Add reusable group ownership middleware

[Olajcodes]

📌 Pull Request

🔗 Related Issue

Closes #186

---

📝 Description

This PR adds reusable group ownership middleware to enforce that only the actual owner of a group can perform sensitive actions such as updating or transferring ownership.

The change is necessary to tighten authorization around group management, prevent unauthorized modifications, and centralize ownership checks so they can be reused across multiple endpoints.

---

🚀 Changes Made

• Feature implemented:
• Bug fixed:
• Refactor:
• Documentation updated:

Implemented a reusable middleware that:

• Verifies group ownership from database records
• Compares the caller's wallet address against the group owner
• Returns consistent authorization errors
• Logs failed ownership checks for auditing/debugging
• Can be reused across multiple endpoints

Updated sensitive routes to use the middleware:

• Group ownership transfer
• Group update / patch flow

Added unit tests to validate:

• Successful ownership checks
• Unauthorized access handling
• Error response shape

---

🧪 Testing & Validation

• Tested locally
• No runtime errors
• Existing features work as expected
• Edge cases handled

Validation performed:

• Ran Vitest for the ownership middleware test file
• Confirmed passing authorization and denial cases
• Verified error response shape and logging behavior

---

⚠️ Breaking Changes

• No breaking changes
• Breaking changes exist (explain below)

If yes, explain:

• N/A

---

📸 Screenshots (REQUIRED for UI changes)

Before	After
N/A	N/A

---

📋 Contributor Checklist (MANDATORY)

• I was assigned to this issue
• My code follows the project structure and conventions
• I have tested my changes thoroughly
• I did not introduce unnecessary dependencies
• I have linked the issue (Closes #186)
• This PR is ready for review

---

💡 Notes for Reviewer

• Key areas to review:

  • lib/middleware/group-ownership.ts
  • app/api/groups/[id]/transfer-ownership/route.ts
  • app/api/rooms/[roomId]/route.ts
  • tests/group-ownership.test.ts

• Known limitations:

  • The current unit tests focus on wallet-based ownership checks and denial paths.
  • If additional delete endpoints exist elsewhere in the codebase, they should also be wired to the middleware for full coverage.

[drips-wave]

@Olajcodes Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits.

You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀

Learn more about application limits

[SudiptaPaul-31]

@Olajcodes fix build

[Olajcodes]

@SudiptaPaul-31 I have fixed the build workflow. Kindly check through.

[SudiptaPaul-31]

@Olajcodes still fails

[Olajcodes]

@SudiptaPaul-31 I believe it should work now. I have tested it locally and it ran successfully. Kindly check through.