feat: implement multi-source crypto news ingestion service and initia…

apps/backend/src/auth/auth.module.ts

@@ -1,4 +1,4 @@
-import { Module } from '@nestjs/common';
+import { Module, forwardRef } from '@nestjs/common';
 import { JwtModule, JwtModuleOptions } from '@nestjs/jwt';
 import { PassportModule } from '@nestjs/passport';
 import { TypeOrmModule } from '@nestjs/typeorm';
@@ -16,7 +16,7 @@ import { RefreshToken } from './entities/refresh-token.entity';
 @Module({
   imports: [
     TypeOrmModule.forFeature([User, PasswordResetToken, RefreshToken]),
-    UsersModule,
+    forwardRef(() => UsersModule),
     EmailModule,
     PassportModule,
     JwtModule.registerAsync({

apps/backend/src/auth/auth.service.ts

@@ -193,6 +193,64 @@ export class AuthService {
     };
   }
 
+  /**
+   * Verify the signed challenge without creating a user session or issuing JWT.
+   * Used for secure account linking.
+   */
+  async verifyChallengeOnly(
+    publicKey: string,
+    signedChallenge: string,
+  ): Promise<boolean> {
+    await Promise.resolve();
+    const storedChallenge = this.challengeStore.get(publicKey);
+
+    if (!storedChallenge) {
+      throw new BadRequestException(
+        'No challenge found for this public key. Please request a new challenge.',
+      );
+    }
+
+    if (Date.now() > storedChallenge.expiresAt) {
+      this.challengeStore.delete(publicKey);
+      throw new BadRequestException(
+        'Challenge has expired. Please request a new challenge.',
+      );
+    }
+
+    const networkPassphrase =
+      this.stellarNetwork === 'testnet' ? Networks.TESTNET : Networks.PUBLIC;
+
+    let transaction: Transaction;
+
+    try {
+      transaction = new Transaction(signedChallenge, networkPassphrase);
+    } catch {
+      this.challengeStore.delete(publicKey);
+      throw new BadRequestException('Invalid transaction format');
+    }
+
+    // Verify the transaction was signed by the user
+    const userSignature = transaction.signatures.find((sig) => {
+      try {
+        const keypair = Keypair.fromPublicKey(publicKey);
+        return keypair.verify(transaction.hash(), sig.signature());
+      } catch {
+        return false;
+      }
+    });
+
+    if (!userSignature) {
+      this.challengeStore.delete(publicKey);
+      throw new BadRequestException(
+        'Invalid signature. Transaction was not signed by the provided public key.',
+      );
+    }
+
+    // Remove used challenge
+    this.challengeStore.delete(publicKey);
+    return true;
+  }
+
   /**
    * Verify the signed challenge and issue a JWT
    */

apps/backend/src/stellar/stellar.service.ts

@@ -160,16 +160,15 @@ export class StellarService {
   ): Promise<any> {
     validateStellarPublicKey(publicKey);
     this.logger.debug(`Fetching transactions for account: ${publicKey}`);
-
     try {
-      const payments = await this.server
-        .payments()
+      const operations = await this.server
+        .operations()
         .forAccount(publicKey)
         .order('desc')
         .limit(limit)
         .call();
 
-      return payments.records;
+      return operations.records;
     } catch (error: unknown) {
       this.logger.error(`Error fetching transactions for ${publicKey}:`, error);
       throw new HorizonUnavailableException(

apps/backend/src/users/dto/link-stellar-account.dto.ts

@@ -22,4 +22,12 @@ export class LinkStellarAccountDto {
   @IsOptional()
   @MaxLength(100)
   label?: string;
+
+  @ApiProperty({
+    description:
+      'Signed challenge transaction XDR proving ownership of public key',
+    example: 'AAAAA...',
+  })
+  @IsString()
+  signedChallenge: string;
 }

apps/backend/src/users/users.module.ts

@@ -1,14 +1,19 @@
-import { Module } from '@nestjs/common';
+import { Module, forwardRef } from '@nestjs/common';
 import { TypeOrmModule } from '@nestjs/typeorm';
 import { UsersService } from './users.service';
 import { UsersController } from './users.controller';
 import { User } from './entities/user.entity';
 import { StellarAccount } from './entities/stellar-account.entity';
 import { StellarService } from '../stellar/stellar.service';
 import { UploadModule } from '../upload/upload.module';
+import { AuthModule } from '../auth/auth.module';
 
 @Module({
-  imports: [TypeOrmModule.forFeature([User, StellarAccount]), UploadModule],
+  imports: [
+    TypeOrmModule.forFeature([User, StellarAccount]),
+    UploadModule,
+    forwardRef(() => AuthModule),
+  ],
   providers: [UsersService, StellarService],
   controllers: [UsersController],
   exports: [UsersService],

apps/backend/src/users/users.service.ts

@@ -4,6 +4,8 @@ import {
   BadRequestException,
   ConflictException,
   Logger,
+  Inject,
+  forwardRef,
 } from '@nestjs/common';
 import { InjectRepository } from '@nestjs/typeorm';
 import { Repository } from 'typeorm';
@@ -14,6 +16,7 @@ import { LinkStellarAccountDto } from './dto/link-stellar-account.dto';
 import { StellarAccountResponseDto } from './dto/stellar-account-response.dto';
 import { UpdateStellarAccountLabelDto } from './dto/update-stellar-account-label.dto';
 import { UploadService } from '../upload/upload.service';
+import { AuthService } from '../auth/auth.service';
 import crypto from 'crypto';
 
 @Injectable()
@@ -27,6 +30,8 @@ export class UsersService {
     private stellarAccountRepository: Repository<StellarAccount>,
     private stellarService: StellarService,
     private uploadService: UploadService,
+    @Inject(forwardRef(() => AuthService))
+    private authService: AuthService,
   ) {}
 
   // --- BASIC CRUD ---
@@ -78,6 +83,12 @@ export class UsersService {
     userId: string,
     dto: LinkStellarAccountDto,
   ): Promise<StellarAccountResponseDto> {
+    // Verify ownership via challenge-response signature first
+    await this.authService.verifyChallengeOnly(
+      dto.publicKey,
+      dto.signedChallenge,
+    );
+
     this.stellarService.validatePublicKeyOrThrow(dto.publicKey);
 
     const user = await this.usersRepository.findOne({ where: { id: userId } });