Skip to content

feat(routes-d): DELETE /api/routes-d/deposits/addresses/[id] (#1029)#1062

Open
Rufai-Ahmed wants to merge 1 commit into
davedumto:mainfrom
Rufai-Ahmed:feat/routes-d-delete-deposit-address
Open

feat(routes-d): DELETE /api/routes-d/deposits/addresses/[id] (#1029)#1062
Rufai-Ahmed wants to merge 1 commit into
davedumto:mainfrom
Rufai-Ahmed:feat/routes-d-delete-deposit-address

Conversation

@Rufai-Ahmed

Copy link
Copy Markdown

What this does

Implements DELETE /api/routes-d/deposits/addresses/[id] to remove a deposit address.

Changes

  • app/api/routes-d/deposits/addresses/[id]/route.ts (DELETE handler)
  • app/api/routes-d/deposits/addresses/[id]/__tests__/deposit-address.test.ts (colocated vitest)

Behaviour

The handler mirrors the existing routes-d conventions. Closest neighbours: members/[id]/route.ts (the canonical DELETE [id] template) and whitelist/addresses (the user-owned address model).

  • Bearer auth via verifyAuthToken, then loads the user by privyId.
  • Ownership enforced before the delete lands: 404 when the record is missing, 403 when it belongs to another user.
  • Id presence validation (400), the standard { error } envelope, and status codes plus the logger.error catch all match neighbouring routes.
  • 204 on success (hard delete, matching the address model, which has no soft-delete field unlike team members).

Tests cover the happy path, missing header, invalid token, user not found, empty id, address not found, not-owner (asserts no delete is attempted), and an unexpected failure.

Note

There is no DepositAddress model in prisma/schema.prisma yet, so the handler uses the same runtime delegate-cast idiom the existing whitelist and members routes use for not-yet-generated models, rather than adding a schema migration here (that looks like a separate concern). The tests follow the repo's existing vitest patterns; I was not able to run them locally in my environment.

Closes #1029

Add a handler to remove a deposit address. It authenticates the caller,
validates the id param, loads the address, enforces ownership (404 when
missing, 403 when foreign), hard-deletes the record, and returns 204.

Follows the existing routes-d conventions (Bearer auth via verifyAuthToken,
Prisma delegate access, structured error envelopes, pino logger). Adds
vitest coverage for the happy path plus unauthorized, user-not-found,
invalid-id, address-not-found, not-owner, and failure modes.
@vercel

vercel Bot commented Jun 23, 2026

Copy link
Copy Markdown

@donprecious is attempting to deploy a commit to the david's projects Team on Vercel.

A member of the Team first needs to authorize it.

@Rufai-Ahmed Rufai-Ahmed force-pushed the feat/routes-d-delete-deposit-address branch from 498c76f to f7fa4af Compare June 23, 2026 23:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[routes-d] DELETE /api/routes-d/deposits/addresses/[id] - remove a deposit address

1 participant