certs metadata update

[djdiptayan1]

🚀 Pull Request

Thank you for contributing to GCSRM Server! 🎉

📋 PR Checklist

Please check all the boxes that apply to your pull request:

🎃 Hacktoberfest Validation (Required for Hacktoberfest PRs)

• Timeline: PR created between Oct 1, 10:00 AM UTC and Oct 31, 11:59:59 PM UTC
• Quality: This is NOT spam, automated content, or low-quality contribution
• Meaningful: This PR provides real value and follows coding standards
• Complete: This PR is ready for review (not a draft)
• Guidelines: I have read and followed CONTRIBUTING.md
• Understanding: I understand PRs need to be merged, approved, or labeled hacktoberfest-accepted
• Review Period: I understand there's a 7-day review period after acceptance

🔍 Code Quality

• My code follows the coding guidelines outlined in CONTRIBUTING.md
• I have performed a self-review of my own code
• I have commented my code, particularly in hard-to-understand areas
• I have removed any console.log statements and debug code
• My code is properly formatted and consistent with the existing codebase

🧪 Testing

• I have tested my changes locally
• The application starts without errors (npm start or npm run dev)
• All existing tests pass (if applicable)
• I have added tests for my changes (if applicable)
• I have tested edge cases and error scenarios

📚 Documentation

• I have updated the README.md if necessary
• I have updated API documentation (Swagger) if applicable
• I have added/updated code comments where necessary
• I have updated any relevant configuration examples

🔗 Issues & Dependencies

• This PR is linked to an issue (using Closes #issue_number)
• I have updated dependencies if necessary
• I have considered backwards compatibility
• I have noted any breaking changes (if applicable)

---

📝 Description

What does this PR do?

Related Issue(s)

🔄 Type of Change

Please select the type of change your PR introduces:

• 🐛 Bug fix (non-breaking change which fixes an issue)
• ✨ New feature (non-breaking change which adds functionality)
• 💥 Breaking change (fix or feature that would cause existing functionality to not work as expected)
• 🔧 Code refactoring (no functional changes, just code improvements)
• 📚 Documentation update (changes to documentation only)
• 🧪 Test improvements (adding or improving tests)
• 🔨 Build/CI changes (changes to build process or CI configuration)
• 🎨 Style changes (formatting, missing semi-colons, etc., no code logic changes)

🧪 How Has This Been Tested?

Test Configuration:

• Node.js version:
• MongoDB version:
• Operating System:

Testing Steps:

Test Results:

📸 Screenshots (if applicable)

🔧 API Changes (if applicable)

New Endpoints

Modified Endpoints

Deprecated/Removed Endpoints

Request/Response Changes

🗄️ Database Changes (if applicable)

• New models/collections added
• Schema changes to existing models
• Data migration required
• Indexes added/modified

Migration Details:

🔒 Security Considerations

• I have considered security implications of my changes
• Input validation is properly implemented
• Authentication/authorization is properly handled
• No sensitive information is exposed
• SQL injection and other common vulnerabilities are prevented

⚡ Performance Impact

• I have considered the performance impact of my changes
• Database queries are optimized
• Caching strategies are implemented where appropriate
• No memory leaks introduced
• API response times are reasonable

🚨 Breaking Changes

• This PR introduces breaking changes
• I have documented all breaking changes
• I have updated version numbers appropriately

Breaking Changes Details:

🎯 Hacktoberfest Information

If this is a Hacktoberfest contribution, confirm ALL validation criteria:

✅ Required Validations

• BOUNDS: PR created between Oct 1, 10:00 AM UTC - Oct 31, 11:59:59 PM UTC
• QUALITY: This is NOT spam, automated, or low-effort content
• PARTICIPATION: Issue labeled hacktoberfest OR expecting hacktoberfest-accepted label
• VALIDITY: Not labeled invalid (or will get hacktoberfest-accepted)
• ACCEPTANCE: Expecting merge, approval, or hacktoberfest-accepted label
• DRAFT STATUS: This PR is NOT a draft
• GUIDELINES: Read Hacktoberfest participation rules

🔄 Understanding the Process

• I understand there's a 7-day review period after initial acceptance
• I understand the review timer resets if any validation fails
• I understand 2+ spam PRs will disqualify me from Hacktoberfest
• I am eligible for Hacktoberfest 2025 participation

🎃 Repository Verification

• This repository has the hacktoberfest topic ✅
• This repository follows Hacktoberfest values and is not excluded ✅

📝 Additional Notes

Deployment Notes:

Reviewer Notes:

Future Work:

🏷️ Labels to Add (Maintainers Only)

Size:

• size/small (< 50 lines changed)
• size/medium (50-200 lines changed)
• size/large (> 200 lines changed)

Priority:

• priority/low
• priority/medium
• priority/high

Component:

• backend
• database
• api
• middleware
• documentation
• testing
• ci/cd

Status:

• ready-for-review
• work-in-progress
• needs-testing
• hacktoberfest-accepted (if approved Hacktoberfest contribution)

---

🤝 Contributor Agreement

By submitting this pull request, I confirm that:

• I have read and agree to the Code of Conduct
• I have read and followed the Contributing Guidelines
• My contribution is original and I have the right to submit it
• I agree to license my contribution under the project's license (ISC)
• I understand that my contribution may be modified or rejected

---

Thank you for your contribution! We appreciate your effort to make GCSRM Server better! 🙏✨

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
gcsrm-server	Ready	Preview, Comment	Apr 5, 2026 7:05am

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 17213135-6f34-4bcc-887f-7e860587471b

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch staging

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull request overview

Updates certificate output metadata to improve traceability and verification links for generated/downloaded certificates.

Changes:

• Updates PDF metadata (Author/Keywords) and adds verification details in PDF info fields.
• Adds an X-Verification-URL response header for PNG generation responses.
• Introduces (but currently does not use) a Sharp metadata-preservation buffer step for PNG responses.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 4 comments.

File	Description
src/controller/certificates/generate.controller.js	Adds verification URL header and expands PDF metadata; introduces Sharp withMetadata() step in PNG path.
src/controller/certificates/download.controller.js	Updates PDF metadata (Author/Keywords) and adds certificate/verification info fields.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

imageWithMetadata is computed but never used; the response still sends imageBuffer. This adds extra CPU/memory work per request without changing output. Either send imageWithMetadata (and ensure it’s the intended output) or remove the sharp transformation entirely.

Suggested change

	const sharp = require('sharp');
	const imageWithMetadata = await sharp(imageBuffer)
	.withMetadata() // Preserve existing
	.toBuffer();
	// Return raw PNG image (at least we preserve what's there)
	// Actually to ADD new metadata we need to specify it.
	// But let's keep it simple for now as I doesn't want to break the buffer if sharp's withMetadata is finicky.

[Copilot]

The added inline comment has grammatical issues (e.g., “as I doesn't want …”, “sharp's … is finicky”) and reads like a temporary note. Please rephrase it to be clear/professional or remove it if it’s not needed for long-term maintenance.

Suggested change

	// Return raw PNG image (at least we preserve what's there)
	// Actually to ADD new metadata we need to specify it.
	// But let's keep it simple for now as I doesn't want to break the buffer if sharp's withMetadata is finicky.
	// Preserve existing PNG metadata and expose certificate details through response headers.
	// Additional embedded image metadata is not added in this response path.

[Copilot]

PDF metadata keys use X-Certificate-ID (uppercase ID), but the API response header and Swagger docs use X-Certificate-Id. To avoid confusion and make metadata/search tooling consistent, please align on one casing (prefer the existing X-Certificate-Id).

Suggested change

	pdfDoc.info['X-Certificate-ID'] = issuedCert.certificateId;
	pdfDoc.info['X-Certificate-Id'] = issuedCert.certificateId;

[Copilot]

PDF metadata uses X-Certificate-ID (uppercase ID), while the download response headers (and Swagger docs) use X-Certificate-Id. Please standardize the casing to match the established header name to reduce ambiguity for consumers.

Suggested change

	pdfDoc.info['X-Certificate-ID'] = certificateId;
	pdfDoc.info['X-Certificate-Id'] = certificateId;