feat: implement ownership transfer, IP filterin

[Cedarich]

Implement Backend Features: BE-27, BE-28, BE-29, BE-30

📋 Summary

This PR implements four backend features as specified in issues BE-27 through BE-30, all located within the backend/cmmty/ directory following the contribution guidelines.

✨ Features Implemented

🔐 BE-30: Document Ownership Transfer

Location: backend/cmmty/ownership-transfer/

• ✅ Ownership transfer entity with audit trail (id, documentId, fromUserId, toUserId, transferredAt)
• ✅ POST /cmmty/documents/:id/transfer - Transfer ownership to another user
• ✅ GET /cmmty/documents/:id/transfer-history - View complete transfer history
• ✅ Authorization: Only current document owner can initiate transfer
• ✅ Validation: Prevents self-transfer, validates target user exists
• ✅ Transactional updates ensure data consistency
• ✅ Unit tests covering authorization and execution logic

🛡️ BE-29: IP Allowlist and Blocklist Middleware

Location: backend/cmmty/ip-filter/

• ✅ IP rule entity (id, cidr, type [ALLOW/BLOCK], reason, createdAt)
• ✅ POST /cmmty/admin/ip-rules - Create IP filtering rule
• ✅ DELETE /cmmty/admin/ip-rules/:id - Remove IP filtering rule
• ✅ GET /cmmty/admin/ip-rules - List all IP rules
• ✅ Full CIDR notation support (e.g., 192.168.1.0/24, 10.0.0.0/8)
• ✅ IPv4 IP-to-number conversion and bitmask matching
• ✅ Middleware blocks requests before reaching controllers
• ✅ 1-minute cache for performance optimization
• ✅ Proxy/load balancer support (X-Forwarded-For, X-Real-IP headers)
• ✅ Admin-only access with role-based authorization
• ✅ Unit tests for IP matching logic with various CIDR ranges

💧 BE-28: Document Watermarking on Download

Location: backend/cmmty/watermark/

• ✅ GET /cmmty/documents/:id/download - Download watermarked document
• ✅ Watermark text format: {requester name} | {timestamp} | {document ID}
• ✅ PDF watermarking using pdf-lib (diagonal overlay, semi-transparent)
• ✅ Image watermarking support structure (PNG/JPEG)
• ✅ Graceful fallback for unsupported file types
• ✅ Added pdf-lib@^1.17.1 dependency
• ✅ Unit tests for watermark text generation

🌍 BE-27: Localized Email Template Support

Location: backend/cmmty/i18n-mail/

• ✅ English (default) and French translations
• ✅ Three email types translated:
  • Welcome email
  • Verification complete notification
  • Risk alert notification
• ✅ Language detection from user's preferredLanguage field
• ✅ Automatic fallback to English for unsupported/missing languages
• ✅ Added preferredLanguage column to User entity (default: 'en')
• ✅ Unit tests for language selection logic and translation content

🔑 Additional Components

• ✅ Roles decorator for RBAC (backend/src/auth/guards/roles.decorator.ts)
• ✅ RolesGuard for role-based authorization (backend/src/auth/guards/roles.guard.ts)

📁 Files Changed

New Files (24 files)

closes #356
closes #355
closes #354
closes #353

[vercel]

@Big-cedar is attempting to deploy a commit to the Mftee's projects Team on Vercel.

A member of the Team first needs to authorize it.

[drips-wave]

@Cedarich Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits.

You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀

Learn more about application limits