From 976f827c335eb0a4329735f5490f950529bf9de2 Mon Sep 17 00:00:00 2001
From: ReinaMaze <murnamaze456@gmail.com>
Date: Mon, 1 Jun 2026 13:13:54 +0100
Subject: [PATCH] fix: add review validation and authorization

---
 .../__tests__/services/review.service.test.ts | 405 ++++++++++++++++++
 dongle/app/projects/[id]/page.tsx             |  20 +-
 dongle/app/reviews/page.tsx                   |  51 ++-
 dongle/components/reviews/ReviewForm.tsx      |  56 ++-
 dongle/package-lock.json                      |  98 -----
 dongle/services/review/review.service.ts      | 138 +++++-
 dongle/types/review.ts                        |  13 +
 7 files changed, 648 insertions(+), 133 deletions(-)
 create mode 100644 dongle/__tests__/services/review.service.test.ts

diff --git a/dongle/__tests__/services/review.service.test.ts b/dongle/__tests__/services/review.service.test.ts
new file mode 100644
index 0000000..17d66e5
--- /dev/null
+++ b/dongle/__tests__/services/review.service.test.ts
@@ -0,0 +1,405 @@
+import { describe, it, expect, beforeEach, afterEach, vi } from "vitest";
+import { reviewService } from "@/services/review/review.service";
+import { Review, REVIEW_CONSTRAINTS } from "@/types/review";
+
+// Mock localStorage
+const localStorageMock = (() => {
+  let store: Record<string, string> = {};
+
+  return {
+    getItem: (key: string) => store[key] || null,
+    setItem: (key: string, value: string) => {
+      store[key] = value.toString();
+    },
+    removeItem: (key: string) => {
+      delete store[key];
+    },
+    clear: () => {
+      store = {};
+    },
+  };
+})();
+
+Object.defineProperty(window, "localStorage", {
+  value: localStorageMock,
+});
+
+describe("Review Service", () => {
+  beforeEach(() => {
+    localStorage.clear();
+  });
+
+  afterEach(() => {
+    localStorage.clear();
+  });
+
+  describe("addReview", () => {
+    it("should add a valid review", () => {
+      const review = {
+        projectId: "proj1",
+        projectName: "Test Project",
+        userAddress: "user1",
+        rating: 5,
+        comment: "This is a great project with excellent features",
+      };
+
+      const result = reviewService.addReview(review, "user1");
+
+      expect(result.success).toBe(true);
+      expect(result.data).toBeDefined();
+      expect(result.data?.id).toBeDefined();
+      expect(result.data?.createdAt).toBeDefined();
+      expect(result.data?.rating).toBe(5);
+      expect(result.data?.comment).toBe(review.comment);
+    });
+
+    it("should reject review with invalid rating (too low)", () => {
+      const review = {
+        projectId: "proj1",
+        projectName: "Test Project",
+        userAddress: "user1",
+        rating: 0,
+        comment: "This is a great project with excellent features",
+      };
+
+      const result = reviewService.addReview(review, "user1");
+
+      expect(result.success).toBe(false);
+      expect(result.errors).toBeDefined();
+      expect(result.errors?.[0].field).toBe("rating");
+      expect(result.errors?.[0].message).toContain("between");
+    });
+
+    it("should reject review with invalid rating (too high)", () => {
+      const review = {
+        projectId: "proj1",
+        projectName: "Test Project",
+        userAddress: "user1",
+        rating: 6,
+        comment: "This is a great project with excellent features",
+      };
+
+      const result = reviewService.addReview(review, "user1");
+
+      expect(result.success).toBe(false);
+      expect(result.errors?.[0].field).toBe("rating");
+    });
+
+    it("should reject review with non-integer rating", () => {
+      const review = {
+        projectId: "proj1",
+        projectName: "Test Project",
+        userAddress: "user1",
+        rating: 3.5,
+        comment: "This is a great project with excellent features",
+      };
+
+      const result = reviewService.addReview(review, "user1");
+
+      expect(result.success).toBe(false);
+      expect(result.errors?.[0].field).toBe("rating");
+    });
+
+    it("should reject review with comment too short", () => {
+      const review = {
+        projectId: "proj1",
+        projectName: "Test Project",
+        userAddress: "user1",
+        rating: 5,
+        comment: "Too short",
+      };
+
+      const result = reviewService.addReview(review, "user1");
+
+      expect(result.success).toBe(false);
+      expect(result.errors?.[0].field).toBe("comment");
+      expect(result.errors?.[0].message).toContain("at least");
+    });
+
+    it("should reject review with comment too long", () => {
+      const review = {
+        projectId: "proj1",
+        projectName: "Test Project",
+        userAddress: "user1",
+        rating: 5,
+        comment: "a".repeat(REVIEW_CONSTRAINTS.COMMENT_MAX_LENGTH + 1),
+      };
+
+      const result = reviewService.addReview(review, "user1");
+
+      expect(result.success).toBe(false);
+      expect(result.errors?.[0].field).toBe("comment");
+      expect(result.errors?.[0].message).toContain("cannot exceed");
+    });
+
+    it("should reject duplicate review from same user for same project", () => {
+      const review = {
+        projectId: "proj1",
+        projectName: "Test Project",
+        userAddress: "user1",
+        rating: 5,
+        comment: "This is a great project with excellent features",
+      };
+
+      const result1 = reviewService.addReview(review, "user1");
+      expect(result1.success).toBe(true);
+
+      const result2 = reviewService.addReview(review, "user1");
+      expect(result2.success).toBe(false);
+      expect(result2.errors?.[0].message).toContain("already reviewed");
+    });
+
+    it("should allow different users to review same project", () => {
+      const review = {
+        projectId: "proj1",
+        projectName: "Test Project",
+        rating: 5,
+        comment: "This is a great project with excellent features",
+      };
+
+      const result1 = reviewService.addReview(
+        { ...review, userAddress: "user1" },
+        "user1"
+      );
+      expect(result1.success).toBe(true);
+
+      const result2 = reviewService.addReview(
+        { ...review, userAddress: "user2" },
+        "user2"
+      );
+      expect(result2.success).toBe(true);
+    });
+
+    it("should allow same user to review different projects", () => {
+      const review = {
+        userAddress: "user1",
+        rating: 5,
+        comment: "This is a great project with excellent features",
+      };
+
+      const result1 = reviewService.addReview(
+        { ...review, projectId: "proj1", projectName: "Project 1" },
+        "user1"
+      );
+      expect(result1.success).toBe(true);
+
+      const result2 = reviewService.addReview(
+        { ...review, projectId: "proj2", projectName: "Project 2" },
+        "user1"
+      );
+      expect(result2.success).toBe(true);
+    });
+  });
+
+  describe("updateReview", () => {
+    let reviewId: string;
+
+    beforeEach(() => {
+      const review = {
+        projectId: "proj1",
+        projectName: "Test Project",
+        userAddress: "user1",
+        rating: 5,
+        comment: "This is a great project with excellent features",
+      };
+      const result = reviewService.addReview(review, "user1");
+      reviewId = result.data?.id || "";
+    });
+
+    it("should update review by owner", () => {
+      const result = reviewService.updateReview(
+        reviewId,
+        { rating: 4, comment: "Updated comment with more details here" },
+        "user1"
+      );
+
+      expect(result.success).toBe(true);
+      expect(result.data?.rating).toBe(4);
+      expect(result.data?.comment).toBe("Updated comment with more details here");
+    });
+
+    it("should reject update by non-owner", () => {
+      const result = reviewService.updateReview(
+        reviewId,
+        { rating: 4, comment: "Updated comment with more details here" },
+        "user2"
+      );
+
+      expect(result.success).toBe(false);
+      expect(result.errors?.[0].message).toContain("permission");
+    });
+
+    it("should reject update with invalid rating", () => {
+      const result = reviewService.updateReview(
+        reviewId,
+        { rating: 10, comment: "Updated comment with more details here" },
+        "user1"
+      );
+
+      expect(result.success).toBe(false);
+      expect(result.errors?.[0].field).toBe("rating");
+    });
+
+    it("should reject update with invalid comment", () => {
+      const result = reviewService.updateReview(
+        reviewId,
+        { rating: 4, comment: "short" },
+        "user1"
+      );
+
+      expect(result.success).toBe(false);
+      expect(result.errors?.[0].field).toBe("comment");
+    });
+
+    it("should reject update of non-existent review", () => {
+      const result = reviewService.updateReview(
+        "nonexistent",
+        { rating: 4, comment: "Updated comment with more details here" },
+        "user1"
+      );
+
+      expect(result.success).toBe(false);
+      expect(result.errors?.[0].message).toContain("not found");
+    });
+
+    it("should allow partial updates", () => {
+      const result = reviewService.updateReview(
+        reviewId,
+        { rating: 3 },
+        "user1"
+      );
+
+      expect(result.success).toBe(true);
+      expect(result.data?.rating).toBe(3);
+      expect(result.data?.comment).toBe(
+        "This is a great project with excellent features"
+      );
+    });
+  });
+
+  describe("deleteReview", () => {
+    let reviewId: string;
+
+    beforeEach(() => {
+      const review = {
+        projectId: "proj1",
+        projectName: "Test Project",
+        userAddress: "user1",
+        rating: 5,
+        comment: "This is a great project with excellent features",
+      };
+      const result = reviewService.addReview(review, "user1");
+      reviewId = result.data?.id || "";
+    });
+
+    it("should delete review by owner", () => {
+      const result = reviewService.deleteReview(reviewId, "user1");
+
+      expect(result.success).toBe(true);
+      const reviews = reviewService.getReviews();
+      expect(reviews.find((r) => r.id === reviewId)).toBeUndefined();
+    });
+
+    it("should reject delete by non-owner", () => {
+      const result = reviewService.deleteReview(reviewId, "user2");
+
+      expect(result.success).toBe(false);
+      expect(result.error).toContain("permission");
+      const reviews = reviewService.getReviews();
+      expect(reviews.find((r) => r.id === reviewId)).toBeDefined();
+    });
+
+    it("should reject delete of non-existent review", () => {
+      const result = reviewService.deleteReview("nonexistent", "user1");
+
+      expect(result.success).toBe(false);
+      expect(result.error).toContain("not found");
+    });
+  });
+
+  describe("getReviewsByProject", () => {
+    beforeEach(() => {
+      const reviews = [
+        {
+          projectId: "proj1",
+          projectName: "Project 1",
+          userAddress: "user1",
+          rating: 5,
+          comment: "This is a great project with excellent features",
+        },
+        {
+          projectId: "proj1",
+          projectName: "Project 1",
+          userAddress: "user2",
+          rating: 4,
+          comment: "Good project with some minor issues here",
+        },
+        {
+          projectId: "proj2",
+          projectName: "Project 2",
+          userAddress: "user1",
+          rating: 3,
+          comment: "Average project with decent functionality",
+        },
+      ];
+
+      reviews.forEach((review, index) => {
+        reviewService.addReview(review, review.userAddress);
+      });
+    });
+
+    it("should return all reviews for a project", () => {
+      const reviews = reviewService.getReviewsByProject("proj1");
+      expect(reviews).toHaveLength(2);
+      expect(reviews.every((r) => r.projectId === "proj1")).toBe(true);
+    });
+
+    it("should return empty array for project with no reviews", () => {
+      const reviews = reviewService.getReviewsByProject("nonexistent");
+      expect(reviews).toHaveLength(0);
+    });
+  });
+
+  describe("getReviewsByUser", () => {
+    beforeEach(() => {
+      const reviews = [
+        {
+          projectId: "proj1",
+          projectName: "Project 1",
+          userAddress: "user1",
+          rating: 5,
+          comment: "This is a great project with excellent features",
+        },
+        {
+          projectId: "proj2",
+          projectName: "Project 2",
+          userAddress: "user1",
+          rating: 4,
+          comment: "Good project with some minor issues here",
+        },
+        {
+          projectId: "proj1",
+          projectName: "Project 1",
+          userAddress: "user2",
+          rating: 3,
+          comment: "Average project with decent functionality",
+        },
+      ];
+
+      reviews.forEach((review) => {
+        reviewService.addReview(review, review.userAddress);
+      });
+    });
+
+    it("should return all reviews by a user", () => {
+      const reviews = reviewService.getReviewsByUser("user1");
+      expect(reviews).toHaveLength(2);
+      expect(reviews.every((r) => r.userAddress === "user1")).toBe(true);
+    });
+
+    it("should return empty array for user with no reviews", () => {
+      const reviews = reviewService.getReviewsByUser("nonexistent");
+      expect(reviews).toHaveLength(0);
+    });
+  });
+});
diff --git a/dongle/app/projects/[id]/page.tsx b/dongle/app/projects/[id]/page.tsx
index 6bd1a8b..5831004 100644
--- a/dongle/app/projects/[id]/page.tsx
+++ b/dongle/app/projects/[id]/page.tsx
@@ -67,8 +67,9 @@ export default function ProjectDetailPage() {
   };
 
   const handleDelete = (id: string) => {
+    if (!publicKey) return;
     if (confirm("Are you sure you want to delete this review?")) {
-      reviewService.deleteReview(id);
+      reviewService.deleteReview(id, publicKey);
       setReviews(reviewService.getReviewsByProject(projectId));
     }
   };
@@ -77,14 +78,17 @@ export default function ProjectDetailPage() {
     if (!publicKey || !project) return;
 
     if (editingReview) {
-      reviewService.updateReview(editingReview.id, data);
+      reviewService.updateReview(editingReview.id, data, publicKey);
     } else {
-      reviewService.addReview({
-        projectId: project.id,
-        projectName: project.name,
-        userAddress: publicKey,
-        ...data,
-      });
+      reviewService.addReview(
+        {
+          projectId: project.id,
+          projectName: project.name,
+          userAddress: publicKey,
+          ...data,
+        },
+        publicKey
+      );
     }
 
     setReviews(reviewService.getReviewsByProject(projectId));
diff --git a/dongle/app/reviews/page.tsx b/dongle/app/reviews/page.tsx
index d8fe05e..669211e 100644
--- a/dongle/app/reviews/page.tsx
+++ b/dongle/app/reviews/page.tsx
@@ -7,6 +7,7 @@ import { Review, Project } from "@/types/review";
 import ReviewList from "@/components/reviews/ReviewList";
 import ReviewForm from "@/components/reviews/ReviewForm";
 import { mockProjects } from "@/data/mockProjects";
+import { toast } from "sonner";
 
 export default function ReviewsPage() {
   const { isConnected, publicKey, connectWallet } = useWallet();
@@ -41,9 +42,15 @@ export default function ReviewsPage() {
   };
 
   const handleDeleteReview = (id: string) => {
+    if (!publicKey) return;
     if (confirm("Are you sure you want to delete this review?")) {
-      reviewService.deleteReview(id);
-      setReviews(reviewService.getReviews());
+      const result = reviewService.deleteReview(id, publicKey);
+      if (result.success) {
+        setReviews(reviewService.getReviews());
+        toast.success("Review deleted");
+      } else {
+        toast.error(result.error || "Failed to delete review");
+      }
     }
   };
 
@@ -51,20 +58,36 @@ export default function ReviewsPage() {
     if (!publicKey || !selectedProject) return;
 
     if (editingReview) {
-      reviewService.updateReview(editingReview.id, data);
+      const result = reviewService.updateReview(editingReview.id, data, publicKey);
+      if (result.success) {
+        setReviews(reviewService.getReviews());
+        setIsAddingReview(false);
+        setEditingReview(null);
+        setSelectedProject(null);
+        toast.success("Review updated");
+      } else {
+        toast.error(result.errors?.[0]?.message || "Failed to update review");
+      }
     } else {
-      reviewService.addReview({
-        projectId: selectedProject.id,
-        projectName: selectedProject.name,
-        userAddress: publicKey,
-        ...data,
-      });
+      const result = reviewService.addReview(
+        {
+          projectId: selectedProject.id,
+          projectName: selectedProject.name,
+          userAddress: publicKey,
+          ...data,
+        },
+        publicKey
+      );
+      if (result.success) {
+        setReviews(reviewService.getReviews());
+        setIsAddingReview(false);
+        setEditingReview(null);
+        setSelectedProject(null);
+        toast.success("Review posted");
+      } else {
+        toast.error(result.errors?.[0]?.message || "Failed to post review");
+      }
     }
-
-    setReviews(reviewService.getReviews());
-    setIsAddingReview(false);
-    setEditingReview(null);
-    setSelectedProject(null);
   };
 
   return (
diff --git a/dongle/components/reviews/ReviewForm.tsx b/dongle/components/reviews/ReviewForm.tsx
index 7117dfa..a6aae3a 100644
--- a/dongle/components/reviews/ReviewForm.tsx
+++ b/dongle/components/reviews/ReviewForm.tsx
@@ -1,7 +1,7 @@
 "use client";
 
 import { useState } from "react";
-import { Review } from "@/types/review";
+import { Review, REVIEW_CONSTRAINTS, ReviewValidationError } from "@/types/review";
 
 interface ReviewFormProps {
   projectId: string;
@@ -20,10 +20,41 @@ export default function ReviewForm({
 }: ReviewFormProps) {
   const [rating, setRating] = useState(initialReview?.rating || 5);
   const [comment, setComment] = useState(initialReview?.comment || "");
+  const [errors, setErrors] = useState<ReviewValidationError[]>([]);
+
+  const validateForm = (): boolean => {
+    const newErrors: ReviewValidationError[] = [];
+
+    if (rating < REVIEW_CONSTRAINTS.RATING_MIN || rating > REVIEW_CONSTRAINTS.RATING_MAX) {
+      newErrors.push({
+        field: "rating",
+        message: `Rating must be between ${REVIEW_CONSTRAINTS.RATING_MIN} and ${REVIEW_CONSTRAINTS.RATING_MAX}`,
+      });
+    }
+
+    if (comment.trim().length < REVIEW_CONSTRAINTS.COMMENT_MIN_LENGTH) {
+      newErrors.push({
+        field: "comment",
+        message: `Comment must be at least ${REVIEW_CONSTRAINTS.COMMENT_MIN_LENGTH} characters`,
+      });
+    }
+
+    if (comment.length > REVIEW_CONSTRAINTS.COMMENT_MAX_LENGTH) {
+      newErrors.push({
+        field: "comment",
+        message: `Comment cannot exceed ${REVIEW_CONSTRAINTS.COMMENT_MAX_LENGTH} characters`,
+      });
+    }
+
+    setErrors(newErrors);
+    return newErrors.length === 0;
+  };
 
   const handleSubmit = (e: React.FormEvent) => {
     e.preventDefault();
-    onSubmit({ rating, comment });
+    if (validateForm()) {
+      onSubmit({ rating, comment });
+    }
   };
 
   return (
@@ -65,10 +96,17 @@ export default function ReviewForm({
               </button>
             ))}
           </div>
+          {errors.some((e) => e.field === "rating") && (
+            <p className="text-red-500 text-sm mt-2">
+              {errors.find((e) => e.field === "rating")?.message}
+            </p>
+          )}
         </div>
 
         <div>
-          <label className="block text-sm font-medium mb-2">Comment</label>
+          <label className="block text-sm font-medium mb-2">
+            Comment ({comment.length}/{REVIEW_CONSTRAINTS.COMMENT_MAX_LENGTH})
+          </label>
           <textarea
             required
             value={comment}
@@ -76,6 +114,18 @@ export default function ReviewForm({
             placeholder="Share your experience with this project..."
             className="w-full h-32 px-4 py-3 bg-zinc-50 dark:bg-zinc-800 border border-zinc-200 dark:border-zinc-700 rounded-2xl focus:ring-2 focus:ring-blue-500 outline-none transition-all resize-none"
           />
+          <div className="flex justify-between items-start mt-2">
+            <div>
+              {errors.some((e) => e.field === "comment") && (
+                <p className="text-red-500 text-sm">
+                  {errors.find((e) => e.field === "comment")?.message}
+                </p>
+              )}
+            </div>
+            <p className="text-xs text-zinc-500">
+              Min: {REVIEW_CONSTRAINTS.COMMENT_MIN_LENGTH} chars
+            </p>
+          </div>
         </div>
       </div>
 
diff --git a/dongle/package-lock.json b/dongle/package-lock.json
index d45871c..bcec3a1 100644
--- a/dongle/package-lock.json
+++ b/dongle/package-lock.json
@@ -11,7 +11,6 @@
         "@hookform/resolvers": "^5.2.2",
         "@stellar/freighter-api": "^6.0.1",
         "clsx": "^2.1.1",
-        "lightningcss-darwin-arm64": "1.32.0",
         "lucide-react": "^1.11.0",
         "next": "16.1.3",
         "react": "19.2.3",
@@ -2159,27 +2158,6 @@
         "tailwindcss": "4.2.4"
       }
     },
-    "node_modules/@testing-library/dom": {
-      "version": "10.4.1",
-      "resolved": "https://registry.npmjs.org/@testing-library/dom/-/dom-10.4.1.tgz",
-      "integrity": "sha512-o4PXJQidqJl82ckFaXUeoAW+XysPLauYI43Abki5hABd853iMhitooc6znOnczgbTYmEP6U6/y1ZyKAIsvMKGg==",
-      "dev": true,
-      "license": "MIT",
-      "peer": true,
-      "dependencies": {
-        "@babel/code-frame": "^7.10.4",
-        "@babel/runtime": "^7.12.5",
-        "@types/aria-query": "^5.0.1",
-        "aria-query": "5.3.0",
-        "dom-accessibility-api": "^0.5.9",
-        "lz-string": "^1.5.0",
-        "picocolors": "1.1.1",
-        "pretty-format": "^27.0.2"
-      },
-      "engines": {
-        "node": ">=18"
-      }
-    },
     "node_modules/@testing-library/jest-dom": {
       "version": "6.9.1",
       "resolved": "https://registry.npmjs.org/@testing-library/jest-dom/-/jest-dom-6.9.1.tgz",
@@ -2260,14 +2238,6 @@
         "tslib": "^2.4.0"
       }
     },
-    "node_modules/@types/aria-query": {
-      "version": "5.0.4",
-      "resolved": "https://registry.npmjs.org/@types/aria-query/-/aria-query-5.0.4.tgz",
-      "integrity": "sha512-rfT93uj5s0PRL7EzccGMs3brplhcrghnDoV26NqKhCAS1hVo+WdNsPvE/yb6ilfr5hi2MEk6d5EWJTKdxg8jVw==",
-      "dev": true,
-      "license": "MIT",
-      "peer": true
-    },
     "node_modules/@types/chai": {
       "version": "5.2.3",
       "resolved": "https://registry.npmjs.org/@types/chai/-/chai-5.2.3.tgz",
@@ -3080,17 +3050,6 @@
         "url": "https://github.com/sponsors/epoberezkin"
       }
     },
-    "node_modules/ansi-regex": {
-      "version": "5.0.1",
-      "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz",
-      "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==",
-      "dev": true,
-      "license": "MIT",
-      "peer": true,
-      "engines": {
-        "node": ">=8"
-      }
-    },
     "node_modules/ansi-styles": {
       "version": "4.3.0",
       "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
@@ -3948,14 +3907,6 @@
         "node": ">=0.10.0"
       }
     },
-    "node_modules/dom-accessibility-api": {
-      "version": "0.5.16",
-      "resolved": "https://registry.npmjs.org/dom-accessibility-api/-/dom-accessibility-api-0.5.16.tgz",
-      "integrity": "sha512-X7BJ2yElsnOJ30pZF4uIIDfBEVgF4XEBxL9Bxhy6dnrm5hkzqmsWHGTiHqRiITNhMyFLyAiWndIJP7Z1NTteDg==",
-      "dev": true,
-      "license": "MIT",
-      "peer": true
-    },
     "node_modules/dunder-proto": {
       "version": "1.0.1",
       "resolved": "https://registry.npmjs.org/dunder-proto/-/dunder-proto-1.0.1.tgz",
@@ -6230,17 +6181,6 @@
         "react": "^16.5.1 || ^17.0.0 || ^18.0.0 || ^19.0.0"
       }
     },
-    "node_modules/lz-string": {
-      "version": "1.5.0",
-      "resolved": "https://registry.npmjs.org/lz-string/-/lz-string-1.5.0.tgz",
-      "integrity": "sha512-h5bgJWpxJNswbU7qCrV0tIKQCaS3blPDrqKWx+QxzuzL1zGUzij9XCWLrSLsJPu5t+eWA/ycetzYAO5IOMcWAQ==",
-      "dev": true,
-      "license": "MIT",
-      "peer": true,
-      "bin": {
-        "lz-string": "bin/bin.js"
-      }
-    },
     "node_modules/magic-string": {
       "version": "0.30.21",
       "resolved": "https://registry.npmjs.org/magic-string/-/magic-string-0.30.21.tgz",
@@ -6839,36 +6779,6 @@
         "node": ">= 0.8.0"
       }
     },
-    "node_modules/pretty-format": {
-      "version": "27.5.1",
-      "resolved": "https://registry.npmjs.org/pretty-format/-/pretty-format-27.5.1.tgz",
-      "integrity": "sha512-Qb1gy5OrP5+zDf2Bvnzdl3jsTf1qXVMazbvCoKhtKqVs4/YK4ozX4gKQJJVyNe+cajNPn0KoC0MC3FUmaHWEmQ==",
-      "dev": true,
-      "license": "MIT",
-      "peer": true,
-      "dependencies": {
-        "ansi-regex": "^5.0.1",
-        "ansi-styles": "^5.0.0",
-        "react-is": "^17.0.1"
-      },
-      "engines": {
-        "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0"
-      }
-    },
-    "node_modules/pretty-format/node_modules/ansi-styles": {
-      "version": "5.2.0",
-      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-5.2.0.tgz",
-      "integrity": "sha512-Cxwpt2SfTzTtXcfOlzGEee8O+c+MmUgGrNiBcXnuWxuFJHe6a5Hz7qwhwe5OgaSYI0IJvkLqWX1ASG+cJOkEiA==",
-      "dev": true,
-      "license": "MIT",
-      "peer": true,
-      "engines": {
-        "node": ">=10"
-      },
-      "funding": {
-        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
-      }
-    },
     "node_modules/prop-types": {
       "version": "15.8.1",
       "resolved": "https://registry.npmjs.org/prop-types/-/prop-types-15.8.1.tgz",
@@ -6974,14 +6884,6 @@
         "react": "^16.8.0 || ^17 || ^18 || ^19"
       }
     },
-    "node_modules/react-is": {
-      "version": "17.0.2",
-      "resolved": "https://registry.npmjs.org/react-is/-/react-is-17.0.2.tgz",
-      "integrity": "sha512-w2GsyukL62IJnlaff/nRegPQR94C/XXamvMWmSHRJ4y7Ts/4ocGRmTHvOs8PSE6pB3dWOrD/nueuU5sduBsQ4w==",
-      "dev": true,
-      "license": "MIT",
-      "peer": true
-    },
     "node_modules/redent": {
       "version": "3.0.0",
       "resolved": "https://registry.npmjs.org/redent/-/redent-3.0.0.tgz",
diff --git a/dongle/services/review/review.service.ts b/dongle/services/review/review.service.ts
index be9559c..8d28ac0 100644
--- a/dongle/services/review/review.service.ts
+++ b/dongle/services/review/review.service.ts
@@ -1,7 +1,51 @@
-import { Review } from "@/types/review";
+import { Review, REVIEW_CONSTRAINTS, ReviewValidationError } from "@/types/review";
 
 const STORAGE_KEY = "dongle_reviews";
 
+/**
+ * Validates review data before persistence
+ */
+function validateReview(
+  rating: number,
+  comment: string
+): ReviewValidationError[] {
+  const errors: ReviewValidationError[] = [];
+
+  // Validate rating
+  if (!Number.isInteger(rating) || rating < REVIEW_CONSTRAINTS.RATING_MIN || rating > REVIEW_CONSTRAINTS.RATING_MAX) {
+    errors.push({
+      field: "rating",
+      message: `Rating must be an integer between ${REVIEW_CONSTRAINTS.RATING_MIN} and ${REVIEW_CONSTRAINTS.RATING_MAX}`,
+    });
+  }
+
+  // Validate comment
+  if (comment.trim().length < REVIEW_CONSTRAINTS.COMMENT_MIN_LENGTH) {
+    errors.push({
+      field: "comment",
+      message: `Comment must be at least ${REVIEW_CONSTRAINTS.COMMENT_MIN_LENGTH} characters`,
+    });
+  }
+
+  if (comment.length > REVIEW_CONSTRAINTS.COMMENT_MAX_LENGTH) {
+    errors.push({
+      field: "comment",
+      message: `Comment cannot exceed ${REVIEW_CONSTRAINTS.COMMENT_MAX_LENGTH} characters`,
+    });
+  }
+
+  return errors;
+}
+
+/**
+ * Checks if a user already has a review for a project
+ */
+function hasExistingReview(userAddress: string, projectId: string, reviews: Review[]): boolean {
+  return reviews.some(
+    (r) => r.userAddress === userAddress && r.projectId === projectId
+  );
+}
+
 export const reviewService = {
   getReviews(): Review[] {
     if (typeof window === "undefined") return [];
@@ -9,32 +53,106 @@ export const reviewService = {
     return stored ? JSON.parse(stored) : [];
   },
 
-  addReview(review: Omit<Review, "id" | "createdAt">): Review {
+  addReview(
+    review: Omit<Review, "id" | "createdAt">,
+    userAddress: string
+  ): { success: boolean; data?: Review; errors?: ReviewValidationError[] } {
+    // Validate input
+    const validationErrors = validateReview(review.rating, review.comment);
+    if (validationErrors.length > 0) {
+      return { success: false, errors: validationErrors };
+    }
+
     const reviews = this.getReviews();
+
+    // Check for duplicate review
+    if (hasExistingReview(userAddress, review.projectId, reviews)) {
+      return {
+        success: false,
+        errors: [
+          {
+            field: "comment",
+            message: "You have already reviewed this project",
+          },
+        ],
+      };
+    }
+
     const newReview: Review = {
       ...review,
+      userAddress,
       id: Math.random().toString(36).substring(2, 9),
       createdAt: new Date().toISOString(),
     };
     const updatedReviews = [newReview, ...reviews];
     localStorage.setItem(STORAGE_KEY, JSON.stringify(updatedReviews));
-    return newReview;
+    return { success: true, data: newReview };
   },
 
-  updateReview(id: string, updates: Partial<Pick<Review, "rating" | "comment">>): Review {
+  updateReview(
+    id: string,
+    updates: Partial<Pick<Review, "rating" | "comment">>,
+    userAddress: string
+  ): { success: boolean; data?: Review; errors?: ReviewValidationError[] } {
     const reviews = this.getReviews();
     const index = reviews.findIndex((r) => r.id === id);
-    if (index === -1) throw new Error("Review not found");
+
+    if (index === -1) {
+      return {
+        success: false,
+        errors: [{ field: "comment", message: "Review not found" }],
+      };
+    }
+
+    // Authorization check: verify ownership
+    if (reviews[index].userAddress !== userAddress) {
+      return {
+        success: false,
+        errors: [
+          {
+            field: "comment",
+            message: "You do not have permission to edit this review",
+          },
+        ],
+      };
+    }
+
+    // Validate updates
+    const rating = updates.rating ?? reviews[index].rating;
+    const comment = updates.comment ?? reviews[index].comment;
+    const validationErrors = validateReview(rating, comment);
+    if (validationErrors.length > 0) {
+      return { success: false, errors: validationErrors };
+    }
 
     const updatedReview = { ...reviews[index], ...updates };
     reviews[index] = updatedReview;
     localStorage.setItem(STORAGE_KEY, JSON.stringify(reviews));
-    return updatedReview;
+    return { success: true, data: updatedReview };
   },
 
-  deleteReview(id: string): void {
-    const reviews = this.getReviews().filter((r) => r.id !== id);
-    localStorage.setItem(STORAGE_KEY, JSON.stringify(reviews));
+  deleteReview(
+    id: string,
+    userAddress: string
+  ): { success: boolean; error?: string } {
+    const reviews = this.getReviews();
+    const review = reviews.find((r) => r.id === id);
+
+    if (!review) {
+      return { success: false, error: "Review not found" };
+    }
+
+    // Authorization check: verify ownership
+    if (review.userAddress !== userAddress) {
+      return {
+        success: false,
+        error: "You do not have permission to delete this review",
+      };
+    }
+
+    const updatedReviews = reviews.filter((r) => r.id !== id);
+    localStorage.setItem(STORAGE_KEY, JSON.stringify(updatedReviews));
+    return { success: true };
   },
 
   getReviewsByProject(projectId: string): Review[] {
@@ -43,5 +161,5 @@ export const reviewService = {
 
   getReviewsByUser(userAddress: string): Review[] {
     return this.getReviews().filter((r) => r.userAddress === userAddress);
-  }
+  },
 };
diff --git a/dongle/types/review.ts b/dongle/types/review.ts
index 19368e9..a51c794 100644
--- a/dongle/types/review.ts
+++ b/dongle/types/review.ts
@@ -16,3 +16,16 @@ export interface Project {
   rating: number;
   reviews: number;
 }
+
+// Validation constraints
+export const REVIEW_CONSTRAINTS = {
+  RATING_MIN: 1,
+  RATING_MAX: 5,
+  COMMENT_MIN_LENGTH: 10,
+  COMMENT_MAX_LENGTH: 1000,
+} as const;
+
+export interface ReviewValidationError {
+  field: "rating" | "comment";
+  message: string;
+}