Skip to content

feat: implement CORS middleware, Oracle role, and BlockchainService score bridge#427

Merged
phertyameen merged 1 commit intoMindBlockLabs:mainfrom
demilade18-git:feat/issue-279-295-301-316-cors-oracle-blockchain-bridge-animations
Mar 29, 2026
Merged

feat: implement CORS middleware, Oracle role, and BlockchainService score bridge#427
phertyameen merged 1 commit intoMindBlockLabs:mainfrom
demilade18-git:feat/issue-279-295-301-316-cors-oracle-blockchain-bridge-animations

Conversation

@demilade18-git
Copy link
Copy Markdown
Contributor

@demilade18-git demilade18-git commented Mar 28, 2026
edited by phertyameen
Loading

Summary

Closes #316

This PR implements four features assigned to demilade18-git in the /middleware package.

Changes

#316 — CORS Configuration Middleware

  • Added CorsMiddleware (NestJS-injectable) and corsMiddleware() factory function
  • Supports configurable origins (wildcard or allowlist), methods, headers, credentials, and maxAge
  • Handles OPTIONS preflight with 204 response and Access-Control-Max-Age
  • Exported from security/index.ts

#295 — Admin/Oracle Role for Trusted Score Submission

  • Added ORACLE to the UserRole enum in rbac.middleware.ts
  • ORACLE inherits USER permissions and is granted trusted score submission rights
  • ADMIN inherits all roles including ORACLE

#301 — BlockchainService Bridge (Backend → Stellar Contract)

  • Added ScoreSubmissionBridge service — the missing link between backend score verification and the Stellar Soroban contract
  • Enforces ORACLE or ADMIN role before calling submitPuzzleOnChain
  • Validates score is within the 0–100 range
  • Registered and exported from BlockchainModule

#279 — Frontend Animations & Polish

  • No middleware-layer changes applicable; this is a pure frontend (Next.js) concern and is tracked separately

Files Changed

  • middleware/src/security/cors.middleware.ts (new)
  • middleware/src/security/index.ts
  • middleware/src/auth/rbac.middleware.ts
  • middleware/src/blockchain/score-submission.bridge.ts (new)
  • middleware/src/blockchain/blockchain.module.ts
  • middleware/src/blockchain/index.ts

Test Plan

  • CORS headers present on cross-origin requests
  • Preflight OPTIONS returns 204 with correct headers
  • ORACLE role passes rbacMiddleware([UserRole.ORACLE]) check
  • ORACLE role is blocked from rbacMiddleware([UserRole.MODERATOR]) routes
  • ScoreSubmissionBridge.submitTrustedScore succeeds with ORACLE/ADMIN role
  • ScoreSubmissionBridge throws ForbiddenException for USER/MODERATOR roles
  • Score outside 0–100 range throws an error

🤖 Generated with Claude Code

@drips-wave
Copy link
Copy Markdown

drips-wave Bot commented Mar 28, 2026

@demilade18-git Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits.

You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀

Learn more about application limits

@phertyameen phertyameen merged commit b372b9f into MindBlockLabs:main Mar 29, 2026
4 of 6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@phertyameen phertyameen phertyameen approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

CORS Configuration Middleware for Cross-Origin Requests

2 participants

@demilade18-git @phertyameen