Feat/health module

[tamaraortega]

🚀 StarShop Pull Request

Mark with an x all the checkboxes that apply (like [x])

• Closes Health Checks Module 🏥 #150 (Health Checks Module)
• Added tests (if necessary)
• Run tests
• Run formatting
• Evidence attached
• Commented the code

---

📌 Type of Change

• Documentation (updates to README, docs, or comments)
• Bug fix (non-breaking change which fixes an issue)
• Enhancement (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)

---

📝 Changes description

• Added a HealthModule exposing /health/live and /health/ready endpoints.
• Integrated checks for:
  • Application liveness (event loop responsive).
  • PostgreSQL connectivity.
  • Redis connectivity (if enabled).
  • Optional memory/disk usage thresholds via env vars.
• Added IP allowlist middleware for /health routes in production.
• Updated .env.example with new health config variables.
• Updated README.md with usage and Kubernetes probe examples.

---

📸 Evidence (A photo is required as evidence)

---

⏰ Time spent breakdown

• Implementation: 2h
• Testing & debugging: 1h
• Documentation updates: 30m

---

🌌 Comments

This PR introduces robust observability endpoints for StarShop, ensuring better compatibility with Kubernetes, Docker health checks, and external monitoring tools.

---

Thank you for contributing to StarShop, we are glad that you have chosen us as your project of choice and we hope that you continue to contribute to this great project, so that together we can make our mark at the top!

Summary by CodeRabbit

• New Features

  • Health endpoints (/health/live, /health/ready) with IP allowlist and configurable thresholds
  • Store management for sellers (CRUD, search, stats)
  • Offers auto-expiration (cron), admin/manual triggers, “expiring soon” and “expired” checks; product linking; expiry timestamp
  • Notifications: offer_accepted/rejected types, payload/entityId, user notifications listing

• Refactor

  • Public APIs now use walletAddress; numeric id removed from responses; IDs migrated to UUID
  • Auth supports cookie-based JWT; default session extended to 7 days

• Documentation

  • Added health checks, user registration, technical spec, UUID migration, offers auto-expiration, and store system docs

• Chores

  • Expanded env template (incl. health settings), updated ignore patterns, added dependencies

• Tests

  • New/updated tests for offers (expiration/notifications), auth cookies, users, files, wishlist

[coderabbitai]

Caution

Review failed

Failed to post review comments.

Walkthrough

Adds a HealthModule with liveness/readiness endpoints, optional IP allowlist, and docs/env for probes. Introduces offer auto-expiration (cron, endpoints, entity/migration), notification enhancements, product-linking in offers, UUID migration and walletAddress-first flows, store system (entities, services, controllers), expanded user fields/validation, Redis/cookie support, and extensive tests/migrations.

Changes

Cohort / File(s)	Summary
Health checks src/health/*, src/middleware/healthAllowlist.guard.ts, package.json, .env.example, env.example, README.md, src/app.module.ts	New HealthModule and controller with /health/live and /health/ready (DB/Redis/memory/disk checks), optional IP allowlist via guard; added deps (@nestjs/terminus, ip-range-check), env vars, README docs; wired module in app.
Offer auto-expiration & endpoints src/modules/offers/... (controllers/services/*, entities/offer.entity.ts, offers.module.ts, services/offer-expiration.service.ts), src/migrations/1746193420634-AddExpiresAtToOffers.ts, docs/offers-auto-expiration.md, tests under offers	Adds expires_at column/migration, cron-driven expiration service, manual/admin endpoints, expiring-soon and isExpired APIs, notifications on state changes; module wiring and tests added.
Notifications enhancements src/modules/notifications/*, src/migrations/1755667533000-AddOfferNotificationTypes.ts	Notification entity/DTO extended with payload/entityId and new offer-related types; service now DB-backed with create/send and pagination; module uses TypeORM/JWT; migration adds enum values/columns/index.
User model: UUID + walletAddress-first + new fields src/modules/users/*, src/modules/auth/* (controllers/services/dto/entities/middleware/strategy), src/types/*, src/modules/shared/*, docs/UUID-MIGRATION.md, docs/user-registration.md, docs/README.md, docs/TECHNICAL_SPECIFICATION.md	User.id moved to UUID; walletAddress primary in APIs; added location/country/buyerData/sellerData fields and role-aware validation; responses drop id; JWT cookie extraction; cookie-parser enabled; types updated; docs/tests added.
Stores feature src/modules/stores/*, src/app.module.ts, src/modules/auth/auth.module.ts, docs/store-system.md, src/migrations/1751199238000-CreateStoresTable.ts	New Store entity/DTOs/service/controller/module; automatic default store creation for sellers; DB schema/migration; module integration.
Buyer requests & reviews: userId to UUID src/modules/buyer-requests/*, src/modules/reviews/*, src/migrations/1751199238000-UpdateForeignKeysToUUID.ts	Converted userId to UUID types across entities/DTOs/services and updated FKs via migration; controller parameter handling adjusted.
Migrations: users UUID & fields src/migrations/1751199237000-MigrateUserIdToUUID.ts, src/migrations/1751199237000-AddUserFields.ts	Migrate users.id to UUID, add unique index on walletAddress; add location/country and JSON buyer/seller data columns.
Auth and cookies src/main.ts, src/common/utils/response.utils.ts, src/config/jwt.ts, test/auth.e2e-spec.ts	Added cookie-parser; setToken default maxAge to 7d; new JWT config and cookie options builder; e2e tests for cookie behavior and API prefix.
Config & ignore tweaks .gitignore, src/config/index.ts, test/jest-e2e.json, test/setup-multer-mocks.ts	Ignore patterns updated; database synchronize flags diverge (app.module false vs config true); Jest config/aliases and multer mocks added.
Misc tests updates src/modules/files/tests/*, src/modules/offers/tests/*, src/modules/users/tests/*, src/modules/wishlist/tests/*	Adjusted fixtures/types for new user fields/UUIDs; added new unit/integration tests for offers expiration/notifications and user APIs.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  actor Probe as K8s/LB Probe
  participant API as NestJS API
  participant Guard as HealthAllowlistGuard
  participant HC as HealthCheckService
  participant DB as DB Indicator
  participant Redis as Redis Client
  participant Mem as Memory Indicator
  participant Disk as Disk Indicator

  Probe->>API: GET /health/live
  API->>Guard: canActivate(ip)
  alt Allowed
    API-->>Probe: 200 {status:"up"}
  else Forbidden
    API-->>Probe: 403
  end

  Probe->>API: GET /health/ready
  API->>Guard: canActivate(ip)
  alt Allowed
    API->>HC: check([ ... ])
    HC->>DB: pingCheck (300ms timeout)
    opt REDIS_URL set
      HC->>Redis: connect + ping
      Redis-->>HC: pong
    end
    opt Heap threshold
      HC->>Mem: checkHeap(threshold)
    end
    opt Disk threshold
      HC->>Disk: checkStorage(used%)
    end
    HC-->>API: aggregated result
    API-->>Probe: 200/5xx + details
  else Forbidden
    API-->>Probe: 403
  end

Loading

sequenceDiagram
  autonumber
  actor Cron as Cron(30m)
  participant OfferSvc as OfferService
  participant Repo as OfferRepository
  participant Notif as NotificationService
  actor Admin as Admin
  participant Ctl as OffersController

  Cron->>OfferSvc: expireOffers()
  OfferSvc->>Repo: find(status=PENDING, expiresAt < now)
  alt Any expired
    OfferSvc->>Repo: update(set status=REJECTED)
    loop each expired
      OfferSvc->>Notif: createAndSendNotificationToUser(type=offer_rejected, entityId=offerId, payload={...})
    end
    OfferSvc-->>Cron: count
  else None
    OfferSvc-->>Cron: 0
  end

  Admin->>Ctl: POST /offers/expire-manual
  Ctl->>OfferSvc: expireOffers()
  OfferSvc-->>Ctl: count
  Ctl-->>Admin: {expired: count, timestamp}

  Admin->>Ctl: GET /offers/expiring-soon?hours=H
  Ctl->>OfferSvc: getOffersExpiringSoon(H)
  OfferSvc-->>Ctl: offers[]
  Ctl-->>Admin: {offers, count}

  Admin->>Ctl: GET /offers/:id/expired
  Ctl->>OfferSvc: isOfferExpired(id)
  OfferSvc-->>Ctl: true/false
  Ctl-->>Admin: {isExpired}

Loading

Estimated code review effort

🎯 5 (Critical) | ⏱️ ~120+ minutes

Assessment against linked issues

Objective	Addressed	Explanation
HealthModule with liveness/readiness endpoints [#150]	✅
Readiness checks: DB, Redis (if enabled), optional heap/disk thresholds from env [#150]	✅
Security: optional IP allowlist via HEALTH_ALLOWLIST in production [#150]	✅
Config/docs: add env vars and README with k8s probe examples [#150]	✅
Performance: probes fast (~<300ms when up) [#150]	❓	DB ping uses 300ms timeout; actual latency depends on environment and added optional checks.

Assessment against linked issues: Out-of-scope changes

Code Change	Explanation
Introduce Stores module, entities, service, controller, and migration (src/modules/stores/*; src/migrations/1751199238000-CreateStoresTable.ts)	Not related to health checks; adds new feature domain.
UUID migration and walletAddress-first API changes (src/modules/users/*; src/migrations/1751199237000-MigrateUserIdToUUID.ts; docs/UUID-MIGRATION.md)	Outside health endpoints scope; broad identifier strategy change.
Offer auto-expiration feature with cron, endpoints, and migrations (src/modules/offers/**/*; src/migrations/1746193420634-AddExpiresAtToOffers.ts; docs/offers-auto-expiration.md)	Unrelated to health checks; new time-based domain logic.
Notifications overhaul (payload/entityId/types) and DB-backed service (src/modules/notifications/**/*; src/migrations/1755667533000-AddOfferNotificationTypes.ts)	Not part of health checks; cross-cutting notification features.
Product linking in offers and related ownership checks (src/modules/offers/services/offers.service.ts; dto/entity changes)	Feature work beyond health module scope.

Possibly related PRs

• Feat/auto expire offers #144 — Implements the same offer auto-expiration (expires_at, cron, endpoints, tests).
• Feature/offer notifications #145 — Adds notification payload/entityId and offer-related notification types used by offer flows.
• feat: use walletAddress as the primary public ID #140 — Performs UUID migration and walletAddress-first changes mirrored here.

Suggested reviewers

• Villarley

Poem

I twitch my whiskers, ping the DB—so spry!
Redis says “pong,” the disks comply.
Offers snooze past midnight’s gate,
Cron hops by: “Expired—check the date!”
Stores pop up like clover green,
UUIDs—the sleek new scene.
All systems up; this rabbit’s keen! 🐇✨

Tip

🔌 Remote MCP (Model Context Protocol) integration is now available!

Pro plan users can now connect to remote MCP servers from the Integrations page. Connect with popular remote MCPs such as Notion and Linear to add more context to your reviews and chats.

✨ Finishing Touches

• 📝 Generate Docstrings

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

• Add @coderabbitai ignore or @coderabbit ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, Documentation and Community

• Visit our Status Page to check the current availability of CodeRabbit.
• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[Villarley]

LGTM