refactor: remove unused PoiValidationRule class from KycMetadataResponseDto

Enhance profile picture handling in JuniorService to ensure foreign

src/card/services/account.service.ts

@@ -64,9 +64,8 @@ export class AccountService {
   }
 
   increaseReservedBalance(account: Account, amount: number) {
-    if (account.balance < account.reservedBalance + amount) {
+    // Balance check is performed by the caller (e.g., transferToChild)
-      throw new UnprocessableEntityException('CARD.INSUFFICIENT_BALANCE');
+    // to ensure correct account (guardian vs child) is validated
-    }
     return this.accountRepository.increaseReservedBalance(account.id, amount);
   }
 

src/card/services/card.service.ts

@@ -148,7 +148,18 @@ export class CardService {
   async transferToChild(juniorId: string, amount: number) {
     const card = await this.getCardByCustomerId(juniorId);
 
-    if (amount > card.account.balance - card.account.reservedBalance) {
+    this.logger.debug(`Transfer to child - juniorId: ${juniorId}, parentId: ${card.parentId}, cardId: ${card.id}`);
+    this.logger.debug(`Card account - balance: ${card.account.balance}, reserved: ${card.account.reservedBalance}`);
+
+    const fundingAccount = card.parentId
+      ? await this.accountService.getAccountByCustomerId(card.parentId)
+      : card.account;
+
+    this.logger.debug(`Funding account - balance: ${fundingAccount.balance}, reserved: ${fundingAccount.reservedBalance}, available: ${fundingAccount.balance - fundingAccount.reservedBalance}`);
+    this.logger.debug(`Amount requested: ${amount}`);
+
+    if (amount > fundingAccount.balance - fundingAccount.reservedBalance) {
+      this.logger.error(`Insufficient balance - requested: ${amount}, available: ${fundingAccount.balance - fundingAccount.reservedBalance}`);
       throw new BadRequestException('CARD.INSUFFICIENT_BALANCE');
     }
 
@@ -156,15 +167,15 @@ export class CardService {
     await Promise.all([
       this.neoleapService.updateCardControl(card.cardReference, finalAmount.toNumber()),
       this.updateCardLimit(card.id, finalAmount.toNumber()),
-      this.accountService.increaseReservedBalance(card.account, amount),
+      this.accountService.increaseReservedBalance(fundingAccount, amount),
       this.transactionService.createInternalChildTransaction(card.id, amount),
     ]);
 
     return finalAmount.toNumber();
   }
 
-  getWeeklySummary(juniorId: string) {
+  getWeeklySummary(juniorId: string, startDate?: Date, endDate?: Date) {
-    return this.transactionService.getWeeklySummary(juniorId);
+    return this.transactionService.getWeeklySummary(juniorId, startDate, endDate);
   }
 
   fundIban(iban: string, amount: number) {

src/card/services/transaction.service.ts

@@ -42,10 +42,18 @@ export class TransactionService {
     const total = new Decimal(body.transactionAmount).plus(body.billingAmount).plus(body.fees).plus(body.vatOnFees);
 
     if (card.customerType === CustomerType.CHILD) {
-      await Promise.all([
+      if (card.parentId) {
-        this.accountService.decreaseAccountBalance(card.account.accountReference, total.toNumber()),
+        const parentAccount = await this.accountService.getAccountByCustomerId(card.parentId);
-        this.accountService.decrementReservedBalance(card.account, total.toNumber()),
+        await Promise.all([
-      ]);
+          this.accountService.decreaseAccountBalance(parentAccount.accountReference, total.toNumber()),
+          this.accountService.decrementReservedBalance(parentAccount, total.toNumber()),
+        ]);
+      } else {
+        await Promise.all([
+          this.accountService.decreaseAccountBalance(card.account.accountReference, total.toNumber()),
+          this.accountService.decrementReservedBalance(card.account, total.toNumber()),
+        ]);
+      }
     } else {
       await this.accountService.decreaseAccountBalance(card.account.accountReference, total.toNumber());
     }
@@ -84,15 +92,28 @@ export class TransactionService {
     return existingTransaction;
   }
 
-  async getWeeklySummary(juniorId: string) {
+  async getWeeklySummary(juniorId: string, startDate?: Date, endDate?: Date) {
-    const startOfWeek = moment().startOf('week').toDate();
+    let startOfWeek: Date;
-    const endOfWeek = moment().endOf('week').toDate();
+    let endOfWeek: Date;
+
+    if (startDate && endDate) {
+      startOfWeek = startDate;
+      endOfWeek = endDate;
+    } else {
+      const now = moment();
+      const dayOfWeek = now.day();
+      
+      startOfWeek = moment().subtract(dayOfWeek, 'days').startOf('day').toDate();
+      
+      endOfWeek = moment().add(6 - dayOfWeek, 'days').endOf('day').toDate();
+    }
 
     const transactions = await this.transactionRepository.getTransactionsForCardWithinDateRange(
       juniorId,
       startOfWeek,
       endOfWeek,
     );
+    
     const summary = {
       startOfWeek: startOfWeek,
       endOfWeek: endOfWeek,

src/customer/controllers/customer.controller.ts

@@ -1,12 +1,12 @@
 import { Body, Controller, Get, Post, UseGuards } from '@nestjs/common';
-import { ApiBearerAuth, ApiTags } from '@nestjs/swagger';
+import { ApiBearerAuth, ApiOperation, ApiTags } from '@nestjs/swagger';
 import { IJwtPayload } from '~/auth/interfaces';
 import { AuthenticatedUser } from '~/common/decorators';
 import { AccessTokenGuard } from '~/common/guards';
 import { ApiDataResponse, ApiLangRequestHeader } from '~/core/decorators';
 import { ResponseFactory } from '~/core/utils';
 import { InitiateKycRequestDto } from '../dtos/request';
-import { CustomerResponseDto, InitiateKycResponseDto } from '../dtos/response';
+import { CustomerResponseDto, InitiateKycResponseDto, KycMetadataResponseDto } from '../dtos/response';
 import { CustomerService } from '../services';
 
 @Controller('customers')
@@ -32,4 +32,14 @@ export class CustomerController {
 
     return ResponseFactory.data(new InitiateKycResponseDto(res.randomNumber));
   }
+
+  @Get('/kyc/onboard-metadata')
+  @UseGuards(AccessTokenGuard)
+  @ApiOperation({ summary: 'Get KYC onboarding form metadata' })
+  @ApiDataResponse(KycMetadataResponseDto)
+  async getKycMetadata() {
+    const metadata = await this.customerService.getKycOnboardMetadata();
+
+    return ResponseFactory.data(metadata);
+  }
 }

src/customer/customer.module.ts

@@ -6,12 +6,12 @@ import { UserModule } from '~/user/user.module';
 import { CustomerController } from './controllers';
 import { Customer } from './entities';
 import { CustomerRepository } from './repositories/customer.repository';
-import { CustomerService } from './services';
+import { CustomerService, MetadataService } from './services';
 
 @Module({
   imports: [TypeOrmModule.forFeature([Customer]), GuardianModule, forwardRef(() => UserModule), NeoLeapModule],
   controllers: [CustomerController],
-  providers: [CustomerService, CustomerRepository],
+  providers: [CustomerService, CustomerRepository, MetadataService],
   exports: [CustomerService],
 })
 export class CustomerModule {}

src/customer/dtos/response/index.ts

@@ -1,2 +1,3 @@
 export * from './customer.response.dto';
 export * from './initiate-kyc.response.dto';
+export * from './kyc-metadata.response.dto';

src/customer/dtos/response/kyc-metadata.response.dto.ts

@@ -0,0 +1,12 @@
+export class MetadataOptionDto {
+  value!: string;
+  label!: string;
+}
+
+export class KycMetadataResponseDto {
+  poiTypes!: MetadataOptionDto[];
+  jobSectors!: MetadataOptionDto[];
+  incomeSources!: MetadataOptionDto[];
+  jobCategories!: MetadataOptionDto[];
+  incomeRanges!: MetadataOptionDto[];
+}

src/customer/enums/income-range.enum.ts

@@ -0,0 +1,8 @@
+export enum IncomeRange {
+  BELOW_2000 = 'SAR 2,000 and below',
+  RANGE_2000_5000 = 'SAR 2,000 to 5,000',
+  RANGE_5000_10000 = 'SAR 5,000 to 10,000',
+  RANGE_10000_20000 = 'SAR 10,000 to 20,000',
+  ABOVE_20000 = 'SAR 20,000 and above',
+}
+

src/customer/enums/income-source.enum.ts

@@ -0,0 +1,9 @@
+export enum IncomeSource {
+  SALARY = 'SALARY',
+  ANCESTRAL = 'ANCESTRAL',
+  REAL_ESTATE = 'REAL_ESTATE',
+  INVESTMENT_RETURNS = 'INVESTMENT_RETURNS',
+  RENTAL_INCOME = 'RENTAL_INCOME',
+  OTHER = 'OTHER',
+}
+

src/customer/enums/index.ts

@@ -1,3 +1,8 @@
 export * from './customer-status.enum';
 export * from './gender.enum';
 export * from './kyc-status.enum';
+export * from './poi-type.enum';
+export * from './job-sector.enum';
+export * from './income-source.enum';
+export * from './job-category.enum';
+export * from './income-range.enum';

src/customer/enums/job-category.enum.ts

@@ -0,0 +1,57 @@
+export enum JobCategory {
+  ASSISTANT_MINISTER = 'ASSISTANT_MINISTER',
+  DEPUTY_MINISTER = 'DEPUTY_MINISTER',
+  UNDER_SECRETARY = 'UNDER_SECRETARY',
+  GENERAL_MANAGER = 'GENERAL_MANAGER',
+  CHAIRMAN = 'CHAIRMAN',
+  MANAGER = 'MANAGER',
+  PROFESSOR = 'PROFESSOR',
+  HEAD_OF_COURT = 'HEAD_OF_COURT',
+  JUDGE = 'JUDGE',
+  LAWYER = 'LAWYER',
+  SCIENTIST = 'SCIENTIST',
+  NOTARY = 'NOTARY',
+  BUSINESSMAN = 'BUSINESSMAN',
+  MERCHANT = 'MERCHANT',
+  PHARMACIST = 'PHARMACIST',
+  DOCTOR = 'DOCTOR',
+  MEDICAL_TECHNICIAN = 'MEDICAL_TECHNICIAN',
+  NURSE = 'NURSE',
+  ENGINEER = 'ENGINEER',
+  CHEMIST = 'CHEMIST',
+  CONTRACTOR = 'CONTRACTOR',
+  AUDITOR_ACCOUNTANT = 'AUDITOR_ACCOUNTANT',
+  RESEARCHER = 'RESEARCHER',
+  ACCOUNTANT = 'ACCOUNTANT',
+  JOURNALIST = 'JOURNALIST',
+  DESIGNER = 'DESIGNER',
+  COMPUTER_SPECIALIST = 'COMPUTER_SPECIALIST',
+  TRANSLATOR = 'TRANSLATOR',
+  TEACHER = 'TEACHER',
+  PILOT = 'PILOT',
+  HOST = 'HOST',
+  OFFICER = 'OFFICER',
+  SOLDIER = 'SOLDIER',
+  RETIRED = 'RETIRED',
+  SALESMAN = 'SALESMAN',
+  AUTHOR = 'AUTHOR',
+  CRAFTSMAN = 'CRAFTSMAN',
+  SECURITY = 'SECURITY',
+  LABORER = 'LABORER',
+  DRIVER = 'DRIVER',
+  FARMER = 'FARMER',
+  HOUSEWIFE = 'HOUSEWIFE',
+  DIPLOMAT = 'DIPLOMAT',
+  STUDENT = 'STUDENT',
+  FREELANCER = 'FREELANCER',
+  SHEPHERD = 'SHEPHERD',
+  HOUSEMAID_OR_BABYSITTER = 'HOUSEMAID_OR_BABYSITTER',
+  CAPTAIN = 'CAPTAIN',
+  AMBASSADOR = 'AMBASSADOR',
+  MARKETING = 'MARKETING',
+  CONSULTING = 'CONSULTING',
+  SUPERVISOR = 'SUPERVISOR',
+  BANKER = 'BANKER',
+  BODYGUARD_OR_PERSONAL_ASSISTANT = 'BODYGUARD_OR_PERSONAL_ASSISTANT',
+}
+

src/customer/enums/job-sector.enum.ts

@@ -0,0 +1,12 @@
+export enum JobSector {
+  GOVERNMENT_SECTOR = 'GOVERNMENT_SECTOR',
+  HOME_MAKER = 'HOME_MAKER',
+  MILITARY = 'MILITARY',
+  PRIVATE_SECTOR = 'PRIVATE_SECTOR',
+  RETIRED = 'RETIRED',
+  SELF_EMPLOYED = 'SELF_EMPLOYED',
+  STUDENT = 'STUDENT',
+  HOUSEHOLD_LABOR = 'HOUSEHOLD_LABOR',
+  UNEMPLOYED = 'UNEMPLOYED',
+}
+

src/customer/enums/poi-type.enum.ts

@@ -0,0 +1,5 @@
+export enum PoiType {
+  IQA = 'IQA', // Iqama (Resident ID)
+  NAT = 'NAT', // National ID
+}
+

src/customer/services/customer.service.ts

@@ -12,6 +12,7 @@ import { InitiateKycRequestDto } from '../dtos/request';
 import { Customer } from '../entities';
 import { Gender, KycStatus } from '../enums';
 import { CustomerRepository } from '../repositories/customer.repository';
+import { MetadataService } from './metadata.service';
 
 @Injectable()
 export class CustomerService {
@@ -20,6 +21,7 @@ export class CustomerService {
     private readonly customerRepository: CustomerRepository,
     private readonly guardianService: GuardianService,
     @Inject(forwardRef(() => NeoLeapService)) private readonly neoleapService: NeoLeapService,
+    private readonly metadataService: MetadataService,
   ) {}
 
   async updateCustomer(userId: string, data: Partial<Customer>): Promise<Customer> {
@@ -149,6 +151,11 @@ export class CustomerService {
     return this.findCustomerById(userId);
   }
 
+  getKycOnboardMetadata() {
+    this.logger.log('Getting KYC onboard metadata');
+    return this.metadataService.getKycOnboardMetadata();
+  }
+
   // TO BE REMOVED: This function is for testing only and will be removed
   private generateSaudiPhoneNumber(): string {
     // Saudi mobile numbers are 9 digits, always starting with '5'

src/customer/services/index.ts

@@ -1 +1,2 @@
 export * from './customer.service';
+export * from './metadata.service';

src/customer/services/metadata.service.ts

@@ -0,0 +1,105 @@
+import { Injectable } from '@nestjs/common';
+import { IncomeRange, IncomeSource, JobCategory, JobSector, PoiType } from '../enums';
+import { KycMetadataResponseDto, MetadataOptionDto } from '../dtos/response';
+
+@Injectable()
+export class MetadataService {
+  getKycOnboardMetadata(): KycMetadataResponseDto {
+    return {
+      poiTypes: this.enumToOptions(PoiType, {
+        [PoiType.IQA]: 'Iqama (Resident ID)',
+        [PoiType.NAT]: 'National ID',
+      }),
+      jobSectors: this.enumToOptions(JobSector, {
+        [JobSector.GOVERNMENT_SECTOR]: 'Government Sector',
+        [JobSector.HOME_MAKER]: 'Home Maker',
+        [JobSector.MILITARY]: 'Military',
+        [JobSector.PRIVATE_SECTOR]: 'Private Sector',
+        [JobSector.RETIRED]: 'Retired',
+        [JobSector.SELF_EMPLOYED]: 'Self Employed',
+        [JobSector.STUDENT]: 'Student',
+        [JobSector.HOUSEHOLD_LABOR]: 'Household Labor',
+        [JobSector.UNEMPLOYED]: 'Unemployed',
+      }),
+      incomeSources: this.enumToOptions(IncomeSource, {
+        [IncomeSource.SALARY]: 'Salary',
+        [IncomeSource.ANCESTRAL]: 'Ancestral/Inheritance',
+        [IncomeSource.REAL_ESTATE]: 'Real Estate',
+        [IncomeSource.INVESTMENT_RETURNS]: 'Investment Returns',
+        [IncomeSource.RENTAL_INCOME]: 'Rental Income',
+        [IncomeSource.OTHER]: 'Other',
+      }),
+      jobCategories: this.enumToOptions(JobCategory, {
+        [JobCategory.ASSISTANT_MINISTER]: 'Assistant Minister',
+        [JobCategory.DEPUTY_MINISTER]: 'Deputy Minister',
+        [JobCategory.UNDER_SECRETARY]: 'Under Secretary',
+        [JobCategory.GENERAL_MANAGER]: 'General Manager',
+        [JobCategory.CHAIRMAN]: 'Chairman',
+        [JobCategory.MANAGER]: 'Manager',
+        [JobCategory.PROFESSOR]: 'Professor',
+        [JobCategory.HEAD_OF_COURT]: 'Head of Court',
+        [JobCategory.JUDGE]: 'Judge',
+        [JobCategory.LAWYER]: 'Lawyer',
+        [JobCategory.SCIENTIST]: 'Scientist',
+        [JobCategory.NOTARY]: 'Notary',
+        [JobCategory.BUSINESSMAN]: 'Businessman',
+        [JobCategory.MERCHANT]: 'Merchant',
+        [JobCategory.PHARMACIST]: 'Pharmacist',
+        [JobCategory.DOCTOR]: 'Doctor',
+        [JobCategory.MEDICAL_TECHNICIAN]: 'Medical Technician',
+        [JobCategory.NURSE]: 'Nurse',
+        [JobCategory.ENGINEER]: 'Engineer',
+        [JobCategory.CHEMIST]: 'Chemist',
+        [JobCategory.CONTRACTOR]: 'Contractor',
+        [JobCategory.AUDITOR_ACCOUNTANT]: 'Auditor/Accountant',
+        [JobCategory.RESEARCHER]: 'Researcher',
+        [JobCategory.ACCOUNTANT]: 'Accountant',
+        [JobCategory.JOURNALIST]: 'Journalist',
+        [JobCategory.DESIGNER]: 'Designer',
+        [JobCategory.COMPUTER_SPECIALIST]: 'Computer Specialist',
+        [JobCategory.TRANSLATOR]: 'Translator',
+        [JobCategory.TEACHER]: 'Teacher',
+        [JobCategory.PILOT]: 'Pilot',
+        [JobCategory.HOST]: 'Host',
+        [JobCategory.OFFICER]: 'Officer',
+        [JobCategory.SOLDIER]: 'Soldier',
+        [JobCategory.RETIRED]: 'Retired',
+        [JobCategory.SALESMAN]: 'Salesman',
+        [JobCategory.AUTHOR]: 'Author',
+        [JobCategory.CRAFTSMAN]: 'Craftsman',
+        [JobCategory.SECURITY]: 'Security',
+        [JobCategory.LABORER]: 'Laborer',
+        [JobCategory.DRIVER]: 'Driver',
+        [JobCategory.FARMER]: 'Farmer',
+        [JobCategory.HOUSEWIFE]: 'Housewife',
+        [JobCategory.DIPLOMAT]: 'Diplomat',
+        [JobCategory.STUDENT]: 'Student',
+        [JobCategory.FREELANCER]: 'Freelancer',
+        [JobCategory.SHEPHERD]: 'Shepherd',
+        [JobCategory.HOUSEMAID_OR_BABYSITTER]: 'Housemaid/Babysitter',
+        [JobCategory.CAPTAIN]: 'Captain',
+        [JobCategory.AMBASSADOR]: 'Ambassador',
+        [JobCategory.MARKETING]: 'Marketing',
+        [JobCategory.CONSULTING]: 'Consulting',
+        [JobCategory.SUPERVISOR]: 'Supervisor',
+        [JobCategory.BANKER]: 'Banker',
+        [JobCategory.BODYGUARD_OR_PERSONAL_ASSISTANT]: 'Bodyguard/Personal Assistant',
+      }),
+      incomeRanges: this.enumToOptions(IncomeRange, {
+        [IncomeRange.BELOW_2000]: 'SAR 2,000 and below',
+        [IncomeRange.RANGE_2000_5000]: 'SAR 2,000 to 5,000',
+        [IncomeRange.RANGE_5000_10000]: 'SAR 5,000 to 10,000',
+        [IncomeRange.RANGE_10000_20000]: 'SAR 10,000 to 20,000',
+        [IncomeRange.ABOVE_20000]: 'SAR 20,000 and above',
+      }),
+    };
+  }
+
+  private enumToOptions(enumObj: any, labels: Record<string, string>): MetadataOptionDto[] {
+    return Object.keys(enumObj).map((key) => ({
+      value: enumObj[key],
+      label: labels[enumObj[key]] || enumObj[key],
+    }));
+  }
+}
+

src/customer/validators/poi-number.validator.ts

@@ -0,0 +1,65 @@
+import {
+  registerDecorator,
+  ValidationOptions,
+  ValidatorConstraint,
+  ValidatorConstraintInterface,
+  ValidationArguments,
+} from 'class-validator';
+import { PoiType } from '../enums';
+
+@ValidatorConstraint({ name: 'IsValidPoiNumber', async: false })
+export class IsValidPoiNumberConstraint implements ValidatorConstraintInterface {
+  validate(poiNumber: string, args: ValidationArguments) {
+    const object = args.object as any;
+    const poiType = object.poiType;
+
+    if (!poiNumber || !poiType) {
+      return false;
+    }
+
+    // Saudi National ID: 10 digits, typically starts with 1 or 2
+    const nationalIdPattern = /^[12]\d{9}$/;
+
+    // Iqama (Resident ID): 10 digits, typically starts with other numbers (not 1 or 2)
+    const iqamaPattern = /^[3-9]\d{9}$/;
+
+    if (poiType === PoiType.NAT) {
+      return nationalIdPattern.test(poiNumber);
+    }
+
+    if (poiType === PoiType.IQA) {
+      return iqamaPattern.test(poiNumber);
+    }
+
+    return false;
+  }
+
+  defaultMessage(args: ValidationArguments) {
+    const object = args.object as any;
+    const poiType = object.poiType;
+
+    if (poiType === PoiType.NAT) {
+      return 'National ID must be 10 digits and start with 1 or 2';
+    }
+
+    if (poiType === PoiType.IQA) {
+      return 'Iqama number must be 10 digits and start with 3-9';
+    }
+
+    return 'Invalid POI number format';
+  }
+}
+
+export function IsValidPoiNumber(validationOptions?: ValidationOptions) {
+  return function (object: Object, propertyName: string) {
+    registerDecorator({
+      target: object.constructor,
+      propertyName: propertyName,
+      options: validationOptions,
+      constraints: [],
+      validator: IsValidPoiNumberConstraint,
+    });
+  };
+}
+
+

src/db/migrations/1761032305682-AddUniqueConstraintToUserEmail.ts

@@ -0,0 +1,15 @@
+import { MigrationInterface, QueryRunner } from "typeorm";
+
+export class AddUniqueConstraintToUserEmail1761032305682 implements MigrationInterface {
+    name = 'AddUniqueConstraintToUserEmail1761032305682'
+
+    public async up(queryRunner: QueryRunner): Promise<void> {
+
+        await queryRunner.query(`ALTER TABLE "users" ADD CONSTRAINT "UQ_97672ac88f789774dd47f7c8be3" UNIQUE ("email")`);
+    }
+
+    public async down(queryRunner: QueryRunner): Promise<void> {
+        await queryRunner.query(`ALTER TABLE "users" DROP CONSTRAINT "UQ_97672ac88f789774dd47f7c8be3"`);
+    }
+
+}

src/db/migrations/index.ts

@@ -4,4 +4,5 @@ export * from './1754915164810-seed-default-avatar';
 export * from './1757349525708-create-money-requests-table';
 export * from './1757433339849-add-reservation-amount-to-account-entity';
 export * from './1757915357218-add-deleted-at-column-to-junior';
-export * from './1760869651296-AddMerchantInfoToTransactions';
+export * from './1760869651296-AddMerchantInfoToTransactions';
+export * from './1761032305682-AddUniqueConstraintToUserEmail';

src/i18n/ar/app.json

@@ -19,6 +19,10 @@
     "TOKEN_EXPIRED": "رمز المستخدم منتهي الصلاحية."
   },
 
+  "QR": {
+    "CODE_USED_OR_EXPIRED": "تم استخدام رمز QR مسبقًا أو انتهت صلاحيته."
+  },
+
   "USER": {
     "PHONE_ALREADY_VERIFIED": "تم التحقق من رقم الهاتف بالفعل.",
     "EMAIL_ALREADY_VERIFIED": "تم التحقق من عنوان البريد الإلكتروني بالفعل.",

src/i18n/en/app.json

@@ -19,6 +19,10 @@
     "TOKEN_EXPIRED": "The user token has expired."
   },
 
+  "QR": {
+    "CODE_USED_OR_EXPIRED": "The QR code has already been used or expired."
+  },
+
   "USER": {
     "PHONE_ALREADY_VERIFIED": "The phone number has already been verified.",
     "EMAIL_ALREADY_VERIFIED": "The email address has already been verified.",

src/junior/controllers/junior.controller.ts

@@ -151,11 +151,17 @@ export class JuniorController {
   @UseGuards(RolesGuard)
   @AllowedRoles(Roles.GUARDIAN)
   @ApiDataResponse(WeeklySummaryResponseDto)
+  @ApiQuery({ name: 'startUtc', required: false, type: String, example: '2025-10-20T00:00:00.000Z', description: 'Start date (defaults to start of current week)' })
+  @ApiQuery({ name: 'endUtc', required: false, type: String, example: '2025-10-26T23:59:59.999Z', description: 'End date (defaults to end of current week)' })
   async getWeeklySummary(
     @Param('juniorId', CustomParseUUIDPipe) juniorId: string,
     @AuthenticatedUser() user: IJwtPayload,
+    @Query('startUtc') startUtc?: string,
+    @Query('endUtc') endUtc?: string,
   ) {
-    const summary = await this.juniorService.getWeeklySummary(juniorId, user.sub);
+    const startDate = startUtc ? new Date(startUtc) : undefined;
+    const endDate = endUtc ? new Date(endUtc) : undefined;
+    const summary = await this.juniorService.getWeeklySummary(juniorId, user.sub, startDate, endDate);
     return ResponseFactory.data(summary);
   }
 

src/junior/services/junior.service.ts

@@ -5,6 +5,7 @@ import { Roles } from '~/auth/enums';
 import { CardService, TransactionService } from '~/card/services';
 import { NeoLeapService } from '~/common/modules/neoleap/services';
 import { PageOptionsRequestDto } from '~/core/dtos';
+import { ErrorCategory } from '~/core/enums';
 import { setIf } from '~/core/utils';
 import { CustomerService } from '~/customer/services';
 import { DocumentService, OciService } from '~/document/services';
@@ -113,7 +114,28 @@ export class JuniorService {
       }
       junior.customer.user.email = body.email;
     }
-    setIf(user, 'profilePictureId', body.profilePictureId);
+    // Update profile picture: ensure FK and relation are consistent to avoid TypeORM overriding the FK
+    if (typeof body.profilePictureId !== 'undefined') {
+      if (body.profilePictureId) {
+        const document = await this.documentService.findDocumentById(body.profilePictureId);
+        if (!document) {
+          this.logger.error(`Document with id ${body.profilePictureId} not found`);
+          throw new BadRequestException('DOCUMENT.NOT_FOUND');
+        }
+        if (document.createdById !== juniorId) {
+          this.logger.error(
+            `Document with id ${body.profilePictureId} does not belong to user ${juniorId}`,
+          );
+        }
+        user.profilePictureId = body.profilePictureId;
+        // assign relation to keep it consistent with FK during save
+        user.profilePicture = document as any;
+      } else {
+        // if empty string provided (unlikely), clear relation and FK
+        user.profilePicture = null as any;
+        user.profilePictureId = null as any;
+      }
+    }
     setIf(user, 'firstName', body.firstName);
     setIf(user, 'lastName', body.lastName);
 
@@ -125,7 +147,7 @@ export class JuniorService {
     setIf(junior, 'relationship', body.relationship);
     await Promise.all([junior.save(), customer.save(), user.save()]);
     this.logger.log(`Junior ${juniorId} updated successfully`);
-    return junior;
+    return this.findJuniorById(juniorId, false, guardianId);
   }
 
   @Transactional()
@@ -158,7 +180,14 @@ export class JuniorService {
   async validateToken(token: string) {
     this.logger.log(`Validating token ${token}`);
     const juniorId = await this.userTokenService.validateToken(token, UserType.JUNIOR);
-    return this.findJuniorById(juniorId!, true);
+    const junior = await this.findJuniorById(juniorId!, true);
+
+    if (junior.customer?.user?.password) {
+      this.logger.error(`Token ${token} already used for junior ${juniorId}`);
+      throw new BadRequestException({ message: 'QR.CODE_USED_OR_EXPIRED', category: ErrorCategory.BUSINESS_ERROR });
+    }
+
+    return junior;
   }
 
   async generateToken(juniorId: string) {
@@ -212,8 +241,8 @@ export class JuniorService {
     this.logger.log(`Junior ${juniorId} deleted successfully`);
   }
 
-  getWeeklySummary(juniorId: string, guardianId: string) {
+  async getWeeklySummary(juniorId: string, guardianId: string, startDate?: Date, endDate?: Date) {
-    const doesBelong = this.doesJuniorBelongToGuardian(guardianId, juniorId);
+    const doesBelong = await this.doesJuniorBelongToGuardian(guardianId, juniorId);
 
     if (!doesBelong) {
       this.logger.error(`Junior ${juniorId} does not belong to guardian ${guardianId}`);
@@ -221,7 +250,7 @@ export class JuniorService {
     }
 
     this.logger.log(`Getting weekly summary for junior ${juniorId}`);
-    return this.cardService.getWeeklySummary(juniorId);
+    return this.cardService.getWeeklySummary(juniorId, startDate, endDate);
   }
 
   async getJuniorHome(juniorId: string, userId: string, size: number): Promise<JuniorHomeResponseDto> {

src/user/entities/user.entity.ts

@@ -28,7 +28,7 @@ export class User extends BaseEntity {
   @Column('varchar', { length: 255, name: 'last_name', nullable: false })
   lastName!: string;
 
-  @Column('varchar', { length: 255, name: 'email', nullable: true })
+  @Column('varchar', { length: 255, name: 'email', nullable: true, unique: true })
   email!: string;
 
   @Column('varchar', { length: 255, name: 'phone_number', nullable: true })

src/user/services/user.service.ts

@@ -222,11 +222,19 @@ export class UserService {
   }
 
   async updateUserEmail(userId: string, email: string) {
-    const userWithEmail = await this.findUser({ email, isEmailVerified: true });
+    const userWithEmail = await this.findUser({ email });
 
     if (userWithEmail) {
       if (userWithEmail.id === userId) {
-        return;
+        this.logger.log(`Generating OTP for current email ${email} for user ${userId}`);
+        await this.userRepository.update(userId, { isEmailVerified: false });
+        
+        return this.otpService.generateAndSendOtp({
+          userId,
+          recipient: email,
+          otpType: OtpType.EMAIL,
+          scope: OtpScope.VERIFY_EMAIL,
+        });
       }
 
       this.logger.error(`Email ${email} is already taken by another user`);