From a55ca45890f1a7f2b4e70399267be07de7cee675 Mon Sep 17 00:00:00 2001
From: Kolibri <66674482+Kolibri1990@users.noreply.github.com>
Date: Wed, 14 Jan 2026 12:30:10 +0100
Subject: [PATCH 1/4] feat(urble): add client company as user role for fetch
 payments of the wallets

---
 src/shared/auth/user-role.enum.ts                           | 3 ++-
 .../generic/kyc/controllers/kyc-client.controller.ts        | 6 +++---
 src/subdomains/generic/user/models/auth/auth.service.ts     | 6 +++---
 3 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/src/shared/auth/user-role.enum.ts b/src/shared/auth/user-role.enum.ts
index db5c9b4dea..5ccc54cebf 100644
--- a/src/shared/auth/user-role.enum.ts
+++ b/src/shared/auth/user-role.enum.ts
@@ -14,6 +14,7 @@ export enum UserRole {
   // service roles
   BANKING_BOT = 'BankingBot',
 
-  // external kyc client company roles
+  // external client company roles
   KYC_CLIENT_COMPANY = 'KycClientCompany',
+  CLIENT_COMPANY = 'ClientCompany',
 }
diff --git a/src/subdomains/generic/kyc/controllers/kyc-client.controller.ts b/src/subdomains/generic/kyc/controllers/kyc-client.controller.ts
index 4b4de85657..d6f1baf231 100644
--- a/src/subdomains/generic/kyc/controllers/kyc-client.controller.ts
+++ b/src/subdomains/generic/kyc/controllers/kyc-client.controller.ts
@@ -17,7 +17,7 @@ export class KycClientController {
 
   @Get('users')
   @ApiBearerAuth()
-  @UseGuards(AuthGuard(), RoleGuard(UserRole.KYC_CLIENT_COMPANY))
+  @UseGuards(AuthGuard(), RoleGuard(UserRole.KYC_CLIENT_COMPANY), RoleGuard(UserRole.CLIENT_COMPANY))
   @ApiOkResponse({ type: KycClientDataDto, isArray: true })
   async getAllKycData(@GetJwt() jwt: JwtPayload): Promise<KycClientDataDto[]> {
     return this.kycClientService.getAllKycData(jwt.user);
@@ -25,7 +25,7 @@ export class KycClientController {
 
   @Get('payments')
   @ApiBearerAuth()
-  @UseGuards(AuthGuard(), RoleGuard(UserRole.KYC_CLIENT_COMPANY))
+  @UseGuards(AuthGuard(), RoleGuard(UserRole.KYC_CLIENT_COMPANY), RoleGuard(UserRole.CLIENT_COMPANY))
   @ApiOkResponse({ type: PaymentWebhookData, isArray: true })
   async getAllPayments(
     @GetJwt() jwt: JwtPayload,
@@ -61,7 +61,7 @@ export class KycClientController {
 
   @Get('users/:id/payments')
   @ApiBearerAuth()
-  @UseGuards(AuthGuard(), RoleGuard(UserRole.KYC_CLIENT_COMPANY))
+  @UseGuards(AuthGuard(), RoleGuard(UserRole.KYC_CLIENT_COMPANY), RoleGuard(UserRole.CLIENT_COMPANY))
   @ApiOkResponse({ type: PaymentWebhookData, isArray: true })
   async getUserPayments(
     @GetJwt() jwt: JwtPayload,
diff --git a/src/subdomains/generic/user/models/auth/auth.service.ts b/src/subdomains/generic/user/models/auth/auth.service.ts
index cbc95ff3c1..0781b5432b 100644
--- a/src/subdomains/generic/user/models/auth/auth.service.ts
+++ b/src/subdomains/generic/user/models/auth/auth.service.ts
@@ -338,7 +338,7 @@ export class AuthService {
 
   private async companySignIn(dto: SignInDto, ip: string): Promise<AuthResponseDto> {
     const wallet = await this.walletService.getByAddress(dto.address);
-    if (!wallet?.isKycClient) throw new NotFoundException('Wallet not found');
+    if (!wallet) throw new NotFoundException('Wallet not found');
 
     if (!(await this.verifyCompanySignature(dto.address, dto.signature, dto.key)))
       throw new UnauthorizedException('Invalid credentials');
@@ -348,7 +348,7 @@ export class AuthService {
 
   async getCompanyChallenge(address: string): Promise<ChallengeDto> {
     const wallet = await this.walletService.getByAddress(address);
-    if (!wallet?.isKycClient) throw new BadRequestException('Wallet not found/invalid');
+    if (!wallet) throw new BadRequestException('Wallet not found/invalid');
 
     const challenge = randomUUID();
 
@@ -502,7 +502,7 @@ export class AuthService {
     const payload: JwtPayload = {
       user: wallet.id,
       address: wallet.address,
-      role: UserRole.KYC_CLIENT_COMPANY,
+      role: wallet.isKycClient ? UserRole.KYC_CLIENT_COMPANY : UserRole.CLIENT_COMPANY,
       ip,
     };
     return this.jwtService.sign(payload, { expiresIn: Config.auth.company.signOptions.expiresIn });

From 4b0997b8496a420348bb53e2ac7031ab10e8fd80 Mon Sep 17 00:00:00 2001
From: Kolibri <66674482+Kolibri1990@users.noreply.github.com>
Date: Wed, 14 Jan 2026 12:50:10 +0100
Subject: [PATCH 2/4] feat(urble): refactoring code

---
 src/shared/auth/role.guard.ts                                  | 1 +
 src/shared/auth/user-role.enum.ts                              | 3 ++-
 .../generic/kyc/controllers/kyc-client.controller.ts           | 2 +-
 3 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/shared/auth/role.guard.ts b/src/shared/auth/role.guard.ts
index 8bdaf9a6b4..16c2b53c14 100644
--- a/src/shared/auth/role.guard.ts
+++ b/src/shared/auth/role.guard.ts
@@ -20,6 +20,7 @@ class RoleGuardClass implements CanActivate {
     [UserRole.BANKING_BOT]: [UserRole.ADMIN, UserRole.SUPER_ADMIN],
     [UserRole.ADMIN]: [UserRole.SUPER_ADMIN],
     [UserRole.DEBUG]: [UserRole.ADMIN, UserRole.SUPER_ADMIN],
+    [UserRole.CLIENT_COMPANY]: [UserRole.KYC_CLIENT_COMPANY],
   };
 
   constructor(private readonly entryRole: UserRole) {}
diff --git a/src/shared/auth/user-role.enum.ts b/src/shared/auth/user-role.enum.ts
index db5c9b4dea..5ccc54cebf 100644
--- a/src/shared/auth/user-role.enum.ts
+++ b/src/shared/auth/user-role.enum.ts
@@ -14,6 +14,7 @@ export enum UserRole {
   // service roles
   BANKING_BOT = 'BankingBot',
 
-  // external kyc client company roles
+  // external client company roles
   KYC_CLIENT_COMPANY = 'KycClientCompany',
+  CLIENT_COMPANY = 'ClientCompany',
 }
diff --git a/src/subdomains/generic/kyc/controllers/kyc-client.controller.ts b/src/subdomains/generic/kyc/controllers/kyc-client.controller.ts
index 4b4de85657..e46bae79b2 100644
--- a/src/subdomains/generic/kyc/controllers/kyc-client.controller.ts
+++ b/src/subdomains/generic/kyc/controllers/kyc-client.controller.ts
@@ -25,7 +25,7 @@ export class KycClientController {
 
   @Get('payments')
   @ApiBearerAuth()
-  @UseGuards(AuthGuard(), RoleGuard(UserRole.KYC_CLIENT_COMPANY))
+  @UseGuards(AuthGuard(), RoleGuard(UserRole.CLIENT_COMPANY))
   @ApiOkResponse({ type: PaymentWebhookData, isArray: true })
   async getAllPayments(
     @GetJwt() jwt: JwtPayload,

From 3a93dd5ee3a320b2aa467d2bad77f12de81eb497 Mon Sep 17 00:00:00 2001
From: Kolibri <66674482+Kolibri1990@users.noreply.github.com>
Date: Wed, 14 Jan 2026 12:54:26 +0100
Subject: [PATCH 3/4] feat(urble): remove client company in use guards

---
 .../generic/kyc/controllers/kyc-client.controller.ts          | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/subdomains/generic/kyc/controllers/kyc-client.controller.ts b/src/subdomains/generic/kyc/controllers/kyc-client.controller.ts
index b0bb46fedc..e46bae79b2 100644
--- a/src/subdomains/generic/kyc/controllers/kyc-client.controller.ts
+++ b/src/subdomains/generic/kyc/controllers/kyc-client.controller.ts
@@ -17,7 +17,7 @@ export class KycClientController {
 
   @Get('users')
   @ApiBearerAuth()
-  @UseGuards(AuthGuard(), RoleGuard(UserRole.KYC_CLIENT_COMPANY), RoleGuard(UserRole.CLIENT_COMPANY))
+  @UseGuards(AuthGuard(), RoleGuard(UserRole.KYC_CLIENT_COMPANY))
   @ApiOkResponse({ type: KycClientDataDto, isArray: true })
   async getAllKycData(@GetJwt() jwt: JwtPayload): Promise<KycClientDataDto[]> {
     return this.kycClientService.getAllKycData(jwt.user);
@@ -61,7 +61,7 @@ export class KycClientController {
 
   @Get('users/:id/payments')
   @ApiBearerAuth()
-  @UseGuards(AuthGuard(), RoleGuard(UserRole.KYC_CLIENT_COMPANY), RoleGuard(UserRole.CLIENT_COMPANY))
+  @UseGuards(AuthGuard(), RoleGuard(UserRole.KYC_CLIENT_COMPANY))
   @ApiOkResponse({ type: PaymentWebhookData, isArray: true })
   async getUserPayments(
     @GetJwt() jwt: JwtPayload,

From 577c69bee5b4e1f55eb101db79f080731f848641 Mon Sep 17 00:00:00 2001
From: Kolibri <66674482+Kolibri1990@users.noreply.github.com>
Date: Thu, 15 Jan 2026 20:26:19 +0100
Subject: [PATCH 4/4] fix(urble): add CLIENT_COMPANY to jwt strategy

---
 src/shared/auth/jwt.strategy.ts | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/shared/auth/jwt.strategy.ts b/src/shared/auth/jwt.strategy.ts
index 7187632884..fa4380c1da 100644
--- a/src/shared/auth/jwt.strategy.ts
+++ b/src/shared/auth/jwt.strategy.ts
@@ -22,6 +22,7 @@ export class JwtStrategy extends PassportStrategy(Strategy) {
         break;
 
       case UserRole.KYC_CLIENT_COMPANY:
+      case UserRole.CLIENT_COMPANY:
         if (!address || !user) throw new UnauthorizedException();
         break;