PM-921 qa fixes

.env.sample

@@ -8,6 +8,7 @@ BHMKuGsgiBjJ7xHNxaJvBzrwdArogHSxEPmT6gNr5rZeXmJUWzrpQIstMXA9gEXX
 LfKzG61idXFIwBa6t5YBCCMx+hoCxhcEiwIDAQAB
 -----END RSA PUBLIC KEY-----"
 AUTH0_CLIENT_ID=BXWXUWnilVUPdN01t2Se29Tw2ZYNGZvH
+AUTH0_M2M_AUDIENCE=https://m2m.topcoder-dev.com/
 
 DB_USERNAME=topcoderuser
 DB_PASSWORD=randompassword

src/api/admin-winning/adminWinning.service.ts

@@ -100,8 +100,8 @@ export class AdminWinningService {
           attributes: item.attributes,
           details: item.payment?.map((paymentItem) => ({
             id: paymentItem.payment_id,
-            netAmount: paymentItem.net_amount,
-            grossAmount: paymentItem.gross_amount,
+            netAmount: Number(paymentItem.net_amount),
+            grossAmount: Number(paymentItem.gross_amount),
             totalAmount: Number(paymentItem.total_amount),
             installmentNumber: paymentItem.installment_number,
             datePaid: paymentItem.date_paid ?? undefined,

src/api/winning/winning.service.ts

@@ -50,7 +50,6 @@ export class WinningService {
 
       const paymentData: Prisma.paymentCreateManyInput[] = body.details.map(
         (item) => ({
-          net_amount: new Prisma.Decimal(item.grossAmount),
           total_amount: new Prisma.Decimal(item.totalAmount),
           gross_amount: new Prisma.Decimal(item.grossAmount),
           installment_number: item.installmentNumber,

src/core/auth/guards/auth.guard.ts

@@ -50,8 +50,8 @@ export class AuthGuard implements CanActivate {
       [context.getHandler(), context.getClass()],
     );
 
-    const reqScopes = req.m2mTokenScope.split(' ')
-    if (reqScopes.some(reqScope => allowedM2mScopes.includes(reqScope))) {
+    const reqScopes = req.m2mTokenScope.split(' ');
+    if (reqScopes.some((reqScope) => allowedM2mScopes.includes(reqScope))) {
       return true;
     }
     return false;

src/core/auth/middleware/tokenValidator.middleware.ts

@@ -16,23 +16,28 @@ export class TokenValidatorMiddleware implements NestMiddleware {
 
     let decoded: any;
     try {
-      decoded = jwt.verify(idToken, process.env.AUTH0_CERT, {
-        audience: process.env.AUTH0_CLIENT_ID,
-      });
+      decoded = jwt.verify(idToken, process.env.AUTH0_CERT);
     } catch (error) {
       console.error('Error verifying JWT', error);
       throw new UnauthorizedException('Invalid or expired JWT!');
     }
 
-    // TODO: verify decoded.aud
     if (!decoded) {
       req.idTokenVerified = false;
       return next();
     }
 
-    req.idTokenVerified = true;
     req.isM2M = !!decoded.scope;
+    const aud = req.isM2M
+      ? process.env.AUTH0_M2M_AUDIENCE
+      : process.env.AUTH0_CLIENT_ID;
+
+    if (decoded.aud !== aud) {
+      req.idTokenVerified = false;
+      return next();
+    }
 
+    req.idTokenVerified = true;
     if (decoded.scope) {
       req.m2mTokenScope = decoded.scope;
       req.m2mTokenAudience = decoded.aud;

src/dto/adminWinning.dto.ts

@@ -348,14 +348,6 @@ export class WinningUpdateRequestDto {
 }
 
 export class PaymentCreateRequestDto {
-  @ApiProperty({
-    description: 'The net amount of the payment',
-    example: 12.3,
-  })
-  @IsNumber()
-  @Min(0)
-  netAmount: number;
-
   @ApiProperty({
     description: 'The total amount of the payment',
     example: 12.3,