π Title
Fix `GET /reputation/me` β unreachable route and missing auth guard
π Description
`GET /reputation/me` in `reputation.controller.ts` is permanently unreachable and would not work even if it were reachable. Two distinct bugs:
Bug 1 β Route ordering: `@Get(':wallet')` is declared before `@Get('me')`. NestJS/Fastify matches routes in declaration order, so `/reputation/me` is captured by the `:wallet` handler first. The wallet param regex rejects the string `"me"` and returns a 400 β the `/me` endpoint is dead code that can never execute.
Bug 2 β Missing auth guard: `GET /reputation/me` has no `@UseGuards(JwtAuthGuard)` decorator. The handler reads `req.user?.wallet` directly; without Passport processing the request, `req.user` is always `undefined`, causing the endpoint to throw `UnauthorizedException` for every call β even if the routing bug were fixed.
β
Tasks to complete
π Documentation/context for AI
(This link never should removed)
https://github.com/TrustUp-app/TrustUp-API/tree/main/docs
Relevant files:
- `src/modules/reputation/reputation.controller.ts`
- `src/modules/reputation/reputation.module.ts`
- `src/common/decorators/current-user.decorator.ts`
- `src/modules/auth/guards/jwt-auth.guard.ts`
ποΈ Additional notes
- Follow the same auth pattern as `GET /users/me` (`users.controller.ts`) β it correctly uses `@UseGuards(JwtAuthGuard)` + `@CurrentUser()`
- The `:wallet` route should remain below `/me` in the final file
- This is a security issue: the `/me` endpoint currently exposes unintended behavior (always 400 or always 401 depending on call path)
π Title
Fix `GET /reputation/me` β unreachable route and missing auth guard
π Description
`GET /reputation/me` in `reputation.controller.ts` is permanently unreachable and would not work even if it were reachable. Two distinct bugs:
Bug 1 β Route ordering: `@Get(':wallet')` is declared before `@Get('me')`. NestJS/Fastify matches routes in declaration order, so `/reputation/me` is captured by the `:wallet` handler first. The wallet param regex rejects the string `"me"` and returns a 400 β the `/me` endpoint is dead code that can never execute.
Bug 2 β Missing auth guard: `GET /reputation/me` has no `@UseGuards(JwtAuthGuard)` decorator. The handler reads `req.user?.wallet` directly; without Passport processing the request, `req.user` is always `undefined`, causing the endpoint to throw `UnauthorizedException` for every call β even if the routing bug were fixed.
β Tasks to complete
π Documentation/context for AI
(This link never should removed)
https://github.com/TrustUp-app/TrustUp-API/tree/main/docs
Relevant files:
ποΈ Additional notes