M1ngdaXie/DocNest
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Implement error handling and response structure for API

Browse Source 
- Added standardized error response structure in `errors.go` for consistent error handling across the API.
- Implemented specific response functions for various HTTP status codes (400, 401, 403, 404, 500) to enhance error reporting.
- Introduced validation error handling to provide detailed feedback on input validation issues.

test: Add comprehensive tests for share handler functionality

- Created a suite of tests for share handler endpoints, covering scenarios for creating, listing, deleting shares, and managing share links.
- Included tests for permission checks, validation errors, and edge cases such as unauthorized access and invalid document IDs.

chore: Set up test utilities and database for integration tests

- Established a base handler suite for common setup tasks in tests, including database initialization and teardown.
- Implemented test data seeding to facilitate consistent testing across different scenarios.

migration: Add public sharing support in the database schema

- Modified the `documents` table to include `share_token` and `is_public` columns for managing public document sharing.
- Added constraints to ensure data integrity, preventing public documents from lacking a share token.
This commit is contained in:
M1ngdaXie
2026-01-05 15:25:46 -08:00
parent 7f5f32179b
commit 8ae7fd96e8
15 changed files with 1870 additions and 118 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
backend/internal/auth/middleware.go
View File

@@ -1,7 +1,6 @@
package auth
import (
"context"
"fmt"
"net/http"
"strings"
@@ -158,8 +157,9 @@ func GetUserFromContext(c *gin.Context) *uuid.UUID {
}
// ValidateToken validates a JWT token and returns user ID, name, and avatar URL from JWT claims
// STATELESS: No database lookup - relies entirely on JWT signature and expiration
func (m *AuthMiddleware) ValidateToken(tokenString string) (*uuid.UUID, string, string, error) {
// Parse and validate JWT
// Parse and validate JWT signature and expiration
claims, err := ValidateJWT(tokenString, m.jwtSecret)
if err != nil {
return nil, "", "", fmt.Errorf("invalid token: %w", err)
@@ -171,23 +171,12 @@ func (m *AuthMiddleware) ValidateToken(tokenString string) (*uuid.UUID, string,
return nil, "", "", fmt.Errorf("invalid user ID in token: %w", err)
}
// Get session from database by token (for revocation capability)
session, err := m.store.GetSessionByToken(context.Background(), tokenString)
if err != nil {
return nil, "", "", fmt.Errorf("session not found: %w", err)
}
// Verify session UserID matches JWT Subject
if session.UserID != userID {
return nil, "", "", fmt.Errorf("session ID mismatch")
}
// Extract avatar URL from claims (handle nil gracefully)
avatarURL := ""
if claims.AvatarURL != nil {
avatarURL = *claims.AvatarURL
}
// Return user data from JWT claims - no DB query needed!
// Return user data from JWT claims - ZERO database queries!
return &userID, claims.Name, avatarURL, nil
}