feat: DELETE /spaces/:spaceId/address-book/:address (#2549)

Aaron Cook · web-flow · commit 4be3bb41b5e0 · 2025-04-28T14:44:02.000+02:00
Adds a new endpoint for deleting specified addresses from given Spaces: `DELETE` `/spaces/:spaceId/address-book/:address`.

The scaffolded `AddressBookItemsRepository['deleteMany']` has been renamed to `deleteByAddress` as deletion is only required for singular addresses, and it has been propagated to the appropriate controller:

- Rename `AddressBookItemsRepository['deleteMany']` to `deleteByAddress`
- Implement `AddressBookItemsRepository['deleteByAddress']`
- Add `DELETE` `/spaces/:spaceId/address-book/:address` to `AddressBooksController`
- Add appropriate test coverage
diff --git a/src/domain/spaces/address-books/address-book-items.repository.integration.spec.ts b/src/domain/spaces/address-books/address-book-items.repository.integration.spec.ts
@@ -380,6 +380,103 @@ describe('AddressBookItemsRepository', () => {
     });
   });
 
+  describe('deleteByAddress', () => {
+    it('should delete an address book item by address', async () => {
+      const { spaceId, authPayload } = await createSpaceAsAdmin();
+      const addressBookItem = addressBookItemBuilder()
+        .with('space', spaceBuilder().with('id', spaceId).build())
+        .with('createdBy', authPayload.signer_address as `0x${string}`)
+        .with('lastUpdatedBy', authPayload.signer_address as `0x${string}`)
+        .build();
+      await dbAddressBookItemsRepository.insert(addressBookItem);
+
+      await addressBookItemsRepository.deleteByAddress({
+        authPayload,
+        spaceId,
+        address: addressBookItem.address,
+      });
+
+      await expect(
+        dbAddressBookItemsRepository.findOneBy({
+          address: addressBookItem.address,
+        }),
+      ).resolves.toBe(null);
+    });
+
+    it('should not delete the same address from a different Space', async () => {
+      const { spaceId: spaceId1, authPayload: authPayload1 } =
+        await createSpaceAsAdmin();
+      const { spaceId: spaceId2, authPayload: authPayload2 } =
+        await createSpaceAsAdmin();
+      const address = getAddress(faker.finance.ethereumAddress());
+      const addressBookItem1 = addressBookItemBuilder()
+        .with('address', address)
+        .with('space', spaceBuilder().with('id', spaceId1).build())
+        .with('createdBy', authPayload1.signer_address as `0x${string}`)
+        .with('lastUpdatedBy', authPayload1.signer_address as `0x${string}`)
+        .build();
+      const addressBookItem2 = addressBookItemBuilder()
+        .with('address', address)
+        .with('space', spaceBuilder().with('id', spaceId2).build())
+        .with('createdBy', authPayload2.signer_address as `0x${string}`)
+        .with('lastUpdatedBy', authPayload2.signer_address as `0x${string}`)
+        .build();
+      await dbAddressBookItemsRepository.insert(addressBookItem1);
+      await dbAddressBookItemsRepository.insert(addressBookItem2);
+
+      await addressBookItemsRepository.deleteByAddress({
+        authPayload: authPayload1,
+        spaceId: spaceId1,
+        address: addressBookItem1.address,
+      });
+
+      await expect(
+        dbAddressBookItemsRepository.findOneBy({
+          address: addressBookItem1.address,
+          space: { id: spaceId2 },
+        }),
+      ).resolves.toStrictEqual(
+        expect.objectContaining({
+          id: expect.any(Number),
+          address: addressBookItem1.address,
+          name: addressBookItem2.name,
+          chainIds: addressBookItem2.chainIds,
+          createdBy: addressBookItem2.createdBy,
+          lastUpdatedBy: addressBookItem2.lastUpdatedBy,
+          createdAt: expect.any(Date),
+          updatedAt: expect.any(Date),
+        }),
+      );
+    });
+
+    it('should throw a NotFoundException if the space does not exist', async () => {
+      const { authPayload } = await createUser();
+      const addressBookItem = addressBookItemBuilder().build();
+
+      await expect(
+        addressBookItemsRepository.deleteByAddress({
+          authPayload,
+          spaceId: faker.number.int({ min: 1, max: DB_MAX_SAFE_INTEGER }),
+          address: addressBookItem.address,
+        }),
+      ).rejects.toThrow(new NotFoundException('Space not found.'));
+    });
+
+    it('should throw NotFoundException if the user is not an ADMIN', async () => {
+      const { spaceId } = await createSpaceAsAdmin();
+      const authPayload = await addMemberToSpaceWithStatus(spaceId, 'ACTIVE');
+      const addressBookItem = addressBookItemBuilder().build();
+
+      await expect(
+        addressBookItemsRepository.deleteByAddress({
+          authPayload,
+          spaceId,
+          address: addressBookItem.address,
+        }),
+      ).rejects.toThrow(new NotFoundException('Space not found.'));
+    });
+  });
+
   // Utility functions
 
   const createSpaceAsAdmin = async (): Promise<{
diff --git a/src/domain/spaces/address-books/address-book-items.repository.interface.ts b/src/domain/spaces/address-books/address-book-items.repository.interface.ts
@@ -39,14 +39,14 @@ export interface IAddressBookItemsRepository {
   }): Promise<Array<AddressBookDbItem>>;
 
   /**
-   * Deletes an array of AddressBookItems by their IDs.
+   * Deletes an {@link AddressBookDbItem} by address.
    * @param {AuthPayload} args.authPayload - The authentication payload.
    * @param {number} args.spaceId - The ID of the Space.
-   * @param {Array<AddressBookDbItem>} args.addressBookItemIds - The IDs of the AddressBookItems to delete.
+   * @param {AddressBookDbItem['address']} args.address - The address of an AddressBookItem to delete.
    */
-  deleteMany(args: {
+  deleteByAddress(args: {
     authPayload: AuthPayload;
     spaceId: Space['id'];
-    addressBookItemIds: Array<string>;
+    address: AddressBookDbItem['address'];
   }): Promise<void>;
 }
diff --git a/src/domain/spaces/address-books/address-book-items.repository.ts b/src/domain/spaces/address-books/address-book-items.repository.ts
@@ -84,13 +84,21 @@ export class AddressBookItemsRepository implements IAddressBookItemsRepository {
     return repository.findBy({ space: { id: space.id } });
   }
 
-  // eslint-disable-next-line @typescript-eslint/no-unused-vars
-  public deleteMany(args: {
+  public async deleteByAddress(args: {
     authPayload: AuthPayload;
     spaceId: Space['id'];
-    addressBookItemIds: Array<string>;
+    address: AddressBookDbItem['address'];
   }): Promise<void> {
-    throw new Error('Method not implemented.');
+    const space = await this.getSpaceAs({
+      ...args,
+      memberRoleIn: ['ADMIN'],
+    });
+    const repository = await this.db.getRepository(DbAddressBookItem);
+
+    await repository.delete({
+      address: args.address,
+      space: { id: space.id },
+    });
   }
 
   private async getSpaceAs(args: {
diff --git a/src/routes/spaces/address-books.controller.spec.ts b/src/routes/spaces/address-books.controller.spec.ts
@@ -31,6 +31,7 @@ import type { Server } from 'net';
 import request from 'supertest';
 import { getAddress } from 'viem';
 import { DB_MAX_SAFE_INTEGER } from '@/domain/common/constants';
+import type { AuthPayload } from '@/domain/auth/entities/auth-payload.entity';
 
 describe('AddressBooksController', () => {
   let app: INestApplication<Server>;
@@ -480,6 +481,157 @@ describe('AddressBooksController', () => {
     });
   });
 
+  describe('DELETE /spaces/:spaceId/address-book/:address', () => {
+    it('should delete a Space address book item', async () => {
+      const { spaceId, accessToken } = await createSpace();
+      const { mockAddress } = await createAddressBookItem({
+        spaceId,
+        adminAccessToken: accessToken,
+      });
+
+      await request(app.getHttpServer())
+        .delete(`/v1/spaces/${spaceId}/address-book/${mockAddress}`)
+        .set('Cookie', [`access_token=${accessToken}`])
+        .expect(200);
+
+      await request(app.getHttpServer())
+        .get(`/v1/spaces/${spaceId}/address-book`)
+        .set('Cookie', [`access_token=${accessToken}`])
+        .expect(200)
+        .expect(({ body }) =>
+          expect(body).toEqual({
+            spaceId: spaceId.toString(),
+            data: [],
+          }),
+        );
+    });
+
+    it('should not delete the same address from a different Space', async () => {
+      const { spaceId: spaceId1, accessToken: accessToken1 } =
+        await createSpace();
+      const { spaceId: spaceId2, accessToken: accessToken2 } =
+        await createSpace();
+      const authPayload2 = jwtService.decode(accessToken2) as AuthPayload;
+      const { mockAddress } = await createAddressBookItem({
+        spaceId: spaceId1,
+        adminAccessToken: accessToken1,
+      });
+      const { mockName, mockChainIds } = await createAddressBookItem({
+        spaceId: spaceId2,
+        adminAccessToken: accessToken2,
+        address: mockAddress,
+      });
+
+      await request(app.getHttpServer())
+        .delete(`/v1/spaces/${spaceId1}/address-book/${mockAddress}`)
+        .set('Cookie', [`access_token=${accessToken1}`])
+        .expect(200);
+
+      await request(app.getHttpServer())
+        .get(`/v1/spaces/${spaceId2}/address-book`)
+        .set('Cookie', [`access_token=${accessToken2}`])
+        .expect(200)
+        .expect(({ body }) =>
+          expect(body).toEqual({
+            spaceId: spaceId2.toString(),
+            data: [
+              {
+                address: mockAddress,
+                name: mockName,
+                chainIds: mockChainIds,
+                createdBy: authPayload2.signer_address,
+                lastUpdatedBy: authPayload2.signer_address,
+              },
+            ],
+          }),
+        );
+    });
+
+    it('should return a 404 if a space ID does not exist', async () => {
+      const { accessToken } = await createSpace();
+      const nonExistingSpaceId = faker.number.int({
+        min: 69420,
+        max: DB_MAX_SAFE_INTEGER,
+      });
+      const address = getAddress(faker.finance.ethereumAddress());
+
+      await request(app.getHttpServer())
+        .delete(`/v1/spaces/${nonExistingSpaceId}/address-book/${address}`)
+        .set('Cookie', [`access_token=${accessToken}`])
+        .expect(404)
+        .expect({
+          statusCode: 404,
+          message: 'Space not found.',
+          error: 'Not Found',
+        });
+    });
+
+    it('should return a 404 if the user does not exist', async () => {
+      const { spaceId } = await createSpace();
+      const authPayloadDto = authPayloadDtoBuilder().build();
+      const accessToken = jwtService.sign(authPayloadDto);
+      const address = getAddress(faker.finance.ethereumAddress());
+
+      await request(app.getHttpServer())
+        .delete(`/v1/spaces/${spaceId}/address-book/${address}`)
+        .set('Cookie', [`access_token=${accessToken}`])
+        .expect(404)
+        .expect({
+          statusCode: 404,
+          message: 'User not found.',
+          error: 'Not Found',
+        });
+    });
+
+    it('should return a 404 if the member is not an ADMIN', async () => {
+      const { spaceId, accessToken } = await createSpace();
+      const { memberAccessToken } = await inviteMember({
+        spaceId,
+        adminAccessToken: accessToken,
+      });
+      const address = getAddress(faker.finance.ethereumAddress());
+
+      await request(app.getHttpServer())
+        .delete(`/v1/spaces/${spaceId}/address-book/${address}`)
+        .set('Cookie', [`access_token=${memberAccessToken}`])
+        .expect(404)
+        .expect({
+          statusCode: 404,
+          message: 'Space not found.',
+          error: 'Not Found',
+        });
+    });
+
+    it('should return a 403 if the AuthPayload is empty', async () => {
+      const { spaceId } = await createSpace();
+      const address = getAddress(faker.finance.ethereumAddress());
+
+      await request(app.getHttpServer())
+        .delete(`/v1/spaces/${spaceId}/address-book/${address}`)
+        .set('Cookie', [`access_token=`])
+        .expect(403)
+        .expect({
+          statusCode: 403,
+          message: 'Forbidden resource',
+          error: 'Forbidden',
+        });
+    });
+
+    it('should return a 403 if not authenticated', async () => {
+      const { spaceId } = await createSpace();
+      const address = getAddress(faker.finance.ethereumAddress());
+
+      await request(app.getHttpServer())
+        .delete(`/v1/spaces/${spaceId}/address-book/${address}`)
+        .expect(403)
+        .expect({
+          statusCode: 403,
+          message: 'Forbidden resource',
+          error: 'Forbidden',
+        });
+    });
+  });
+
   // Utility functions
 
   const createSpace = async (): Promise<{
@@ -524,12 +676,14 @@ describe('AddressBooksController', () => {
   const createAddressBookItem = async (args: {
     spaceId: string;
     adminAccessToken: string;
+    address?: `0x${string}`;
   }): Promise<{
     mockName: string;
-    mockAddress: string;
+    mockAddress: `0x${string}`;
     mockChainIds: Array<string>;
   }> => {
-    const mockAddress = getAddress(faker.finance.ethereumAddress());
+    const mockAddress =
+      args?.address ?? getAddress(faker.finance.ethereumAddress());
     const mockName = nameBuilder();
     const mockChainIds = faker.helpers.multiple(() => faker.string.numeric(), {
       count: { min: 1, max: 5 },
diff --git a/src/routes/spaces/address-books.controller.ts b/src/routes/spaces/address-books.controller.ts
@@ -6,6 +6,7 @@ import { SpaceAddressBookDto } from '@/routes/spaces/entities/space-address-book
 import {
   Body,
   Controller,
+  Delete,
   Get,
   Inject,
   Param,
@@ -26,6 +27,7 @@ import {
   UpsertAddressBookItemsDto,
   UpsertAddressBookItemsSchema,
 } from '@/routes/spaces/entities/upsert-address-book-items.dto.entity';
+import { AddressSchema } from '@/validation/entities/schemas/address.schema';
 
 @ApiTags('spaces')
 @Controller({ path: 'spaces', version: '1' })
@@ -72,4 +74,23 @@ export class AddressBooksController {
   ): Promise<SpaceAddressBookDto> {
     return this.service.upsertMany(authPayload, spaceId, addressBookItems);
   }
+
+  @ApiOkResponse({
+    description: 'Address book item deleted',
+  })
+  @ApiNotFoundResponse({ description: 'User, member or Space not found' })
+  @ApiForbiddenResponse({
+    description: 'Signer address not present or not authorized',
+  })
+  @Delete('/:spaceId/address-book/:address')
+  @UseGuards(AuthGuard)
+  public async deleteByAddress(
+    @Auth() authPayload: AuthPayload,
+    @Param('spaceId', ParseIntPipe, new ValidationPipe(RowSchema.shape.id))
+    spaceId: number,
+    @Param('address', new ValidationPipe(AddressSchema))
+    address: `0x${string}`,
+  ): Promise<void> {
+    return this.service.deleteByAddress({ authPayload, spaceId, address });
+  }
 }
diff --git a/src/routes/spaces/address-books.service.ts b/src/routes/spaces/address-books.service.ts
@@ -48,6 +48,14 @@ export class AddressBooksService {
     return this.mapAddressBookItems(spaceId, updatedItems);
   }
 
+  public async deleteByAddress(args: {
+    authPayload: AuthPayload;
+    spaceId: Space['id'];
+    address: AddressBookDbItem['address'];
+  }): Promise<void> {
+    await this.repository.deleteByAddress(args);
+  }
+
   private mapAddressBookItems(
     spaceId: Space['id'],
     items: Array<AddressBookDbItem>,
