[BE] Implement Market Outcome Source URL Verification

[Hahfyeex]

Type: BE
Component: backend/src/routes/markets.js

Context

Market creators can optionally provide a source URL that will be used to verify the outcome (e.g. a sports results page, a financial data source). Currently this URL is stored but never validated. A market with a broken or malicious source URL misleads users about how the outcome will be determined and can be used to create fraudulent markets.

Implementation Guide

1. Add a source_url field to the POST /api/markets request body (optional).
2. If source_url is provided, validate it is a valid HTTPS URL using a URL parser.
3. Make a HEAD request to the URL with a 5-second timeout to verify it is reachable and returns a 2xx or 3xx status.
4. If the URL is unreachable, return 400 with error: Source URL is not reachable. Please verify the URL and try again.
5. Store the source_url in the markets table and include it in the GET /api/markets/:id response.

Guidelines

• Security: only HTTPS URLs are accepted. HTTP URLs are rejected with a 400 error.
• Key requirement: HTTPS-only Validation / HEAD Request Reachability Check / 5-second Timeout / source_url Storage.

Definition of Done

• Valid HTTPS URLs that return 2xx or 3xx are accepted.
• HTTP URLs are rejected with a 400 error.
• Unreachable URLs are rejected with a descriptive 400 error.
• source_url is stored and returned in the market detail response.
• Unit tests cover valid HTTPS, HTTP rejection, unreachable URL, and no URL scenarios.
• Test coverage > 95%.

PR and Checkout

git checkout -b feat/source-url-verification
git add .
git commit -m "feat: implement HTTPS source URL validation and reachability check for markets"
git push origin feat/source-url-verification

Open a PR against main and include the issue number in the PR description.