fix: explorer — server-side filtering, TX timestamps, 5s polling

- Server-side type filtering + pagination (was client-side, broke pagination)
- Fix sync-service to use TX-level timestamp with block timestamp fallback
- Add backfill script for transactions with missing timestamps
- Explicit SQL column list instead of SELECT * for better performance
- Restore 5s polling interval for real-time blockchain explorer updates
- Add display-type-to-DB mapping for accurate filter queries

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: AIQnetLab

applications/qnet-explorer/frontend/lib/db.ts

@@ -147,11 +147,24 @@ export async function getTransactionByHash(hash: string): Promise<TransactionRow
   return result.rows[0] || null;
 }
 
+// Map display type names back to raw DB tx_type values
+const DISPLAY_TYPE_TO_DB: Record<string, string[]> = {
+  'Transfer': ['Transfer', 'BatchTransfers'],
+  'Reward': ['RewardDistribution', 'BatchRewardClaims', 'SystemReward', 'SystemRewards', 'SystemEmission', 'Emission', 'Reward'],
+  'Swap': ['Swap'],
+  'Heartbeat': ['HeartbeatCommitment', 'PingCommitmentWithSampling', 'LightNodeEligibilityBitmap', 'BitmapCommitment', 'PingAttestation'],
+  'Registration': ['NodeRegistration', 'Registration'],
+  'Activation': ['NodeActivation', 'BatchNodeActivations'],
+  'Contract': ['ContractDeploy', 'ContractCall'],
+  'System': ['CreateAccount', 'System'],
+};
+
 export async function getTransactions(
   page: number = 1,
   perPage: number = 50,
   sortOrder: 'asc' | 'desc' = 'desc',
-  typeFilter?: string
+  typeFilter?: string,
+  displayTypes?: string[]
 ): Promise<{ transactions: TransactionRow[]; total: number; currentHeight: number }> {
   // Validate and sanitize inputs
   if (!Number.isInteger(page) || page < 1) {
@@ -163,39 +176,57 @@ export async function getTransactions(
   if (sortOrder !== 'asc' && sortOrder !== 'desc') {
     throw new Error('Invalid sortOrder: must be "asc" or "desc"');
   }
-  
+
   const offset = (page - 1) * perPage;
-  let whereClause = '';
-  const params: unknown[] = [perPage, offset];
-  let paramIndex = 3;
+  let whereClauseMain = '';
+  let whereClauseCount = '';
+  const filterValues: unknown[] = [];
 
   if (typeFilter && typeFilter !== 'All') {
-    // Validate typeFilter to prevent SQL injection (even though params protect us)
     if (!/^[a-zA-Z0-9_\s-]+$/.test(typeFilter)) {
       throw new Error('Invalid typeFilter format');
     }
-    whereClause = `WHERE tx_type = $${paramIndex}`;
-    params.push(typeFilter);
-    paramIndex++;
+    filterValues.push(typeFilter);
+    whereClauseMain = `WHERE tx_type = $3`;
+    whereClauseCount = `WHERE tx_type = $1`;
+  } else if (displayTypes && displayTypes.length > 0) {
+    const dbTypes: string[] = [];
+    for (const dt of displayTypes) {
+      const mapped = DISPLAY_TYPE_TO_DB[dt];
+      if (mapped) dbTypes.push(...mapped);
+    }
+    if (dbTypes.length > 0) {
+      filterValues.push(...dbTypes);
+      const mainPlaceholders = dbTypes.map((_, i) => `$${3 + i}`).join(', ');
+      const countPlaceholders = dbTypes.map((_, i) => `$${1 + i}`).join(', ');
+      whereClauseMain = `WHERE tx_type IN (${mainPlaceholders})`;
+      whereClauseCount = `WHERE tx_type IN (${countPlaceholders})`;
+    }
   }
 
   const orderBy = sortOrder === 'desc' ? 'DESC' : 'ASC';
-  
+
   const transactionsQuery = `
-    SELECT * FROM transactions 
-    ${whereClause}
-    ORDER BY block ${orderBy}, timestamp ${orderBy}
+    SELECT hash, tx_type, from_address, to_address, amount, block, timestamp,
+           nonce, gas_price, gas_limit, signature, public_key,
+           is_quantum_signed, dilithium_signature, dilithium_public_key, data, status
+    FROM transactions
+    ${whereClauseMain}
+    ORDER BY block ${orderBy}, timestamp ${orderBy}, tx_type ${orderBy}, hash ${orderBy}
     LIMIT $1 OFFSET $2
   `;
 
   const countQuery = `
-    SELECT COUNT(*) as total FROM transactions 
-    ${whereClause}
+    SELECT COUNT(*) as total FROM transactions
+    ${whereClauseCount}
   `;
 
+  const mainParams = [perPage, offset, ...filterValues];
+  const countParams = [...filterValues];
+
   const [transactionsResult, countResult, syncStateResult] = await Promise.all([
-    query<TransactionRow>(transactionsQuery, params),
-    query<{ total: string }>(countQuery, params.slice(2)),
+    query<TransactionRow>(transactionsQuery, mainParams),
+    query<{ total: string }>(countQuery, countParams.length > 0 ? countParams : undefined),
     query<{ last_height: string | null }>('SELECT last_height FROM sync_state ORDER BY updated_at DESC LIMIT 1')
   ]);
 

applications/qnet-explorer/frontend/lib/sync-service.ts

@@ -253,8 +253,11 @@ function transformTransaction(
     return null;
   }
 
-  // Always use blockTimestamp (authoritative, set by producer node) — never trust client timestamp
-  let rawTs = blockTimestamp || 0;
+  // v3.53: Use TX-level timestamp first (most accurate), block timestamp as fallback
+  // API returns timestamp on both block and individual TX objects
+  const txTs = Number(tx.timestamp) || 0;
+  const fallbackTs = blockTimestamp || 0;
+  let rawTs = (txTs > 0 ? txTs : fallbackTs);
   if (!Number.isFinite(rawTs) || rawTs < 0) {
     warn('[Sync] Invalid timestamp, fallback to 0:', rawTs);
     rawTs = 0;

applications/qnet-explorer/frontend/scripts/backfill-timestamps.ts

@@ -0,0 +1,125 @@
+/**
+ * Backfill timestamps for transactions that have timestamp=0 in the database.
+ * Fetches real timestamps from the QNet API node.
+ *
+ * Usage: npx tsx scripts/backfill-timestamps.ts
+ */
+
+// All config via environment variables — no hardcoded credentials
+const API_URL = process.env.QNET_API_URL;
+const API_KEY = process.env.QNET_API_KEY || '';
+
+if (!API_URL) {
+  console.error('ERROR: QNET_API_URL environment variable is required');
+  process.exit(1);
+}
+
+const DB_CONFIG = {
+  host: process.env.PGHOST || 'localhost',
+  port: parseInt(process.env.PGPORT || '5432'),
+  database: process.env.PGDATABASE,
+  user: process.env.PGUSER,
+  password: process.env.PGPASSWORD,
+};
+
+if (!DB_CONFIG.database || !DB_CONFIG.user || !DB_CONFIG.password) {
+  console.error('ERROR: PGDATABASE, PGUSER, PGPASSWORD environment variables are required');
+  process.exit(1);
+}
+
+async function main() {
+  const { Pool } = await import('pg');
+  const pool = new Pool(DB_CONFIG);
+
+  try {
+    // Get all distinct blocks that have transactions with timestamp=0
+    const { rows: blocks } = await pool.query(
+      'SELECT DISTINCT block FROM transactions WHERE timestamp = 0 ORDER BY block'
+    );
+
+    console.log(`Found ${blocks.length} blocks with timestamp=0 transactions`);
+
+    let totalUpdated = 0;
+
+    for (const { block: height } of blocks) {
+      console.log(`\nFetching block ${height} from API...`);
+
+      try {
+        const res = await fetch(`${API_URL}/api/v1/microblock/${height}`, {
+          headers: {
+            'Content-Type': 'application/json',
+            'X-API-Key': API_KEY,
+          },
+          signal: AbortSignal.timeout(30000),
+        });
+
+        if (!res.ok) {
+          console.error(`  Failed to fetch block ${height}: HTTP ${res.status}`);
+          continue;
+        }
+
+        const data = await res.json();
+        const block = data.block || data;
+        const blockTimestamp = Number(block.timestamp) || 0;
+        const txs = block.transactions || block.txs || [];
+
+        console.log(`  Block timestamp: ${blockTimestamp}, ${txs.length} transactions`);
+
+        // Build a map of tx hash -> timestamp
+        const txTimestamps = new Map<string, number>();
+        for (const tx of txs) {
+          const hash = String(tx.hash || '');
+          const txTs = Number(tx.timestamp) || 0;
+          // Use TX timestamp first, block timestamp as fallback
+          const ts = txTs > 0 ? txTs : blockTimestamp;
+          if (hash && ts > 0) {
+            // Normalize to milliseconds
+            const tsMs = ts > 1e12 ? ts : ts * 1000;
+            txTimestamps.set(hash, tsMs);
+          }
+        }
+
+        // Update transactions in DB
+        const { rows: affectedTxs } = await pool.query(
+          'SELECT hash FROM transactions WHERE block = $1 AND timestamp = 0',
+          [height]
+        );
+
+        for (const { hash } of affectedTxs) {
+          let newTs = txTimestamps.get(hash);
+
+          // If TX not found in API response, use block timestamp
+          if (!newTs && blockTimestamp > 0) {
+            newTs = blockTimestamp > 1e12 ? blockTimestamp : blockTimestamp * 1000;
+          }
+
+          if (newTs && newTs > 0) {
+            await pool.query(
+              'UPDATE transactions SET timestamp = $1 WHERE hash = $2 AND timestamp = 0',
+              [newTs, hash]
+            );
+            totalUpdated++;
+            console.log(`  Updated ${hash.substring(0, 16)}... → timestamp=${newTs}`);
+          } else {
+            console.warn(`  No timestamp found for ${hash.substring(0, 16)}...`);
+          }
+        }
+      } catch (err) {
+        console.error(`  Error processing block ${height}:`, err);
+      }
+    }
+
+    console.log(`\nDone! Updated ${totalUpdated} transactions.`);
+
+    // Verify
+    const { rows: [{ count }] } = await pool.query(
+      'SELECT COUNT(*) as count FROM transactions WHERE timestamp = 0'
+    );
+    console.log(`Remaining transactions with timestamp=0: ${count}`);
+
+  } finally {
+    await pool.end();
+  }
+}
+
+main().catch(console.error);

applications/qnet-explorer/frontend/src/app/api/activity/route.ts

@@ -3,7 +3,7 @@ import { getTransactions } from '../../../../lib/db';
 import { rateLimit, getClientIdentifier } from '../../../../lib/rate-limit';
 
 export const dynamic = 'force-dynamic';
-export const revalidate = 0;
+export const revalidate = 10; // Cache for 10 seconds
 
 // Rate limiting: 100 requests per minute per IP
 const RATE_LIMIT_MAX = 100;
@@ -145,7 +145,7 @@ export async function GET(request: NextRequest) {
       sortOrder = sortParam as 'asc' | 'desc';
     }
 
-    // Validate type filter
+    // Validate type filter (single type, raw DB name)
     let typeFilter: string | undefined = undefined;
     if (typeParam) {
       if (!/^[a-zA-Z0-9_\s-]+$/.test(typeParam)) {
@@ -157,8 +157,16 @@ export async function GET(request: NextRequest) {
       typeFilter = typeParam;
     }
 
+    // Support multiple display-type filters (e.g. types=Transfer,Reward)
+    const typesParam = searchParams.get('types');
+    let displayTypes: string[] | undefined = undefined;
+    if (typesParam) {
+      displayTypes = typesParam.split(',').filter(t => /^[a-zA-Z]+$/.test(t.trim())).map(t => t.trim());
+      if (displayTypes.length === 0) displayTypes = undefined;
+    }
+
     // Get transactions from PostgreSQL
-    const { transactions, total, currentHeight } = await getTransactions(page, perPage, sortOrder, typeFilter);
+    const { transactions, total, currentHeight } = await getTransactions(page, perPage, sortOrder, typeFilter, displayTypes);
 
     // Map to response format - return ALL fields
     // Note: perPage is already validated to max 500, so we use all transactions