Skip to content

Add reusable group ownership middleware#199

Merged
SudiptaPaul-31 merged 4 commits into
Lumina-eX:mainfrom
Olajcodes:feature/group-ownership-middleware
Jun 27, 2026
Merged

Add reusable group ownership middleware#199
SudiptaPaul-31 merged 4 commits into
Lumina-eX:mainfrom
Olajcodes:feature/group-ownership-middleware

Conversation

@Olajcodes

Copy link
Copy Markdown
Contributor

📌 Pull Request

🔗 Related Issue

Closes #186


📝 Description

This PR adds reusable group ownership middleware to enforce that only the actual owner of a group can perform sensitive actions such as updating or transferring ownership.

The change is necessary to tighten authorization around group management, prevent unauthorized modifications, and centralize ownership checks so they can be reused across multiple endpoints.


🚀 Changes Made

  • Feature implemented:
  • Bug fixed:
  • Refactor:
  • Documentation updated:

Implemented a reusable middleware that:

  • Verifies group ownership from database records
  • Compares the caller's wallet address against the group owner
  • Returns consistent authorization errors
  • Logs failed ownership checks for auditing/debugging
  • Can be reused across multiple endpoints

Updated sensitive routes to use the middleware:

  • Group ownership transfer
  • Group update / patch flow

Added unit tests to validate:

  • Successful ownership checks
  • Unauthorized access handling
  • Error response shape

🧪 Testing & Validation

  • Tested locally
  • No runtime errors
  • Existing features work as expected
  • Edge cases handled

Validation performed:

  • Ran Vitest for the ownership middleware test file
  • Confirmed passing authorization and denial cases
  • Verified error response shape and logging behavior

⚠️ Breaking Changes

  • No breaking changes
  • Breaking changes exist (explain below)

If yes, explain:

  • N/A

📸 Screenshots (REQUIRED for UI changes)

Before After
N/A N/A

📋 Contributor Checklist (MANDATORY)

  • I was assigned to this issue
  • My code follows the project structure and conventions
  • I have tested my changes thoroughly
  • I did not introduce unnecessary dependencies
  • I have linked the issue (Closes #186)
  • This PR is ready for review

💡 Notes for Reviewer

  • Key areas to review:

    • lib/middleware/group-ownership.ts
    • app/api/groups/[id]/transfer-ownership/route.ts
    • app/api/rooms/[roomId]/route.ts
    • tests/group-ownership.test.ts
  • Known limitations:

    • The current unit tests focus on wallet-based ownership checks and denial paths.
    • If additional delete endpoints exist elsewhere in the codebase, they should also be wired to the middleware for full coverage.

@drips-wave

drips-wave Bot commented Jun 23, 2026

Copy link
Copy Markdown

@Olajcodes Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits.

You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀

Learn more about application limits

@SudiptaPaul-31

Copy link
Copy Markdown
Collaborator

@Olajcodes fix build

@Olajcodes

Copy link
Copy Markdown
Contributor Author

@SudiptaPaul-31 I have fixed the build workflow. Kindly check through.

@SudiptaPaul-31

Copy link
Copy Markdown
Collaborator

@Olajcodes still fails

@Olajcodes

Copy link
Copy Markdown
Contributor Author

@SudiptaPaul-31 I believe it should work now. I have tested it locally and it ran successfully. Kindly check through.

@SudiptaPaul-31 SudiptaPaul-31 merged commit c960d3d into Lumina-eX:main Jun 27, 2026
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Create Group Ownership Middleware

2 participants