S4: centralize XDR flow, validate frontend env, centralize auth token storage, add pool DTO validation#813
Merged
Akshola00 merged 2 commits intoJun 30, 2026
Conversation
|
@OtowoSamuel Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits. You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀 |
There was a problem hiding this comment.
Pull request overview
This PR targets S4 reliability improvements across the Nevo frontend (Next.js) and server (NestJS) by centralizing common transaction/auth flows on the frontend and introducing DTO-based runtime validation on the server for pool write endpoints.
Changes:
- Frontend: added a shared
useXdrTransactionhook for the unsigned-XDR → sign → submit flow, plus centralized JWT storage helpers. - Frontend: added startup env validation and wired it into the API client at module load time, and updated
.env.example. - Server: introduced class-validator DTOs for pool creation and donation, and updated controller/service typing accordingly.
Reviewed changes
Copilot reviewed 14 out of 14 changed files in this pull request and generated 8 comments.
Show a summary per file
| File | Description |
|---|---|
| nevo_server/src/pools/pools.service.ts | Imports CreatePoolDto from DTO module instead of controller typing. |
| nevo_server/src/pools/pools.controller.ts | Switched create/donate request bodies to DTO classes; removed ad-hoc donate validation; changed donations route handler. |
| nevo_server/src/pools/dto/index.ts | Re-exported the new donate DTO. |
| nevo_server/src/pools/dto/donate-pool.dto.ts | Added runtime validation DTO for donate requests. |
| nevo_server/src/pools/dto/create-pool.dto.ts | Updated pool creation DTO validation rules and field types. |
| nevo_frontend/src/store/walletStore.ts | Centralized token persistence via auth-storage helpers. |
| nevo_frontend/lib/stellar.ts | Added Freighter signing wrapper and introduced a network passphrase constant used for signing. |
| nevo_frontend/lib/jwt-storage.ts | Delegated legacy JWT helpers to the new centralized token storage. |
| nevo_frontend/lib/env.ts | Added required public env validation + strongly-typed env export. |
| nevo_frontend/lib/auth-storage.ts | Added centralized typed JWT storage helpers (getToken/setToken/clearToken). |
| nevo_frontend/lib/api-client.ts | Validates env at module load; switches auth header sourcing to centralized token helper; base URL now comes from validated env. |
| nevo_frontend/hooks/useXdrTransaction.ts | New hook to unify sign-and-submit flow state handling. |
| nevo_frontend/.env.example | Added required frontend runtime env entries. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
64
to
67
| @Get(':id/donations') | ||
| getDonations( | ||
| @Param('id', ParseIntPipe) id: number, | ||
| @Query('page') page = '1', | ||
| @Query('limit') limit = '20', | ||
| ) { | ||
| getDonations(@Param('id', ParseIntPipe) id: number) { | ||
| return this.donationsService.findByPool(String(id)); | ||
| } |
Comment on lines
+1
to
+7
| import { IsNotEmpty, IsNumberString } from 'class-validator'; | ||
|
|
||
| export class DonatePoolDto { | ||
| @IsNumberString() | ||
| @IsNotEmpty() | ||
| amount: string; | ||
| } |
Comment on lines
27
to
30
|
|
||
| @IsString() | ||
| category: string; | ||
| @IsNumberString() | ||
| goal: string; | ||
|
|
Comment on lines
+16
to
+20
| if (typeof payload === 'string') { | ||
| return payload; | ||
| } | ||
|
|
||
| return payload.unsignedXdr; |
Comment on lines
+51
to
+55
| const hash = extractTxHash(submitResult); | ||
|
|
||
| setTxHash(hash || null); | ||
| setStatus('success'); | ||
| return hash; |
Comment on lines
+10
to
+12
| # Required frontend runtime config | ||
| NEXT_PUBLIC_API_BASE_URL=http://localhost:3000 | ||
| NEXT_PUBLIC_STELLAR_NETWORK=testnet |
Comment on lines
16
to
19
| const HORIZON = 'https://horizon.stellar.org'; | ||
| const NETWORK_PASSPHRASE = | ||
| process.env.NEXT_PUBLIC_NETWORK_PASSPHRASE ?? Networks.TESTNET; | ||
| const ZERO_BALANCES: AccountBalances = { xlm: '0', usdc: '0' }; |
Comment on lines
+3
to
+27
| 'NEXT_PUBLIC_STELLAR_NETWORK', | ||
| ] as const; | ||
|
|
||
| type RequiredPublicEnvVar = (typeof REQUIRED_PUBLIC_ENV_VARS)[number]; | ||
|
|
||
| function getRequiredPublicEnvVar(name: RequiredPublicEnvVar): string { | ||
| const value = process.env[name]; | ||
| if (!value) { | ||
| throw new Error(`Missing required env var: ${name}`); | ||
| } | ||
| return value; | ||
| } | ||
|
|
||
| export function validatePublicEnv(): void { | ||
| REQUIRED_PUBLIC_ENV_VARS.forEach((name) => { | ||
| getRequiredPublicEnvVar(name); | ||
| }); | ||
| } | ||
|
|
||
| export const env = { | ||
| NEXT_PUBLIC_API_BASE_URL: getRequiredPublicEnvVar('NEXT_PUBLIC_API_BASE_URL'), | ||
| NEXT_PUBLIC_STELLAR_NETWORK: getRequiredPublicEnvVar( | ||
| 'NEXT_PUBLIC_STELLAR_NETWORK' | ||
| ), | ||
| } as const; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR implements four S4 reliability improvements across frontend and server:
Changes
Frontend
useXdrTransactionhook innevo_frontend/hooks/useXdrTransaction.tssubmit,status,txHash,errornevo_frontend/lib/env.tsNEXT_PUBLIC_API_BASE_URL,NEXT_PUBLIC_STELLAR_NETWORKnevo_frontend/lib/api-client.tsat module load timenevo_frontend/lib/auth-storage.tsgetToken,setToken,clearTokennevo_jwtnevo_frontend/lib/api-client.tsnevo_frontend/src/store/walletStore.tsnevo_frontend/lib/jwt-storage.tsnow delegates to auth-storagenevo_frontend/.env.exampleServer
nevo_server/src/pools/dto/create-pool.dto.tsnevo_server/src/pools/dto/donate-pool.dto.tsnevo_server/src/pools/dto/index.tsnevo_server/src/pools/pools.controller.tsto use DTO body types on:POST /poolsPOST /pools/:id/donatenevo_server/src/pools/pools.service.tsValidationPipewas already enabled innevo_server/src/main.tswith whitelist settingsVerification
Closes #801
Closes #798
Closes #799
Closes #804