From 01d9039a0b85be53b01d75c31176bce87128854d Mon Sep 17 00:00:00 2001
From: Vasilica Olariu <olariu.vasilica@gmail.com>
Date: Thu, 3 Apr 2025 13:24:04 +0300
Subject: [PATCH 1/2] undo "net_amount" changes

---
 src/api/admin-winning/adminWinning.service.ts | 4 ++--
 src/api/winning/winning.service.ts            | 1 -
 src/dto/adminWinning.dto.ts                   | 8 --------
 3 files changed, 2 insertions(+), 11 deletions(-)

diff --git a/src/api/admin-winning/adminWinning.service.ts b/src/api/admin-winning/adminWinning.service.ts
index 941560f..3fcc388 100644
--- a/src/api/admin-winning/adminWinning.service.ts
+++ b/src/api/admin-winning/adminWinning.service.ts
@@ -100,8 +100,8 @@ export class AdminWinningService {
           attributes: item.attributes,
           details: item.payment?.map((paymentItem) => ({
             id: paymentItem.payment_id,
-            netAmount: paymentItem.net_amount,
-            grossAmount: paymentItem.gross_amount,
+            netAmount: Number(paymentItem.net_amount),
+            grossAmount: Number(paymentItem.gross_amount),
             totalAmount: Number(paymentItem.total_amount),
             installmentNumber: paymentItem.installment_number,
             datePaid: paymentItem.date_paid ?? undefined,
diff --git a/src/api/winning/winning.service.ts b/src/api/winning/winning.service.ts
index 71ecbda..827b304 100644
--- a/src/api/winning/winning.service.ts
+++ b/src/api/winning/winning.service.ts
@@ -50,7 +50,6 @@ export class WinningService {
 
       const paymentData: Prisma.paymentCreateManyInput[] = body.details.map(
         (item) => ({
-          net_amount: new Prisma.Decimal(item.grossAmount),
           total_amount: new Prisma.Decimal(item.totalAmount),
           gross_amount: new Prisma.Decimal(item.grossAmount),
           installment_number: item.installmentNumber,
diff --git a/src/dto/adminWinning.dto.ts b/src/dto/adminWinning.dto.ts
index caa71f2..cd90e5d 100644
--- a/src/dto/adminWinning.dto.ts
+++ b/src/dto/adminWinning.dto.ts
@@ -348,14 +348,6 @@ export class WinningUpdateRequestDto {
 }
 
 export class PaymentCreateRequestDto {
-  @ApiProperty({
-    description: 'The net amount of the payment',
-    example: 12.3,
-  })
-  @IsNumber()
-  @Min(0)
-  netAmount: number;
-
   @ApiProperty({
     description: 'The total amount of the payment',
     example: 12.3,

From 7102203f894805884be2fa87cffbc87b99288857 Mon Sep 17 00:00:00 2001
From: Vasilica Olariu <olariu.vasilica@gmail.com>
Date: Thu, 3 Apr 2025 13:24:48 +0300
Subject: [PATCH 2/2] Fix m2m token validator

---
 .env.sample                                       |  1 +
 src/core/auth/guards/auth.guard.ts                |  4 ++--
 .../auth/middleware/tokenValidator.middleware.ts  | 15 ++++++++++-----
 3 files changed, 13 insertions(+), 7 deletions(-)

diff --git a/.env.sample b/.env.sample
index fde9ca9..370bca4 100644
--- a/.env.sample
+++ b/.env.sample
@@ -8,6 +8,7 @@ BHMKuGsgiBjJ7xHNxaJvBzrwdArogHSxEPmT6gNr5rZeXmJUWzrpQIstMXA9gEXX
 LfKzG61idXFIwBa6t5YBCCMx+hoCxhcEiwIDAQAB
 -----END RSA PUBLIC KEY-----"
 AUTH0_CLIENT_ID=BXWXUWnilVUPdN01t2Se29Tw2ZYNGZvH
+AUTH0_M2M_AUDIENCE=https://m2m.topcoder-dev.com/
 
 DB_USERNAME=topcoderuser
 DB_PASSWORD=randompassword
diff --git a/src/core/auth/guards/auth.guard.ts b/src/core/auth/guards/auth.guard.ts
index 81ad2c4..921ae5b 100644
--- a/src/core/auth/guards/auth.guard.ts
+++ b/src/core/auth/guards/auth.guard.ts
@@ -50,8 +50,8 @@ export class AuthGuard implements CanActivate {
       [context.getHandler(), context.getClass()],
     );
 
-    const reqScopes = req.m2mTokenScope.split(' ')
-    if (reqScopes.some(reqScope => allowedM2mScopes.includes(reqScope))) {
+    const reqScopes = req.m2mTokenScope.split(' ');
+    if (reqScopes.some((reqScope) => allowedM2mScopes.includes(reqScope))) {
       return true;
     }
     return false;
diff --git a/src/core/auth/middleware/tokenValidator.middleware.ts b/src/core/auth/middleware/tokenValidator.middleware.ts
index ebce6d0..2e95f71 100644
--- a/src/core/auth/middleware/tokenValidator.middleware.ts
+++ b/src/core/auth/middleware/tokenValidator.middleware.ts
@@ -16,23 +16,28 @@ export class TokenValidatorMiddleware implements NestMiddleware {
 
     let decoded: any;
     try {
-      decoded = jwt.verify(idToken, process.env.AUTH0_CERT, {
-        audience: process.env.AUTH0_CLIENT_ID,
-      });
+      decoded = jwt.verify(idToken, process.env.AUTH0_CERT);
     } catch (error) {
       console.error('Error verifying JWT', error);
       throw new UnauthorizedException('Invalid or expired JWT!');
     }
 
-    // TODO: verify decoded.aud
     if (!decoded) {
       req.idTokenVerified = false;
       return next();
     }
 
-    req.idTokenVerified = true;
     req.isM2M = !!decoded.scope;
+    const aud = req.isM2M
+      ? process.env.AUTH0_M2M_AUDIENCE
+      : process.env.AUTH0_CLIENT_ID;
+
+    if (decoded.aud !== aud) {
+      req.idTokenVerified = false;
+      return next();
+    }
 
+    req.idTokenVerified = true;
     if (decoded.scope) {
       req.m2mTokenScope = decoded.scope;
       req.m2mTokenAudience = decoded.aud;