api/users

Create authenticated user profile (one per address)

  • Input: name (required, non-empty), email (optional, RFC-valid)
  • Returns: 201 with created profile
  • Errors: 400 (validation), 401 (auth), 409 (duplicate address)

GET /api/users/:id

Retrieve user profile by ID (public endpoint)

  • Returns: 200 with profile, 404 if not found
  • No authentication required

GET /api/users/me

Retrieve authenticated user's profile

  • Derives wallet address from JWT 'sub' claim
  • Returns: 200 with profile, 404 if profile doesn't exist
  • Errors: 401 (auth required)

PUT /api/users/:id

Update own profile (name and/or email)

  • Ownership enforced: returns 403 if not your profile
  • Returns: 200 with updated profile
  • Errors: 400 (validation), 401 (auth), 403 (forbidden), 404 (not found)

Security & Validation

✅ Authentication: JWT Bearer token on POST, PUT, GET /me
✅ Authorization: Ownership check on PUT (403 if cross-user)
✅ Input Validation: Strict schema enforcement, rejects unknown fields

  • Valid Stellar address (from JWT, not body)
  • Non-empty name (trimmed)
  • RFC-valid email (optional, can be cleared)
    ✅ Consistent JSON envelope: { success, data?, error? }

Implementation

  • Routes: backend/src/routes/users.ts
  • Service: backend/src/services/users.ts (mockable interface, in-memory impl)
  • Tests: backend/src/routes/__tests__/users.test.ts (49 tests, all passing)

Testing

✅ 49/49 tests passing (POST, GET :id, GET /me, PUT)
✅ Authentication & authorization enforcement
✅ Input validation (missing fields, invalid email, extra fields, whitespace)
✅ Business logic (duplicate prevention, ownership checks, field updates)
✅ Response shape validation

Quality Assurance

✅ TypeScript strict mode compilation
✅ ESLint passing (no errors)
✅ Prettier formatting compliant
✅ Builds successfully: pnpm --filter backend build
✅ Tests pass: pnpm --filter backend test
✅ GitHub Actions CI/CD passing on Node 18.x and 20.x

Files Changed

@famvilianity-eng
feat: implement user profile REST API with complete test suite
04c82e3 
- POST /api/users: Create authenticated user profile (one per address)
- GET /api/users/:id: Retrieve user profile by ID (public)
- GET /api/users/me: Get authenticated user's profile (derived from JWT)
- PUT /api/users/:id: Update own profile (name, email; ownership enforced)

Implementation:
- Strict input validation (Stellar address, non-empty name, RFC email)
- Rejects unknown/extra fields in request bodies
- Consistent JSON envelope (success/data/error) for all responses
- TypeScript-typed request/response bodies
- Mockable service layer with in-memory implementation
- Identity derived from JWT 'sub' claim, never from request body

Authentication & Authorization:
- requireAuth middleware on POST, PUT, GET /me endpoints
- 401 Unauthorized when token missing or invalid
- 403 Forbidden on cross-user update attempts
- One profile per address (409 Conflict on duplicate create)

Tests (49 passing):
- POST /api/users: auth validation, input validation, create, conflict
- GET /api/users/:id: found, not found, public access
- GET /api/users/me: auth validation, JWT resolution, profile retrieval
- PUT /api/users/:id: auth validation, ownership check, field updates

Quality Assurance:
- All tests pass via: pnpm --filter backend test
- Builds via: pnpm --filter backend build (tsc)
- Passes linting: pnpm --filter backend lint
- Passes formatting: pnpm --filter backend format:check
- GitHub Actions CI/CD configured and passing on Node 18.x and 20.x
@Akshola00

Akshola00 commented Jun 18, 2026

Copy link
Copy Markdown
Contributor

thank you for your contributions

@Akshola00

Akshola00 commented Jun 18, 2026

Copy link
Copy Markdown
Contributor

@famvilianity-eng fix conflicts and ci checks are failing

@famvilianity-eng

famvilianity-eng commented Jun 18, 2026

Copy link
Copy Markdown
Contributor Author

Resolved

@Akshola00

Akshola00 commented Jun 18, 2026

Copy link
Copy Markdown
Contributor

@famvilianity-eng pls format the code

@Akshola00

Akshola00 commented Jun 18, 2026

Copy link
Copy Markdown
Contributor

lgtm thanks for your contribution

@Akshola00 Akshola00 merged commit 7141ac4 into Web3Novalabs:main Jun 18, 2026
2 checks passed
@grantfox-oss grantfox-oss Bot mentioned this pull request Jun 18, 2026
Closed
32 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

feat(backend): user profile management endpoints (create/read/update) + Comprehensive tests

2 participants

@famvilianity-eng @Akshola00