Feat/nfc payload endpoint

[Midoriya-w]

Closes #35

Changes:

• Added apps/backend/src/routes/nfc.ts with:
  • GET /api/nfc/payload returns NDEF URI payload for user's default DevCard URL
  • GET /api/nfc/payload?card= returns card-specific URL with ownership validation
  • Returns 403 if cardId doesn't belong to authenticated user
  • Returns 404 if user or card not found
• Registered route in apps/backend/src/app.ts at prefix /api/nfc
• Follows existing Fastify route pattern with preHandler: app.authenticate

[Harxhit]

Error handling around the DB logic should be improved here.

[Midoriya-w]

Wrapped the user fetch in try/catch with request.log.error logging and returns 500 with a clear error message if DB fails.

[Harxhit]

Could we validate the query params with Zod here it can be more robust.

[Midoriya-w]

Added a Zod schema nfcQuerySchema with safeParse to validate query params returns 400 with flattened error details if invalid.

[Harxhit]

Could error handling can be improved here?

[Midoriya-w]

Wrapped card fetch in its own try/catch returns 404 if card not found, 403 if ownership mismatch, and 500 with request.log.error logging if DB fails.

[Harxhit]

Typed response schema is missing here?

[Midoriya-w]

Adding a typed response interface now will push the fix shortly!

[Harxhit]

Please add typed response here.

[Harxhit]

Typed response schema missing here?

[Harxhit]

@Midoriya-w Your PR have merge conflicts.

[Midoriya-w]

Good catch! Adding a typed response interface now.

[Midoriya-w]

Hey @Harxhit! Resolved the merge conflicts in app.ts kept both nfcRoutes and eventRoutes registrations. Also addressed all review comments. Could you re-review when you get a chance?

[Midoriya-w]

Added NfcPayloadResponse type and updated both reply.send calls to reply.send() for full type safety.

[Harxhit]

Dimport?

[Midoriya-w]

Fixed, removed the accidental D from the import statement.

[Harxhit]

@Midoriya-w Could you please add proofs for test in the PR descriptions.

[Midoriya-w]

Test Evidence

"Endpoint: GET /api/nfc/payload"

• Returns { type: 'URI', payload: 'https://devcard.dev/<username>' } for authenticated user

"Endpoint: GET /api/nfc/payload?card="

• Returns card-specific URL if card belongs to user
• Returns 403 if card belongs to different user
• Returns 404 if card not found
• Returns 400 if cardId is not a valid UUID (Zod validation)
• Returns 500 with logged error if DB fails

[Harxhit]

Test Evidence

"Endpoint: GET /api/nfc/payload"

* Returns `{ type: 'URI', payload: 'https://devcard.dev/<username>' }` for authenticated user

"Endpoint: GET /api/nfc/payload?card="

* Returns card-specific URL if card belongs to user

* Returns 403 if card belongs to different user

* Returns 404 if card not found

* Returns 400 if cardId is not a valid UUID (Zod validation)

* Returns 500 with logged error if DB fails

packages/shared/src/tests/cards.test.ts Add proofs for these in the PR description.

[Midoriya-w]

Hey @Harxhit! Here are the test proofs from packages/shared/src/tests/cards.test.ts:
validateCardPlatforms tests (7 cases):

-passes with valid platforms

• fails with empty array
• fails with unknown platform
• fails with duplicate platforms
• passes with exactly 10 platforms
• fails with more than 10 platforms
• ails with all invalid platforms

diffCardPlatforms tests (3 cases):

• correctly identifies added, removed, unchanged
• handles empty old card
• handles identical cards

All 10 test cases cover the acceptance criteria edge cases

[Harxhit]

Hey @Harxhit! Here are the test proofs from packages/shared/src/tests/cards.test.ts:
validateCardPlatforms tests (7 cases):

-passes with valid platforms

• fails with empty array
• fails with unknown platform
• fails with duplicate platforms
• passes with exactly 10 platforms
• fails with more than 10 platforms
• ails with all invalid platforms

diffCardPlatforms tests (3 cases):

• correctly identifies added, removed, unchanged
• handles empty old card
• handles identical cards

All 10 test cases cover the acceptance criteria edge cases

Please attach terminal screenshots to the description

[Midoriya-w]

Test Evidence

Shared Package Tests

All shared package tests pass successfully.

• src/platforms.test.ts 9 tests passed
• src/__tests__/cards.test.ts 10 tests passed
• Total: 19 tests passed

[Midoriya-w]

Added terminal screenshots to the PR description as requested. All shared package tests are passing successfully.

[Harxhit]

Catch position should be here

[Midoriya-w]

Refactored the code to narrow the try/catch scope as suggested. Thanks for the review!

[Harxhit]

Catch position should be here.

[Midoriya-w]

Updated this section as well to keep the try/catch scoped only around the database call. Thanks for catching that.

[Midoriya-w]

Hey @ShantKhatri! Harxhit has reviewed and confirmed the changes look good. Could you do the final PA review when you get a chance?

[Harxhit]

@ShantKhatri Looks good to me your final review please.