feat: Implement error handling and response structure for API

- Added standardized error response structure in `errors.go` for consistent error handling across the API. - Implemented specific response functions for various HTTP status codes (400, 401, 403, 404, 500) to enhance error reporting. - Introduced validation error handling to provide detailed feedback on input validation issues. test: Add comprehensive tests for share handler functionality - Created a suite of tests for share handler endpoints, covering scenarios for creating, listing, deleting shares, and managing share links. - Included tests for permission checks, validation errors, and edge cases such as unauthorized access and invalid document IDs. chore: Set up test utilities and database for integration tests - Established a base handler suite for common setup tasks in tests, including database initialization and teardown. - Implemented test data seeding to facilitate consistent testing across different scenarios. migration: Add public sharing support in the database schema - Modified the `documents` table to include `share_token` and `is_public` columns for managing public document sharing. - Added constraints to ensure data integrity, preventing public documents from lacking a share token.
2026-01-05 15:25:46 -08:00
parent 7f5f32179b
commit 8ae7fd96e8
15 changed files with 1870 additions and 118 deletions
--- a/backend/internal/handlers/websocket.go
+++ b/backend/internal/handlers/websocket.go
@@ -65,7 +65,7 @@ func (wsh *WebSocketHandler) HandleWebSocket(c *gin.Context) {
 	// Check for JWT token in query parameter
 	jwtToken := c.Query("token")
 	if jwtToken != "" {
-		// Validate JWT and get user data from token claims (no DB query!)
+		// Validate JWT signature and expiration - STATELESS, no DB query!
 		jwtSecret := os.Getenv("JWT_SECRET")
 		if jwtSecret == "" {
 			log.Println("JWT_SECRET not configured")
@@ -73,16 +73,17 @@ func (wsh *WebSocketHandler) HandleWebSocket(c *gin.Context) {
 			return
 		}

-		authMiddleware := auth.NewAuthMiddleware(wsh.store, jwtSecret)
-		uid, name, avatar, err := authMiddleware.ValidateToken(jwtToken)
-		if err == nil && uid != nil {
-			// User data comes directly from JWT claims - no DB query needed!
-			userID = uid
-			userName = name
-			if avatar != "" {
-				userAvatar = &avatar
+		// Direct JWT validation - fast path (~1ms)
+		claims, err := auth.ValidateJWT(jwtToken, jwtSecret)
+		if err == nil {
+			// Extract user data from JWT claims
+			uid, parseErr := uuid.Parse(claims.Subject)
+			if parseErr == nil {
+				userID = &uid
+				userName = claims.Name
+				userAvatar = claims.AvatarURL
+				authenticated = true
 			}
-			authenticated = true
 		}
 	}