[LOW] — Widespread `@Request() req: any`, `@Req() req: Request & { user: any }`, and `as any` patterns defeat type safety across ~30 call sites

[Alqku]

Severity: Low
Type: Refactoring
Scope: Controllers and services across all modules
Labels: refactoring, good first issue, help wanted

Description

A code search reveals ~30 occurrences of untyped request handling:

• @Request() req: any in users.controller.ts, admin.controller.ts, milestones.controller.ts, notifications.controller.ts, campaigns.controller.ts.
• @Req() req: Request & { user: any } in donations.controller.ts, campaigns.controller.ts, api-keys.controller.ts.
• Inline as any casts in users.service.ts (socialLinks as any, merged as any, (donation as any).campaign?.title), campaigns.service.ts (status as any, (m.targetAmount ?? 0) as any, (ids.map(...) as any[])), stellar/soroban.service.ts (errorResultXdr as any, scValResult as any), notifications.gateway.ts ((client as any).userId), and email.service.ts ((info as any).message).

The repeated pattern indicates the project has no shared "typed auth request" abstraction and no formal modelling for Prisma-assigned fields like socialLinks (Json).

Recommendation

• Declare a global AuthRequest<TUser> (e.g. interface AuthRequest<TUser = JwtUser> extends Request { user: TUser }).
• Have JwtStrategy and ApiKeyGuard populate the typed shape.
• Replace as any casts with proper Prisma.JsonValue typing, Prisma.Decimal typing, and discriminated unions for status enums.
• Lint-forbid any via @typescript-eslint/no-explicit-any: error to prevent regressions.

---

[ZuLu0890]

I would love work on this issue

[karanjadavi]

hi ,mainter can i work on this issue.

[grantfox-oss]

🦊 GrantFox — @karanjadavi has been assigned to this issue as part of the Official Campaign campaign!

Next steps:

1. Open a Pull Request referencing this issue (e.g., Closes #17)
2. Your PR will be reviewed by the OrbitChainLabs maintainers

Good luck! Track your progress on GrantFox.