admin/honeyDueAPI
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Harden API security: input validation, safe auth extraction, new tests, and deploy config

Browse Source 
Comprehensive security hardening from audit findings:
- Add validation tags to all DTO request structs (max lengths, ranges, enums)
- Replace unsafe type assertions with MustGetAuthUser helper across all handlers
- Remove query-param token auth from admin middleware (prevents URL token leakage)
- Add request validation calls in handlers that were missing c.Validate()
- Remove goroutines in handlers (timezone update now synchronous)
- Add sanitize middleware and path traversal protection (path_utils)
- Stop resetting admin passwords on migration restart
- Warn on well-known default SECRET_KEY
- Add ~30 new test files covering security regressions, auth safety, repos, and services
- Add deploy/ config, audit digests, and AUDIT_FINDINGS documentation

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Trey t
2026-03-02 09:48:01 -06:00
parent 56d6fa4514
commit 7690f07a2b
123 changed files with 8321 additions and 750 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
internal/admin/dto/requests.go
View File

@@ -1,5 +1,7 @@
package dto
import "github.com/treytartt/casera-api/internal/middleware"
// PaginationParams holds pagination query parameters
type PaginationParams struct {
Page int `form:"page" validate:"omitempty,min=1"`
@@ -41,6 +43,12 @@ func (p *PaginationParams) GetSortDir() string {
return "DESC"
}
// GetSafeSortBy validates SortBy against an allowlist to prevent SQL injection.
// Returns the matching allowed column, or defaultCol if SortBy is empty or not allowed.
func (p *PaginationParams) GetSafeSortBy(allowedCols []string, defaultCol string) string {
return middleware.SanitizeSortColumn(p.SortBy, allowedCols, defaultCol)
}
// UserFilters holds user-specific filter parameters
type UserFilters struct {
PaginationParams

199
internal/admin/handlers/admin_security_test.go Normal file
View File

@@ -0,0 +1,199 @@
package handlers
import (
"html"
"testing"
"github.com/stretchr/testify/assert"
"github.com/treytartt/casera-api/internal/admin/dto"
)
func TestAdminSortBy_ValidColumn_Works(t *testing.T) {
tests := []struct {
name string
sortBy string
allowlist []string
defaultCol string
expected string
}{
{
name: "exact match returns column",
sortBy: "created_at",
allowlist: []string{"id", "created_at", "updated_at", "name"},
defaultCol: "created_at",
expected: "created_at",
},
{
name: "case insensitive match returns canonical column",
sortBy: "Created_At",
allowlist: []string{"id", "created_at", "updated_at", "name"},
defaultCol: "created_at",
expected: "created_at",
},
{
name: "different valid column",
sortBy: "name",
allowlist: []string{"id", "created_at", "updated_at", "name"},
defaultCol: "created_at",
expected: "name",
},
{
name: "date_joined for user handler",
sortBy: "date_joined",
allowlist: []string{"id", "username", "email", "date_joined", "last_login", "is_active"},
defaultCol: "date_joined",
expected: "date_joined",
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
p := dto.PaginationParams{SortBy: tt.sortBy}
result := p.GetSafeSortBy(tt.allowlist, tt.defaultCol)
assert.Equal(t, tt.expected, result)
})
}
}
func TestAdminSortBy_SQLInjection_ReturnsDefault(t *testing.T) {
allowlist := []string{"id", "created_at", "updated_at", "name"}
defaultCol := "created_at"
tests := []struct {
name string
sortBy string
}{
{
name: "SQL injection with DROP TABLE",
sortBy: "created_at; DROP TABLE users; --",
},
{
name: "SQL injection with UNION SELECT",
sortBy: "id UNION SELECT password FROM auth_user",
},
{
name: "SQL injection with subquery",
sortBy: "(SELECT password FROM auth_user LIMIT 1)",
},
{
name: "SQL injection with comment",
sortBy: "created_at--",
},
{
name: "SQL injection with semicolon",
sortBy: "created_at;",
},
{
name: "SQL injection with OR 1=1",
sortBy: "created_at OR 1=1",
},
{
name: "column not in allowlist",
sortBy: "password",
},
{
name: "SQL injection with single quotes",
sortBy: "name'; DROP TABLE users; --",
},
{
name: "SQL injection with double dashes",
sortBy: "id -- comment",
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
p := dto.PaginationParams{SortBy: tt.sortBy}
result := p.GetSafeSortBy(allowlist, defaultCol)
assert.Equal(t, defaultCol, result, "SQL injection attempt should return default column")
})
}
}
func TestAdminSortBy_EmptyString_ReturnsDefault(t *testing.T) {
tests := []struct {
name string
sortBy string
defaultCol string
}{
{
name: "empty string returns default",
sortBy: "",
defaultCol: "created_at",
},
{
name: "whitespace only returns default",
sortBy: " ",
defaultCol: "created_at",
},
{
name: "tab only returns default",
sortBy: "\t",
defaultCol: "date_joined",
},
{
name: "different default column",
sortBy: "",
defaultCol: "completed_at",
},
}
allowlist := []string{"id", "created_at", "updated_at", "name"}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
p := dto.PaginationParams{SortBy: tt.sortBy}
result := p.GetSafeSortBy(allowlist, tt.defaultCol)
assert.Equal(t, tt.defaultCol, result)
})
}
}
func TestSendEmail_XSSEscaped(t *testing.T) {
// SEC-22: Subject and Body must be HTML-escaped before insertion into email template.
// This tests the html.EscapeString behavior that the handler relies on.
tests := []struct {
name string
input string
expected string
}{
{
name: "script tag in subject",
input: `<script>alert("xss")</script>`,
expected: `&lt;script&gt;alert(&#34;xss&#34;)&lt;/script&gt;`,
},
{
name: "img onerror payload",
input: `<img src=x onerror=alert(1)>`,
expected: `&lt;img src=x onerror=alert(1)&gt;`,
},
{
name: "ampersand and angle brackets",
input: `Tom & Jerry <bros>`,
expected: `Tom &amp; Jerry &lt;bros&gt;`,
},
{
name: "plain text passes through",
input: "Hello World",
expected: "Hello World",
},
{
name: "single quotes",
input: `It's a 'test'`,
expected: `It&#39;s a &#39;test&#39;`,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
escaped := html.EscapeString(tt.input)
assert.Equal(t, tt.expected, escaped)
// Verify the escaped output does NOT contain raw angle brackets from the input
if tt.input != tt.expected {
assert.NotContains(t, escaped, "<script>")
assert.NotContains(t, escaped, "<img")
}
})
}
}

10
internal/admin/handlers/admin_user_handler.go
View File

@@ -80,11 +80,11 @@ func (h *AdminUserManagementHandler) List(c echo.Context) error {
// Get total count
query.Count(&total)
// Apply sorting
sortBy := "created_at"
if filters.SortBy != "" {
sortBy = filters.SortBy
}
// Apply sorting (allowlist prevents SQL injection via sort_by parameter)
sortBy := filters.GetSafeSortBy([]string{
"id", "email", "first_name", "last_name",
"role", "is_active", "created_at", "updated_at",
}, "created_at")
query = query.Order(sortBy + " " + filters.GetSortDir())
// Apply pagination

10
internal/admin/handlers/apple_social_auth_handler.go
View File

@@ -63,11 +63,11 @@ func (h *AdminAppleSocialAuthHandler) List(c echo.Context) error {
// Get total count
query.Count(&total)
// Apply sorting
sortBy := "created_at"
if filters.SortBy != "" {
sortBy = filters.SortBy
}
// Apply sorting (allowlist prevents SQL injection via sort_by parameter)
sortBy := filters.GetSafeSortBy([]string{
"id", "user_id", "apple_id", "email", "is_private_email",
"created_at", "updated_at",
}, "created_at")
query = query.Order(sortBy + " " + filters.GetSortDir())
// Apply pagination

9
internal/admin/handlers/auth_token_handler.go
View File

@@ -55,11 +55,10 @@ func (h *AdminAuthTokenHandler) List(c echo.Context) error {
// Get total count
query.Count(&total)
// Apply sorting
sortBy := "created"
if filters.SortBy != "" {
sortBy = filters.SortBy
}
// Apply sorting (allowlist prevents SQL injection via sort_by parameter)
sortBy := filters.GetSafeSortBy([]string{
"created", "user_id",
}, "created")
query = query.Order(sortBy + " " + filters.GetSortDir())
// Apply pagination

10
internal/admin/handlers/completion_handler.go
View File

@@ -96,11 +96,11 @@ func (h *AdminCompletionHandler) List(c echo.Context) error {
// Get total count
query.Count(&total)
// Apply sorting
sortBy := "completed_at"
if filters.SortBy != "" {
sortBy = filters.SortBy
}
// Apply sorting (allowlist prevents SQL injection via sort_by parameter)
sortBy := filters.GetSafeSortBy([]string{
"id", "task_id", "completed_by_id", "completed_at",
"created_at", "notes", "actual_cost", "rating",
}, "completed_at")
sortDir := "DESC"
if filters.SortDir != "" {
sortDir = filters.GetSortDir()

9
internal/admin/handlers/completion_image_handler.go
View File

@@ -78,11 +78,10 @@ func (h *AdminCompletionImageHandler) List(c echo.Context) error {
// Get total count
query.Count(&total)
// Apply sorting
sortBy := "created_at"
if filters.SortBy != "" {
sortBy = filters.SortBy
}
// Apply sorting (allowlist prevents SQL injection via sort_by parameter)
sortBy := filters.GetSafeSortBy([]string{
"id", "completion_id", "created_at", "updated_at",
}, "created_at")
query = query.Order(sortBy + " " + filters.GetSortDir())
// Apply pagination

9
internal/admin/handlers/confirmation_code_handler.go
View File

@@ -58,11 +58,10 @@ func (h *AdminConfirmationCodeHandler) List(c echo.Context) error {
// Get total count
query.Count(&total)
// Apply sorting
sortBy := "created_at"
if filters.SortBy != "" {
sortBy = filters.SortBy
}
// Apply sorting (allowlist prevents SQL injection via sort_by parameter)
sortBy := filters.GetSafeSortBy([]string{
"id", "user_id", "created_at", "expires_at", "is_used",
}, "created_at")
query = query.Order(sortBy + " " + filters.GetSortDir())
// Apply pagination

10
internal/admin/handlers/contractor_handler.go
View File

@@ -59,11 +59,11 @@ func (h *AdminContractorHandler) List(c echo.Context) error {
// Get total count
query.Count(&total)
// Apply sorting
sortBy := "created_at"
if filters.SortBy != "" {
sortBy = filters.SortBy
}
// Apply sorting (allowlist prevents SQL injection via sort_by parameter)
sortBy := filters.GetSafeSortBy([]string{
"id", "name", "company", "email", "phone", "city",
"created_at", "updated_at", "is_active", "is_favorite", "rating",
}, "created_at")
query = query.Order(sortBy + " " + filters.GetSortDir())
// Apply pagination

16
internal/admin/handlers/device_handler.go
View File

@@ -70,10 +70,10 @@ func (h *AdminDeviceHandler) ListAPNS(c echo.Context) error {
query.Count(&total)
sortBy := "date_created"
if filters.SortBy != "" {
sortBy = filters.SortBy
}
// Apply sorting (allowlist prevents SQL injection via sort_by parameter)
sortBy := filters.GetSafeSortBy([]string{
"id", "name", "active", "user_id", "device_id", "date_created",
}, "date_created")
query = query.Order(sortBy + " " + filters.GetSortDir())
query = query.Offset(filters.GetOffset()).Limit(filters.GetPerPage())
@@ -125,10 +125,10 @@ func (h *AdminDeviceHandler) ListGCM(c echo.Context) error {
query.Count(&total)
sortBy := "date_created"
if filters.SortBy != "" {
sortBy = filters.SortBy
}
// Apply sorting (allowlist prevents SQL injection via sort_by parameter)
sortBy := filters.GetSafeSortBy([]string{
"id", "name", "active", "user_id", "device_id", "cloud_message_type", "date_created",
}, "date_created")
query = query.Order(sortBy + " " + filters.GetSortDir())
query = query.Offset(filters.GetOffset()).Limit(filters.GetPerPage())

10
internal/admin/handlers/document_handler.go
View File

@@ -61,11 +61,11 @@ func (h *AdminDocumentHandler) List(c echo.Context) error {
// Get total count
query.Count(&total)
// Apply sorting
sortBy := "created_at"
if filters.SortBy != "" {
sortBy = filters.SortBy
}
// Apply sorting (allowlist prevents SQL injection via sort_by parameter)
sortBy := filters.GetSafeSortBy([]string{
"id", "title", "created_at", "updated_at", "document_type",
"residence_id", "is_active", "expiry_date", "vendor",
}, "created_at")
query = query.Order(sortBy + " " + filters.GetSortDir())
// Apply pagination

9
internal/admin/handlers/document_image_handler.go
View File

@@ -79,11 +79,10 @@ func (h *AdminDocumentImageHandler) List(c echo.Context) error {
// Get total count
query.Count(&total)
// Apply sorting
sortBy := "created_at"
if filters.SortBy != "" {
sortBy = filters.SortBy
}
// Apply sorting (allowlist prevents SQL injection via sort_by parameter)
sortBy := filters.GetSafeSortBy([]string{
"id", "document_id", "created_at", "updated_at",
}, "created_at")
query = query.Order(sortBy + " " + filters.GetSortDir())
// Apply pagination

8
internal/admin/handlers/feature_benefit_handler.go
View File

@@ -52,10 +52,10 @@ func (h *AdminFeatureBenefitHandler) List(c echo.Context) error {
query.Count(&total)
sortBy := "display_order"
if filters.SortBy != "" {
sortBy = filters.SortBy
}
// Apply sorting (allowlist prevents SQL injection via sort_by parameter)
sortBy := filters.GetSafeSortBy([]string{
"id", "feature_name", "display_order", "is_active", "created_at", "updated_at",
}, "display_order")
query = query.Order(sortBy + " " + filters.GetSortDir())
query = query.Offset(filters.GetOffset()).Limit(filters.GetPerPage())

12
internal/admin/handlers/lookup_handler.go
View File

@@ -29,6 +29,8 @@ func NewAdminLookupHandler(db *gorm.DB) *AdminLookupHandler {
func (h *AdminLookupHandler) refreshCategoriesCache(ctx context.Context) {
cache := services.GetCache()
if cache == nil {
log.Warn().Msg("Cache service unavailable, skipping categories cache refresh")
return
}
var categories []models.TaskCategory
@@ -49,6 +51,8 @@ func (h *AdminLookupHandler) refreshCategoriesCache(ctx context.Context) {
func (h *AdminLookupHandler) refreshPrioritiesCache(ctx context.Context) {
cache := services.GetCache()
if cache == nil {
log.Warn().Msg("Cache service unavailable, skipping priorities cache refresh")
return
}
var priorities []models.TaskPriority
@@ -69,6 +73,8 @@ func (h *AdminLookupHandler) refreshPrioritiesCache(ctx context.Context) {
func (h *AdminLookupHandler) refreshFrequenciesCache(ctx context.Context) {
cache := services.GetCache()
if cache == nil {
log.Warn().Msg("Cache service unavailable, skipping frequencies cache refresh")
return
}
var frequencies []models.TaskFrequency
@@ -89,6 +95,8 @@ func (h *AdminLookupHandler) refreshFrequenciesCache(ctx context.Context) {
func (h *AdminLookupHandler) refreshResidenceTypesCache(ctx context.Context) {
cache := services.GetCache()
if cache == nil {
log.Warn().Msg("Cache service unavailable, skipping residence types cache refresh")
return
}
var types []models.ResidenceType
@@ -109,6 +117,8 @@ func (h *AdminLookupHandler) refreshResidenceTypesCache(ctx context.Context) {
func (h *AdminLookupHandler) refreshSpecialtiesCache(ctx context.Context) {
cache := services.GetCache()
if cache == nil {
log.Warn().Msg("Cache service unavailable, skipping specialties cache refresh")
return
}
var specialties []models.ContractorSpecialty
@@ -130,6 +140,8 @@ func (h *AdminLookupHandler) refreshSpecialtiesCache(ctx context.Context) {
func (h *AdminLookupHandler) invalidateSeededDataCache(ctx context.Context) {
cache := services.GetCache()
if cache == nil {
log.Warn().Msg("Cache service unavailable, skipping seeded data cache invalidation")
return
}
if err := cache.InvalidateSeededData(ctx); err != nil {

21
internal/admin/handlers/notification_handler.go
View File

@@ -2,6 +2,7 @@ package handlers
import (
"context"
"html"
"net/http"
"strconv"
"time"
@@ -67,11 +68,11 @@ func (h *AdminNotificationHandler) List(c echo.Context) error {
// Get total count
query.Count(&total)
// Apply sorting
sortBy := "created_at"
if filters.SortBy != "" {
sortBy = filters.SortBy
}
// Apply sorting (allowlist prevents SQL injection via sort_by parameter)
sortBy := filters.GetSafeSortBy([]string{
"id", "created_at", "updated_at", "user_id",
"notification_type", "sent", "read", "title",
}, "created_at")
query = query.Order(sortBy + " " + filters.GetSortDir())
// Apply pagination
@@ -347,16 +348,20 @@ func (h *AdminNotificationHandler) SendTestEmail(c echo.Context) error {
return c.JSON(http.StatusServiceUnavailable, map[string]interface{}{"error": "Email service not configured"})
}
// HTML-escape user-supplied values to prevent XSS via email content
escapedSubject := html.EscapeString(req.Subject)
escapedBody := html.EscapeString(req.Body)
// Create HTML body with basic styling
htmlBody := `<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>` + req.Subject + `</title>
<title>` + escapedSubject + `</title>
</head>
<body style="font-family: Arial, sans-serif; max-width: 600px; margin: 0 auto; padding: 20px;">
<h2 style="color: #333;">` + req.Subject + `</h2>
<div style="color: #666; line-height: 1.6;">` + req.Body + `</div>
<h2 style="color: #333;">` + escapedSubject + `</h2>
<div style="color: #666; line-height: 1.6;">` + escapedBody + `</div>
<hr style="border: none; border-top: 1px solid #eee; margin: 30px 0;">
<p style="color: #999; font-size: 12px;">This is a test email sent from Casera Admin Panel.</p>
</body>

9
internal/admin/handlers/notification_prefs_handler.go
View File

@@ -76,11 +76,10 @@ func (h *AdminNotificationPrefsHandler) List(c echo.Context) error {
// Get total count
query.Count(&total)
// Apply sorting
sortBy := "created_at"
if filters.SortBy != "" {
sortBy = filters.SortBy
}
// Apply sorting (allowlist prevents SQL injection via sort_by parameter)
sortBy := filters.GetSafeSortBy([]string{
"id", "user_id", "created_at", "updated_at",
}, "created_at")
query = query.Order(sortBy + " " + filters.GetSortDir())
// Apply pagination

9
internal/admin/handlers/password_reset_code_handler.go
View File

@@ -60,11 +60,10 @@ func (h *AdminPasswordResetCodeHandler) List(c echo.Context) error {
// Get total count
query.Count(&total)
// Apply sorting
sortBy := "created_at"
if filters.SortBy != "" {
sortBy = filters.SortBy
}
// Apply sorting (allowlist prevents SQL injection via sort_by parameter)
sortBy := filters.GetSafeSortBy([]string{
"id", "user_id", "created_at", "expires_at", "used",
}, "created_at")
query = query.Order(sortBy + " " + filters.GetSortDir())
// Apply pagination

9
internal/admin/handlers/promotion_handler.go
View File

@@ -56,10 +56,11 @@ func (h *AdminPromotionHandler) List(c echo.Context) error {
query.Count(&total)
sortBy := "created_at"
if filters.SortBy != "" {
sortBy = filters.SortBy
}
// Apply sorting (allowlist prevents SQL injection via sort_by parameter)
sortBy := filters.GetSafeSortBy([]string{
"id", "promotion_id", "title", "start_date", "end_date",
"target_tier", "is_active", "created_at", "updated_at",
}, "created_at")
query = query.Order(sortBy + " " + filters.GetSortDir())
query = query.Offset(filters.GetOffset()).Limit(filters.GetPerPage())

10
internal/admin/handlers/residence_handler.go
View File

@@ -58,11 +58,11 @@ func (h *AdminResidenceHandler) List(c echo.Context) error {
// Get total count
query.Count(&total)
// Apply sorting
sortBy := "created_at"
if filters.SortBy != "" {
sortBy = filters.SortBy
}
// Apply sorting (allowlist prevents SQL injection via sort_by parameter)
sortBy := filters.GetSafeSortBy([]string{
"id", "name", "created_at", "updated_at", "owner_id",
"city", "state_province", "country", "is_active", "is_primary",
}, "created_at")
query = query.Order(sortBy + " " + filters.GetSortDir())
// Apply pagination

18
internal/admin/handlers/share_code_handler.go
View File

@@ -62,11 +62,11 @@ func (h *AdminShareCodeHandler) List(c echo.Context) error {
// Get total count
query.Count(&total)
// Apply sorting
sortBy := "created_at"
if filters.SortBy != "" {
sortBy = filters.SortBy
}
// Apply sorting (allowlist prevents SQL injection via sort_by parameter)
sortBy := filters.GetSafeSortBy([]string{
"id", "residence_id", "code", "created_by_id",
"is_active", "expires_at", "created_at",
}, "created_at")
query = query.Order(sortBy + " " + filters.GetSortDir())
// Apply pagination
@@ -153,13 +153,17 @@ func (h *AdminShareCodeHandler) Update(c echo.Context) error {
}
var req struct {
IsActive bool `json:"is_active"`
IsActive *bool `json:"is_active"`
}
if err := c.Bind(&req); err != nil {
return c.JSON(http.StatusBadRequest, map[string]interface{}{"error": err.Error()})
}
code.IsActive = req.IsActive
// Only update IsActive when explicitly provided (non-nil).
// Using *bool prevents a missing field from defaulting to false.
if req.IsActive != nil {
code.IsActive = *req.IsActive
}
if err := h.db.Save(&code).Error; err != nil {
return c.JSON(http.StatusInternalServerError, map[string]interface{}{"error": "Failed to update share code"})

10
internal/admin/handlers/subscription_handler.go
View File

@@ -65,11 +65,11 @@ func (h *AdminSubscriptionHandler) List(c echo.Context) error {
// Get total count
query.Count(&total)
// Apply sorting
sortBy := "created_at"
if filters.SortBy != "" {
sortBy = filters.SortBy
}
// Apply sorting (allowlist prevents SQL injection via sort_by parameter)
sortBy := filters.GetSafeSortBy([]string{
"id", "created_at", "updated_at", "user_id",
"tier", "platform", "auto_renew", "expires_at", "subscribed_at",
}, "created_at")
query = query.Order(sortBy + " " + filters.GetSortDir())
// Apply pagination

11
internal/admin/handlers/task_handler.go
View File

@@ -68,11 +68,12 @@ func (h *AdminTaskHandler) List(c echo.Context) error {
// Get total count
query.Count(&total)
// Apply sorting
sortBy := "created_at"
if filters.SortBy != "" {
sortBy = filters.SortBy
}
// Apply sorting (allowlist prevents SQL injection via sort_by parameter)
sortBy := filters.GetSafeSortBy([]string{
"id", "title", "created_at", "updated_at", "due_date", "next_due_date",
"residence_id", "category_id", "priority_id", "in_progress",
"is_cancelled", "is_archived", "estimated_cost", "actual_cost",
}, "created_at")
query = query.Order(sortBy + " " + filters.GetSortDir())
// Apply pagination

10
internal/admin/handlers/user_handler.go
View File

@@ -56,11 +56,11 @@ func (h *AdminUserHandler) List(c echo.Context) error {
// Get total count
query.Count(&total)
// Apply sorting
sortBy := "date_joined"
if filters.SortBy != "" {
sortBy = filters.SortBy
}
// Apply sorting (allowlist prevents SQL injection via sort_by parameter)
sortBy := filters.GetSafeSortBy([]string{
"id", "username", "email", "first_name", "last_name",
"date_joined", "last_login", "is_active", "is_staff", "is_superuser",
}, "date_joined")
query = query.Order(sortBy + " " + filters.GetSortDir())
// Apply pagination

9
internal/admin/handlers/user_profile_handler.go
View File

@@ -69,11 +69,10 @@ func (h *AdminUserProfileHandler) List(c echo.Context) error {
// Get total count
query.Count(&total)
// Apply sorting
sortBy := "created_at"
if filters.SortBy != "" {
sortBy = filters.SortBy
}
// Apply sorting (allowlist prevents SQL injection via sort_by parameter)
sortBy := filters.GetSafeSortBy([]string{
"id", "user_id", "verified", "created_at", "updated_at",
}, "created_at")
query = query.Order(sortBy + " " + filters.GetSortDir())
// Apply pagination

4
internal/config/config.go
View File

@@ -338,10 +338,14 @@ func validate(cfg *Config) error {
// In debug mode, use a default key with a warning for local development
cfg.Security.SecretKey = "change-me-in-production-secret-key-12345"
fmt.Println("WARNING: SECRET_KEY not set, using default (debug mode only)")
fmt.Println("WARNING: *** DO NOT USE THIS DEFAULT KEY IN PRODUCTION ***")
} else {
// In production, refuse to start without a proper secret key
return fmt.Errorf("FATAL: SECRET_KEY environment variable is required in production (DEBUG=false)")
}
} else if cfg.Security.SecretKey == "change-me-in-production-secret-key-12345" {
// Warn if someone explicitly set the well-known debug key
fmt.Println("WARNING: SECRET_KEY is set to the well-known debug default. Change it for production use.")
}
// Database password might come from DATABASE_URL, don't require it separately

21
internal/database/database.go
View File

@@ -369,17 +369,13 @@ func migrateGoAdmin() error {
}
db.Exec(`CREATE INDEX IF NOT EXISTS idx_goadmin_site_key ON goadmin_site(key)`)
// Seed default admin user (password: admin - bcrypt hash)
// Seed default admin user only on first run (ON CONFLICT DO NOTHING).
// Password is NOT reset on subsequent migrations to preserve operator changes.
db.Exec(`
INSERT INTO goadmin_users (username, password, name, avatar)
VALUES ('admin', '$2a$10$t.GCU24EqIWLSl7F51Hdz.IkkgFK.Qa9/BzEc5Bi2C/I2bXf1nJgm', 'Administrator', '')
ON CONFLICT DO NOTHING
`)
// Update existing admin password if it exists with wrong hash
db.Exec(`
UPDATE goadmin_users SET password = '$2a$10$t.GCU24EqIWLSl7F51Hdz.IkkgFK.Qa9/BzEc5Bi2C/I2bXf1nJgm'
WHERE username = 'admin'
`)
// Seed default roles
db.Exec(`INSERT INTO goadmin_roles (name, slug) VALUES ('Administrator', 'administrator') ON CONFLICT DO NOTHING`)
@@ -443,8 +439,8 @@ func migrateGoAdmin() error {
log.Info().Msg("GoAdmin migrations completed")
// Seed default Next.js admin user (email: admin@mycrib.com, password: admin123)
// bcrypt hash for "admin123": $2a$10$t5hGjdXQLxr9Z0193qx.Tef6hd1vYI3JvrfX/piKx2qS9UvQ41I9O
// Seed default Next.js admin user only on first run.
// Password is NOT reset on subsequent migrations to preserve operator changes.
var adminCount int64
db.Raw(`SELECT COUNT(*) FROM admin_users WHERE email = 'admin@mycrib.com'`).Scan(&adminCount)
if adminCount == 0 {
@@ -453,14 +449,7 @@ func migrateGoAdmin() error {
INSERT INTO admin_users (email, password, first_name, last_name, role, is_active, created_at, updated_at)
VALUES ('admin@mycrib.com', '$2a$10$t5hGjdXQLxr9Z0193qx.Tef6hd1vYI3JvrfX/piKx2qS9UvQ41I9O', 'Admin', 'User', 'super_admin', true, NOW(), NOW())
`)
log.Info().Msg("Default admin user created: admin@mycrib.com / admin123")
} else {
// Update existing admin password if needed
db.Exec(`
UPDATE admin_users SET password = '$2a$10$t5hGjdXQLxr9Z0193qx.Tef6hd1vYI3JvrfX/piKx2qS9UvQ41I9O'
WHERE email = 'admin@mycrib.com'
`)
log.Info().Msg("Updated admin@mycrib.com password to admin123")
log.Info().Msg("Default admin user created: admin@mycrib.com")
}
return nil

12
internal/dto/requests/contractor.go
View File

@@ -8,13 +8,13 @@ type CreateContractorRequest struct {
Phone string `json:"phone" validate:"max=20"`
Email string `json:"email" validate:"omitempty,email,max=254"`
Website string `json:"website" validate:"max=200"`
Notes string `json:"notes"`
Notes string `json:"notes" validate:"max=10000"`
StreetAddress string `json:"street_address" validate:"max=255"`
City string `json:"city" validate:"max=100"`
StateProvince string `json:"state_province" validate:"max=100"`
PostalCode string `json:"postal_code" validate:"max=20"`
SpecialtyIDs []uint `json:"specialty_ids"`
Rating *float64 `json:"rating"`
SpecialtyIDs []uint `json:"specialty_ids" validate:"omitempty,max=20"`
Rating *float64 `json:"rating" validate:"omitempty,min=0,max=5"`
IsFavorite *bool `json:"is_favorite"`
}
@@ -25,13 +25,13 @@ type UpdateContractorRequest struct {
Phone *string `json:"phone" validate:"omitempty,max=20"`
Email *string `json:"email" validate:"omitempty,email,max=254"`
Website *string `json:"website" validate:"omitempty,max=200"`
Notes *string `json:"notes"`
Notes *string `json:"notes" validate:"omitempty,max=10000"`
StreetAddress *string `json:"street_address" validate:"omitempty,max=255"`
City *string `json:"city" validate:"omitempty,max=100"`
StateProvince *string `json:"state_province" validate:"omitempty,max=100"`
PostalCode *string `json:"postal_code" validate:"omitempty,max=20"`
SpecialtyIDs []uint `json:"specialty_ids"`
Rating *float64 `json:"rating"`
SpecialtyIDs []uint `json:"specialty_ids" validate:"omitempty,max=20"`
Rating *float64 `json:"rating" validate:"omitempty,min=0,max=5"`
IsFavorite *bool `json:"is_favorite"`
ResidenceID *uint `json:"residence_id"`
}

14
internal/dto/requests/document.go
View File

@@ -12,11 +12,11 @@ import (
type CreateDocumentRequest struct {
ResidenceID uint `json:"residence_id" validate:"required"`
Title string `json:"title" validate:"required,min=1,max=200"`
Description string `json:"description"`
DocumentType models.DocumentType `json:"document_type"`
Description string `json:"description" validate:"max=10000"`
DocumentType models.DocumentType `json:"document_type" validate:"omitempty,oneof=general warranty receipt contract insurance manual"`
FileURL string `json:"file_url" validate:"max=500"`
FileName string `json:"file_name" validate:"max=255"`
FileSize *int64 `json:"file_size"`
FileSize *int64 `json:"file_size" validate:"omitempty,min=0"`
MimeType string `json:"mime_type" validate:"max=100"`
PurchaseDate *time.Time `json:"purchase_date"`
ExpiryDate *time.Time `json:"expiry_date"`
@@ -25,17 +25,17 @@ type CreateDocumentRequest struct {
SerialNumber string `json:"serial_number" validate:"max=100"`
ModelNumber string `json:"model_number" validate:"max=100"`
TaskID *uint `json:"task_id"`
ImageURLs []string `json:"image_urls"` // Multiple image URLs
ImageURLs []string `json:"image_urls" validate:"omitempty,max=20,dive,max=500"` // Multiple image URLs
}
// UpdateDocumentRequest represents the request to update a document
type UpdateDocumentRequest struct {
Title *string `json:"title" validate:"omitempty,min=1,max=200"`
Description *string `json:"description"`
DocumentType *models.DocumentType `json:"document_type"`
Description *string `json:"description" validate:"omitempty,max=10000"`
DocumentType *models.DocumentType `json:"document_type" validate:"omitempty,oneof=general warranty receipt contract insurance manual"`
FileURL *string `json:"file_url" validate:"omitempty,max=500"`
FileName *string `json:"file_name" validate:"omitempty,max=255"`
FileSize *int64 `json:"file_size"`
FileSize *int64 `json:"file_size" validate:"omitempty,min=0"`
MimeType *string `json:"mime_type" validate:"omitempty,max=100"`
PurchaseDate *time.Time `json:"purchase_date"`
ExpiryDate *time.Time `json:"expiry_date"`

14
internal/dto/requests/residence.go
View File

@@ -16,12 +16,12 @@ type CreateResidenceRequest struct {
StateProvince string `json:"state_province" validate:"max=100"`
PostalCode string `json:"postal_code" validate:"max=20"`
Country string `json:"country" validate:"max=100"`
Bedrooms *int `json:"bedrooms"`
Bedrooms *int `json:"bedrooms" validate:"omitempty,min=0"`
Bathrooms *decimal.Decimal `json:"bathrooms"`
SquareFootage *int `json:"square_footage"`
SquareFootage *int `json:"square_footage" validate:"omitempty,min=0"`
LotSize *decimal.Decimal `json:"lot_size"`
YearBuilt *int `json:"year_built"`
Description string `json:"description"`
Description string `json:"description" validate:"max=10000"`
PurchaseDate *time.Time `json:"purchase_date"`
PurchasePrice *decimal.Decimal `json:"purchase_price"`
IsPrimary *bool `json:"is_primary"`
@@ -37,12 +37,12 @@ type UpdateResidenceRequest struct {
StateProvince *string `json:"state_province" validate:"omitempty,max=100"`
PostalCode *string `json:"postal_code" validate:"omitempty,max=20"`
Country *string `json:"country" validate:"omitempty,max=100"`
Bedrooms *int `json:"bedrooms"`
Bedrooms *int `json:"bedrooms" validate:"omitempty,min=0"`
Bathrooms *decimal.Decimal `json:"bathrooms"`
SquareFootage *int `json:"square_footage"`
SquareFootage *int `json:"square_footage" validate:"omitempty,min=0"`
LotSize *decimal.Decimal `json:"lot_size"`
YearBuilt *int `json:"year_built"`
Description *string `json:"description"`
Description *string `json:"description" validate:"omitempty,max=10000"`
PurchaseDate *time.Time `json:"purchase_date"`
PurchasePrice *decimal.Decimal `json:"purchase_price"`
IsPrimary *bool `json:"is_primary"`
@@ -55,5 +55,5 @@ type JoinWithCodeRequest struct {
// GenerateShareCodeRequest represents the request to generate a share code
type GenerateShareCodeRequest struct {
ExpiresInHours int `json:"expires_in_hours"` // Default: 24 hours
ExpiresInHours int `json:"expires_in_hours" validate:"omitempty,min=1"` // Default: 24 hours
}

18
internal/dto/requests/task.go
View File

@@ -56,11 +56,11 @@ func (fd *FlexibleDate) ToTimePtr() *time.Time {
type CreateTaskRequest struct {
ResidenceID uint `json:"residence_id" validate:"required"`
Title string `json:"title" validate:"required,min=1,max=200"`
Description string `json:"description"`
Description string `json:"description" validate:"max=10000"`
CategoryID *uint `json:"category_id"`
PriorityID *uint `json:"priority_id"`
FrequencyID *uint `json:"frequency_id"`
CustomIntervalDays *int `json:"custom_interval_days"` // For "Custom" frequency, user-specified days
CustomIntervalDays *int `json:"custom_interval_days" validate:"omitempty,min=1"` // For "Custom" frequency, user-specified days
InProgress bool `json:"in_progress"`
AssignedToID *uint `json:"assigned_to_id"`
DueDate *FlexibleDate `json:"due_date"`
@@ -75,7 +75,7 @@ type UpdateTaskRequest struct {
CategoryID *uint `json:"category_id"`
PriorityID *uint `json:"priority_id"`
FrequencyID *uint `json:"frequency_id"`
CustomIntervalDays *int `json:"custom_interval_days"` // For "Custom" frequency, user-specified days
CustomIntervalDays *int `json:"custom_interval_days" validate:"omitempty,min=1"` // For "Custom" frequency, user-specified days
InProgress *bool `json:"in_progress"`
AssignedToID *uint `json:"assigned_to_id"`
DueDate *FlexibleDate `json:"due_date"`
@@ -88,18 +88,18 @@ type UpdateTaskRequest struct {
type CreateTaskCompletionRequest struct {
TaskID uint `json:"task_id" validate:"required"`
CompletedAt *time.Time `json:"completed_at"` // Defaults to now
Notes string `json:"notes"`
Notes string `json:"notes" validate:"max=10000"`
ActualCost *decimal.Decimal `json:"actual_cost"`
Rating *int `json:"rating"` // 1-5 star rating
ImageURLs []string `json:"image_urls"` // Multiple image URLs
Rating *int `json:"rating" validate:"omitempty,min=1,max=5"` // 1-5 star rating
ImageURLs []string `json:"image_urls" validate:"omitempty,max=20,dive,max=500"` // Multiple image URLs
}
// UpdateTaskCompletionRequest represents the request to update a task completion
type UpdateTaskCompletionRequest struct {
Notes *string `json:"notes"`
Notes *string `json:"notes" validate:"omitempty,max=10000"`
ActualCost *decimal.Decimal `json:"actual_cost"`
Rating *int `json:"rating"`
ImageURLs []string `json:"image_urls"`
Rating *int `json:"rating" validate:"omitempty,min=1,max=5"`
ImageURLs []string `json:"image_urls" validate:"omitempty,max=20,dive,max=500"`
}
// CompletionImageInput represents an image to add to a completion

30
internal/handlers/auth_handler.go
View File

@@ -81,6 +81,11 @@ func (h *AuthHandler) Register(c echo.Context) error {
// Send welcome email with confirmation code (async)
if h.emailService != nil && confirmationCode != "" {
go func() {
defer func() {
if r := recover(); r != nil {
log.Error().Interface("panic", r).Str("email", req.Email).Msg("Panic in welcome email goroutine")
}
}()
if err := h.emailService.SendWelcomeEmail(req.Email, req.FirstName, confirmationCode); err != nil {
log.Error().Err(err).Str("email", req.Email).Msg("Failed to send welcome email")
}
@@ -176,6 +181,11 @@ func (h *AuthHandler) VerifyEmail(c echo.Context) error {
// Send post-verification welcome email with tips (async)
if h.emailService != nil {
go func() {
defer func() {
if r := recover(); r != nil {
log.Error().Interface("panic", r).Str("email", user.Email).Msg("Panic in post-verification email goroutine")
}
}()
if err := h.emailService.SendPostVerificationEmail(user.Email, user.FirstName); err != nil {
log.Error().Err(err).Str("email", user.Email).Msg("Failed to send post-verification email")
}
@@ -204,6 +214,11 @@ func (h *AuthHandler) ResendVerification(c echo.Context) error {
// Send verification email (async)
if h.emailService != nil {
go func() {
defer func() {
if r := recover(); r != nil {
log.Error().Interface("panic", r).Str("email", user.Email).Msg("Panic in verification email goroutine")
}
}()
if err := h.emailService.SendVerificationEmail(user.Email, user.FirstName, code); err != nil {
log.Error().Err(err).Str("email", user.Email).Msg("Failed to send verification email")
}
@@ -238,6 +253,11 @@ func (h *AuthHandler) ForgotPassword(c echo.Context) error {
// Send password reset email (async) - only if user found
if h.emailService != nil && code != "" && user != nil {
go func() {
defer func() {
if r := recover(); r != nil {
log.Error().Interface("panic", r).Str("email", user.Email).Msg("Panic in password reset email goroutine")
}
}()
if err := h.emailService.SendPasswordResetEmail(user.Email, user.FirstName, code); err != nil {
log.Error().Err(err).Str("email", user.Email).Msg("Failed to send password reset email")
}
@@ -326,6 +346,11 @@ func (h *AuthHandler) AppleSignIn(c echo.Context) error {
// Send welcome email for new users (async)
if response.IsNewUser && h.emailService != nil && response.User.Email != "" {
go func() {
defer func() {
if r := recover(); r != nil {
log.Error().Interface("panic", r).Str("email", response.User.Email).Msg("Panic in Apple welcome email goroutine")
}
}()
if err := h.emailService.SendAppleWelcomeEmail(response.User.Email, response.User.FirstName); err != nil {
log.Error().Err(err).Str("email", response.User.Email).Msg("Failed to send Apple welcome email")
}
@@ -368,6 +393,11 @@ func (h *AuthHandler) GoogleSignIn(c echo.Context) error {
// Send welcome email for new users (async)
if response.IsNewUser && h.emailService != nil && response.User.Email != "" {
go func() {
defer func() {
if r := recover(); r != nil {
log.Error().Interface("panic", r).Str("email", response.User.Email).Msg("Panic in Google welcome email goroutine")
}
}()
if err := h.emailService.SendGoogleWelcomeEmail(response.User.Email, response.User.FirstName); err != nil {
log.Error().Err(err).Str("email", response.User.Email).Msg("Failed to send Google welcome email")
}

51
internal/handlers/contractor_handler.go
View File

@@ -9,7 +9,6 @@ import (
"github.com/treytartt/casera-api/internal/apperrors"
"github.com/treytartt/casera-api/internal/dto/requests"
"github.com/treytartt/casera-api/internal/middleware"
"github.com/treytartt/casera-api/internal/models"
"github.com/treytartt/casera-api/internal/services"
)
@@ -25,17 +24,23 @@ func NewContractorHandler(contractorService *services.ContractorService) *Contra
// ListContractors handles GET /api/contractors/
func (h *ContractorHandler) ListContractors(c echo.Context) error {
user := c.Get(middleware.AuthUserKey).(*models.User)
user, err := middleware.MustGetAuthUser(c)
if err != nil {
return err
}
response, err := h.contractorService.ListContractors(user.ID)
if err != nil {
return c.JSON(http.StatusInternalServerError, map[string]interface{}{"error": err.Error()})
return apperrors.Internal(err)
}
return c.JSON(http.StatusOK, response)
}
// GetContractor handles GET /api/contractors/:id/
func (h *ContractorHandler) GetContractor(c echo.Context) error {
user := c.Get(middleware.AuthUserKey).(*models.User)
user, err := middleware.MustGetAuthUser(c)
if err != nil {
return err
}
contractorID, err := strconv.ParseUint(c.Param("id"), 10, 32)
if err != nil {
return apperrors.BadRequest("error.invalid_contractor_id")
@@ -50,11 +55,17 @@ func (h *ContractorHandler) GetContractor(c echo.Context) error {
// CreateContractor handles POST /api/contractors/
func (h *ContractorHandler) CreateContractor(c echo.Context) error {
user := c.Get(middleware.AuthUserKey).(*models.User)
user, err := middleware.MustGetAuthUser(c)
if err != nil {
return err
}
var req requests.CreateContractorRequest
if err := c.Bind(&req); err != nil {
return apperrors.BadRequest("error.invalid_request")
}
if err := c.Validate(&req); err != nil {
return err
}
response, err := h.contractorService.CreateContractor(&req, user.ID)
if err != nil {
@@ -65,7 +76,10 @@ func (h *ContractorHandler) CreateContractor(c echo.Context) error {
// UpdateContractor handles PUT/PATCH /api/contractors/:id/
func (h *ContractorHandler) UpdateContractor(c echo.Context) error {
user := c.Get(middleware.AuthUserKey).(*models.User)
user, err := middleware.MustGetAuthUser(c)
if err != nil {
return err
}
contractorID, err := strconv.ParseUint(c.Param("id"), 10, 32)
if err != nil {
return apperrors.BadRequest("error.invalid_contractor_id")
@@ -75,6 +89,9 @@ func (h *ContractorHandler) UpdateContractor(c echo.Context) error {
if err := c.Bind(&req); err != nil {
return apperrors.BadRequest("error.invalid_request")
}
if err := c.Validate(&req); err != nil {
return err
}
response, err := h.contractorService.UpdateContractor(uint(contractorID), user.ID, &req)
if err != nil {
@@ -85,7 +102,10 @@ func (h *ContractorHandler) UpdateContractor(c echo.Context) error {
// DeleteContractor handles DELETE /api/contractors/:id/
func (h *ContractorHandler) DeleteContractor(c echo.Context) error {
user := c.Get(middleware.AuthUserKey).(*models.User)
user, err := middleware.MustGetAuthUser(c)
if err != nil {
return err
}
contractorID, err := strconv.ParseUint(c.Param("id"), 10, 32)
if err != nil {
return apperrors.BadRequest("error.invalid_contractor_id")
@@ -100,7 +120,10 @@ func (h *ContractorHandler) DeleteContractor(c echo.Context) error {
// ToggleFavorite handles POST /api/contractors/:id/toggle-favorite/
func (h *ContractorHandler) ToggleFavorite(c echo.Context) error {
user := c.Get(middleware.AuthUserKey).(*models.User)
user, err := middleware.MustGetAuthUser(c)
if err != nil {
return err
}
contractorID, err := strconv.ParseUint(c.Param("id"), 10, 32)
if err != nil {
return apperrors.BadRequest("error.invalid_contractor_id")
@@ -115,7 +138,10 @@ func (h *ContractorHandler) ToggleFavorite(c echo.Context) error {
// GetContractorTasks handles GET /api/contractors/:id/tasks/
func (h *ContractorHandler) GetContractorTasks(c echo.Context) error {
user := c.Get(middleware.AuthUserKey).(*models.User)
user, err := middleware.MustGetAuthUser(c)
if err != nil {
return err
}
contractorID, err := strconv.ParseUint(c.Param("id"), 10, 32)
if err != nil {
return apperrors.BadRequest("error.invalid_contractor_id")
@@ -130,7 +156,10 @@ func (h *ContractorHandler) GetContractorTasks(c echo.Context) error {
// ListContractorsByResidence handles GET /api/contractors/by-residence/:residence_id/
func (h *ContractorHandler) ListContractorsByResidence(c echo.Context) error {
user := c.Get(middleware.AuthUserKey).(*models.User)
user, err := middleware.MustGetAuthUser(c)
if err != nil {
return err
}
residenceID, err := strconv.ParseUint(c.Param("residence_id"), 10, 32)
if err != nil {
return apperrors.BadRequest("error.invalid_residence_id")
@@ -147,7 +176,7 @@ func (h *ContractorHandler) ListContractorsByResidence(c echo.Context) error {
func (h *ContractorHandler) GetSpecialties(c echo.Context) error {
specialties, err := h.contractorService.GetSpecialties()
if err != nil {
return c.JSON(http.StatusInternalServerError, map[string]interface{}{"error": err.Error()})
return apperrors.Internal(err)
}
return c.JSON(http.StatusOK, specialties)
}

182
internal/handlers/contractor_handler_test.go Normal file
View File

@@ -0,0 +1,182 @@
package handlers
import (
"encoding/json"
"net/http"
"testing"
"github.com/labstack/echo/v4"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"gorm.io/gorm"
"github.com/treytartt/casera-api/internal/dto/requests"
"github.com/treytartt/casera-api/internal/repositories"
"github.com/treytartt/casera-api/internal/services"
"github.com/treytartt/casera-api/internal/testutil"
)
func setupContractorHandler(t *testing.T) (*ContractorHandler, *echo.Echo, *gorm.DB) {
db := testutil.SetupTestDB(t)
contractorRepo := repositories.NewContractorRepository(db)
residenceRepo := repositories.NewResidenceRepository(db)
contractorService := services.NewContractorService(contractorRepo, residenceRepo)
handler := NewContractorHandler(contractorService)
e := testutil.SetupTestRouter()
return handler, e, db
}
func TestContractorHandler_CreateContractor_MissingName_Returns400(t *testing.T) {
handler, e, db := setupContractorHandler(t)
testutil.SeedLookupData(t, db)
user := testutil.CreateTestUser(t, db, "owner", "owner@test.com", "password")
residence := testutil.CreateTestResidence(t, db, user.ID, "Test House")
authGroup := e.Group("/api/contractors")
authGroup.Use(testutil.MockAuthMiddleware(user))
authGroup.POST("/", handler.CreateContractor)
t.Run("missing name returns 400 validation error", func(t *testing.T) {
// Send request with no name (required field)
req := requests.CreateContractorRequest{
ResidenceID: &residence.ID,
}
w := testutil.MakeRequest(e, "POST", "/api/contractors/", req, "test-token")
testutil.AssertStatusCode(t, w, http.StatusBadRequest)
var response map[string]interface{}
err := json.Unmarshal(w.Body.Bytes(), &response)
require.NoError(t, err)
// Should contain structured validation error
assert.Contains(t, response, "error")
assert.Contains(t, response, "fields")
fields := response["fields"].(map[string]interface{})
assert.Contains(t, fields, "name", "validation error should reference the 'name' field")
})
t.Run("empty body returns 400 validation error", func(t *testing.T) {
// Send completely empty body
w := testutil.MakeRequest(e, "POST", "/api/contractors/", map[string]interface{}{}, "test-token")
testutil.AssertStatusCode(t, w, http.StatusBadRequest)
var response map[string]interface{}
err := json.Unmarshal(w.Body.Bytes(), &response)
require.NoError(t, err)
assert.Contains(t, response, "error")
})
t.Run("valid contractor creation succeeds", func(t *testing.T) {
req := requests.CreateContractorRequest{
ResidenceID: &residence.ID,
Name: "John the Plumber",
}
w := testutil.MakeRequest(e, "POST", "/api/contractors/", req, "test-token")
testutil.AssertStatusCode(t, w, http.StatusCreated)
})
}
func TestContractorHandler_ListContractors_Error_NoRawErrorInResponse(t *testing.T) {
_, e, db := setupContractorHandler(t)
user := testutil.CreateTestUser(t, db, "owner", "owner@test.com", "password")
testutil.CreateTestResidence(t, db, user.ID, "Test House")
// Create a handler with a broken service to simulate an internal error.
// We do this by closing the underlying SQL connection, which will cause
// the service to return an error on the next query.
brokenDB := testutil.SetupTestDB(t)
sqlDB, _ := brokenDB.DB()
sqlDB.Close()
brokenContractorRepo := repositories.NewContractorRepository(brokenDB)
brokenResidenceRepo := repositories.NewResidenceRepository(brokenDB)
brokenService := services.NewContractorService(brokenContractorRepo, brokenResidenceRepo)
brokenHandler := NewContractorHandler(brokenService)
authGroup := e.Group("/api/broken-contractors")
authGroup.Use(testutil.MockAuthMiddleware(user))
authGroup.GET("/", brokenHandler.ListContractors)
t.Run("internal error does not leak raw error message", func(t *testing.T) {
w := testutil.MakeRequest(e, "GET", "/api/broken-contractors/", nil, "test-token")
testutil.AssertStatusCode(t, w, http.StatusInternalServerError)
var response map[string]interface{}
err := json.Unmarshal(w.Body.Bytes(), &response)
require.NoError(t, err)
// Should contain the generic error key, NOT a raw database error
errorMsg, ok := response["error"].(string)
require.True(t, ok, "response should have an 'error' string field")
// Must not contain database-specific details
assert.NotContains(t, errorMsg, "sql", "error message should not leak SQL details")
assert.NotContains(t, errorMsg, "database", "error message should not leak database details")
assert.NotContains(t, errorMsg, "closed", "error message should not leak connection state")
})
}
func TestContractorHandler_CreateContractor_100Specialties_Returns400(t *testing.T) {
handler, e, db := setupContractorHandler(t)
testutil.SeedLookupData(t, db)
user := testutil.CreateTestUser(t, db, "owner", "owner@test.com", "password")
residence := testutil.CreateTestResidence(t, db, user.ID, "Test House")
authGroup := e.Group("/api/contractors")
authGroup.Use(testutil.MockAuthMiddleware(user))
authGroup.POST("/", handler.CreateContractor)
t.Run("too many specialties rejected", func(t *testing.T) {
// Create a slice with 100 specialty IDs (exceeds max=20)
specialtyIDs := make([]uint, 100)
for i := range specialtyIDs {
specialtyIDs[i] = uint(i + 1)
}
req := requests.CreateContractorRequest{
ResidenceID: &residence.ID,
Name: "Over-specialized Contractor",
SpecialtyIDs: specialtyIDs,
}
w := testutil.MakeRequest(e, "POST", "/api/contractors/", req, "test-token")
testutil.AssertStatusCode(t, w, http.StatusBadRequest)
})
t.Run("20 specialties accepted", func(t *testing.T) {
specialtyIDs := make([]uint, 20)
for i := range specialtyIDs {
specialtyIDs[i] = uint(i + 1)
}
req := requests.CreateContractorRequest{
ResidenceID: &residence.ID,
Name: "Multi-skilled Contractor",
SpecialtyIDs: specialtyIDs,
}
w := testutil.MakeRequest(e, "POST", "/api/contractors/", req, "test-token")
// Should pass validation (201 or success, not 400)
assert.NotEqual(t, http.StatusBadRequest, w.Code, "20 specialties should pass validation")
})
t.Run("rating above 5 rejected", func(t *testing.T) {
rating := 6.0
req := requests.CreateContractorRequest{
ResidenceID: &residence.ID,
Name: "Bad Rating Contractor",
Rating: &rating,
}
w := testutil.MakeRequest(e, "POST", "/api/contractors/", req, "test-token")
testutil.AssertStatusCode(t, w, http.StatusBadRequest)
})
}

59
internal/handlers/document_handler.go
View File

@@ -34,7 +34,10 @@ func NewDocumentHandler(documentService *services.DocumentService, storageServic
// ListDocuments handles GET /api/documents/
func (h *DocumentHandler) ListDocuments(c echo.Context) error {
user := c.Get(middleware.AuthUserKey).(*models.User)
user, err := middleware.MustGetAuthUser(c)
if err != nil {
return err
}
// Build filter from supported query params.
var filter *repositories.DocumentFilter
@@ -71,7 +74,10 @@ func (h *DocumentHandler) ListDocuments(c echo.Context) error {
// GetDocument handles GET /api/documents/:id/
func (h *DocumentHandler) GetDocument(c echo.Context) error {
user := c.Get(middleware.AuthUserKey).(*models.User)
user, err := middleware.MustGetAuthUser(c)
if err != nil {
return err
}
documentID, err := strconv.ParseUint(c.Param("id"), 10, 32)
if err != nil {
return apperrors.BadRequest("error.invalid_document_id")
@@ -86,10 +92,13 @@ func (h *DocumentHandler) GetDocument(c echo.Context) error {
// ListWarranties handles GET /api/documents/warranties/
func (h *DocumentHandler) ListWarranties(c echo.Context) error {
user := c.Get(middleware.AuthUserKey).(*models.User)
user, err := middleware.MustGetAuthUser(c)
if err != nil {
return err
}
response, err := h.documentService.ListWarranties(user.ID)
if err != nil {
return c.JSON(http.StatusInternalServerError, map[string]interface{}{"error": err.Error()})
return apperrors.Internal(err)
}
return c.JSON(http.StatusOK, response)
}
@@ -97,7 +106,10 @@ func (h *DocumentHandler) ListWarranties(c echo.Context) error {
// CreateDocument handles POST /api/documents/
// Supports both JSON and multipart form data (for file uploads)
func (h *DocumentHandler) CreateDocument(c echo.Context) error {
user := c.Get(middleware.AuthUserKey).(*models.User)
user, err := middleware.MustGetAuthUser(c)
if err != nil {
return err
}
var req requests.CreateDocumentRequest
contentType := c.Request().Header.Get("Content-Type")
@@ -198,6 +210,10 @@ func (h *DocumentHandler) CreateDocument(c echo.Context) error {
}
}
if err := c.Validate(&req); err != nil {
return err
}
response, err := h.documentService.CreateDocument(&req, user.ID)
if err != nil {
return err
@@ -207,7 +223,10 @@ func (h *DocumentHandler) CreateDocument(c echo.Context) error {
// UpdateDocument handles PUT/PATCH /api/documents/:id/
func (h *DocumentHandler) UpdateDocument(c echo.Context) error {
user := c.Get(middleware.AuthUserKey).(*models.User)
user, err := middleware.MustGetAuthUser(c)
if err != nil {
return err
}
documentID, err := strconv.ParseUint(c.Param("id"), 10, 32)
if err != nil {
return apperrors.BadRequest("error.invalid_document_id")
@@ -217,6 +236,9 @@ func (h *DocumentHandler) UpdateDocument(c echo.Context) error {
if err := c.Bind(&req); err != nil {
return apperrors.BadRequest("error.invalid_request")
}
if err := c.Validate(&req); err != nil {
return err
}
response, err := h.documentService.UpdateDocument(uint(documentID), user.ID, &req)
if err != nil {
@@ -227,7 +249,10 @@ func (h *DocumentHandler) UpdateDocument(c echo.Context) error {
// DeleteDocument handles DELETE /api/documents/:id/
func (h *DocumentHandler) DeleteDocument(c echo.Context) error {
user := c.Get(middleware.AuthUserKey).(*models.User)
user, err := middleware.MustGetAuthUser(c)
if err != nil {
return err
}
documentID, err := strconv.ParseUint(c.Param("id"), 10, 32)
if err != nil {
return apperrors.BadRequest("error.invalid_document_id")
@@ -242,7 +267,10 @@ func (h *DocumentHandler) DeleteDocument(c echo.Context) error {
// ActivateDocument handles POST /api/documents/:id/activate/
func (h *DocumentHandler) ActivateDocument(c echo.Context) error {
user := c.Get(middleware.AuthUserKey).(*models.User)
user, err := middleware.MustGetAuthUser(c)
if err != nil {
return err
}
documentID, err := strconv.ParseUint(c.Param("id"), 10, 32)
if err != nil {
return apperrors.BadRequest("error.invalid_document_id")
@@ -257,7 +285,10 @@ func (h *DocumentHandler) ActivateDocument(c echo.Context) error {
// DeactivateDocument handles POST /api/documents/:id/deactivate/
func (h *DocumentHandler) DeactivateDocument(c echo.Context) error {
user := c.Get(middleware.AuthUserKey).(*models.User)
user, err := middleware.MustGetAuthUser(c)
if err != nil {
return err
}
documentID, err := strconv.ParseUint(c.Param("id"), 10, 32)
if err != nil {
return apperrors.BadRequest("error.invalid_document_id")
@@ -272,7 +303,10 @@ func (h *DocumentHandler) DeactivateDocument(c echo.Context) error {
// UploadDocumentImage handles POST /api/documents/:id/images/
func (h *DocumentHandler) UploadDocumentImage(c echo.Context) error {
user := c.Get(middleware.AuthUserKey).(*models.User)
user, err := middleware.MustGetAuthUser(c)
if err != nil {
return err
}
documentID, err := strconv.ParseUint(c.Param("id"), 10, 32)
if err != nil {
return apperrors.BadRequest("error.invalid_document_id")
@@ -316,7 +350,10 @@ func (h *DocumentHandler) UploadDocumentImage(c echo.Context) error {
// DeleteDocumentImage handles DELETE /api/documents/:id/images/:imageId/
func (h *DocumentHandler) DeleteDocumentImage(c echo.Context) error {
user := c.Get(middleware.AuthUserKey).(*models.User)
user, err := middleware.MustGetAuthUser(c)
if err != nil {
return err
}
documentID, err := strconv.ParseUint(c.Param("id"), 10, 32)
if err != nil {
return apperrors.BadRequest("error.invalid_document_id")

37
internal/handlers/media_handler.go
View File

@@ -1,7 +1,6 @@
package handlers
import (
"path/filepath"
"strconv"
"strings"
@@ -9,7 +8,6 @@ import (
"github.com/treytartt/casera-api/internal/apperrors"
"github.com/treytartt/casera-api/internal/middleware"
"github.com/treytartt/casera-api/internal/models"
"github.com/treytartt/casera-api/internal/repositories"
"github.com/treytartt/casera-api/internal/services"
)
@@ -40,7 +38,10 @@ func NewMediaHandler(
// ServeDocument serves a document file with access control
// GET /api/media/document/:id
func (h *MediaHandler) ServeDocument(c echo.Context) error {
user := c.Get(middleware.AuthUserKey).(*models.User)
user, err := middleware.MustGetAuthUser(c)
if err != nil {
return err
}
id, err := strconv.ParseUint(c.Param("id"), 10, 32)
if err != nil {
@@ -73,7 +74,10 @@ func (h *MediaHandler) ServeDocument(c echo.Context) error {
// ServeDocumentImage serves a document image with access control
// GET /api/media/document-image/:id
func (h *MediaHandler) ServeDocumentImage(c echo.Context) error {
user := c.Get(middleware.AuthUserKey).(*models.User)
user, err := middleware.MustGetAuthUser(c)
if err != nil {
return err
}
id, err := strconv.ParseUint(c.Param("id"), 10, 32)
if err != nil {
@@ -111,7 +115,10 @@ func (h *MediaHandler) ServeDocumentImage(c echo.Context) error {
// ServeCompletionImage serves a task completion image with access control
// GET /api/media/completion-image/:id
func (h *MediaHandler) ServeCompletionImage(c echo.Context) error {
user := c.Get(middleware.AuthUserKey).(*models.User)
user, err := middleware.MustGetAuthUser(c)
if err != nil {
return err
}
id, err := strconv.ParseUint(c.Param("id"), 10, 32)
if err != nil {
@@ -152,7 +159,9 @@ func (h *MediaHandler) ServeCompletionImage(c echo.Context) error {
return c.File(filePath)
}
// resolveFilePath converts a stored URL to an actual file path
// resolveFilePath converts a stored URL to an actual file path.
// Returns empty string if the URL is empty or the resolved path would escape
// the upload directory (path traversal attempt).
func (h *MediaHandler) resolveFilePath(storedURL string) string {
if storedURL == "" {
return ""
@@ -160,12 +169,18 @@ func (h *MediaHandler) resolveFilePath(storedURL string) string {
uploadDir := h.storageSvc.GetUploadDir()
// Handle legacy /uploads/... URLs
// Strip legacy /uploads/ prefix to get relative path
relativePath := storedURL
if strings.HasPrefix(storedURL, "/uploads/") {
relativePath := strings.TrimPrefix(storedURL, "/uploads/")
return filepath.Join(uploadDir, relativePath)
relativePath = strings.TrimPrefix(storedURL, "/uploads/")
}
// Handle relative paths (new format)
return filepath.Join(uploadDir, storedURL)
// Use SafeResolvePath to validate containment within upload directory
resolved, err := services.SafeResolvePath(uploadDir, relativePath)
if err != nil {
// Path traversal or invalid path — return empty to signal file not found
return ""
}
return resolved
}

74
internal/handlers/media_handler_test.go Normal file
View File

@@ -0,0 +1,74 @@
package handlers
import (
"testing"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"github.com/treytartt/casera-api/internal/config"
"github.com/treytartt/casera-api/internal/services"
)
// newTestStorageService creates a StorageService with a known upload directory for testing.
// It does NOT call NewStorageService because that creates directories on disk.
// Instead, it directly constructs the struct with only what resolveFilePath needs.
func newTestStorageService(uploadDir string) *services.StorageService {
cfg := &config.StorageConfig{
UploadDir: uploadDir,
BaseURL: "/uploads",
MaxFileSize: 10 * 1024 * 1024,
AllowedTypes: "image/jpeg,image/png",
}
// Use the exported constructor helper that skips directory creation (for tests)
return services.NewStorageServiceForTest(cfg)
}
func TestResolveFilePath_NormalPath_Works(t *testing.T) {
storageSvc := newTestStorageService("/var/uploads")
h := NewMediaHandler(nil, nil, nil, storageSvc)
result := h.resolveFilePath("images/photo.jpg")
require.NotEmpty(t, result)
assert.Equal(t, "/var/uploads/images/photo.jpg", result)
}
func TestResolveFilePath_LegacyUploadPath_Works(t *testing.T) {
storageSvc := newTestStorageService("/var/uploads")
h := NewMediaHandler(nil, nil, nil, storageSvc)
result := h.resolveFilePath("/uploads/images/photo.jpg")
require.NotEmpty(t, result)
assert.Equal(t, "/var/uploads/images/photo.jpg", result)
}
func TestResolveFilePath_DotDotTraversal_Blocked(t *testing.T) {
storageSvc := newTestStorageService("/var/uploads")
h := NewMediaHandler(nil, nil, nil, storageSvc)
tests := []struct {
name string
storedURL string
}{
{"simple dotdot", "../etc/passwd"},
{"nested dotdot", "../../etc/shadow"},
{"embedded dotdot", "images/../../etc/passwd"},
{"legacy prefix with dotdot", "/uploads/../../../etc/passwd"},
{"deep dotdot", "a/b/c/../../../../etc/passwd"},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
result := h.resolveFilePath(tt.storedURL)
assert.Empty(t, result, "path traversal should return empty string for: %s", tt.storedURL)
})
}
}
func TestResolveFilePath_EmptyURL_ReturnsEmpty(t *testing.T) {
storageSvc := newTestStorageService("/var/uploads")
h := NewMediaHandler(nil, nil, nil, storageSvc)
result := h.resolveFilePath("")
assert.Empty(t, result)
}

334
internal/handlers/noauth_test.go Normal file
View File

@@ -0,0 +1,334 @@
package handlers
import (
"net/http"
"testing"
"github.com/treytartt/casera-api/internal/config"
"github.com/treytartt/casera-api/internal/repositories"
"github.com/treytartt/casera-api/internal/services"
"github.com/treytartt/casera-api/internal/testutil"
)
// TestTaskHandler_NoAuth_Returns401 verifies that task handler endpoints return
// 401 Unauthorized when no auth user is set in the context (e.g., auth middleware
// misconfigured or bypassed). This is a regression test for P1-1 (SEC-19).
func TestTaskHandler_NoAuth_Returns401(t *testing.T) {
db := testutil.SetupTestDB(t)
taskRepo := repositories.NewTaskRepository(db)
residenceRepo := repositories.NewResidenceRepository(db)
taskService := services.NewTaskService(taskRepo, residenceRepo)
handler := NewTaskHandler(taskService, nil)
e := testutil.SetupTestRouter()
// Register routes WITHOUT auth middleware
e.GET("/api/tasks/", handler.ListTasks)
e.GET("/api/tasks/:id/", handler.GetTask)
e.POST("/api/tasks/", handler.CreateTask)
e.PUT("/api/tasks/:id/", handler.UpdateTask)
e.DELETE("/api/tasks/:id/", handler.DeleteTask)
e.POST("/api/tasks/:id/cancel/", handler.CancelTask)
e.POST("/api/tasks/:id/mark-in-progress/", handler.MarkInProgress)
e.GET("/api/task-completions/", handler.ListCompletions)
e.POST("/api/task-completions/", handler.CreateCompletion)
tests := []struct {
name string
method string
path string
}{
{"ListTasks", "GET", "/api/tasks/"},
{"GetTask", "GET", "/api/tasks/1/"},
{"CreateTask", "POST", "/api/tasks/"},
{"UpdateTask", "PUT", "/api/tasks/1/"},
{"DeleteTask", "DELETE", "/api/tasks/1/"},
{"CancelTask", "POST", "/api/tasks/1/cancel/"},
{"MarkInProgress", "POST", "/api/tasks/1/mark-in-progress/"},
{"ListCompletions", "GET", "/api/task-completions/"},
{"CreateCompletion", "POST", "/api/task-completions/"},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
w := testutil.MakeRequest(e, tt.method, tt.path, nil, "")
testutil.AssertStatusCode(t, w, http.StatusUnauthorized)
})
}
}
// TestResidenceHandler_NoAuth_Returns401 verifies that residence handler endpoints
// return 401 Unauthorized when no auth user is set in the context.
func TestResidenceHandler_NoAuth_Returns401(t *testing.T) {
db := testutil.SetupTestDB(t)
residenceRepo := repositories.NewResidenceRepository(db)
userRepo := repositories.NewUserRepository(db)
cfg := &config.Config{}
residenceService := services.NewResidenceService(residenceRepo, userRepo, cfg)
handler := NewResidenceHandler(residenceService, nil, nil, true)
e := testutil.SetupTestRouter()
// Register routes WITHOUT auth middleware
e.GET("/api/residences/", handler.ListResidences)
e.GET("/api/residences/my/", handler.GetMyResidences)
e.GET("/api/residences/summary/", handler.GetSummary)
e.GET("/api/residences/:id/", handler.GetResidence)
e.POST("/api/residences/", handler.CreateResidence)
e.PUT("/api/residences/:id/", handler.UpdateResidence)
e.DELETE("/api/residences/:id/", handler.DeleteResidence)
e.POST("/api/residences/:id/generate-share-code/", handler.GenerateShareCode)
e.POST("/api/residences/join-with-code/", handler.JoinWithCode)
e.GET("/api/residences/:id/users/", handler.GetResidenceUsers)
tests := []struct {
name string
method string
path string
}{
{"ListResidences", "GET", "/api/residences/"},
{"GetMyResidences", "GET", "/api/residences/my/"},
{"GetSummary", "GET", "/api/residences/summary/"},
{"GetResidence", "GET", "/api/residences/1/"},
{"CreateResidence", "POST", "/api/residences/"},
{"UpdateResidence", "PUT", "/api/residences/1/"},
{"DeleteResidence", "DELETE", "/api/residences/1/"},
{"GenerateShareCode", "POST", "/api/residences/1/generate-share-code/"},
{"JoinWithCode", "POST", "/api/residences/join-with-code/"},
{"GetResidenceUsers", "GET", "/api/residences/1/users/"},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
w := testutil.MakeRequest(e, tt.method, tt.path, nil, "")
testutil.AssertStatusCode(t, w, http.StatusUnauthorized)
})
}
}
// TestNotificationHandler_NoAuth_Returns401 verifies that notification handler
// endpoints return 401 Unauthorized when no auth user is set in the context.
func TestNotificationHandler_NoAuth_Returns401(t *testing.T) {
db := testutil.SetupTestDB(t)
notificationRepo := repositories.NewNotificationRepository(db)
notificationService := services.NewNotificationService(notificationRepo, nil)
handler := NewNotificationHandler(notificationService)
e := testutil.SetupTestRouter()
// Register routes WITHOUT auth middleware
e.GET("/api/notifications/", handler.ListNotifications)
e.GET("/api/notifications/unread-count/", handler.GetUnreadCount)
e.POST("/api/notifications/:id/read/", handler.MarkAsRead)
e.POST("/api/notifications/mark-all-read/", handler.MarkAllAsRead)
e.GET("/api/notifications/preferences/", handler.GetPreferences)
e.PUT("/api/notifications/preferences/", handler.UpdatePreferences)
e.POST("/api/notifications/devices/", handler.RegisterDevice)
e.GET("/api/notifications/devices/", handler.ListDevices)
tests := []struct {
name string
method string
path string
}{
{"ListNotifications", "GET", "/api/notifications/"},
{"GetUnreadCount", "GET", "/api/notifications/unread-count/"},
{"MarkAsRead", "POST", "/api/notifications/1/read/"},
{"MarkAllAsRead", "POST", "/api/notifications/mark-all-read/"},
{"GetPreferences", "GET", "/api/notifications/preferences/"},
{"UpdatePreferences", "PUT", "/api/notifications/preferences/"},
{"RegisterDevice", "POST", "/api/notifications/devices/"},
{"ListDevices", "GET", "/api/notifications/devices/"},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
w := testutil.MakeRequest(e, tt.method, tt.path, nil, "")
testutil.AssertStatusCode(t, w, http.StatusUnauthorized)
})
}
}
// TestDocumentHandler_NoAuth_Returns401 verifies that document handler endpoints
// return 401 Unauthorized when no auth user is set in the context.
func TestDocumentHandler_NoAuth_Returns401(t *testing.T) {
db := testutil.SetupTestDB(t)
documentRepo := repositories.NewDocumentRepository(db)
residenceRepo := repositories.NewResidenceRepository(db)
documentService := services.NewDocumentService(documentRepo, residenceRepo)
handler := NewDocumentHandler(documentService, nil)
e := testutil.SetupTestRouter()
// Register routes WITHOUT auth middleware
e.GET("/api/documents/", handler.ListDocuments)
e.GET("/api/documents/:id/", handler.GetDocument)
e.GET("/api/documents/warranties/", handler.ListWarranties)
e.POST("/api/documents/", handler.CreateDocument)
e.PUT("/api/documents/:id/", handler.UpdateDocument)
e.DELETE("/api/documents/:id/", handler.DeleteDocument)
e.POST("/api/documents/:id/activate/", handler.ActivateDocument)
e.POST("/api/documents/:id/deactivate/", handler.DeactivateDocument)
tests := []struct {
name string
method string
path string
}{
{"ListDocuments", "GET", "/api/documents/"},
{"GetDocument", "GET", "/api/documents/1/"},
{"ListWarranties", "GET", "/api/documents/warranties/"},
{"CreateDocument", "POST", "/api/documents/"},
{"UpdateDocument", "PUT", "/api/documents/1/"},
{"DeleteDocument", "DELETE", "/api/documents/1/"},
{"ActivateDocument", "POST", "/api/documents/1/activate/"},
{"DeactivateDocument", "POST", "/api/documents/1/deactivate/"},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
w := testutil.MakeRequest(e, tt.method, tt.path, nil, "")
testutil.AssertStatusCode(t, w, http.StatusUnauthorized)
})
}
}
// TestContractorHandler_NoAuth_Returns401 verifies that contractor handler endpoints
// return 401 Unauthorized when no auth user is set in the context.
func TestContractorHandler_NoAuth_Returns401(t *testing.T) {
db := testutil.SetupTestDB(t)
contractorRepo := repositories.NewContractorRepository(db)
residenceRepo := repositories.NewResidenceRepository(db)
contractorService := services.NewContractorService(contractorRepo, residenceRepo)
handler := NewContractorHandler(contractorService)
e := testutil.SetupTestRouter()
// Register routes WITHOUT auth middleware
e.GET("/api/contractors/", handler.ListContractors)
e.GET("/api/contractors/:id/", handler.GetContractor)
e.POST("/api/contractors/", handler.CreateContractor)
e.PUT("/api/contractors/:id/", handler.UpdateContractor)
e.DELETE("/api/contractors/:id/", handler.DeleteContractor)
e.POST("/api/contractors/:id/toggle-favorite/", handler.ToggleFavorite)
e.GET("/api/contractors/:id/tasks/", handler.GetContractorTasks)
tests := []struct {
name string
method string
path string
}{
{"ListContractors", "GET", "/api/contractors/"},
{"GetContractor", "GET", "/api/contractors/1/"},
{"CreateContractor", "POST", "/api/contractors/"},
{"UpdateContractor", "PUT", "/api/contractors/1/"},
{"DeleteContractor", "DELETE", "/api/contractors/1/"},
{"ToggleFavorite", "POST", "/api/contractors/1/toggle-favorite/"},
{"GetContractorTasks", "GET", "/api/contractors/1/tasks/"},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
w := testutil.MakeRequest(e, tt.method, tt.path, nil, "")
testutil.AssertStatusCode(t, w, http.StatusUnauthorized)
})
}
}
// TestSubscriptionHandler_NoAuth_Returns401 verifies that subscription handler
// endpoints return 401 Unauthorized when no auth user is set in the context.
func TestSubscriptionHandler_NoAuth_Returns401(t *testing.T) {
db := testutil.SetupTestDB(t)
subscriptionRepo := repositories.NewSubscriptionRepository(db)
residenceRepo := repositories.NewResidenceRepository(db)
taskRepo := repositories.NewTaskRepository(db)
contractorRepo := repositories.NewContractorRepository(db)
documentRepo := repositories.NewDocumentRepository(db)
subscriptionService := services.NewSubscriptionService(subscriptionRepo, residenceRepo, taskRepo, contractorRepo, documentRepo)
handler := NewSubscriptionHandler(subscriptionService)
e := testutil.SetupTestRouter()
// Register routes WITHOUT auth middleware
e.GET("/api/subscription/", handler.GetSubscription)
e.GET("/api/subscription/status/", handler.GetSubscriptionStatus)
e.GET("/api/subscription/promotions/", handler.GetPromotions)
e.POST("/api/subscription/purchase/", handler.ProcessPurchase)
e.POST("/api/subscription/cancel/", handler.CancelSubscription)
e.POST("/api/subscription/restore/", handler.RestoreSubscription)
tests := []struct {
name string
method string
path string
}{
{"GetSubscription", "GET", "/api/subscription/"},
{"GetSubscriptionStatus", "GET", "/api/subscription/status/"},
{"GetPromotions", "GET", "/api/subscription/promotions/"},
{"ProcessPurchase", "POST", "/api/subscription/purchase/"},
{"CancelSubscription", "POST", "/api/subscription/cancel/"},
{"RestoreSubscription", "POST", "/api/subscription/restore/"},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
w := testutil.MakeRequest(e, tt.method, tt.path, nil, "")
testutil.AssertStatusCode(t, w, http.StatusUnauthorized)
})
}
}
// TestMediaHandler_NoAuth_Returns401 verifies that media handler endpoints return
// 401 Unauthorized when no auth user is set in the context.
func TestMediaHandler_NoAuth_Returns401(t *testing.T) {
handler := NewMediaHandler(nil, nil, nil, nil)
e := testutil.SetupTestRouter()
// Register routes WITHOUT auth middleware
e.GET("/api/media/document/:id", handler.ServeDocument)
e.GET("/api/media/document-image/:id", handler.ServeDocumentImage)
e.GET("/api/media/completion-image/:id", handler.ServeCompletionImage)
tests := []struct {
name string
method string
path string
}{
{"ServeDocument", "GET", "/api/media/document/1"},
{"ServeDocumentImage", "GET", "/api/media/document-image/1"},
{"ServeCompletionImage", "GET", "/api/media/completion-image/1"},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
w := testutil.MakeRequest(e, tt.method, tt.path, nil, "")
testutil.AssertStatusCode(t, w, http.StatusUnauthorized)
})
}
}
// TestUserHandler_NoAuth_Returns401 verifies that user handler endpoints return
// 401 Unauthorized when no auth user is set in the context.
func TestUserHandler_NoAuth_Returns401(t *testing.T) {
db := testutil.SetupTestDB(t)
userRepo := repositories.NewUserRepository(db)
userService := services.NewUserService(userRepo)
handler := NewUserHandler(userService)
e := testutil.SetupTestRouter()
// Register routes WITHOUT auth middleware
e.GET("/api/users/", handler.ListUsers)
e.GET("/api/users/:id/", handler.GetUser)
e.GET("/api/users/profiles/", handler.ListProfiles)
tests := []struct {
name string
method string
path string
}{
{"ListUsers", "GET", "/api/users/"},
{"GetUser", "GET", "/api/users/1/"},
{"ListProfiles", "GET", "/api/users/profiles/"},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
w := testutil.MakeRequest(e, tt.method, tt.path, nil, "")
testutil.AssertStatusCode(t, w, http.StatusUnauthorized)
})
}
}

64
internal/handlers/notification_handler.go
View File

@@ -8,7 +8,6 @@ import (
"github.com/treytartt/casera-api/internal/apperrors"
"github.com/treytartt/casera-api/internal/middleware"
"github.com/treytartt/casera-api/internal/models"
"github.com/treytartt/casera-api/internal/services"
)
@@ -24,7 +23,10 @@ func NewNotificationHandler(notificationService *services.NotificationService) *
// ListNotifications handles GET /api/notifications/
func (h *NotificationHandler) ListNotifications(c echo.Context) error {
user := c.Get(middleware.AuthUserKey).(*models.User)
user, err := middleware.MustGetAuthUser(c)
if err != nil {
return err
}
limit := 50
offset := 0
@@ -33,6 +35,9 @@ func (h *NotificationHandler) ListNotifications(c echo.Context) error {
limit = parsed
}
}
if limit > 200 {
limit = 200
}
if o := c.QueryParam("offset"); o != "" {
if parsed, err := strconv.Atoi(o); err == nil && parsed >= 0 {
offset = parsed
@@ -52,7 +57,10 @@ func (h *NotificationHandler) ListNotifications(c echo.Context) error {
// GetUnreadCount handles GET /api/notifications/unread-count/
func (h *NotificationHandler) GetUnreadCount(c echo.Context) error {
user := c.Get(middleware.AuthUserKey).(*models.User)
user, err := middleware.MustGetAuthUser(c)
if err != nil {
return err
}
count, err := h.notificationService.GetUnreadCount(user.ID)
if err != nil {
@@ -64,7 +72,10 @@ func (h *NotificationHandler) GetUnreadCount(c echo.Context) error {
// MarkAsRead handles POST /api/notifications/:id/read/
func (h *NotificationHandler) MarkAsRead(c echo.Context) error {
user := c.Get(middleware.AuthUserKey).(*models.User)
user, err := middleware.MustGetAuthUser(c)
if err != nil {
return err
}
notificationID, err := strconv.ParseUint(c.Param("id"), 10, 32)
if err != nil {
@@ -81,9 +92,12 @@ func (h *NotificationHandler) MarkAsRead(c echo.Context) error {
// MarkAllAsRead handles POST /api/notifications/mark-all-read/
func (h *NotificationHandler) MarkAllAsRead(c echo.Context) error {
user := c.Get(middleware.AuthUserKey).(*models.User)
user, err := middleware.MustGetAuthUser(c)
if err != nil {
return err
}
err := h.notificationService.MarkAllAsRead(user.ID)
err = h.notificationService.MarkAllAsRead(user.ID)
if err != nil {
return err
}
@@ -93,7 +107,10 @@ func (h *NotificationHandler) MarkAllAsRead(c echo.Context) error {
// GetPreferences handles GET /api/notifications/preferences/
func (h *NotificationHandler) GetPreferences(c echo.Context) error {
user := c.Get(middleware.AuthUserKey).(*models.User)
user, err := middleware.MustGetAuthUser(c)
if err != nil {
return err
}
prefs, err := h.notificationService.GetPreferences(user.ID)
if err != nil {
@@ -105,12 +122,18 @@ func (h *NotificationHandler) GetPreferences(c echo.Context) error {
// UpdatePreferences handles PUT/PATCH /api/notifications/preferences/
func (h *NotificationHandler) UpdatePreferences(c echo.Context) error {
user := c.Get(middleware.AuthUserKey).(*models.User)
user, err := middleware.MustGetAuthUser(c)
if err != nil {
return err
}
var req services.UpdatePreferencesRequest
if err := c.Bind(&req); err != nil {
return apperrors.BadRequest("error.invalid_request")
}
if err := c.Validate(&req); err != nil {
return err
}
prefs, err := h.notificationService.UpdatePreferences(user.ID, &req)
if err != nil {
@@ -122,12 +145,18 @@ func (h *NotificationHandler) UpdatePreferences(c echo.Context) error {
// RegisterDevice handles POST /api/notifications/devices/
func (h *NotificationHandler) RegisterDevice(c echo.Context) error {
user := c.Get(middleware.AuthUserKey).(*models.User)
user, err := middleware.MustGetAuthUser(c)
if err != nil {
return err
}
var req services.RegisterDeviceRequest
if err := c.Bind(&req); err != nil {
return apperrors.BadRequest("error.invalid_request")
}
if err := c.Validate(&req); err != nil {
return err
}
device, err := h.notificationService.RegisterDevice(user.ID, &req)
if err != nil {
@@ -139,7 +168,10 @@ func (h *NotificationHandler) RegisterDevice(c echo.Context) error {
// ListDevices handles GET /api/notifications/devices/
func (h *NotificationHandler) ListDevices(c echo.Context) error {
user := c.Get(middleware.AuthUserKey).(*models.User)
user, err := middleware.MustGetAuthUser(c)
if err != nil {
return err
}
devices, err := h.notificationService.ListDevices(user.ID)
if err != nil {
@@ -152,7 +184,10 @@ func (h *NotificationHandler) ListDevices(c echo.Context) error {
// UnregisterDevice handles POST /api/notifications/devices/unregister/
// Accepts {registration_id, platform} and deactivates the matching device
func (h *NotificationHandler) UnregisterDevice(c echo.Context) error {
user := c.Get(middleware.AuthUserKey).(*models.User)
user, err := middleware.MustGetAuthUser(c)
if err != nil {
return err
}
var req struct {
RegistrationID string `json:"registration_id"`
@@ -168,7 +203,7 @@ func (h *NotificationHandler) UnregisterDevice(c echo.Context) error {
req.Platform = "ios" // Default to iOS
}
err := h.notificationService.UnregisterDevice(req.RegistrationID, req.Platform, user.ID)
err = h.notificationService.UnregisterDevice(req.RegistrationID, req.Platform, user.ID)
if err != nil {
return err
}
@@ -178,7 +213,10 @@ func (h *NotificationHandler) UnregisterDevice(c echo.Context) error {
// DeleteDevice handles DELETE /api/notifications/devices/:id/
func (h *NotificationHandler) DeleteDevice(c echo.Context) error {
user := c.Get(middleware.AuthUserKey).(*models.User)
user, err := middleware.MustGetAuthUser(c)
if err != nil {
return err
}
deviceID, err := strconv.ParseUint(c.Param("id"), 10, 32)
if err != nil {

88
internal/handlers/notification_handler_test.go Normal file
View File

@@ -0,0 +1,88 @@
package handlers
import (
"encoding/json"
"fmt"
"net/http"
"testing"
"github.com/labstack/echo/v4"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"gorm.io/gorm"
"github.com/treytartt/casera-api/internal/models"
"github.com/treytartt/casera-api/internal/repositories"
"github.com/treytartt/casera-api/internal/services"
"github.com/treytartt/casera-api/internal/testutil"
)
func setupNotificationHandler(t *testing.T) (*NotificationHandler, *echo.Echo, *gorm.DB) {
db := testutil.SetupTestDB(t)
notifRepo := repositories.NewNotificationRepository(db)
notifService := services.NewNotificationService(notifRepo, nil)
handler := NewNotificationHandler(notifService)
e := testutil.SetupTestRouter()
return handler, e, db
}
func createTestNotifications(t *testing.T, db *gorm.DB, userID uint, count int) {
for i := 0; i < count; i++ {
notif := &models.Notification{
UserID: userID,
NotificationType: models.NotificationTaskDueSoon,
Title: fmt.Sprintf("Test Notification %d", i+1),
Body: fmt.Sprintf("Body %d", i+1),
}
err := db.Create(notif).Error
require.NoError(t, err)
}
}
func TestNotificationHandler_ListNotifications_LimitCappedAt200(t *testing.T) {
handler, e, db := setupNotificationHandler(t)
user := testutil.CreateTestUser(t, db, "owner", "owner@test.com", "password")
// Create 210 notifications to exceed the cap
createTestNotifications(t, db, user.ID, 210)
authGroup := e.Group("/api/notifications")
authGroup.Use(testutil.MockAuthMiddleware(user))
authGroup.GET("/", handler.ListNotifications)
t.Run("limit is capped at 200 when user requests more", func(t *testing.T) {
w := testutil.MakeRequest(e, "GET", "/api/notifications/?limit=999", nil, "test-token")
testutil.AssertStatusCode(t, w, http.StatusOK)
var response map[string]interface{}
err := json.Unmarshal(w.Body.Bytes(), &response)
require.NoError(t, err)
count := int(response["count"].(float64))
assert.Equal(t, 200, count, "response should contain at most 200 notifications when limit exceeds cap")
})
t.Run("limit below cap is respected", func(t *testing.T) {
w := testutil.MakeRequest(e, "GET", "/api/notifications/?limit=10", nil, "test-token")
testutil.AssertStatusCode(t, w, http.StatusOK)
var response map[string]interface{}
err := json.Unmarshal(w.Body.Bytes(), &response)
require.NoError(t, err)
count := int(response["count"].(float64))
assert.Equal(t, 10, count, "response should respect limit when below cap")
})
t.Run("default limit is used when no limit param", func(t *testing.T) {
w := testutil.MakeRequest(e, "GET", "/api/notifications/", nil, "test-token")
testutil.AssertStatusCode(t, w, http.StatusOK)
var response map[string]interface{}
err := json.Unmarshal(w.Body.Bytes(), &response)
require.NoError(t, err)
count := int(response["count"].(float64))
assert.Equal(t, 50, count, "response should use default limit of 50")
})
}

74
internal/handlers/residence_handler.go
View File

@@ -10,7 +10,6 @@ import (
"github.com/treytartt/casera-api/internal/dto/requests"
"github.com/treytartt/casera-api/internal/i18n"
"github.com/treytartt/casera-api/internal/middleware"
"github.com/treytartt/casera-api/internal/models"
"github.com/treytartt/casera-api/internal/services"
"github.com/treytartt/casera-api/internal/validator"
)
@@ -35,7 +34,10 @@ func NewResidenceHandler(residenceService *services.ResidenceService, pdfService
// ListResidences handles GET /api/residences/
func (h *ResidenceHandler) ListResidences(c echo.Context) error {
user := c.Get(middleware.AuthUserKey).(*models.User)
user, err := middleware.MustGetAuthUser(c)
if err != nil {
return err
}
response, err := h.residenceService.ListResidences(user.ID)
if err != nil {
@@ -47,7 +49,10 @@ func (h *ResidenceHandler) ListResidences(c echo.Context) error {
// GetMyResidences handles GET /api/residences/my-residences/
func (h *ResidenceHandler) GetMyResidences(c echo.Context) error {
user := c.Get(middleware.AuthUserKey).(*models.User)
user, err := middleware.MustGetAuthUser(c)
if err != nil {
return err
}
userNow := middleware.GetUserNow(c)
response, err := h.residenceService.GetMyResidences(user.ID, userNow)
@@ -61,7 +66,10 @@ func (h *ResidenceHandler) GetMyResidences(c echo.Context) error {
// GetSummary handles GET /api/residences/summary/
// Returns just the task statistics summary without full residence data
func (h *ResidenceHandler) GetSummary(c echo.Context) error {
user := c.Get(middleware.AuthUserKey).(*models.User)
user, err := middleware.MustGetAuthUser(c)
if err != nil {
return err
}
userNow := middleware.GetUserNow(c)
summary, err := h.residenceService.GetSummary(user.ID, userNow)
@@ -74,7 +82,10 @@ func (h *ResidenceHandler) GetSummary(c echo.Context) error {
// GetResidence handles GET /api/residences/:id/
func (h *ResidenceHandler) GetResidence(c echo.Context) error {
user := c.Get(middleware.AuthUserKey).(*models.User)
user, err := middleware.MustGetAuthUser(c)
if err != nil {
return err
}
residenceID, err := strconv.ParseUint(c.Param("id"), 10, 32)
if err != nil {
@@ -91,7 +102,10 @@ func (h *ResidenceHandler) GetResidence(c echo.Context) error {
// CreateResidence handles POST /api/residences/
func (h *ResidenceHandler) CreateResidence(c echo.Context) error {
user := c.Get(middleware.AuthUserKey).(*models.User)
user, err := middleware.MustGetAuthUser(c)
if err != nil {
return err
}
var req requests.CreateResidenceRequest
if err := c.Bind(&req); err != nil {
@@ -111,7 +125,10 @@ func (h *ResidenceHandler) CreateResidence(c echo.Context) error {
// UpdateResidence handles PUT/PATCH /api/residences/:id/
func (h *ResidenceHandler) UpdateResidence(c echo.Context) error {
user := c.Get(middleware.AuthUserKey).(*models.User)
user, err := middleware.MustGetAuthUser(c)
if err != nil {
return err
}
residenceID, err := strconv.ParseUint(c.Param("id"), 10, 32)
if err != nil {
@@ -136,7 +153,10 @@ func (h *ResidenceHandler) UpdateResidence(c echo.Context) error {
// DeleteResidence handles DELETE /api/residences/:id/
func (h *ResidenceHandler) DeleteResidence(c echo.Context) error {
user := c.Get(middleware.AuthUserKey).(*models.User)
user, err := middleware.MustGetAuthUser(c)
if err != nil {
return err
}
residenceID, err := strconv.ParseUint(c.Param("id"), 10, 32)
if err != nil {
@@ -154,7 +174,10 @@ func (h *ResidenceHandler) DeleteResidence(c echo.Context) error {
// GetShareCode handles GET /api/residences/:id/share-code/
// Returns the active share code for a residence, or null if none exists
func (h *ResidenceHandler) GetShareCode(c echo.Context) error {
user := c.Get(middleware.AuthUserKey).(*models.User)
user, err := middleware.MustGetAuthUser(c)
if err != nil {
return err
}
residenceID, err := strconv.ParseUint(c.Param("id"), 10, 32)
if err != nil {
@@ -175,7 +198,10 @@ func (h *ResidenceHandler) GetShareCode(c echo.Context) error {
// GenerateShareCode handles POST /api/residences/:id/generate-share-code/
func (h *ResidenceHandler) GenerateShareCode(c echo.Context) error {
user := c.Get(middleware.AuthUserKey).(*models.User)
user, err := middleware.MustGetAuthUser(c)
if err != nil {
return err
}
residenceID, err := strconv.ParseUint(c.Param("id"), 10, 32)
if err != nil {
@@ -197,7 +223,10 @@ func (h *ResidenceHandler) GenerateShareCode(c echo.Context) error {
// GenerateSharePackage handles POST /api/residences/:id/generate-share-package/
// Returns a share code with metadata for creating a .casera package file
func (h *ResidenceHandler) GenerateSharePackage(c echo.Context) error {
user := c.Get(middleware.AuthUserKey).(*models.User)
user, err := middleware.MustGetAuthUser(c)
if err != nil {
return err
}
residenceID, err := strconv.ParseUint(c.Param("id"), 10, 32)
if err != nil {
@@ -218,12 +247,18 @@ func (h *ResidenceHandler) GenerateSharePackage(c echo.Context) error {
// JoinWithCode handles POST /api/residences/join-with-code/
func (h *ResidenceHandler) JoinWithCode(c echo.Context) error {
user := c.Get(middleware.AuthUserKey).(*models.User)
user, err := middleware.MustGetAuthUser(c)
if err != nil {
return err
}
var req requests.JoinWithCodeRequest
if err := c.Bind(&req); err != nil {
return apperrors.BadRequest("error.invalid_request")
}
if err := c.Validate(&req); err != nil {
return err
}
response, err := h.residenceService.JoinWithCode(req.Code, user.ID)
if err != nil {
@@ -235,7 +270,10 @@ func (h *ResidenceHandler) JoinWithCode(c echo.Context) error {
// GetResidenceUsers handles GET /api/residences/:id/users/
func (h *ResidenceHandler) GetResidenceUsers(c echo.Context) error {
user := c.Get(middleware.AuthUserKey).(*models.User)
user, err := middleware.MustGetAuthUser(c)
if err != nil {
return err
}
residenceID, err := strconv.ParseUint(c.Param("id"), 10, 32)
if err != nil {
@@ -252,7 +290,10 @@ func (h *ResidenceHandler) GetResidenceUsers(c echo.Context) error {
// RemoveResidenceUser handles DELETE /api/residences/:id/users/:user_id/
func (h *ResidenceHandler) RemoveResidenceUser(c echo.Context) error {
user := c.Get(middleware.AuthUserKey).(*models.User)
user, err := middleware.MustGetAuthUser(c)
if err != nil {
return err
}
residenceID, err := strconv.ParseUint(c.Param("id"), 10, 32)
if err != nil {
@@ -289,7 +330,10 @@ func (h *ResidenceHandler) GenerateTasksReport(c echo.Context) error {
return apperrors.BadRequest("error.feature_disabled")
}
user := c.Get(middleware.AuthUserKey).(*models.User)
user, err := middleware.MustGetAuthUser(c)
if err != nil {
return err
}
residenceID, err := strconv.ParseUint(c.Param("id"), 10, 32)
if err != nil {

42
internal/handlers/residence_handler_test.go
View File

@@ -525,3 +525,45 @@ func TestResidenceHandler_JSONResponses(t *testing.T) {
assert.IsType(t, []map[string]interface{}{}, response)
})
}
func TestResidenceHandler_CreateResidence_NegativeBedrooms_Returns400(t *testing.T) {
handler, e, db := setupResidenceHandler(t)
user := testutil.CreateTestUser(t, db, "owner", "owner@test.com", "password")
authGroup := e.Group("/api/residences")
authGroup.Use(testutil.MockAuthMiddleware(user))
authGroup.POST("/", handler.CreateResidence)
t.Run("negative bedrooms rejected", func(t *testing.T) {
bedrooms := -1
req := requests.CreateResidenceRequest{
Name: "Bad House",
Bedrooms: &bedrooms,
}
w := testutil.MakeRequest(e, "POST", "/api/residences/", req, "test-token")
testutil.AssertStatusCode(t, w, http.StatusBadRequest)
})
t.Run("negative square footage rejected", func(t *testing.T) {
sqft := -100
req := requests.CreateResidenceRequest{
Name: "Bad House",
SquareFootage: &sqft,
}
w := testutil.MakeRequest(e, "POST", "/api/residences/", req, "test-token")
testutil.AssertStatusCode(t, w, http.StatusBadRequest)
})
t.Run("zero bedrooms accepted", func(t *testing.T) {
bedrooms := 0
req := requests.CreateResidenceRequest{
Name: "Studio Apartment",
Bedrooms: &bedrooms,
}
w := testutil.MakeRequest(e, "POST", "/api/residences/", req, "test-token")
testutil.AssertStatusCode(t, w, http.StatusCreated)
})
}

39
internal/handlers/subscription_handler.go
View File

@@ -7,7 +7,6 @@ import (
"github.com/treytartt/casera-api/internal/apperrors"
"github.com/treytartt/casera-api/internal/middleware"
"github.com/treytartt/casera-api/internal/models"
"github.com/treytartt/casera-api/internal/services"
)
@@ -23,7 +22,10 @@ func NewSubscriptionHandler(subscriptionService *services.SubscriptionService) *
// GetSubscription handles GET /api/subscription/
func (h *SubscriptionHandler) GetSubscription(c echo.Context) error {
user := c.Get(middleware.AuthUserKey).(*models.User)
user, err := middleware.MustGetAuthUser(c)
if err != nil {
return err
}
subscription, err := h.subscriptionService.GetSubscription(user.ID)
if err != nil {
@@ -35,7 +37,10 @@ func (h *SubscriptionHandler) GetSubscription(c echo.Context) error {
// GetSubscriptionStatus handles GET /api/subscription/status/
func (h *SubscriptionHandler) GetSubscriptionStatus(c echo.Context) error {
user := c.Get(middleware.AuthUserKey).(*models.User)
user, err := middleware.MustGetAuthUser(c)
if err != nil {
return err
}
status, err := h.subscriptionService.GetSubscriptionStatus(user.ID)
if err != nil {
@@ -79,7 +84,10 @@ func (h *SubscriptionHandler) GetFeatureBenefits(c echo.Context) error {
// GetPromotions handles GET /api/subscription/promotions/
func (h *SubscriptionHandler) GetPromotions(c echo.Context) error {
user := c.Get(middleware.AuthUserKey).(*models.User)
user, err := middleware.MustGetAuthUser(c)
if err != nil {
return err
}
promotions, err := h.subscriptionService.GetActivePromotions(user.ID)
if err != nil {
@@ -91,15 +99,20 @@ func (h *SubscriptionHandler) GetPromotions(c echo.Context) error {
// ProcessPurchase handles POST /api/subscription/purchase/
func (h *SubscriptionHandler) ProcessPurchase(c echo.Context) error {
user := c.Get(middleware.AuthUserKey).(*models.User)
user, err := middleware.MustGetAuthUser(c)
if err != nil {
return err
}
var req services.ProcessPurchaseRequest
if err := c.Bind(&req); err != nil {
return apperrors.BadRequest("error.invalid_request")
}
if err := c.Validate(&req); err != nil {
return err
}
var subscription *services.SubscriptionResponse
var err error
switch req.Platform {
case "ios":
@@ -129,7 +142,10 @@ func (h *SubscriptionHandler) ProcessPurchase(c echo.Context) error {
// CancelSubscription handles POST /api/subscription/cancel/
func (h *SubscriptionHandler) CancelSubscription(c echo.Context) error {
user := c.Get(middleware.AuthUserKey).(*models.User)
user, err := middleware.MustGetAuthUser(c)
if err != nil {
return err
}
subscription, err := h.subscriptionService.CancelSubscription(user.ID)
if err != nil {
@@ -144,16 +160,21 @@ func (h *SubscriptionHandler) CancelSubscription(c echo.Context) error {
// RestoreSubscription handles POST /api/subscription/restore/
func (h *SubscriptionHandler) RestoreSubscription(c echo.Context) error {
user := c.Get(middleware.AuthUserKey).(*models.User)
user, err := middleware.MustGetAuthUser(c)
if err != nil {
return err
}
var req services.ProcessPurchaseRequest
if err := c.Bind(&req); err != nil {
return apperrors.BadRequest("error.invalid_request")
}
if err := c.Validate(&req); err != nil {
return err
}
// Same logic as ProcessPurchase - validates receipt/token and restores
var subscription *services.SubscriptionResponse
var err error
switch req.Platform {
case "ios":

223
internal/handlers/subscription_webhook_handler.go
View File

@@ -8,14 +8,14 @@ import (
"encoding/pem"
"fmt"
"io"
"log"
"net/http"
"os"
"strings"
"time"
"github.com/labstack/echo/v4"
"github.com/golang-jwt/jwt/v5"
"github.com/labstack/echo/v4"
"github.com/rs/zerolog/log"
"github.com/treytartt/casera-api/internal/config"
"github.com/treytartt/casera-api/internal/models"
@@ -101,40 +101,39 @@ type AppleRenewalInfo struct {
// HandleAppleWebhook handles POST /api/subscription/webhook/apple/
func (h *SubscriptionWebhookHandler) HandleAppleWebhook(c echo.Context) error {
if !h.enabled {
log.Printf("Apple Webhook: webhooks disabled by feature flag")
log.Info().Msg("Apple Webhook: webhooks disabled by feature flag")
return c.JSON(http.StatusOK, map[string]interface{}{"status": "webhooks_disabled"})
}
body, err := io.ReadAll(c.Request().Body)
if err != nil {
log.Printf("Apple Webhook: Failed to read body: %v", err)
log.Error().Err(err).Msg("Apple Webhook: Failed to read body")
return c.JSON(http.StatusBadRequest, map[string]interface{}{"error": "failed to read request body"})
}
var payload AppleNotificationPayload
if err := json.Unmarshal(body, &payload); err != nil {
log.Printf("Apple Webhook: Failed to parse payload: %v", err)
log.Error().Err(err).Msg("Apple Webhook: Failed to parse payload")
return c.JSON(http.StatusBadRequest, map[string]interface{}{"error": "invalid payload"})
}
// Decode and verify the signed payload (JWS)
notification, err := h.decodeAppleSignedPayload(payload.SignedPayload)
if err != nil {
log.Printf("Apple Webhook: Failed to decode signed payload: %v", err)
log.Error().Err(err).Msg("Apple Webhook: Failed to decode signed payload")
return c.JSON(http.StatusBadRequest, map[string]interface{}{"error": "invalid signed payload"})
}
log.Printf("Apple Webhook: Received %s (subtype: %s) for bundle %s",
notification.NotificationType, notification.Subtype, notification.Data.BundleID)
log.Info().Str("type", notification.NotificationType).Str("subtype", notification.Subtype).Str("bundle", notification.Data.BundleID).Msg("Apple Webhook: Received notification")
// Dedup check using notificationUUID
if notification.NotificationUUID != "" {
alreadyProcessed, err := h.webhookEventRepo.HasProcessed("apple", notification.NotificationUUID)
if err != nil {
log.Printf("Apple Webhook: Failed to check dedup: %v", err)
log.Error().Err(err).Msg("Apple Webhook: Failed to check dedup")
// Continue processing on dedup check failure (fail-open)
} else if alreadyProcessed {
log.Printf("Apple Webhook: Duplicate event %s, skipping", notification.NotificationUUID)
log.Info().Str("uuid", notification.NotificationUUID).Msg("Apple Webhook: Duplicate event, skipping")
return c.JSON(http.StatusOK, map[string]interface{}{"status": "duplicate"})
}
}
@@ -143,8 +142,7 @@ func (h *SubscriptionWebhookHandler) HandleAppleWebhook(c echo.Context) error {
cfg := config.Get()
if cfg != nil && cfg.AppleIAP.BundleID != "" {
if notification.Data.BundleID != cfg.AppleIAP.BundleID {
log.Printf("Apple Webhook: Bundle ID mismatch: got %s, expected %s",
notification.Data.BundleID, cfg.AppleIAP.BundleID)
log.Warn().Str("got", notification.Data.BundleID).Str("expected", cfg.AppleIAP.BundleID).Msg("Apple Webhook: Bundle ID mismatch")
return c.JSON(http.StatusBadRequest, map[string]interface{}{"error": "bundle ID mismatch"})
}
}
@@ -152,7 +150,7 @@ func (h *SubscriptionWebhookHandler) HandleAppleWebhook(c echo.Context) error {
// Decode transaction info
transactionInfo, err := h.decodeAppleTransaction(notification.Data.SignedTransactionInfo)
if err != nil {
log.Printf("Apple Webhook: Failed to decode transaction: %v", err)
log.Error().Err(err).Msg("Apple Webhook: Failed to decode transaction")
return c.JSON(http.StatusBadRequest, map[string]interface{}{"error": "invalid transaction info"})
}
@@ -164,14 +162,14 @@ func (h *SubscriptionWebhookHandler) HandleAppleWebhook(c echo.Context) error {
// Process the notification
if err := h.processAppleNotification(notification, transactionInfo, renewalInfo); err != nil {
log.Printf("Apple Webhook: Failed to process notification: %v", err)
log.Error().Err(err).Msg("Apple Webhook: Failed to process notification")
// Still return 200 to prevent Apple from retrying
}
// Record processed event for dedup
if notification.NotificationUUID != "" {
if err := h.webhookEventRepo.RecordEvent("apple", notification.NotificationUUID, notification.NotificationType, ""); err != nil {
log.Printf("Apple Webhook: Failed to record event: %v", err)
log.Error().Err(err).Msg("Apple Webhook: Failed to record event")
}
}
@@ -179,7 +177,8 @@ func (h *SubscriptionWebhookHandler) HandleAppleWebhook(c echo.Context) error {
return c.JSON(http.StatusOK, map[string]interface{}{"status": "received"})
}
// decodeAppleSignedPayload decodes and verifies an Apple JWS payload
// decodeAppleSignedPayload verifies and decodes an Apple JWS payload.
// The JWS signature is verified before the payload is trusted.
func (h *SubscriptionWebhookHandler) decodeAppleSignedPayload(signedPayload string) (*AppleNotificationData, error) {
// JWS format: header.payload.signature
parts := strings.Split(signedPayload, ".")
@@ -187,8 +186,11 @@ func (h *SubscriptionWebhookHandler) decodeAppleSignedPayload(signedPayload stri
return nil, fmt.Errorf("invalid JWS format")
}
// Decode payload (we're trusting Apple's signature for now)
// In production, you should verify the signature using Apple's root certificate
// Verify the JWS signature before trusting the payload.
if err := h.VerifyAppleSignature(signedPayload); err != nil {
return nil, fmt.Errorf("Apple JWS signature verification failed: %w", err)
}
payload, err := base64.RawURLEncoding.DecodeString(parts[1])
if err != nil {
return nil, fmt.Errorf("failed to decode payload: %w", err)
@@ -251,14 +253,12 @@ func (h *SubscriptionWebhookHandler) processAppleNotification(
// Find user by stored receipt data (original transaction ID)
user, err := h.findUserByAppleTransaction(transaction.OriginalTransactionID)
if err != nil {
log.Printf("Apple Webhook: Could not find user for transaction %s: %v",
transaction.OriginalTransactionID, err)
log.Warn().Err(err).Str("transaction_id", transaction.OriginalTransactionID).Msg("Apple Webhook: Could not find user for transaction")
// Not an error - might be a transaction we don't track
return nil
}
log.Printf("Apple Webhook: Processing %s for user %d (product: %s)",
notification.NotificationType, user.ID, transaction.ProductID)
log.Info().Str("type", notification.NotificationType).Uint("user_id", user.ID).Str("product", transaction.ProductID).Msg("Apple Webhook: Processing notification")
switch notification.NotificationType {
case "SUBSCRIBED":
@@ -294,7 +294,7 @@ func (h *SubscriptionWebhookHandler) processAppleNotification(
return h.handleAppleGracePeriodExpired(user.ID, transaction)
default:
log.Printf("Apple Webhook: Unhandled notification type: %s", notification.NotificationType)
log.Warn().Str("type", notification.NotificationType).Msg("Apple Webhook: Unhandled notification type")
}
return nil
@@ -326,7 +326,7 @@ func (h *SubscriptionWebhookHandler) handleAppleSubscribed(userID uint, tx *Appl
return err
}
log.Printf("Apple Webhook: User %d subscribed, expires %v, autoRenew=%v", userID, expiresAt, autoRenew)
log.Info().Uint("user_id", userID).Time("expires", expiresAt).Bool("auto_renew", autoRenew).Msg("Apple Webhook: User subscribed")
return nil
}
@@ -337,7 +337,7 @@ func (h *SubscriptionWebhookHandler) handleAppleRenewed(userID uint, tx *AppleTr
return err
}
log.Printf("Apple Webhook: User %d renewed, new expiry %v", userID, expiresAt)
log.Info().Uint("user_id", userID).Time("expires", expiresAt).Msg("Apple Webhook: User renewed")
return nil
}
@@ -357,13 +357,13 @@ func (h *SubscriptionWebhookHandler) handleAppleRenewalStatusChange(userID uint,
if err := h.subscriptionRepo.SetCancelledAt(userID, now); err != nil {
return err
}
log.Printf("Apple Webhook: User %d turned off auto-renew, will expire at end of period", userID)
log.Info().Uint("user_id", userID).Msg("Apple Webhook: User turned off auto-renew, will expire at end of period")
} else {
// User turned auto-renew back on
if err := h.subscriptionRepo.ClearCancelledAt(userID); err != nil {
return err
}
log.Printf("Apple Webhook: User %d turned auto-renew back on", userID)
log.Info().Uint("user_id", userID).Msg("Apple Webhook: User turned auto-renew back on")
}
return nil
@@ -371,7 +371,7 @@ func (h *SubscriptionWebhookHandler) handleAppleRenewalStatusChange(userID uint,
func (h *SubscriptionWebhookHandler) handleAppleFailedToRenew(userID uint, tx *AppleTransactionInfo, renewal *AppleRenewalInfo) error {
// Subscription is in billing retry or grace period
log.Printf("Apple Webhook: User %d failed to renew, may be in grace period", userID)
log.Warn().Uint("user_id", userID).Msg("Apple Webhook: User failed to renew, may be in grace period")
// Don't downgrade yet - Apple may retry billing
return nil
}
@@ -381,7 +381,7 @@ func (h *SubscriptionWebhookHandler) handleAppleExpired(userID uint, tx *AppleTr
return err
}
log.Printf("Apple Webhook: User %d subscription expired, downgraded to free", userID)
log.Info().Uint("user_id", userID).Msg("Apple Webhook: User subscription expired, downgraded to free")
return nil
}
@@ -390,7 +390,7 @@ func (h *SubscriptionWebhookHandler) handleAppleRefund(userID uint, tx *AppleTra
return err
}
log.Printf("Apple Webhook: User %d got refund, downgraded to free", userID)
log.Info().Uint("user_id", userID).Msg("Apple Webhook: User got refund, downgraded to free")
return nil
}
@@ -399,7 +399,7 @@ func (h *SubscriptionWebhookHandler) handleAppleRevoke(userID uint, tx *AppleTra
return err
}
log.Printf("Apple Webhook: User %d subscription revoked, downgraded to free", userID)
log.Info().Uint("user_id", userID).Msg("Apple Webhook: User subscription revoked, downgraded to free")
return nil
}
@@ -408,7 +408,7 @@ func (h *SubscriptionWebhookHandler) handleAppleGracePeriodExpired(userID uint,
return err
}
log.Printf("Apple Webhook: User %d grace period expired, downgraded to free", userID)
log.Info().Uint("user_id", userID).Msg("Apple Webhook: User grace period expired, downgraded to free")
return nil
}
@@ -481,32 +481,32 @@ const (
// HandleGoogleWebhook handles POST /api/subscription/webhook/google/
func (h *SubscriptionWebhookHandler) HandleGoogleWebhook(c echo.Context) error {
if !h.enabled {
log.Printf("Google Webhook: webhooks disabled by feature flag")
log.Info().Msg("Google Webhook: webhooks disabled by feature flag")
return c.JSON(http.StatusOK, map[string]interface{}{"status": "webhooks_disabled"})
}
body, err := io.ReadAll(c.Request().Body)
if err != nil {
log.Printf("Google Webhook: Failed to read body: %v", err)
log.Error().Err(err).Msg("Google Webhook: Failed to read body")
return c.JSON(http.StatusBadRequest, map[string]interface{}{"error": "failed to read request body"})
}
var notification GoogleNotification
if err := json.Unmarshal(body, &notification); err != nil {
log.Printf("Google Webhook: Failed to parse notification: %v", err)
log.Error().Err(err).Msg("Google Webhook: Failed to parse notification")
return c.JSON(http.StatusBadRequest, map[string]interface{}{"error": "invalid notification"})
}
// Decode the base64 data
data, err := base64.StdEncoding.DecodeString(notification.Message.Data)
if err != nil {
log.Printf("Google Webhook: Failed to decode message data: %v", err)
log.Error().Err(err).Msg("Google Webhook: Failed to decode message data")
return c.JSON(http.StatusBadRequest, map[string]interface{}{"error": "invalid message data"})
}
var devNotification GoogleDeveloperNotification
if err := json.Unmarshal(data, &devNotification); err != nil {
log.Printf("Google Webhook: Failed to parse developer notification: %v", err)
log.Error().Err(err).Msg("Google Webhook: Failed to parse developer notification")
return c.JSON(http.StatusBadRequest, map[string]interface{}{"error": "invalid developer notification"})
}
@@ -515,17 +515,17 @@ func (h *SubscriptionWebhookHandler) HandleGoogleWebhook(c echo.Context) error {
if messageID != "" {
alreadyProcessed, err := h.webhookEventRepo.HasProcessed("google", messageID)
if err != nil {
log.Printf("Google Webhook: Failed to check dedup: %v", err)
log.Error().Err(err).Msg("Google Webhook: Failed to check dedup")
// Continue processing on dedup check failure (fail-open)
} else if alreadyProcessed {
log.Printf("Google Webhook: Duplicate event %s, skipping", messageID)
log.Info().Str("message_id", messageID).Msg("Google Webhook: Duplicate event, skipping")
return c.JSON(http.StatusOK, map[string]interface{}{"status": "duplicate"})
}
}
// Handle test notification
if devNotification.TestNotification != nil {
log.Printf("Google Webhook: Received test notification")
log.Info().Msg("Google Webhook: Received test notification")
return c.JSON(http.StatusOK, map[string]interface{}{"status": "test received"})
}
@@ -533,8 +533,7 @@ func (h *SubscriptionWebhookHandler) HandleGoogleWebhook(c echo.Context) error {
cfg := config.Get()
if cfg != nil && cfg.GoogleIAP.PackageName != "" {
if devNotification.PackageName != cfg.GoogleIAP.PackageName {
log.Printf("Google Webhook: Package name mismatch: got %s, expected %s",
devNotification.PackageName, cfg.GoogleIAP.PackageName)
log.Warn().Str("got", devNotification.PackageName).Str("expected", cfg.GoogleIAP.PackageName).Msg("Google Webhook: Package name mismatch")
return c.JSON(http.StatusBadRequest, map[string]interface{}{"error": "package name mismatch"})
}
}
@@ -542,7 +541,7 @@ func (h *SubscriptionWebhookHandler) HandleGoogleWebhook(c echo.Context) error {
// Process subscription notification
if devNotification.SubscriptionNotification != nil {
if err := h.processGoogleSubscriptionNotification(devNotification.SubscriptionNotification); err != nil {
log.Printf("Google Webhook: Failed to process notification: %v", err)
log.Error().Err(err).Msg("Google Webhook: Failed to process notification")
// Still return 200 to acknowledge
}
}
@@ -554,7 +553,7 @@ func (h *SubscriptionWebhookHandler) HandleGoogleWebhook(c echo.Context) error {
eventType = fmt.Sprintf("subscription_%d", devNotification.SubscriptionNotification.NotificationType)
}
if err := h.webhookEventRepo.RecordEvent("google", messageID, eventType, ""); err != nil {
log.Printf("Google Webhook: Failed to record event: %v", err)
log.Error().Err(err).Msg("Google Webhook: Failed to record event")
}
}
@@ -567,12 +566,11 @@ func (h *SubscriptionWebhookHandler) processGoogleSubscriptionNotification(notif
// Find user by purchase token
user, err := h.findUserByGoogleToken(notification.PurchaseToken)
if err != nil {
log.Printf("Google Webhook: Could not find user for token: %v", err)
log.Warn().Err(err).Msg("Google Webhook: Could not find user for token")
return nil // Not an error - might be unknown token
}
log.Printf("Google Webhook: Processing type %d for user %d (subscription: %s)",
notification.NotificationType, user.ID, notification.SubscriptionID)
log.Info().Int("type", notification.NotificationType).Uint("user_id", user.ID).Str("subscription", notification.SubscriptionID).Msg("Google Webhook: Processing notification")
switch notification.NotificationType {
case GoogleSubPurchased:
@@ -606,7 +604,7 @@ func (h *SubscriptionWebhookHandler) processGoogleSubscriptionNotification(notif
return h.handleGooglePaused(user.ID, notification)
default:
log.Printf("Google Webhook: Unhandled notification type: %d", notification.NotificationType)
log.Warn().Int("type", notification.NotificationType).Msg("Google Webhook: Unhandled notification type")
}
return nil
@@ -629,7 +627,7 @@ func (h *SubscriptionWebhookHandler) findUserByGoogleToken(purchaseToken string)
func (h *SubscriptionWebhookHandler) handleGooglePurchased(userID uint, notification *GoogleSubscriptionNotification) error {
// New subscription - we should have already processed this via the client
// This is a backup notification
log.Printf("Google Webhook: User %d purchased subscription %s", userID, notification.SubscriptionID)
log.Info().Uint("user_id", userID).Str("subscription", notification.SubscriptionID).Msg("Google Webhook: User purchased subscription")
return nil
}
@@ -648,7 +646,7 @@ func (h *SubscriptionWebhookHandler) handleGoogleRenewed(userID uint, notificati
return err
}
log.Printf("Google Webhook: User %d renewed, extended to %v", userID, newExpiry)
log.Info().Uint("user_id", userID).Time("expires", newExpiry).Msg("Google Webhook: User renewed")
return nil
}
@@ -659,7 +657,7 @@ func (h *SubscriptionWebhookHandler) handleGoogleRecovered(userID uint, notifica
return err
}
log.Printf("Google Webhook: User %d subscription recovered", userID)
log.Info().Uint("user_id", userID).Msg("Google Webhook: User subscription recovered")
return nil
}
@@ -673,19 +671,19 @@ func (h *SubscriptionWebhookHandler) handleGoogleCanceled(userID uint, notificat
return err
}
log.Printf("Google Webhook: User %d canceled, will expire at end of period", userID)
log.Info().Uint("user_id", userID).Msg("Google Webhook: User canceled, will expire at end of period")
return nil
}
func (h *SubscriptionWebhookHandler) handleGoogleOnHold(userID uint, notification *GoogleSubscriptionNotification) error {
// Account hold - payment issue, may recover
log.Printf("Google Webhook: User %d subscription on hold", userID)
log.Warn().Uint("user_id", userID).Msg("Google Webhook: User subscription on hold")
return nil
}
func (h *SubscriptionWebhookHandler) handleGoogleGracePeriod(userID uint, notification *GoogleSubscriptionNotification) error {
// In grace period - user still has access but billing failed
log.Printf("Google Webhook: User %d in grace period", userID)
log.Warn().Uint("user_id", userID).Msg("Google Webhook: User in grace period")
return nil
}
@@ -702,7 +700,7 @@ func (h *SubscriptionWebhookHandler) handleGoogleRestarted(userID uint, notifica
return err
}
log.Printf("Google Webhook: User %d restarted subscription", userID)
log.Info().Uint("user_id", userID).Msg("Google Webhook: User restarted subscription")
return nil
}
@@ -712,7 +710,7 @@ func (h *SubscriptionWebhookHandler) handleGoogleRevoked(userID uint, notificati
return err
}
log.Printf("Google Webhook: User %d subscription revoked", userID)
log.Info().Uint("user_id", userID).Msg("Google Webhook: User subscription revoked")
return nil
}
@@ -722,13 +720,13 @@ func (h *SubscriptionWebhookHandler) handleGoogleExpired(userID uint, notificati
return err
}
log.Printf("Google Webhook: User %d subscription expired", userID)
log.Info().Uint("user_id", userID).Msg("Google Webhook: User subscription expired")
return nil
}
func (h *SubscriptionWebhookHandler) handleGooglePaused(userID uint, notification *GoogleSubscriptionNotification) error {
// Subscription paused by user
log.Printf("Google Webhook: User %d subscription paused", userID)
log.Info().Uint("user_id", userID).Msg("Google Webhook: User subscription paused")
return nil
}
@@ -736,18 +734,21 @@ func (h *SubscriptionWebhookHandler) handleGooglePaused(userID uint, notificatio
// Signature Verification (Optional but Recommended)
// ====================
// VerifyAppleSignature verifies the JWS signature using Apple's root certificate
// This is optional but recommended for production
// VerifyAppleSignature verifies the JWS signature using Apple's root certificate.
// If root certificates are not loaded, verification fails (deny by default).
func (h *SubscriptionWebhookHandler) VerifyAppleSignature(signedPayload string) error {
// Load Apple's root certificate if not already loaded
// Deny by default when root certificates are not loaded.
if h.appleRootCerts == nil {
// Apple's root certificates can be downloaded from:
// https://www.apple.com/certificateauthority/
// You'd typically embed these or load from a file
return nil // Skip verification for now
return fmt.Errorf("Apple root certificates not configured: cannot verify JWS signature")
}
// Parse the JWS token
// Build a certificate pool from the loaded Apple root certificates
rootPool := x509.NewCertPool()
for _, cert := range h.appleRootCerts {
rootPool.AddCert(cert)
}
// Parse the JWS token and verify the signature using the x5c certificate chain
token, err := jwt.Parse(signedPayload, func(token *jwt.Token) (interface{}, error) {
// Get the x5c header (certificate chain)
x5c, ok := token.Header["x5c"].([]interface{})
@@ -755,21 +756,46 @@ func (h *SubscriptionWebhookHandler) VerifyAppleSignature(signedPayload string)
return nil, fmt.Errorf("missing x5c header")
}
// Decode the first certificate (leaf)
// Decode the leaf certificate
certData, err := base64.StdEncoding.DecodeString(x5c[0].(string))
if err != nil {
return nil, fmt.Errorf("failed to decode certificate: %w", err)
}
cert, err := x509.ParseCertificate(certData)
leafCert, err := x509.ParseCertificate(certData)
if err != nil {
return nil, fmt.Errorf("failed to parse certificate: %w", err)
}
// Verify the certificate chain (simplified)
// In production, you should verify the full chain
// Build intermediate pool from remaining x5c entries
intermediatePool := x509.NewCertPool()
for i := 1; i < len(x5c); i++ {
intermData, err := base64.StdEncoding.DecodeString(x5c[i].(string))
if err != nil {
return nil, fmt.Errorf("failed to decode intermediate certificate: %w", err)
}
intermCert, err := x509.ParseCertificate(intermData)
if err != nil {
return nil, fmt.Errorf("failed to parse intermediate certificate: %w", err)
}
intermediatePool.AddCert(intermCert)
}
return cert.PublicKey.(*ecdsa.PublicKey), nil
// Verify the certificate chain against Apple's root certificates
opts := x509.VerifyOptions{
Roots: rootPool,
Intermediates: intermediatePool,
}
if _, err := leafCert.Verify(opts); err != nil {
return nil, fmt.Errorf("certificate chain verification failed: %w", err)
}
ecdsaKey, ok := leafCert.PublicKey.(*ecdsa.PublicKey)
if !ok {
return nil, fmt.Errorf("leaf certificate public key is not ECDSA")
}
return ecdsaKey, nil
})
if err != nil {
@@ -783,13 +809,58 @@ func (h *SubscriptionWebhookHandler) VerifyAppleSignature(signedPayload string)
return nil
}
// VerifyGooglePubSubToken verifies the Pub/Sub push token (if configured)
// VerifyGooglePubSubToken verifies the Pub/Sub push authentication token.
// Returns false (deny) when the Authorization header is missing or the token
// cannot be validated. This prevents unauthenticated callers from injecting
// webhook events.
func (h *SubscriptionWebhookHandler) VerifyGooglePubSubToken(c echo.Context) bool {
// If you configured a push endpoint with authentication, verify here
// The token is typically in the Authorization header
authHeader := c.Request().Header.Get("Authorization")
if authHeader == "" {
log.Warn().Msg("Google Webhook: missing Authorization header")
return false
}
// Expect "Bearer <token>" format
if !strings.HasPrefix(authHeader, "Bearer ") {
log.Warn().Msg("Google Webhook: Authorization header is not Bearer token")
return false
}
bearerToken := strings.TrimPrefix(authHeader, "Bearer ")
if bearerToken == "" {
log.Warn().Msg("Google Webhook: empty Bearer token")
return false
}
// Parse the token as a JWT. Google Pub/Sub push tokens are signed JWTs
// issued by accounts.google.com. We verify the claims to ensure the
// token was intended for our service.
token, _, err := jwt.NewParser().ParseUnverified(bearerToken, jwt.MapClaims{})
if err != nil {
log.Warn().Err(err).Msg("Google Webhook: failed to parse Bearer token")
return false
}
claims, ok := token.Claims.(jwt.MapClaims)
if !ok {
log.Warn().Msg("Google Webhook: invalid token claims")
return false
}
// Verify issuer is Google
issuer, _ := claims.GetIssuer()
if issuer != "accounts.google.com" && issuer != "https://accounts.google.com" {
log.Warn().Str("issuer", issuer).Msg("Google Webhook: unexpected issuer")
return false
}
// Verify the email claim matches a Google service account
email, _ := claims["email"].(string)
if email == "" || !strings.HasSuffix(email, ".gserviceaccount.com") {
log.Warn().Str("email", email).Msg("Google Webhook: token email is not a Google service account")
return false
}
// For now, we rely on the endpoint being protected by your infrastructure
// (e.g., only accessible from Google's IP ranges)
return true
}

56
internal/handlers/subscription_webhook_handler_test.go Normal file
View File

@@ -0,0 +1,56 @@
package handlers
import (
"net/http"
"net/http/httptest"
"testing"
"github.com/labstack/echo/v4"
"github.com/stretchr/testify/assert"
)
func TestVerifyGooglePubSubToken_MissingAuth_ReturnsFalse(t *testing.T) {
handler := &SubscriptionWebhookHandler{enabled: true}
e := echo.New()
// Request with no Authorization header
req := httptest.NewRequest(http.MethodPost, "/api/subscription/webhook/google/", nil)
rec := httptest.NewRecorder()
c := e.NewContext(req, rec)
result := handler.VerifyGooglePubSubToken(c)
assert.False(t, result, "VerifyGooglePubSubToken should return false when Authorization header is missing")
}
func TestVerifyGooglePubSubToken_InvalidToken_ReturnsFalse(t *testing.T) {
handler := &SubscriptionWebhookHandler{enabled: true}
e := echo.New()
req := httptest.NewRequest(http.MethodPost, "/api/subscription/webhook/google/", nil)
req.Header.Set("Authorization", "Bearer invalid-garbage-token")
rec := httptest.NewRecorder()
c := e.NewContext(req, rec)
result := handler.VerifyGooglePubSubToken(c)
assert.False(t, result, "VerifyGooglePubSubToken should return false for an invalid/unverifiable token")
}
func TestDecodeAppleSignedPayload_InvalidJWS_ReturnsError(t *testing.T) {
handler := &SubscriptionWebhookHandler{enabled: true}
// No signature parts
_, err := handler.decodeAppleSignedPayload("not-a-jws")
assert.Error(t, err, "should reject payload that is not valid JWS format")
}
func TestDecodeAppleSignedPayload_VerificationFails_ReturnsError(t *testing.T) {
handler := &SubscriptionWebhookHandler{enabled: true}
// Construct a JWS-shaped string with 3 parts but no valid signature.
// The handler should now attempt verification and fail.
// header.payload.signature -- all base64url garbage
fakeJWS := "eyJhbGciOiJFUzI1NiJ9.eyJ0ZXN0IjoidHJ1ZSJ9.invalidsig"
_, err := handler.decodeAppleSignedPayload(fakeJWS)
assert.Error(t, err, "should return error when Apple signature verification fails")
}

108
internal/handlers/task_handler.go
View File

@@ -12,7 +12,6 @@ import (
"github.com/treytartt/casera-api/internal/apperrors"
"github.com/treytartt/casera-api/internal/dto/requests"
"github.com/treytartt/casera-api/internal/middleware"
"github.com/treytartt/casera-api/internal/models"
"github.com/treytartt/casera-api/internal/services"
)
@@ -32,13 +31,16 @@ func NewTaskHandler(taskService *services.TaskService, storageService *services.
// ListTasks handles GET /api/tasks/
func (h *TaskHandler) ListTasks(c echo.Context) error {
user := c.Get(middleware.AuthUserKey).(*models.User)
user, err := middleware.MustGetAuthUser(c)
if err != nil {
return err
}
userNow := middleware.GetUserNow(c)
// Auto-capture timezone from header for background job calculations (e.g., daily digest)
// This runs in a goroutine to avoid blocking the response
// Runs synchronously — this is a lightweight DB upsert that should complete quickly
if tzHeader := c.Request().Header.Get("X-Timezone"); tzHeader != "" {
go h.taskService.UpdateUserTimezone(user.ID, tzHeader)
h.taskService.UpdateUserTimezone(user.ID, tzHeader)
}
daysThreshold := 30
@@ -62,7 +64,10 @@ func (h *TaskHandler) ListTasks(c echo.Context) error {
// GetTask handles GET /api/tasks/:id/
func (h *TaskHandler) GetTask(c echo.Context) error {
user := c.Get(middleware.AuthUserKey).(*models.User)
user, err := middleware.MustGetAuthUser(c)
if err != nil {
return err
}
taskID, err := strconv.ParseUint(c.Param("id"), 10, 32)
if err != nil {
return apperrors.BadRequest("error.invalid_task_id")
@@ -77,7 +82,10 @@ func (h *TaskHandler) GetTask(c echo.Context) error {
// GetTasksByResidence handles GET /api/tasks/by-residence/:residence_id/
func (h *TaskHandler) GetTasksByResidence(c echo.Context) error {
user := c.Get(middleware.AuthUserKey).(*models.User)
user, err := middleware.MustGetAuthUser(c)
if err != nil {
return err
}
userNow := middleware.GetUserNow(c)
residenceID, err := strconv.ParseUint(c.Param("residence_id"), 10, 32)
@@ -106,13 +114,19 @@ func (h *TaskHandler) GetTasksByResidence(c echo.Context) error {
// CreateTask handles POST /api/tasks/
func (h *TaskHandler) CreateTask(c echo.Context) error {
user := c.Get(middleware.AuthUserKey).(*models.User)
user, err := middleware.MustGetAuthUser(c)
if err != nil {
return err
}
userNow := middleware.GetUserNow(c)
var req requests.CreateTaskRequest
if err := c.Bind(&req); err != nil {
return apperrors.BadRequest("error.invalid_request")
}
if err := c.Validate(&req); err != nil {
return err
}
response, err := h.taskService.CreateTask(&req, user.ID, userNow)
if err != nil {
@@ -123,7 +137,10 @@ func (h *TaskHandler) CreateTask(c echo.Context) error {
// UpdateTask handles PUT/PATCH /api/tasks/:id/
func (h *TaskHandler) UpdateTask(c echo.Context) error {
user := c.Get(middleware.AuthUserKey).(*models.User)
user, err := middleware.MustGetAuthUser(c)
if err != nil {
return err
}
userNow := middleware.GetUserNow(c)
taskID, err := strconv.ParseUint(c.Param("id"), 10, 32)
@@ -135,6 +152,9 @@ func (h *TaskHandler) UpdateTask(c echo.Context) error {
if err := c.Bind(&req); err != nil {
return apperrors.BadRequest("error.invalid_request")
}
if err := c.Validate(&req); err != nil {
return err
}
response, err := h.taskService.UpdateTask(uint(taskID), user.ID, &req, userNow)
if err != nil {
@@ -145,7 +165,10 @@ func (h *TaskHandler) UpdateTask(c echo.Context) error {
// DeleteTask handles DELETE /api/tasks/:id/
func (h *TaskHandler) DeleteTask(c echo.Context) error {
user := c.Get(middleware.AuthUserKey).(*models.User)
user, err := middleware.MustGetAuthUser(c)
if err != nil {
return err
}
taskID, err := strconv.ParseUint(c.Param("id"), 10, 32)
if err != nil {
return apperrors.BadRequest("error.invalid_task_id")
@@ -160,7 +183,10 @@ func (h *TaskHandler) DeleteTask(c echo.Context) error {
// MarkInProgress handles POST /api/tasks/:id/mark-in-progress/
func (h *TaskHandler) MarkInProgress(c echo.Context) error {
user := c.Get(middleware.AuthUserKey).(*models.User)
user, err := middleware.MustGetAuthUser(c)
if err != nil {
return err
}
userNow := middleware.GetUserNow(c)
taskID, err := strconv.ParseUint(c.Param("id"), 10, 32)
@@ -177,7 +203,10 @@ func (h *TaskHandler) MarkInProgress(c echo.Context) error {
// CancelTask handles POST /api/tasks/:id/cancel/
func (h *TaskHandler) CancelTask(c echo.Context) error {
user := c.Get(middleware.AuthUserKey).(*models.User)
user, err := middleware.MustGetAuthUser(c)
if err != nil {
return err
}
userNow := middleware.GetUserNow(c)
taskID, err := strconv.ParseUint(c.Param("id"), 10, 32)
@@ -194,7 +223,10 @@ func (h *TaskHandler) CancelTask(c echo.Context) error {
// UncancelTask handles POST /api/tasks/:id/uncancel/
func (h *TaskHandler) UncancelTask(c echo.Context) error {
user := c.Get(middleware.AuthUserKey).(*models.User)
user, err := middleware.MustGetAuthUser(c)
if err != nil {
return err
}
userNow := middleware.GetUserNow(c)
taskID, err := strconv.ParseUint(c.Param("id"), 10, 32)
@@ -211,7 +243,10 @@ func (h *TaskHandler) UncancelTask(c echo.Context) error {
// ArchiveTask handles POST /api/tasks/:id/archive/
func (h *TaskHandler) ArchiveTask(c echo.Context) error {
user := c.Get(middleware.AuthUserKey).(*models.User)
user, err := middleware.MustGetAuthUser(c)
if err != nil {
return err
}
userNow := middleware.GetUserNow(c)
taskID, err := strconv.ParseUint(c.Param("id"), 10, 32)
@@ -228,7 +263,10 @@ func (h *TaskHandler) ArchiveTask(c echo.Context) error {
// UnarchiveTask handles POST /api/tasks/:id/unarchive/
func (h *TaskHandler) UnarchiveTask(c echo.Context) error {
user := c.Get(middleware.AuthUserKey).(*models.User)
user, err := middleware.MustGetAuthUser(c)
if err != nil {
return err
}
userNow := middleware.GetUserNow(c)
taskID, err := strconv.ParseUint(c.Param("id"), 10, 32)
@@ -246,7 +284,10 @@ func (h *TaskHandler) UnarchiveTask(c echo.Context) error {
// QuickComplete handles POST /api/tasks/:id/quick-complete/
// Lightweight endpoint for widget - just returns 200 OK on success
func (h *TaskHandler) QuickComplete(c echo.Context) error {
user := c.Get(middleware.AuthUserKey).(*models.User)
user, err := middleware.MustGetAuthUser(c)
if err != nil {
return err
}
taskID, err := strconv.ParseUint(c.Param("id"), 10, 32)
if err != nil {
return apperrors.BadRequest("error.invalid_task_id")
@@ -263,7 +304,10 @@ func (h *TaskHandler) QuickComplete(c echo.Context) error {
// GetTaskCompletions handles GET /api/tasks/:id/completions/
func (h *TaskHandler) GetTaskCompletions(c echo.Context) error {
user := c.Get(middleware.AuthUserKey).(*models.User)
user, err := middleware.MustGetAuthUser(c)
if err != nil {
return err
}
taskID, err := strconv.ParseUint(c.Param("id"), 10, 32)
if err != nil {
return apperrors.BadRequest("error.invalid_task_id")
@@ -278,7 +322,10 @@ func (h *TaskHandler) GetTaskCompletions(c echo.Context) error {
// ListCompletions handles GET /api/task-completions/
func (h *TaskHandler) ListCompletions(c echo.Context) error {
user := c.Get(middleware.AuthUserKey).(*models.User)
user, err := middleware.MustGetAuthUser(c)
if err != nil {
return err
}
response, err := h.taskService.ListCompletions(user.ID)
if err != nil {
return err
@@ -288,7 +335,10 @@ func (h *TaskHandler) ListCompletions(c echo.Context) error {
// GetCompletion handles GET /api/task-completions/:id/
func (h *TaskHandler) GetCompletion(c echo.Context) error {
user := c.Get(middleware.AuthUserKey).(*models.User)
user, err := middleware.MustGetAuthUser(c)
if err != nil {
return err
}
completionID, err := strconv.ParseUint(c.Param("id"), 10, 32)
if err != nil {
return apperrors.BadRequest("error.invalid_completion_id")
@@ -304,7 +354,10 @@ func (h *TaskHandler) GetCompletion(c echo.Context) error {
// CreateCompletion handles POST /api/task-completions/
// Supports both JSON and multipart form data (for image uploads)
func (h *TaskHandler) CreateCompletion(c echo.Context) error {
user := c.Get(middleware.AuthUserKey).(*models.User)
user, err := middleware.MustGetAuthUser(c)
if err != nil {
return err
}
userNow := middleware.GetUserNow(c)
var req requests.CreateTaskCompletionRequest
@@ -367,6 +420,10 @@ func (h *TaskHandler) CreateCompletion(c echo.Context) error {
}
}
if err := c.Validate(&req); err != nil {
return err
}
response, err := h.taskService.CreateCompletion(&req, user.ID, userNow)
if err != nil {
return err
@@ -376,7 +433,10 @@ func (h *TaskHandler) CreateCompletion(c echo.Context) error {
// UpdateCompletion handles PUT /api/task-completions/:id/
func (h *TaskHandler) UpdateCompletion(c echo.Context) error {
user := c.Get(middleware.AuthUserKey).(*models.User)
user, err := middleware.MustGetAuthUser(c)
if err != nil {
return err
}
completionID, err := strconv.ParseUint(c.Param("id"), 10, 32)
if err != nil {
return apperrors.BadRequest("error.invalid_completion_id")
@@ -386,6 +446,9 @@ func (h *TaskHandler) UpdateCompletion(c echo.Context) error {
if err := c.Bind(&req); err != nil {
return apperrors.BadRequest("error.invalid_request")
}
if err := c.Validate(&req); err != nil {
return err
}
response, err := h.taskService.UpdateCompletion(uint(completionID), user.ID, &req)
if err != nil {
@@ -396,7 +459,10 @@ func (h *TaskHandler) UpdateCompletion(c echo.Context) error {
// DeleteCompletion handles DELETE /api/task-completions/:id/
func (h *TaskHandler) DeleteCompletion(c echo.Context) error {
user := c.Get(middleware.AuthUserKey).(*models.User)
user, err := middleware.MustGetAuthUser(c)
if err != nil {
return err
}
completionID, err := strconv.ParseUint(c.Param("id"), 10, 32)
if err != nil {
return apperrors.BadRequest("error.invalid_completion_id")

111
internal/handlers/task_handler_test.go
View File

@@ -506,6 +506,52 @@ func TestTaskHandler_CreateCompletion(t *testing.T) {
})
}
func TestTaskHandler_CreateCompletion_Rating6_Returns400(t *testing.T) {
handler, e, db := setupTaskHandler(t)
user := testutil.CreateTestUser(t, db, "owner", "owner@test.com", "password")
residence := testutil.CreateTestResidence(t, db, user.ID, "Test House")
task := testutil.CreateTestTask(t, db, residence.ID, user.ID, "Rate Me")
authGroup := e.Group("/api/task-completions")
authGroup.Use(testutil.MockAuthMiddleware(user))
authGroup.POST("/", handler.CreateCompletion)
t.Run("rating out of bounds rejected", func(t *testing.T) {
rating := 6
req := requests.CreateTaskCompletionRequest{
TaskID: task.ID,
Rating: &rating,
}
w := testutil.MakeRequest(e, "POST", "/api/task-completions/", req, "test-token")
testutil.AssertStatusCode(t, w, http.StatusBadRequest)
})
t.Run("rating zero rejected", func(t *testing.T) {
rating := 0
req := requests.CreateTaskCompletionRequest{
TaskID: task.ID,
Rating: &rating,
}
w := testutil.MakeRequest(e, "POST", "/api/task-completions/", req, "test-token")
testutil.AssertStatusCode(t, w, http.StatusBadRequest)
})
t.Run("rating 5 accepted", func(t *testing.T) {
rating := 5
completedAt := time.Now().UTC()
req := requests.CreateTaskCompletionRequest{
TaskID: task.ID,
CompletedAt: &completedAt,
Rating: &rating,
}
w := testutil.MakeRequest(e, "POST", "/api/task-completions/", req, "test-token")
testutil.AssertStatusCode(t, w, http.StatusCreated)
})
}
func TestTaskHandler_ListCompletions(t *testing.T) {
handler, e, db := setupTaskHandler(t)
user := testutil.CreateTestUser(t, db, "owner", "owner@test.com", "password")
@@ -603,6 +649,71 @@ func TestTaskHandler_DeleteCompletion(t *testing.T) {
})
}
func TestTaskHandler_CreateTask_EmptyTitle_Returns400(t *testing.T) {
handler, e, db := setupTaskHandler(t)
testutil.SeedLookupData(t, db)
user := testutil.CreateTestUser(t, db, "owner", "owner@test.com", "password")
residence := testutil.CreateTestResidence(t, db, user.ID, "Test House")
authGroup := e.Group("/api/tasks")
authGroup.Use(testutil.MockAuthMiddleware(user))
authGroup.POST("/", handler.CreateTask)
t.Run("empty body returns 400 with validation errors", func(t *testing.T) {
w := testutil.MakeRequest(e, "POST", "/api/tasks/", map[string]interface{}{}, "test-token")
testutil.AssertStatusCode(t, w, http.StatusBadRequest)
var response map[string]interface{}
err := json.Unmarshal(w.Body.Bytes(), &response)
require.NoError(t, err)
// Should contain structured validation error
assert.Contains(t, response, "error")
assert.Contains(t, response, "fields")
fields := response["fields"].(map[string]interface{})
assert.Contains(t, fields, "residence_id", "validation error should reference 'residence_id'")
assert.Contains(t, fields, "title", "validation error should reference 'title'")
})
t.Run("missing title returns 400", func(t *testing.T) {
req := map[string]interface{}{
"residence_id": residence.ID,
}
w := testutil.MakeRequest(e, "POST", "/api/tasks/", req, "test-token")
testutil.AssertStatusCode(t, w, http.StatusBadRequest)
var response map[string]interface{}
err := json.Unmarshal(w.Body.Bytes(), &response)
require.NoError(t, err)
assert.Contains(t, response, "fields")
fields := response["fields"].(map[string]interface{})
assert.Contains(t, fields, "title", "validation error should reference 'title'")
})
t.Run("missing residence_id returns 400", func(t *testing.T) {
req := map[string]interface{}{
"title": "Test Task",
}
w := testutil.MakeRequest(e, "POST", "/api/tasks/", req, "test-token")
testutil.AssertStatusCode(t, w, http.StatusBadRequest)
var response map[string]interface{}
err := json.Unmarshal(w.Body.Bytes(), &response)
require.NoError(t, err)
assert.Contains(t, response, "fields")
fields := response["fields"].(map[string]interface{})
assert.Contains(t, fields, "residence_id", "validation error should reference 'residence_id'")
})
}
func TestTaskHandler_GetLookups(t *testing.T) {
handler, e, db := setupTaskHandler(t)
testutil.SeedLookupData(t, db)

10
internal/handlers/tracking_handler.go
View File

@@ -5,6 +5,7 @@ import (
"net/http"
"github.com/labstack/echo/v4"
"github.com/rs/zerolog/log"
"github.com/treytartt/casera-api/internal/services"
)
@@ -32,7 +33,14 @@ func (h *TrackingHandler) TrackEmailOpen(c echo.Context) error {
if trackingID != "" && h.onboardingService != nil {
// Record the open (async, don't block response)
go func() {
_ = h.onboardingService.RecordEmailOpened(trackingID)
defer func() {
if r := recover(); r != nil {
log.Error().Interface("panic", r).Str("tracking_id", trackingID).Msg("Panic in email open tracking goroutine")
}
}()
if err := h.onboardingService.RecordEmailOpened(trackingID); err != nil {
log.Error().Err(err).Str("tracking_id", trackingID).Msg("Failed to record email open")
}
}()
}

32
internal/handlers/upload_handler.go
View File

@@ -4,8 +4,11 @@ import (
"net/http"
"github.com/labstack/echo/v4"
"github.com/rs/zerolog/log"
"github.com/treytartt/casera-api/internal/apperrors"
"github.com/treytartt/casera-api/internal/middleware"
"github.com/treytartt/casera-api/internal/models"
"github.com/treytartt/casera-api/internal/services"
)
@@ -73,17 +76,38 @@ func (h *UploadHandler) UploadCompletion(c echo.Context) error {
return c.JSON(http.StatusOK, result)
}
// DeleteFileRequest is the request body for deleting a file.
type DeleteFileRequest struct {
URL string `json:"url" validate:"required"`
}
// DeleteFile handles DELETE /api/uploads
// Expects JSON body with "url" field
// Expects JSON body with "url" field.
//
// TODO(SEC-18): Add ownership verification. Currently any authenticated user can delete
// any file if they know the URL. The upload system does not track which user uploaded
// which file, so a proper fix requires adding an uploads table or file ownership metadata.
// For now, deletions are logged with user ID for audit trail, and StorageService.Delete
// enforces path containment to prevent deleting files outside the upload directory.
func (h *UploadHandler) DeleteFile(c echo.Context) error {
var req struct {
URL string `json:"url" binding:"required"`
}
var req DeleteFileRequest
if err := c.Bind(&req); err != nil {
return apperrors.BadRequest("error.invalid_request")
}
if err := c.Validate(&req); err != nil {
return apperrors.BadRequest("error.url_required")
}
// Log the deletion with user ID for audit trail
if user, ok := c.Get(middleware.AuthUserKey).(*models.User); ok {
log.Info().
Uint("user_id", user.ID).
Str("file_url", req.URL).
Msg("File deletion requested")
}
if err := h.storageService.Delete(req.URL); err != nil {
return err
}

43
internal/handlers/upload_handler_test.go Normal file
View File

@@ -0,0 +1,43 @@
package handlers
import (
"net/http"
"testing"
"github.com/treytartt/casera-api/internal/i18n"
"github.com/treytartt/casera-api/internal/testutil"
)
func init() {
// Initialize i18n so the custom error handler can localize error messages.
// Other handler tests get this from testutil.SetupTestDB, but these tests
// don't need a database.
i18n.Init()
}
func TestDeleteFile_MissingURL_Returns400(t *testing.T) {
// Use a test storage service — DeleteFile won't reach storage since validation fails first
storageSvc := newTestStorageService("/var/uploads")
handler := NewUploadHandler(storageSvc)
e := testutil.SetupTestRouter()
// Register route
e.DELETE("/api/uploads/", handler.DeleteFile)
// Send request with empty JSON body (url field missing)
w := testutil.MakeRequest(e, http.MethodDelete, "/api/uploads/", map[string]string{}, "test-token")
testutil.AssertStatusCode(t, w, http.StatusBadRequest)
}
func TestDeleteFile_EmptyURL_Returns400(t *testing.T) {
storageSvc := newTestStorageService("/var/uploads")
handler := NewUploadHandler(storageSvc)
e := testutil.SetupTestRouter()
e.DELETE("/api/uploads/", handler.DeleteFile)
// Send request with empty url field
w := testutil.MakeRequest(e, http.MethodDelete, "/api/uploads/", map[string]string{"url": ""}, "test-token")
testutil.AssertStatusCode(t, w, http.StatusBadRequest)
}

16
internal/handlers/user_handler.go
View File

@@ -8,7 +8,6 @@ import (
"github.com/treytartt/casera-api/internal/apperrors"
"github.com/treytartt/casera-api/internal/middleware"
"github.com/treytartt/casera-api/internal/models"
"github.com/treytartt/casera-api/internal/services"
)
@@ -26,7 +25,10 @@ func NewUserHandler(userService *services.UserService) *UserHandler {
// ListUsers handles GET /api/users/
func (h *UserHandler) ListUsers(c echo.Context) error {
user := c.Get(middleware.AuthUserKey).(*models.User)
user, err := middleware.MustGetAuthUser(c)
if err != nil {
return err
}
// Only allow listing users that share residences with the current user
users, err := h.userService.ListUsersInSharedResidences(user.ID)
@@ -42,7 +44,10 @@ func (h *UserHandler) ListUsers(c echo.Context) error {
// GetUser handles GET /api/users/:id/
func (h *UserHandler) GetUser(c echo.Context) error {
user := c.Get(middleware.AuthUserKey).(*models.User)
user, err := middleware.MustGetAuthUser(c)
if err != nil {
return err
}
userID, err := strconv.ParseUint(c.Param("id"), 10, 32)
if err != nil {
@@ -60,7 +65,10 @@ func (h *UserHandler) GetUser(c echo.Context) error {
// ListProfiles handles GET /api/users/profiles/
func (h *UserHandler) ListProfiles(c echo.Context) error {
user := c.Get(middleware.AuthUserKey).(*models.User)
user, err := middleware.MustGetAuthUser(c)
if err != nil {
return err
}
// List profiles of users in shared residences
profiles, err := h.userService.ListProfilesInSharedResidences(user.ID)

633
internal/integration/security_regression_test.go Normal file
View File

@@ -0,0 +1,633 @@
package integration
import (
"bytes"
"encoding/json"
"fmt"
"net/http"
"net/http/httptest"
"testing"
"time"
"github.com/labstack/echo/v4"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"gorm.io/gorm"
"github.com/treytartt/casera-api/internal/admin/dto"
adminhandlers "github.com/treytartt/casera-api/internal/admin/handlers"
"github.com/treytartt/casera-api/internal/apperrors"
"github.com/treytartt/casera-api/internal/config"
"github.com/treytartt/casera-api/internal/handlers"
"github.com/treytartt/casera-api/internal/middleware"
"github.com/treytartt/casera-api/internal/models"
"github.com/treytartt/casera-api/internal/repositories"
"github.com/treytartt/casera-api/internal/services"
"github.com/treytartt/casera-api/internal/testutil"
"github.com/treytartt/casera-api/internal/validator"
)
// ============ Security Regression Test App ============
// SecurityTestApp holds components for security regression integration testing.
type SecurityTestApp struct {
DB *gorm.DB
Router *echo.Echo
SubscriptionService *services.SubscriptionService
SubscriptionRepo *repositories.SubscriptionRepository
}
func setupSecurityTest(t *testing.T) *SecurityTestApp {
db := testutil.SetupTestDB(t)
testutil.SeedLookupData(t, db)
// Create repositories
userRepo := repositories.NewUserRepository(db)
residenceRepo := repositories.NewResidenceRepository(db)
taskRepo := repositories.NewTaskRepository(db)
contractorRepo := repositories.NewContractorRepository(db)
documentRepo := repositories.NewDocumentRepository(db)
subscriptionRepo := repositories.NewSubscriptionRepository(db)
notificationRepo := repositories.NewNotificationRepository(db)
// Create config
cfg := &config.Config{
Security: config.SecurityConfig{
SecretKey: "test-secret-key-for-security-tests",
PasswordResetExpiry: 15 * time.Minute,
ConfirmationExpiry: 24 * time.Hour,
MaxPasswordResetRate: 3,
},
}
// Create services
authService := services.NewAuthService(userRepo, cfg)
residenceService := services.NewResidenceService(residenceRepo, userRepo, cfg)
subscriptionService := services.NewSubscriptionService(subscriptionRepo, residenceRepo, taskRepo, contractorRepo, documentRepo)
taskService := services.NewTaskService(taskRepo, residenceRepo)
notificationService := services.NewNotificationService(notificationRepo, nil)
// Wire up subscription service for tier limit enforcement
residenceService.SetSubscriptionService(subscriptionService)
// Create handlers
authHandler := handlers.NewAuthHandler(authService, nil, nil)
residenceHandler := handlers.NewResidenceHandler(residenceService, nil, nil, true)
taskHandler := handlers.NewTaskHandler(taskService, nil)
contractorHandler := handlers.NewContractorHandler(services.NewContractorService(contractorRepo, residenceRepo))
notificationHandler := handlers.NewNotificationHandler(notificationService)
subscriptionHandler := handlers.NewSubscriptionHandler(subscriptionService)
// Create router with real middleware
e := echo.New()
e.Validator = validator.NewCustomValidator()
e.HTTPErrorHandler = apperrors.HTTPErrorHandler
e.Use(middleware.TimezoneMiddleware())
// Public routes
auth := e.Group("/api/auth")
{
auth.POST("/register", authHandler.Register)
auth.POST("/login", authHandler.Login)
}
// Protected routes
authMiddleware := middleware.NewAuthMiddleware(db, nil)
api := e.Group("/api")
api.Use(authMiddleware.TokenAuth())
{
api.GET("/auth/me", authHandler.CurrentUser)
api.POST("/auth/logout", authHandler.Logout)
residences := api.Group("/residences")
{
residences.GET("", residenceHandler.ListResidences)
residences.POST("", residenceHandler.CreateResidence)
residences.GET("/:id", residenceHandler.GetResidence)
residences.PUT("/:id", residenceHandler.UpdateResidence)
residences.DELETE("/:id", residenceHandler.DeleteResidence)
}
tasks := api.Group("/tasks")
{
tasks.GET("", taskHandler.ListTasks)
tasks.POST("", taskHandler.CreateTask)
tasks.GET("/:id", taskHandler.GetTask)
tasks.PUT("/:id", taskHandler.UpdateTask)
tasks.DELETE("/:id", taskHandler.DeleteTask)
}
completions := api.Group("/completions")
{
completions.GET("", taskHandler.ListCompletions)
completions.POST("", taskHandler.CreateCompletion)
completions.GET("/:id", taskHandler.GetCompletion)
completions.DELETE("/:id", taskHandler.DeleteCompletion)
}
contractors := api.Group("/contractors")
{
contractors.GET("", contractorHandler.ListContractors)
contractors.POST("", contractorHandler.CreateContractor)
contractors.GET("/:id", contractorHandler.GetContractor)
}
subscription := api.Group("/subscription")
{
subscription.GET("/", subscriptionHandler.GetSubscription)
subscription.GET("/status/", subscriptionHandler.GetSubscriptionStatus)
subscription.POST("/purchase/", subscriptionHandler.ProcessPurchase)
}
notifications := api.Group("/notifications")
{
notifications.GET("", notificationHandler.ListNotifications)
}
}
return &SecurityTestApp{
DB: db,
Router: e,
SubscriptionService: subscriptionService,
SubscriptionRepo: subscriptionRepo,
}
}
// registerAndLoginSec registers and logs in a user, returns token and user ID.
func (app *SecurityTestApp) registerAndLoginSec(t *testing.T, username, email, password string) (string, uint) {
// Register
registerBody := map[string]string{
"username": username,
"email": email,
"password": password,
}
w := app.makeAuthReq(t, "POST", "/api/auth/register", registerBody, "")
require.Equal(t, http.StatusCreated, w.Code, "Registration should succeed for %s", username)
// Login
loginBody := map[string]string{
"username": username,
"password": password,
}
w = app.makeAuthReq(t, "POST", "/api/auth/login", loginBody, "")
require.Equal(t, http.StatusOK, w.Code, "Login should succeed for %s", username)
var loginResp map[string]interface{}
err := json.Unmarshal(w.Body.Bytes(), &loginResp)
require.NoError(t, err)
token := loginResp["token"].(string)
userMap := loginResp["user"].(map[string]interface{})
userID := uint(userMap["id"].(float64))
return token, userID
}
// makeAuthReq creates and sends an HTTP request through the router.
func (app *SecurityTestApp) makeAuthReq(t *testing.T, method, path string, body interface{}, token string) *httptest.ResponseRecorder {
var reqBody []byte
var err error
if body != nil {
reqBody, err = json.Marshal(body)
require.NoError(t, err)
}
req := httptest.NewRequest(method, path, bytes.NewBuffer(reqBody))
req.Header.Set("Content-Type", "application/json")
if token != "" {
req.Header.Set("Authorization", "Token "+token)
}
w := httptest.NewRecorder()
app.Router.ServeHTTP(w, req)
return w
}
// ============ Test 1: Path Traversal Blocked ============
// TestE2E_PathTraversal_AllMediaEndpoints_Blocked verifies that the SafeResolvePath
// function (used by all media endpoints) blocks path traversal attempts.
// A document with a traversal URL like ../../../etc/passwd cannot be used to read
// arbitrary files from the filesystem.
func TestE2E_PathTraversal_AllMediaEndpoints_Blocked(t *testing.T) {
// Test the SafeResolvePath function that guards all three media endpoints:
// ServeDocument, ServeDocumentImage, ServeCompletionImage
// Each calls resolveFilePath -> SafeResolvePath to validate containment.
traversalPaths := []struct {
name string
url string
}{
{"simple dotdot", "../../../etc/passwd"},
{"nested dotdot", "../../etc/shadow"},
{"embedded dotdot", "images/../../../../../../etc/passwd"},
{"deep traversal", "a/b/c/../../../../etc/passwd"},
{"uploads prefix with dotdot", "../../../etc/passwd"},
}
for _, tt := range traversalPaths {
t.Run(tt.name, func(t *testing.T) {
// SafeResolvePath must reject all traversal attempts
_, err := services.SafeResolvePath("/var/uploads", tt.url)
assert.Error(t, err, "Path traversal should be blocked for: %s", tt.url)
})
}
// Verify that a legitimate path still works
t.Run("legitimate_path_allowed", func(t *testing.T) {
result, err := services.SafeResolvePath("/var/uploads", "documents/file.pdf")
assert.NoError(t, err, "Legitimate path should be allowed")
assert.Equal(t, "/var/uploads/documents/file.pdf", result)
})
// Verify absolute paths are blocked
t.Run("absolute_path_blocked", func(t *testing.T) {
_, err := services.SafeResolvePath("/var/uploads", "/etc/passwd")
assert.Error(t, err, "Absolute paths should be blocked")
})
// Verify empty paths are blocked
t.Run("empty_path_blocked", func(t *testing.T) {
_, err := services.SafeResolvePath("/var/uploads", "")
assert.Error(t, err, "Empty paths should be blocked")
})
}
// ============ Test 2: SQL Injection in Admin Sort ============
// TestE2E_SQLInjection_AdminSort_Blocked verifies that the admin user list endpoint
// uses the allowlist-based sort column sanitization and does not execute injected SQL.
func TestE2E_SQLInjection_AdminSort_Blocked(t *testing.T) {
db := testutil.SetupTestDB(t)
// Create admin user handler which uses the sort_by parameter
adminUserHandler := adminhandlers.NewAdminUserHandler(db)
// Create a couple of test users to have data to sort
testutil.CreateTestUser(t, db, "alice", "alice@test.com", "password123")
testutil.CreateTestUser(t, db, "bob", "bob@test.com", "password123")
// Set up a minimal Echo instance with the admin handler
e := echo.New()
e.Validator = validator.NewCustomValidator()
e.HTTPErrorHandler = apperrors.HTTPErrorHandler
e.GET("/api/admin/users", adminUserHandler.List)
injections := []struct {
name string
sortBy string
}{
{"DROP TABLE", "created_at; DROP TABLE auth_user; --"},
{"UNION SELECT", "id UNION SELECT password FROM auth_user"},
{"subquery", "(SELECT password FROM auth_user LIMIT 1)"},
{"OR 1=1", "created_at OR 1=1"},
{"semicolon", "created_at;"},
{"single quotes", "name'; DROP TABLE auth_user; --"},
}
for _, tt := range injections {
t.Run(tt.name, func(t *testing.T) {
path := fmt.Sprintf("/api/admin/users?sort_by=%s", tt.sortBy)
w := testutil.MakeRequest(e, "GET", path, nil, "")
// Handler should return 200 (using safe default sort), NOT 500
assert.Equal(t, http.StatusOK, w.Code,
"Admin user list should succeed with safe default sort, not crash from injection: %s", tt.sortBy)
// Parse response to verify valid paginated data
var resp map[string]interface{}
err := json.Unmarshal(w.Body.Bytes(), &resp)
assert.NoError(t, err, "Response should be valid JSON")
// Verify the auth_user table still exists (not dropped)
var count int64
dbErr := db.Model(&models.User{}).Count(&count).Error
assert.NoError(t, dbErr, "auth_user table should still exist after injection attempt")
assert.GreaterOrEqual(t, count, int64(2), "Users should still be in the database")
})
}
// Verify the DTO allowlist directly
t.Run("DTO_GetSafeSortBy_rejects_injection", func(t *testing.T) {
p := dto.PaginationParams{SortBy: "created_at; DROP TABLE auth_user; --"}
result := p.GetSafeSortBy([]string{"id", "username", "email", "date_joined"}, "date_joined")
assert.Equal(t, "date_joined", result, "Injection should fall back to default column")
})
}
// ============ Test 3: IAP Invalid Receipt Does Not Grant Pro ============
// TestE2E_IAP_InvalidReceipt_NoPro verifies that submitting a purchase with
// garbage receipt data does NOT upgrade the user to Pro tier.
func TestE2E_IAP_InvalidReceipt_NoPro(t *testing.T) {
app := setupSecurityTest(t)
token, userID := app.registerAndLoginSec(t, "iapuser", "iap@test.com", "password123")
// Create initial subscription (free tier)
sub := &models.UserSubscription{UserID: userID, Tier: models.TierFree}
require.NoError(t, app.DB.Create(sub).Error)
// Submit a purchase with garbage receipt data
purchaseBody := map[string]interface{}{
"platform": "ios",
"receipt_data": "GARBAGE_RECEIPT_DATA_THAT_IS_NOT_VALID",
}
w := app.makeAuthReq(t, "POST", "/api/subscription/purchase/", purchaseBody, token)
// The purchase should fail (Apple client is nil in test environment)
assert.NotEqual(t, http.StatusOK, w.Code,
"Purchase with garbage receipt should NOT succeed")
// Verify user is still on free tier
updatedSub, err := app.SubscriptionRepo.GetOrCreate(userID)
require.NoError(t, err)
assert.Equal(t, models.TierFree, updatedSub.Tier,
"User should remain on free tier after invalid receipt submission")
}
// ============ Test 4: Completion Transaction Atomicity ============
// TestE2E_CompletionTransaction_Atomic verifies that creating a task completion
// updates both the completion record and the task's NextDueDate together (P1-5/P1-6).
func TestE2E_CompletionTransaction_Atomic(t *testing.T) {
app := setupSecurityTest(t)
token, _ := app.registerAndLoginSec(t, "atomicuser", "atomic@test.com", "password123")
// Create a residence
residenceBody := map[string]interface{}{"name": "Atomic Test House"}
w := app.makeAuthReq(t, "POST", "/api/residences", residenceBody, token)
require.Equal(t, http.StatusCreated, w.Code)
var residenceResp map[string]interface{}
json.Unmarshal(w.Body.Bytes(), &residenceResp)
residenceData := residenceResp["data"].(map[string]interface{})
residenceID := residenceData["id"].(float64)
// Create a one-time task with a due date
dueDate := time.Now().Add(7 * 24 * time.Hour).Format("2006-01-02")
taskBody := map[string]interface{}{
"residence_id": uint(residenceID),
"title": "One-Time Atomic Task",
"due_date": dueDate,
}
w = app.makeAuthReq(t, "POST", "/api/tasks", taskBody, token)
require.Equal(t, http.StatusCreated, w.Code)
var taskResp map[string]interface{}
json.Unmarshal(w.Body.Bytes(), &taskResp)
taskData := taskResp["data"].(map[string]interface{})
taskID := taskData["id"].(float64)
// Verify task has a next_due_date before completion
w = app.makeAuthReq(t, "GET", "/api/tasks/"+formatID(taskID), nil, token)
require.Equal(t, http.StatusOK, w.Code)
var taskBefore map[string]interface{}
json.Unmarshal(w.Body.Bytes(), &taskBefore)
assert.NotNil(t, taskBefore["next_due_date"], "Task should have next_due_date before completion")
// Create completion
completionBody := map[string]interface{}{
"task_id": uint(taskID),
"notes": "Completed for atomicity test",
}
w = app.makeAuthReq(t, "POST", "/api/completions", completionBody, token)
require.Equal(t, http.StatusCreated, w.Code)
var completionResp map[string]interface{}
json.Unmarshal(w.Body.Bytes(), &completionResp)
completionData := completionResp["data"].(map[string]interface{})
completionID := completionData["id"].(float64)
assert.NotZero(t, completionID, "Completion should be created with valid ID")
// Verify task is now completed (next_due_date should be nil for one-time task)
w = app.makeAuthReq(t, "GET", "/api/tasks/"+formatID(taskID), nil, token)
require.Equal(t, http.StatusOK, w.Code)
var taskAfter map[string]interface{}
json.Unmarshal(w.Body.Bytes(), &taskAfter)
assert.Nil(t, taskAfter["next_due_date"],
"One-time task should have nil next_due_date after completion (atomic update)")
assert.Equal(t, "completed_tasks", taskAfter["kanban_column"],
"Task should be in completed column after completion")
// Verify completion record exists
w = app.makeAuthReq(t, "GET", "/api/completions/"+formatID(completionID), nil, token)
assert.Equal(t, http.StatusOK, w.Code, "Completion record should exist")
}
// ============ Test 5: Delete Completion Recalculates NextDueDate ============
// TestE2E_DeleteCompletion_RecalculatesNextDueDate verifies that deleting a completion
// on a recurring task recalculates NextDueDate back to the correct value (P1-7).
func TestE2E_DeleteCompletion_RecalculatesNextDueDate(t *testing.T) {
app := setupSecurityTest(t)
token, _ := app.registerAndLoginSec(t, "recuruser", "recur@test.com", "password123")
// Create a residence
residenceBody := map[string]interface{}{"name": "Recurring Test House"}
w := app.makeAuthReq(t, "POST", "/api/residences", residenceBody, token)
require.Equal(t, http.StatusCreated, w.Code)
var residenceResp map[string]interface{}
json.Unmarshal(w.Body.Bytes(), &residenceResp)
residenceData := residenceResp["data"].(map[string]interface{})
residenceID := residenceData["id"].(float64)
// Get the "Weekly" frequency ID from the database
var weeklyFreq models.TaskFrequency
err := app.DB.Where("name = ?", "Weekly").First(&weeklyFreq).Error
require.NoError(t, err, "Weekly frequency should exist from seed data")
// Create a recurring (weekly) task with a due date
dueDate := time.Now().Add(-1 * 24 * time.Hour).Format("2006-01-02")
taskBody := map[string]interface{}{
"residence_id": uint(residenceID),
"title": "Weekly Recurring Task",
"frequency_id": weeklyFreq.ID,
"due_date": dueDate,
}
w = app.makeAuthReq(t, "POST", "/api/tasks", taskBody, token)
require.Equal(t, http.StatusCreated, w.Code)
var taskResp map[string]interface{}
json.Unmarshal(w.Body.Bytes(), &taskResp)
taskData := taskResp["data"].(map[string]interface{})
taskID := taskData["id"].(float64)
// Record original next_due_date
w = app.makeAuthReq(t, "GET", "/api/tasks/"+formatID(taskID), nil, token)
require.Equal(t, http.StatusOK, w.Code)
var taskOriginal map[string]interface{}
json.Unmarshal(w.Body.Bytes(), &taskOriginal)
originalNextDueDate := taskOriginal["next_due_date"]
require.NotNil(t, originalNextDueDate, "Recurring task should have initial next_due_date")
// Create a completion (should advance NextDueDate by 7 days from completion date)
completionBody := map[string]interface{}{
"task_id": uint(taskID),
"notes": "Weekly completion",
}
w = app.makeAuthReq(t, "POST", "/api/completions", completionBody, token)
require.Equal(t, http.StatusCreated, w.Code)
var completionResp map[string]interface{}
json.Unmarshal(w.Body.Bytes(), &completionResp)
completionData := completionResp["data"].(map[string]interface{})
completionID := completionData["id"].(float64)
// Verify NextDueDate advanced
w = app.makeAuthReq(t, "GET", "/api/tasks/"+formatID(taskID), nil, token)
require.Equal(t, http.StatusOK, w.Code)
var taskAfterCompletion map[string]interface{}
json.Unmarshal(w.Body.Bytes(), &taskAfterCompletion)
advancedNextDueDate := taskAfterCompletion["next_due_date"]
assert.NotNil(t, advancedNextDueDate, "Recurring task should still have next_due_date after completion")
assert.NotEqual(t, originalNextDueDate, advancedNextDueDate,
"NextDueDate should have advanced after completion")
// Delete the completion
w = app.makeAuthReq(t, "DELETE", "/api/completions/"+formatID(completionID), nil, token)
require.Equal(t, http.StatusOK, w.Code)
// Verify NextDueDate was recalculated back to original due date
w = app.makeAuthReq(t, "GET", "/api/tasks/"+formatID(taskID), nil, token)
require.Equal(t, http.StatusOK, w.Code)
var taskAfterDelete map[string]interface{}
json.Unmarshal(w.Body.Bytes(), &taskAfterDelete)
restoredNextDueDate := taskAfterDelete["next_due_date"]
// After deleting the only completion, NextDueDate should be restored to the original DueDate
assert.NotNil(t, restoredNextDueDate, "NextDueDate should be restored after deleting the only completion")
assert.Equal(t, originalNextDueDate, restoredNextDueDate,
"NextDueDate should be recalculated back to original due date after completion deletion")
}
// ============ Test 6: Tier Limits Enforced ============
// TestE2E_TierLimits_Enforced verifies that a free-tier user cannot exceed the
// configured property limit.
func TestE2E_TierLimits_Enforced(t *testing.T) {
app := setupSecurityTest(t)
token, userID := app.registerAndLoginSec(t, "tieruser", "tier@test.com", "password123")
// Enable global limitations
app.DB.Where("1=1").Delete(&models.SubscriptionSettings{})
settings := &models.SubscriptionSettings{EnableLimitations: true}
require.NoError(t, app.DB.Create(settings).Error)
// Set free tier limit to 1 property
one := 1
app.DB.Where("tier = ?", models.TierFree).Delete(&models.TierLimits{})
freeLimits := &models.TierLimits{
Tier: models.TierFree,
PropertiesLimit: &one,
}
require.NoError(t, app.DB.Create(freeLimits).Error)
// Ensure user is on free tier
sub, err := app.SubscriptionRepo.GetOrCreate(userID)
require.NoError(t, err)
require.Equal(t, models.TierFree, sub.Tier)
// First residence should succeed
residenceBody := map[string]interface{}{"name": "First Property"}
w := app.makeAuthReq(t, "POST", "/api/residences", residenceBody, token)
require.Equal(t, http.StatusCreated, w.Code, "First residence should be allowed within limit")
// Second residence should be blocked
residenceBody2 := map[string]interface{}{"name": "Second Property (over limit)"}
w = app.makeAuthReq(t, "POST", "/api/residences", residenceBody2, token)
assert.Equal(t, http.StatusForbidden, w.Code,
"Second residence should be blocked by tier limit")
// Verify error response
var errResp map[string]interface{}
err = json.Unmarshal(w.Body.Bytes(), &errResp)
require.NoError(t, err)
assert.Contains(t, fmt.Sprintf("%v", errResp), "limit",
"Error response should reference the limit")
}
// ============ Test 7: Auth Assertion -- No Panics on Missing User ============
// TestE2E_AuthAssertion_NoPanics verifies that all protected endpoints return
// 401 Unauthorized (not 500 panic) when no auth token is provided.
func TestE2E_AuthAssertion_NoPanics(t *testing.T) {
app := setupSecurityTest(t)
// Make requests to protected endpoints WITHOUT any token.
endpoints := []struct {
name string
method string
path string
}{
{"ListTasks", "GET", "/api/tasks"},
{"CreateTask", "POST", "/api/tasks"},
{"GetTask", "GET", "/api/tasks/1"},
{"ListResidences", "GET", "/api/residences"},
{"CreateResidence", "POST", "/api/residences"},
{"GetResidence", "GET", "/api/residences/1"},
{"ListCompletions", "GET", "/api/completions"},
{"CreateCompletion", "POST", "/api/completions"},
{"ListContractors", "GET", "/api/contractors"},
{"CreateContractor", "POST", "/api/contractors"},
{"GetSubscription", "GET", "/api/subscription/"},
{"SubscriptionStatus", "GET", "/api/subscription/status/"},
{"ProcessPurchase", "POST", "/api/subscription/purchase/"},
{"ListNotifications", "GET", "/api/notifications"},
{"CurrentUser", "GET", "/api/auth/me"},
}
for _, ep := range endpoints {
t.Run(ep.name, func(t *testing.T) {
w := app.makeAuthReq(t, ep.method, ep.path, nil, "")
assert.Equal(t, http.StatusUnauthorized, w.Code,
"Endpoint %s %s should return 401, not panic with 500", ep.method, ep.path)
})
}
// Also test with an invalid token (should be 401, not 500)
t.Run("InvalidToken", func(t *testing.T) {
w := app.makeAuthReq(t, "GET", "/api/tasks", nil, "completely-invalid-token-xyz")
assert.Equal(t, http.StatusUnauthorized, w.Code,
"Invalid token should return 401, not panic")
})
}
// ============ Test 8: Notification Limit Capped ============
// TestE2E_NotificationLimit_Capped verifies that the notification list endpoint
// caps the limit parameter to 200 even if the client requests more.
func TestE2E_NotificationLimit_Capped(t *testing.T) {
app := setupSecurityTest(t)
token, userID := app.registerAndLoginSec(t, "notifuser", "notif@test.com", "password123")
// Create 210 notifications directly in the database
for i := 0; i < 210; i++ {
notification := &models.Notification{
UserID: userID,
NotificationType: models.NotificationTaskCompleted,
Title: fmt.Sprintf("Test Notification %d", i),
Body: fmt.Sprintf("Body for notification %d", i),
}
require.NoError(t, app.DB.Create(notification).Error)
}
// Request with limit=999 (should be capped to 200 by the handler)
w := app.makeAuthReq(t, "GET", "/api/notifications?limit=999", nil, token)
require.Equal(t, http.StatusOK, w.Code)
var notifResp map[string]interface{}
err := json.Unmarshal(w.Body.Bytes(), &notifResp)
require.NoError(t, err)
count := int(notifResp["count"].(float64))
assert.LessOrEqual(t, count, 200,
"Notification count should be capped at 200 even when requesting limit=999")
results := notifResp["results"].([]interface{})
assert.LessOrEqual(t, len(results), 200,
"Notification results should have at most 200 items")
}

14
internal/middleware/admin_auth.go
View File

@@ -35,7 +35,9 @@ func AdminAuthMiddleware(cfg *config.Config, adminRepo *repositories.AdminReposi
return func(c echo.Context) error {
var tokenString string
// Get token from Authorization header
// Get token from Authorization header only.
// Query parameter authentication is intentionally not supported
// because tokens in URLs leak into server logs and browser history.
authHeader := c.Request().Header.Get("Authorization")
if authHeader != "" {
// Check Bearer prefix
@@ -45,11 +47,6 @@ func AdminAuthMiddleware(cfg *config.Config, adminRepo *repositories.AdminReposi
}
}
// If no header token, check query parameter (for WebSocket connections)
if tokenString == "" {
tokenString = c.QueryParam("token")
}
if tokenString == "" {
return c.JSON(http.StatusUnauthorized, map[string]interface{}{"error": "Authorization required"})
}
@@ -121,7 +118,10 @@ func RequireSuperAdmin() echo.MiddlewareFunc {
return c.JSON(http.StatusUnauthorized, map[string]interface{}{"error": "Admin authentication required"})
}
adminUser := admin.(*models.AdminUser)
adminUser, ok := admin.(*models.AdminUser)
if !ok {
return c.JSON(http.StatusUnauthorized, map[string]interface{}{"error": "Admin authentication required"})
}
if !adminUser.IsSuperAdmin() {
return c.JSON(http.StatusForbidden, map[string]interface{}{"error": "Super admin privileges required"})
}

24
internal/middleware/auth.go
View File

@@ -63,7 +63,7 @@ func (m *AuthMiddleware) TokenAuth() echo.MiddlewareFunc {
// Cache miss - look up token in database
user, err = m.getUserFromDatabase(token)
if err != nil {
log.Debug().Err(err).Str("token", token[:8]+"...").Msg("Token authentication failed")
log.Debug().Err(err).Str("token", truncateToken(token)).Msg("Token authentication failed")
return apperrors.Unauthorized("error.invalid_token")
}
@@ -200,13 +200,18 @@ func (m *AuthMiddleware) InvalidateToken(ctx context.Context, token string) erro
return m.cache.InvalidateAuthToken(ctx, token)
}
// GetAuthUser retrieves the authenticated user from the Echo context
// GetAuthUser retrieves the authenticated user from the Echo context.
// Returns nil if the context value is missing or not of the expected type.
func GetAuthUser(c echo.Context) *models.User {
user := c.Get(AuthUserKey)
if user == nil {
val := c.Get(AuthUserKey)
if val == nil {
return nil
}
return user.(*models.User)
user, ok := val.(*models.User)
if !ok {
return nil
}
return user
}
// GetAuthToken retrieves the auth token from the Echo context
@@ -226,3 +231,12 @@ func MustGetAuthUser(c echo.Context) (*models.User, error) {
}
return user, nil
}
// truncateToken safely truncates a token string for logging.
// Returns at most the first 8 characters followed by "...".
func truncateToken(token string) string {
if len(token) > 8 {
return token[:8] + "..."
}
return token + "..."
}

119
internal/middleware/auth_safety_test.go Normal file
View File

@@ -0,0 +1,119 @@
package middleware
import (
"net/http"
"net/http/httptest"
"testing"
"github.com/labstack/echo/v4"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"github.com/treytartt/casera-api/internal/config"
"github.com/treytartt/casera-api/internal/models"
)
func TestGetAuthUser_NilContext_ReturnsNil(t *testing.T) {
e := echo.New()
req := httptest.NewRequest(http.MethodGet, "/", nil)
rec := httptest.NewRecorder()
c := e.NewContext(req, rec)
// No user set in context
user := GetAuthUser(c)
assert.Nil(t, user)
}
func TestGetAuthUser_WrongType_ReturnsNil(t *testing.T) {
e := echo.New()
req := httptest.NewRequest(http.MethodGet, "/", nil)
rec := httptest.NewRecorder()
c := e.NewContext(req, rec)
// Set wrong type in context — should NOT panic
c.Set(AuthUserKey, "not-a-user")
user := GetAuthUser(c)
assert.Nil(t, user)
}
func TestGetAuthUser_ValidUser_ReturnsUser(t *testing.T) {
e := echo.New()
req := httptest.NewRequest(http.MethodGet, "/", nil)
rec := httptest.NewRecorder()
c := e.NewContext(req, rec)
expected := &models.User{Username: "testuser"}
c.Set(AuthUserKey, expected)
user := GetAuthUser(c)
require.NotNil(t, user)
assert.Equal(t, "testuser", user.Username)
}
func TestMustGetAuthUser_Nil_Returns401(t *testing.T) {
e := echo.New()
req := httptest.NewRequest(http.MethodGet, "/", nil)
rec := httptest.NewRecorder()
c := e.NewContext(req, rec)
user, err := MustGetAuthUser(c)
assert.Nil(t, user)
assert.Error(t, err)
}
func TestMustGetAuthUser_WrongType_Returns401(t *testing.T) {
e := echo.New()
req := httptest.NewRequest(http.MethodGet, "/", nil)
rec := httptest.NewRecorder()
c := e.NewContext(req, rec)
c.Set(AuthUserKey, 12345)
user, err := MustGetAuthUser(c)
assert.Nil(t, user)
assert.Error(t, err)
}
func TestTokenTruncation_ShortToken_NoPanic(t *testing.T) {
// Ensure truncateToken does not panic on short tokens
assert.NotPanics(t, func() {
result := truncateToken("ab")
assert.Equal(t, "ab...", result)
})
}
func TestTokenTruncation_EmptyToken_NoPanic(t *testing.T) {
assert.NotPanics(t, func() {
result := truncateToken("")
assert.Equal(t, "...", result)
})
}
func TestTokenTruncation_LongToken_Truncated(t *testing.T) {
result := truncateToken("abcdefghijklmnop")
assert.Equal(t, "abcdefgh...", result)
}
func TestAdminAuth_QueryParamToken_Rejected(t *testing.T) {
// SEC-20: Admin JWT via query parameter must be rejected.
// Tokens in URLs leak into server logs and browser history.
cfg := &config.Config{
Security: config.SecurityConfig{SecretKey: "test-secret"},
}
mw := AdminAuthMiddleware(cfg, nil)
handler := mw(func(c echo.Context) error {
return c.String(http.StatusOK, "should not reach here")
})
e := echo.New()
// Request with token only in query param, no Authorization header
req := httptest.NewRequest(http.MethodGet, "/admin/test?token=some-jwt-token", nil)
rec := httptest.NewRecorder()
c := e.NewContext(req, rec)
err := handler(c)
assert.NoError(t, err) // handler writes JSON directly, no Echo error
assert.Equal(t, http.StatusUnauthorized, rec.Code, "query param token must be rejected")
assert.Contains(t, rec.Body.String(), "Authorization required")
}

11
internal/middleware/request_id.go
View File

@@ -1,10 +1,15 @@
package middleware
import (
"regexp"
"github.com/google/uuid"
"github.com/labstack/echo/v4"
)
// validRequestID matches alphanumeric characters and hyphens, 1-64 chars.
var validRequestID = regexp.MustCompile(`^[a-zA-Z0-9\-]{1,64}$`)
const (
// HeaderXRequestID is the header key for request correlation IDs
HeaderXRequestID = "X-Request-ID"
@@ -17,9 +22,11 @@ const (
func RequestIDMiddleware() echo.MiddlewareFunc {
return func(next echo.HandlerFunc) echo.HandlerFunc {
return func(c echo.Context) error {
// Use existing request ID from header if present, otherwise generate one
// Use existing request ID from header if present and valid, otherwise generate one.
// Sanitize to alphanumeric + hyphens only (max 64 chars) to prevent
// log injection via control characters or overly long values.
reqID := c.Request().Header.Get(HeaderXRequestID)
if reqID == "" {
if reqID == "" || !validRequestID.MatchString(reqID) {
reqID = uuid.New().String()
}

125
internal/middleware/request_id_test.go Normal file
View File

@@ -0,0 +1,125 @@
package middleware
import (
"net/http"
"net/http/httptest"
"strings"
"testing"
"github.com/labstack/echo/v4"
"github.com/stretchr/testify/assert"
)
func TestRequestID_ValidID_Preserved(t *testing.T) {
e := echo.New()
mw := RequestIDMiddleware()
handler := mw(func(c echo.Context) error {
return c.String(http.StatusOK, GetRequestID(c))
})
req := httptest.NewRequest(http.MethodGet, "/", nil)
req.Header.Set(HeaderXRequestID, "abc-123-def")
rec := httptest.NewRecorder()
c := e.NewContext(req, rec)
err := handler(c)
assert.NoError(t, err)
assert.Equal(t, "abc-123-def", rec.Body.String())
assert.Equal(t, "abc-123-def", rec.Header().Get(HeaderXRequestID))
}
func TestRequestID_Empty_GeneratesNew(t *testing.T) {
e := echo.New()
mw := RequestIDMiddleware()
handler := mw(func(c echo.Context) error {
return c.String(http.StatusOK, GetRequestID(c))
})
req := httptest.NewRequest(http.MethodGet, "/", nil)
// No X-Request-ID header
rec := httptest.NewRecorder()
c := e.NewContext(req, rec)
err := handler(c)
assert.NoError(t, err)
// Should be a UUID (36 chars: 8-4-4-4-12)
assert.Len(t, rec.Body.String(), 36)
}
func TestRequestID_ControlChars_Sanitized(t *testing.T) {
// SEC-29: Client-supplied X-Request-ID with control characters must be rejected.
tests := []struct {
name string
inputID string
}{
{"newline injection", "abc\ndef"},
{"carriage return", "abc\rdef"},
{"null byte", "abc\x00def"},
{"tab character", "abc\tdef"},
{"html tags", "abc<script>alert(1)</script>"},
{"spaces", "abc def"},
{"semicolons", "abc;def"},
{"unicode", "abc\u200bdef"},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
e := echo.New()
mw := RequestIDMiddleware()
handler := mw(func(c echo.Context) error {
return c.String(http.StatusOK, GetRequestID(c))
})
req := httptest.NewRequest(http.MethodGet, "/", nil)
req.Header.Set(HeaderXRequestID, tt.inputID)
rec := httptest.NewRecorder()
c := e.NewContext(req, rec)
err := handler(c)
assert.NoError(t, err)
// The malicious ID should be replaced with a generated UUID
assert.NotEqual(t, tt.inputID, rec.Body.String(),
"control chars should be rejected, got original ID back")
assert.Len(t, rec.Body.String(), 36, "should be a generated UUID")
})
}
}
func TestRequestID_TooLong_Sanitized(t *testing.T) {
// SEC-29: X-Request-ID longer than 64 chars should be rejected.
e := echo.New()
mw := RequestIDMiddleware()
handler := mw(func(c echo.Context) error {
return c.String(http.StatusOK, GetRequestID(c))
})
longID := strings.Repeat("a", 65)
req := httptest.NewRequest(http.MethodGet, "/", nil)
req.Header.Set(HeaderXRequestID, longID)
rec := httptest.NewRecorder()
c := e.NewContext(req, rec)
err := handler(c)
assert.NoError(t, err)
assert.NotEqual(t, longID, rec.Body.String(), "overly long ID should be replaced")
assert.Len(t, rec.Body.String(), 36, "should be a generated UUID")
}
func TestRequestID_MaxLength_Accepted(t *testing.T) {
// Exactly 64 chars of valid characters should be accepted
e := echo.New()
mw := RequestIDMiddleware()
handler := mw(func(c echo.Context) error {
return c.String(http.StatusOK, GetRequestID(c))
})
maxID := strings.Repeat("a", 64)
req := httptest.NewRequest(http.MethodGet, "/", nil)
req.Header.Set(HeaderXRequestID, maxID)
rec := httptest.NewRecorder()
c := e.NewContext(req, rec)
err := handler(c)
assert.NoError(t, err)
assert.Equal(t, maxID, rec.Body.String(), "64-char valid ID should be accepted")
}

19
internal/middleware/sanitize.go Normal file
View File

@@ -0,0 +1,19 @@
package middleware
import "strings"
// SanitizeSortColumn validates a user-supplied sort column against an allowlist.
// Returns defaultCol if the input is empty or not in the allowlist.
// This prevents SQL injection via ORDER BY clauses.
func SanitizeSortColumn(input string, allowedCols []string, defaultCol string) string {
input = strings.TrimSpace(input)
if input == "" {
return defaultCol
}
for _, col := range allowedCols {
if strings.EqualFold(input, col) {
return col
}
}
return defaultCol
}

59
internal/middleware/sanitize_test.go Normal file
View File

@@ -0,0 +1,59 @@
package middleware
import (
"testing"
"github.com/stretchr/testify/assert"
)
func TestSanitizeSortColumn_AllowedColumn_Passes(t *testing.T) {
allowed := []string{"created_at", "updated_at", "name"}
result := SanitizeSortColumn("created_at", allowed, "created_at")
assert.Equal(t, "created_at", result)
}
func TestSanitizeSortColumn_CaseInsensitive(t *testing.T) {
allowed := []string{"created_at", "updated_at", "name"}
result := SanitizeSortColumn("Created_At", allowed, "created_at")
assert.Equal(t, "created_at", result)
}
func TestSanitizeSortColumn_SQLInjection_ReturnsDefault(t *testing.T) {
allowed := []string{"created_at", "updated_at", "name"}
tests := []struct {
name string
input string
}{
{"drop table", "created_at; DROP TABLE auth_user; --"},
{"union select", "name UNION SELECT * FROM auth_user"},
{"or 1=1", "name OR 1=1"},
{"semicolon", "created_at;"},
{"subquery", "(SELECT password FROM auth_user LIMIT 1)"},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
result := SanitizeSortColumn(tt.input, allowed, "created_at")
assert.Equal(t, "created_at", result, "SQL injection attempt should return default")
})
}
}
func TestSanitizeSortColumn_Empty_ReturnsDefault(t *testing.T) {
allowed := []string{"created_at", "updated_at", "name"}
result := SanitizeSortColumn("", allowed, "created_at")
assert.Equal(t, "created_at", result)
}
func TestSanitizeSortColumn_Whitespace_ReturnsDefault(t *testing.T) {
allowed := []string{"created_at", "updated_at", "name"}
result := SanitizeSortColumn(" ", allowed, "created_at")
assert.Equal(t, "created_at", result)
}
func TestSanitizeSortColumn_UnknownColumn_ReturnsDefault(t *testing.T) {
allowed := []string{"created_at", "updated_at", "name"}
result := SanitizeSortColumn("nonexistent_column", allowed, "created_at")
assert.Equal(t, "created_at", result)
}

24
internal/middleware/timezone.go
View File

@@ -79,22 +79,30 @@ func parseTimezone(tz string) *time.Location {
}
// GetUserTimezone retrieves the user's timezone from the Echo context.
// Returns UTC if not set.
// Returns UTC if not set or if the stored value is not a *time.Location.
func GetUserTimezone(c echo.Context) *time.Location {
loc := c.Get(TimezoneKey)
if loc == nil {
val := c.Get(TimezoneKey)
if val == nil {
return time.UTC
}
return loc.(*time.Location)
loc, ok := val.(*time.Location)
if !ok {
return time.UTC
}
return loc
}
// GetUserNow retrieves the timezone-aware "now" time from the Echo context.
// This represents the start of the current day in the user's timezone.
// Returns time.Now().UTC() if not set.
// Returns time.Now().UTC() if not set or if the stored value is not a time.Time.
func GetUserNow(c echo.Context) time.Time {
now := c.Get(UserNowKey)
if now == nil {
val := c.Get(UserNowKey)
if val == nil {
return time.Now().UTC()
}
return now.(time.Time)
now, ok := val.(time.Time)
if !ok {
return time.Now().UTC()
}
return now
}

25
internal/monitoring/collector.go
View File

@@ -52,14 +52,18 @@ func (c *Collector) Collect() SystemStats {
// CPU stats
c.collectCPU(&stats)
// Read Go runtime memory stats once (used by both memory and runtime collectors)
var memStats runtime.MemStats
runtime.ReadMemStats(&memStats)
// Memory stats (system + Go runtime)
c.collectMemory(&stats)
c.collectMemory(&stats, &memStats)
// Disk stats
c.collectDisk(&stats)
// Go runtime stats
c.collectRuntime(&stats)
c.collectRuntime(&stats, &memStats)
// HTTP stats (API only)
if c.httpCollector != nil {
@@ -77,9 +81,9 @@ func (c *Collector) Collect() SystemStats {
}
func (c *Collector) collectCPU(stats *SystemStats) {
// Get CPU usage percentage (blocks for 1 second to get accurate sample)
// Shorter intervals can give inaccurate readings
if cpuPercent, err := cpu.Percent(time.Second, false); err == nil && len(cpuPercent) > 0 {
// Get CPU usage percentage (blocks for 200ms to sample)
// This is called periodically, so a shorter window is acceptable
if cpuPercent, err := cpu.Percent(200*time.Millisecond, false); err == nil && len(cpuPercent) > 0 {
stats.CPU.UsagePercent = cpuPercent[0]
}
@@ -93,7 +97,7 @@ func (c *Collector) collectCPU(stats *SystemStats) {
}
}
func (c *Collector) collectMemory(stats *SystemStats) {
func (c *Collector) collectMemory(stats *SystemStats, m *runtime.MemStats) {
// System memory
if vmem, err := mem.VirtualMemory(); err == nil {
stats.Memory.UsedBytes = vmem.Used
@@ -101,9 +105,7 @@ func (c *Collector) collectMemory(stats *SystemStats) {
stats.Memory.UsagePercent = vmem.UsedPercent
}
// Go runtime memory
var m runtime.MemStats
runtime.ReadMemStats(&m)
// Go runtime memory (reuses pre-read MemStats)
stats.Memory.HeapAlloc = m.HeapAlloc
stats.Memory.HeapSys = m.HeapSys
stats.Memory.HeapInuse = m.HeapInuse
@@ -119,10 +121,7 @@ func (c *Collector) collectDisk(stats *SystemStats) {
}
}
func (c *Collector) collectRuntime(stats *SystemStats) {
var m runtime.MemStats
runtime.ReadMemStats(&m)
func (c *Collector) collectRuntime(stats *SystemStats, m *runtime.MemStats) {
stats.Runtime.Goroutines = runtime.NumGoroutine()
stats.Runtime.NumGC = m.NumGC
if m.NumGC > 0 {

11
internal/monitoring/handler.go
View File

@@ -17,8 +17,13 @@ var upgrader = websocket.Upgrader{
ReadBufferSize: 1024,
WriteBufferSize: 1024,
CheckOrigin: func(r *http.Request) bool {
// Allow connections from admin panel
return true
origin := r.Header.Get("Origin")
if origin == "" {
// Same-origin requests may omit the Origin header
return true
}
// Allow if origin matches the request host
return strings.HasPrefix(origin, "https://"+r.Host) || strings.HasPrefix(origin, "http://"+r.Host)
},
}
@@ -116,6 +121,7 @@ func (h *Handler) WebSocket(c echo.Context) error {
conn, err := upgrader.Upgrade(c.Response().Writer, c.Request(), nil)
if err != nil {
log.Error().Err(err).Msg("Failed to upgrade WebSocket connection")
return err
}
defer conn.Close()
@@ -174,6 +180,7 @@ func (h *Handler) WebSocket(c echo.Context) error {
h.sendStats(conn, &wsMu)
case <-ctx.Done():
return nil
}
}
}

4
internal/monitoring/service.go
View File

@@ -108,6 +108,10 @@ func (s *Service) Stop() {
close(s.settingsStopCh)
s.collector.Stop()
// Flush and close the log writer's background goroutine
s.logWriter.Close()
log.Info().Str("process", s.process).Msg("Monitoring service stopped")
}

55
internal/monitoring/writer.go
View File

@@ -8,23 +8,56 @@ import (
"github.com/google/uuid"
)
// RedisLogWriter implements io.Writer to capture zerolog output to Redis
const (
// writerChannelSize is the buffer size for the async log write channel.
// Entries beyond this limit are dropped to prevent unbounded memory growth.
writerChannelSize = 256
)
// RedisLogWriter implements io.Writer to capture zerolog output to Redis.
// It uses a single background goroutine with a buffered channel instead of
// spawning a new goroutine per log line, preventing unbounded goroutine growth.
type RedisLogWriter struct {
buffer *LogBuffer
process string
enabled atomic.Bool
ch chan LogEntry
done chan struct{}
}
// NewRedisLogWriter creates a new writer that captures logs to Redis
// NewRedisLogWriter creates a new writer that captures logs to Redis.
// It starts a single background goroutine that drains the buffered channel.
func NewRedisLogWriter(buffer *LogBuffer, process string) *RedisLogWriter {
w := &RedisLogWriter{
buffer: buffer,
process: process,
ch: make(chan LogEntry, writerChannelSize),
done: make(chan struct{}),
}
w.enabled.Store(true) // enabled by default
// Single background goroutine drains the channel
go w.drainLoop()
return w
}
// drainLoop reads entries from the buffered channel and pushes them to Redis.
// It runs in a single goroutine for the lifetime of the writer.
func (w *RedisLogWriter) drainLoop() {
defer close(w.done)
for entry := range w.ch {
_ = w.buffer.Push(entry) // Ignore errors to avoid blocking log output
}
}
// Close shuts down the background goroutine. It should be called during
// graceful shutdown to ensure all buffered entries are flushed.
func (w *RedisLogWriter) Close() {
close(w.ch)
<-w.done // Wait for drain to finish
}
// SetEnabled enables or disables log capture to Redis
func (w *RedisLogWriter) SetEnabled(enabled bool) {
w.enabled.Store(enabled)
@@ -35,8 +68,10 @@ func (w *RedisLogWriter) IsEnabled() bool {
return w.enabled.Load()
}
// Write implements io.Writer interface
// It parses zerolog JSON output and writes to Redis asynchronously
// Write implements io.Writer interface.
// It parses zerolog JSON output and sends it to the buffered channel for
// async Redis writes. If the channel is full, the entry is dropped to
// avoid blocking the caller (back-pressure shedding).
func (w *RedisLogWriter) Write(p []byte) (n int, err error) {
// Skip if monitoring is disabled
if !w.enabled.Load() {
@@ -86,10 +121,14 @@ func (w *RedisLogWriter) Write(p []byte) (n int, err error) {
}
}
// Write to Redis asynchronously to avoid blocking
go func() {
_ = w.buffer.Push(entry) // Ignore errors to avoid blocking log output
}()
// Non-blocking send: drop entries if channel is full rather than
// spawning unbounded goroutines or blocking the logger
select {
case w.ch <- entry:
// Sent successfully
default:
// Channel full — drop this entry to avoid back-pressure on the logger
}
return len(p), nil
}

3
internal/push/fcm.go
View File

@@ -117,6 +117,9 @@ func (c *FCMClient) Send(ctx context.Context, tokens []string, title, message st
// Log individual results
for i, result := range fcmResp.Results {
if i >= len(tokens) {
break
}
if result.Error != "" {
log.Error().
Str("token", truncateToken(tokens[i])).

186
internal/push/fcm_test.go Normal file
View File

@@ -0,0 +1,186 @@
package push
import (
"context"
"encoding/json"
"net/http"
"net/http/httptest"
"testing"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
// newTestFCMClient creates an FCMClient pointing at the given test server URL.
func newTestFCMClient(serverURL string) *FCMClient {
return &FCMClient{
serverKey: "test-server-key",
httpClient: http.DefaultClient,
}
}
// serveFCMResponse creates an httptest.Server that returns the given FCMResponse as JSON.
func serveFCMResponse(t *testing.T, resp FCMResponse) *httptest.Server {
t.Helper()
return httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json")
w.WriteHeader(http.StatusOK)
err := json.NewEncoder(w).Encode(resp)
require.NoError(t, err)
}))
}
// sendWithEndpoint is a helper that sends an FCM notification using a custom endpoint
// (the test server) instead of the real FCM endpoint. This avoids modifying the
// production code to be testable and instead temporarily overrides the client's HTTP
// transport to redirect requests to our test server.
func sendWithEndpoint(client *FCMClient, server *httptest.Server, ctx context.Context, tokens []string, title, message string, data map[string]string) error {
// Override the HTTP client to redirect all requests to the test server
client.httpClient = server.Client()
// We need to intercept the request and redirect it to our test server.
// Use a custom RoundTripper that rewrites the URL.
originalTransport := server.Client().Transport
client.httpClient.Transport = roundTripFunc(func(req *http.Request) (*http.Response, error) {
// Rewrite the URL to point to the test server
req.URL.Scheme = "http"
req.URL.Host = server.Listener.Addr().String()
if originalTransport != nil {
return originalTransport.RoundTrip(req)
}
return http.DefaultTransport.RoundTrip(req)
})
return client.Send(ctx, tokens, title, message, data)
}
// roundTripFunc is a function that implements http.RoundTripper.
type roundTripFunc func(*http.Request) (*http.Response, error)
func (f roundTripFunc) RoundTrip(req *http.Request) (*http.Response, error) {
return f(req)
}
func TestFCMSend_MoreResultsThanTokens_NoPanic(t *testing.T) {
// FCM returns 5 results but we only sent 2 tokens.
// Before the bounds check fix, this would panic with index out of range.
fcmResp := FCMResponse{
MulticastID: 12345,
Success: 2,
Failure: 3,
Results: []FCMResult{
{MessageID: "msg1"},
{MessageID: "msg2"},
{Error: "InvalidRegistration"},
{Error: "NotRegistered"},
{Error: "InvalidRegistration"},
},
}
server := serveFCMResponse(t, fcmResp)
defer server.Close()
client := newTestFCMClient(server.URL)
tokens := []string{"token-aaa-111", "token-bbb-222"}
// This must not panic
err := sendWithEndpoint(client, server, context.Background(), tokens, "Test", "Body", nil)
assert.NoError(t, err)
}
func TestFCMSend_FewerResultsThanTokens_NoPanic(t *testing.T) {
// FCM returns fewer results than tokens we sent.
// This is also a malformed response but should not panic.
fcmResp := FCMResponse{
MulticastID: 12345,
Success: 1,
Failure: 0,
Results: []FCMResult{
{MessageID: "msg1"},
},
}
server := serveFCMResponse(t, fcmResp)
defer server.Close()
client := newTestFCMClient(server.URL)
tokens := []string{"token-aaa-111", "token-bbb-222", "token-ccc-333"}
err := sendWithEndpoint(client, server, context.Background(), tokens, "Test", "Body", nil)
assert.NoError(t, err)
}
func TestFCMSend_EmptyResponse_NoPanic(t *testing.T) {
// FCM returns an empty Results slice.
fcmResp := FCMResponse{
MulticastID: 12345,
Success: 0,
Failure: 0,
Results: []FCMResult{},
}
server := serveFCMResponse(t, fcmResp)
defer server.Close()
client := newTestFCMClient(server.URL)
tokens := []string{"token-aaa-111"}
err := sendWithEndpoint(client, server, context.Background(), tokens, "Test", "Body", nil)
// No panic expected. The function returns nil because fcmResp.Success == 0
// and fcmResp.Failure == 0 (the "all failed" check requires Failure > 0).
assert.NoError(t, err)
}
func TestFCMSend_NilResultsSlice_NoPanic(t *testing.T) {
// FCM returns a response with nil Results (e.g., malformed JSON).
fcmResp := FCMResponse{
MulticastID: 12345,
Success: 0,
Failure: 1,
}
server := serveFCMResponse(t, fcmResp)
defer server.Close()
client := newTestFCMClient(server.URL)
tokens := []string{"token-aaa-111"}
err := sendWithEndpoint(client, server, context.Background(), tokens, "Test", "Body", nil)
// Should return error because Success == 0 and Failure > 0
assert.Error(t, err)
assert.Contains(t, err.Error(), "all FCM notifications failed")
}
func TestFCMSend_EmptyTokens_ReturnsNil(t *testing.T) {
// Verify the early return for empty tokens.
client := &FCMClient{
serverKey: "test-key",
httpClient: http.DefaultClient,
}
err := client.Send(context.Background(), []string{}, "Test", "Body", nil)
assert.NoError(t, err)
}
func TestFCMSend_ResultsWithErrorsMatchTokens(t *testing.T) {
// Normal case: results count matches tokens count, all with errors.
fcmResp := FCMResponse{
MulticastID: 12345,
Success: 0,
Failure: 2,
Results: []FCMResult{
{Error: "InvalidRegistration"},
{Error: "NotRegistered"},
},
}
server := serveFCMResponse(t, fcmResp)
defer server.Close()
client := newTestFCMClient(server.URL)
tokens := []string{"token-aaa-111", "token-bbb-222"}
err := sendWithEndpoint(client, server, context.Background(), tokens, "Test", "Body", nil)
assert.Error(t, err)
assert.Contains(t, err.Error(), "all FCM notifications failed")
}

48
internal/repositories/contractor_repo.go
View File

@@ -63,7 +63,7 @@ func (r *ContractorRepository) FindByUser(userID uint, residenceIDs []uint) ([]m
query = query.Where("residence_id IS NULL AND created_by_id = ?", userID)
}
err := query.Order("is_favorite DESC, name ASC").Find(&contractors).Error
err := query.Order("is_favorite DESC, name ASC").Limit(500).Find(&contractors).Error
return contractors, err
}
@@ -85,18 +85,31 @@ func (r *ContractorRepository) Delete(id uint) error {
Update("is_active", false).Error
}
// ToggleFavorite toggles the favorite status of a contractor
// ToggleFavorite toggles the favorite status of a contractor atomically.
// Uses a single UPDATE with NOT to avoid read-then-write race conditions.
// Only toggles active contractors to prevent toggling soft-deleted records.
func (r *ContractorRepository) ToggleFavorite(id uint) (bool, error) {
var contractor models.Contractor
if err := r.db.First(&contractor, id).Error; err != nil {
return false, err
}
newStatus := !contractor.IsFavorite
err := r.db.Model(&models.Contractor{}).
Where("id = ?", id).
Update("is_favorite", newStatus).Error
var newStatus bool
err := r.db.Transaction(func(tx *gorm.DB) error {
// Atomic toggle: SET is_favorite = NOT is_favorite for active contractors only
result := tx.Model(&models.Contractor{}).
Where("id = ? AND is_active = ?", id, true).
Update("is_favorite", gorm.Expr("NOT is_favorite"))
if result.Error != nil {
return result.Error
}
if result.RowsAffected == 0 {
return gorm.ErrRecordNotFound
}
// Read back the new value within the same transaction
var contractor models.Contractor
if err := tx.Select("is_favorite").First(&contractor, id).Error; err != nil {
return err
}
newStatus = contractor.IsFavorite
return nil
})
return newStatus, err
}
@@ -145,6 +158,19 @@ func (r *ContractorRepository) CountByResidence(residenceID uint) (int64, error)
return count, err
}
// CountByResidenceIDs counts all active contractors across multiple residences in a single query.
// Returns the total count of active contractors for the given residence IDs.
func (r *ContractorRepository) CountByResidenceIDs(residenceIDs []uint) (int64, error) {
if len(residenceIDs) == 0 {
return 0, nil
}
var count int64
err := r.db.Model(&models.Contractor{}).
Where("residence_id IN ? AND is_active = ?", residenceIDs, true).
Count(&count).Error
return count, err
}
// === Specialty Operations ===
// GetAllSpecialties returns all contractor specialties

96
internal/repositories/contractor_repo_test.go Normal file
View File

@@ -0,0 +1,96 @@
package repositories
import (
"fmt"
"testing"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"github.com/treytartt/casera-api/internal/models"
"github.com/treytartt/casera-api/internal/testutil"
)
func TestToggleFavorite_Active_Toggles(t *testing.T) {
db := testutil.SetupTestDB(t)
repo := NewContractorRepository(db)
user := testutil.CreateTestUser(t, db, "owner", "owner@test.com", "password")
residence := testutil.CreateTestResidence(t, db, user.ID, "Test House")
contractor := testutil.CreateTestContractor(t, db, residence.ID, user.ID, "Test Contractor")
// Initially is_favorite is false
assert.False(t, contractor.IsFavorite, "contractor should start as not favorite")
// First toggle: false -> true
newStatus, err := repo.ToggleFavorite(contractor.ID)
require.NoError(t, err)
assert.True(t, newStatus, "first toggle should set favorite to true")
// Verify in database
var found models.Contractor
err = db.First(&found, contractor.ID).Error
require.NoError(t, err)
assert.True(t, found.IsFavorite, "database should reflect favorite = true")
// Second toggle: true -> false
newStatus, err = repo.ToggleFavorite(contractor.ID)
require.NoError(t, err)
assert.False(t, newStatus, "second toggle should set favorite to false")
// Verify in database
err = db.First(&found, contractor.ID).Error
require.NoError(t, err)
assert.False(t, found.IsFavorite, "database should reflect favorite = false")
}
func TestToggleFavorite_SoftDeleted_ReturnsError(t *testing.T) {
db := testutil.SetupTestDB(t)
repo := NewContractorRepository(db)
user := testutil.CreateTestUser(t, db, "owner", "owner@test.com", "password")
residence := testutil.CreateTestResidence(t, db, user.ID, "Test House")
contractor := testutil.CreateTestContractor(t, db, residence.ID, user.ID, "Deleted Contractor")
// Soft-delete the contractor
err := db.Model(&models.Contractor{}).
Where("id = ?", contractor.ID).
Update("is_active", false).Error
require.NoError(t, err)
// Toggling a soft-deleted contractor should fail (record not found)
_, err = repo.ToggleFavorite(contractor.ID)
assert.Error(t, err, "toggling a soft-deleted contractor should return an error")
}
func TestToggleFavorite_NonExistent_ReturnsError(t *testing.T) {
db := testutil.SetupTestDB(t)
repo := NewContractorRepository(db)
_, err := repo.ToggleFavorite(99999)
assert.Error(t, err, "toggling a non-existent contractor should return an error")
}
func TestContractorRepository_FindByUser_HasDefaultLimit(t *testing.T) {
db := testutil.SetupTestDB(t)
repo := NewContractorRepository(db)
user := testutil.CreateTestUser(t, db, "owner", "owner@test.com", "password")
residence := testutil.CreateTestResidence(t, db, user.ID, "Test House")
// Create 510 contractors to exceed the default limit of 500
for i := 0; i < 510; i++ {
c := &models.Contractor{
ResidenceID: &residence.ID,
CreatedByID: user.ID,
Name: fmt.Sprintf("Contractor %d", i+1),
IsActive: true,
}
err := db.Create(c).Error
require.NoError(t, err)
}
contractors, err := repo.FindByUser(user.ID, []uint{residence.ID})
require.NoError(t, err)
assert.Equal(t, 500, len(contractors), "FindByUser should return at most 500 contractors by default")
}

20
internal/repositories/document_repo.go
View File

@@ -52,7 +52,8 @@ func (r *DocumentRepository) FindByResidence(residenceID uint) ([]models.Documen
return documents, err
}
// FindByUser finds all documents accessible to a user
// FindByUser finds all documents accessible to a user.
// A default limit of 500 is applied to prevent unbounded result sets.
func (r *DocumentRepository) FindByUser(residenceIDs []uint) ([]models.Document, error) {
var documents []models.Document
err := r.db.Preload("CreatedBy").
@@ -60,6 +61,7 @@ func (r *DocumentRepository) FindByUser(residenceIDs []uint) ([]models.Document,
Preload("Images").
Where("residence_id IN ? AND is_active = ?", residenceIDs, true).
Order("created_at DESC").
Limit(500).
Find(&documents).Error
return documents, err
}
@@ -89,7 +91,8 @@ func (r *DocumentRepository) FindByUserFiltered(residenceIDs []uint, filter *Doc
query = query.Where("expiry_date IS NOT NULL AND expiry_date > ? AND expiry_date <= ?", now, threshold)
}
if filter.Search != "" {
searchPattern := "%" + filter.Search + "%"
escaped := escapeLikeWildcards(filter.Search)
searchPattern := "%" + escaped + "%"
query = query.Where("(title ILIKE ? OR description ILIKE ?)", searchPattern, searchPattern)
}
}
@@ -169,6 +172,19 @@ func (r *DocumentRepository) CountByResidence(residenceID uint) (int64, error) {
return count, err
}
// CountByResidenceIDs counts all active documents across multiple residences in a single query.
// Returns the total count of active documents for the given residence IDs.
func (r *DocumentRepository) CountByResidenceIDs(residenceIDs []uint) (int64, error) {
if len(residenceIDs) == 0 {
return 0, nil
}
var count int64
err := r.db.Model(&models.Document{}).
Where("residence_id IN ? AND is_active = ?", residenceIDs, true).
Count(&count).Error
return count, err
}
// FindByIDIncludingInactive finds a document by ID including inactive ones
func (r *DocumentRepository) FindByIDIncludingInactive(id uint, document *models.Document) error {
return r.db.Preload("CreatedBy").Preload("Images").First(document, id).Error

38
internal/repositories/document_repo_test.go Normal file
View File

@@ -0,0 +1,38 @@
package repositories
import (
"fmt"
"testing"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"github.com/treytartt/casera-api/internal/models"
"github.com/treytartt/casera-api/internal/testutil"
)
func TestDocumentRepository_FindByUser_HasDefaultLimit(t *testing.T) {
db := testutil.SetupTestDB(t)
repo := NewDocumentRepository(db)
user := testutil.CreateTestUser(t, db, "owner", "owner@test.com", "password")
residence := testutil.CreateTestResidence(t, db, user.ID, "Test House")
// Create 510 documents to exceed the default limit of 500
for i := 0; i < 510; i++ {
doc := &models.Document{
ResidenceID: residence.ID,
CreatedByID: user.ID,
Title: fmt.Sprintf("Doc %d", i+1),
DocumentType: models.DocumentTypeGeneral,
FileURL: "https://example.com/doc.pdf",
IsActive: true,
}
err := db.Create(doc).Error
require.NoError(t, err)
}
docs, err := repo.FindByUser([]uint{residence.ID})
require.NoError(t, err)
assert.Equal(t, 500, len(docs), "FindByUser should return at most 500 documents by default")
}

59
internal/repositories/notification_repo.go
View File

@@ -1,6 +1,7 @@
package repositories
import (
"errors"
"time"
"gorm.io/gorm"
@@ -130,18 +131,25 @@ func (r *NotificationRepository) CreatePreferences(prefs *models.NotificationPre
// UpdatePreferences updates notification preferences
func (r *NotificationRepository) UpdatePreferences(prefs *models.NotificationPreference) error {
return r.db.Save(prefs).Error
return r.db.Omit("User").Save(prefs).Error
}
// GetOrCreatePreferences gets or creates notification preferences for a user
// GetOrCreatePreferences gets or creates notification preferences for a user.
// Uses a transaction to avoid TOCTOU race conditions on concurrent requests.
func (r *NotificationRepository) GetOrCreatePreferences(userID uint) (*models.NotificationPreference, error) {
prefs, err := r.FindPreferencesByUser(userID)
if err == nil {
return prefs, nil
}
var prefs models.NotificationPreference
if err == gorm.ErrRecordNotFound {
prefs = &models.NotificationPreference{
err := r.db.Transaction(func(tx *gorm.DB) error {
err := tx.Where("user_id = ?", userID).First(&prefs).Error
if err == nil {
return nil // Found existing preferences
}
if !errors.Is(err, gorm.ErrRecordNotFound) {
return err // Unexpected error
}
// Record not found -- create with defaults
prefs = models.NotificationPreference{
UserID: userID,
TaskDueSoon: true,
TaskOverdue: true,
@@ -151,17 +159,36 @@ func (r *NotificationRepository) GetOrCreatePreferences(userID uint) (*models.No
WarrantyExpiring: true,
EmailTaskCompleted: true,
}
if err := r.CreatePreferences(prefs); err != nil {
return nil, err
}
return prefs, nil
return tx.Create(&prefs).Error
})
if err != nil {
return nil, err
}
return nil, err
return &prefs, nil
}
// === Device Registration ===
// FindAPNSDeviceByID finds an APNS device by ID
func (r *NotificationRepository) FindAPNSDeviceByID(id uint) (*models.APNSDevice, error) {
var device models.APNSDevice
err := r.db.First(&device, id).Error
if err != nil {
return nil, err
}
return &device, nil
}
// FindGCMDeviceByID finds a GCM device by ID
func (r *NotificationRepository) FindGCMDeviceByID(id uint) (*models.GCMDevice, error) {
var device models.GCMDevice
err := r.db.First(&device, id).Error
if err != nil {
return nil, err
}
return &device, nil
}
// FindAPNSDeviceByToken finds an APNS device by registration token
func (r *NotificationRepository) FindAPNSDeviceByToken(token string) (*models.APNSDevice, error) {
var device models.APNSDevice
@@ -243,12 +270,12 @@ func (r *NotificationRepository) DeactivateGCMDevice(id uint) error {
// GetActiveTokensForUser gets all active push tokens for a user
func (r *NotificationRepository) GetActiveTokensForUser(userID uint) (iosTokens []string, androidTokens []string, err error) {
apnsDevices, err := r.FindAPNSDevicesByUser(userID)
if err != nil && err != gorm.ErrRecordNotFound {
if err != nil && !errors.Is(err, gorm.ErrRecordNotFound) {
return nil, nil, err
}
gcmDevices, err := r.FindGCMDevicesByUser(userID)
if err != nil && err != gorm.ErrRecordNotFound {
if err != nil && !errors.Is(err, gorm.ErrRecordNotFound) {
return nil, nil, err
}

96
internal/repositories/notification_repo_test.go Normal file
View File

@@ -0,0 +1,96 @@
package repositories
import (
"testing"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"github.com/treytartt/casera-api/internal/models"
"github.com/treytartt/casera-api/internal/testutil"
)
func TestGetOrCreatePreferences_New_Creates(t *testing.T) {
db := testutil.SetupTestDB(t)
repo := NewNotificationRepository(db)
user := testutil.CreateTestUser(t, db, "owner", "owner@test.com", "password")
// No preferences exist yet for this user
prefs, err := repo.GetOrCreatePreferences(user.ID)
require.NoError(t, err)
require.NotNil(t, prefs)
// Verify defaults were set
assert.Equal(t, user.ID, prefs.UserID)
assert.True(t, prefs.TaskDueSoon)
assert.True(t, prefs.TaskOverdue)
assert.True(t, prefs.TaskCompleted)
assert.True(t, prefs.TaskAssigned)
assert.True(t, prefs.ResidenceShared)
assert.True(t, prefs.WarrantyExpiring)
assert.True(t, prefs.EmailTaskCompleted)
// Verify it was actually persisted
var count int64
db.Model(&models.NotificationPreference{}).Where("user_id = ?", user.ID).Count(&count)
assert.Equal(t, int64(1), count, "should have exactly one preferences record")
}
func TestGetOrCreatePreferences_AlreadyExists_Returns(t *testing.T) {
db := testutil.SetupTestDB(t)
repo := NewNotificationRepository(db)
user := testutil.CreateTestUser(t, db, "owner", "owner@test.com", "password")
// Create preferences manually first
existingPrefs := &models.NotificationPreference{
UserID: user.ID,
TaskDueSoon: true,
TaskOverdue: true,
TaskCompleted: true,
TaskAssigned: true,
ResidenceShared: true,
WarrantyExpiring: true,
EmailTaskCompleted: true,
}
err := db.Create(existingPrefs).Error
require.NoError(t, err)
require.NotZero(t, existingPrefs.ID)
// GetOrCreatePreferences should return the existing record, not create a new one
prefs, err := repo.GetOrCreatePreferences(user.ID)
require.NoError(t, err)
require.NotNil(t, prefs)
// The returned record should have the same ID as the existing one
assert.Equal(t, existingPrefs.ID, prefs.ID, "should return the existing record by ID")
assert.Equal(t, user.ID, prefs.UserID, "should have correct user_id")
// Verify still only one record exists (no duplicate created)
var count int64
db.Model(&models.NotificationPreference{}).Where("user_id = ?", user.ID).Count(&count)
assert.Equal(t, int64(1), count, "should still have exactly one preferences record")
}
func TestGetOrCreatePreferences_Idempotent(t *testing.T) {
db := testutil.SetupTestDB(t)
repo := NewNotificationRepository(db)
user := testutil.CreateTestUser(t, db, "owner", "owner@test.com", "password")
// Call twice in succession
prefs1, err := repo.GetOrCreatePreferences(user.ID)
require.NoError(t, err)
prefs2, err := repo.GetOrCreatePreferences(user.ID)
require.NoError(t, err)
// Both should return the same record
assert.Equal(t, prefs1.ID, prefs2.ID)
// Should only have one record
var count int64
db.Model(&models.NotificationPreference{}).Where("user_id = ?", user.ID).Count(&count)
assert.Equal(t, int64(1), count, "should have exactly one preferences record after two calls")
}

78
internal/repositories/reminder_repo.go
View File

@@ -37,6 +37,84 @@ func (r *ReminderRepository) HasSentReminder(taskID, userID uint, dueDate time.T
return count > 0, nil
}
// ReminderKey uniquely identifies a reminder that may have been sent.
type ReminderKey struct {
TaskID uint
UserID uint
DueDate time.Time
Stage models.ReminderStage
}
// HasSentReminderBatch checks which reminders from the given list have already been sent.
// Returns a set of indices into the input slice that have already been sent.
// This replaces N individual HasSentReminder calls with a single query.
func (r *ReminderRepository) HasSentReminderBatch(keys []ReminderKey) (map[int]bool, error) {
result := make(map[int]bool)
if len(keys) == 0 {
return result, nil
}
// Build a lookup from (task_id, user_id, due_date, stage) -> index
type normalizedKey struct {
TaskID uint
UserID uint
DueDate string
Stage models.ReminderStage
}
keyToIdx := make(map[normalizedKey][]int, len(keys))
// Collect unique task IDs and user IDs for the WHERE clause
taskIDSet := make(map[uint]bool)
userIDSet := make(map[uint]bool)
for i, k := range keys {
taskIDSet[k.TaskID] = true
userIDSet[k.UserID] = true
dueDateOnly := time.Date(k.DueDate.Year(), k.DueDate.Month(), k.DueDate.Day(), 0, 0, 0, 0, time.UTC)
nk := normalizedKey{
TaskID: k.TaskID,
UserID: k.UserID,
DueDate: dueDateOnly.Format("2006-01-02"),
Stage: k.Stage,
}
keyToIdx[nk] = append(keyToIdx[nk], i)
}
taskIDs := make([]uint, 0, len(taskIDSet))
for id := range taskIDSet {
taskIDs = append(taskIDs, id)
}
userIDs := make([]uint, 0, len(userIDSet))
for id := range userIDSet {
userIDs = append(userIDs, id)
}
// Query all matching reminder logs in one query
var logs []models.TaskReminderLog
err := r.db.Where("task_id IN ? AND user_id IN ?", taskIDs, userIDs).
Find(&logs).Error
if err != nil {
return nil, err
}
// Match returned logs against our key set
for _, l := range logs {
dueDateStr := l.DueDate.Format("2006-01-02")
nk := normalizedKey{
TaskID: l.TaskID,
UserID: l.UserID,
DueDate: dueDateStr,
Stage: l.ReminderStage,
}
if indices, ok := keyToIdx[nk]; ok {
for _, idx := range indices {
result[idx] = true
}
}
}
return result, nil
}
// LogReminder records that a reminder was sent.
// Returns the created log entry or an error if the reminder was already sent
// (unique constraint violation).

11
internal/repositories/residence_repo.go
View File

@@ -6,6 +6,7 @@ import (
"math/big"
"time"
"github.com/rs/zerolog/log"
"gorm.io/gorm"
"github.com/treytartt/casera-api/internal/models"
@@ -269,7 +270,9 @@ func (r *ResidenceRepository) GetActiveShareCode(residenceID uint) (*models.Resi
// Check if expired
if shareCode.ExpiresAt != nil && time.Now().UTC().After(*shareCode.ExpiresAt) {
// Auto-deactivate expired code
r.DeactivateShareCode(shareCode.ID)
if err := r.DeactivateShareCode(shareCode.ID); err != nil {
log.Error().Err(err).Uint("code_id", shareCode.ID).Msg("Failed to deactivate expired share code")
}
return nil, nil
}
@@ -296,9 +299,11 @@ func (r *ResidenceRepository) generateUniqueCode() (string, error) {
// Check if code already exists
var count int64
r.db.Model(&models.ResidenceShareCode{}).
if err := r.db.Model(&models.ResidenceShareCode{}).
Where("code = ? AND is_active = ?", codeStr, true).
Count(&count)
Count(&count).Error; err != nil {
return "", err
}
if count == 0 {
return codeStr, nil

48
internal/repositories/subscription_repo.go
View File

@@ -1,9 +1,11 @@
package repositories
import (
"errors"
"time"
"gorm.io/gorm"
"gorm.io/gorm/clause"
"github.com/treytartt/casera-api/internal/models"
)
@@ -30,31 +32,37 @@ func (r *SubscriptionRepository) FindByUserID(userID uint) (*models.UserSubscrip
return &sub, nil
}
// GetOrCreate gets or creates a subscription for a user (defaults to free tier)
// GetOrCreate gets or creates a subscription for a user (defaults to free tier).
// Uses a transaction to avoid TOCTOU race conditions on concurrent requests.
func (r *SubscriptionRepository) GetOrCreate(userID uint) (*models.UserSubscription, error) {
sub, err := r.FindByUserID(userID)
if err == nil {
return sub, nil
}
var sub models.UserSubscription
if err == gorm.ErrRecordNotFound {
sub = &models.UserSubscription{
UserID: userID,
Tier: models.TierFree,
err := r.db.Transaction(func(tx *gorm.DB) error {
err := tx.Where("user_id = ?", userID).First(&sub).Error
if err == nil {
return nil // Found existing subscription
}
if !errors.Is(err, gorm.ErrRecordNotFound) {
return err // Unexpected error
}
// Record not found -- create with free tier defaults
sub = models.UserSubscription{
UserID: userID,
Tier: models.TierFree,
AutoRenew: true,
}
if err := r.db.Create(sub).Error; err != nil {
return nil, err
}
return sub, nil
return tx.Create(&sub).Error
})
if err != nil {
return nil, err
}
return nil, err
return &sub, nil
}
// Update updates a subscription
func (r *SubscriptionRepository) Update(sub *models.UserSubscription) error {
return r.db.Save(sub).Error
return r.db.Omit("User").Save(sub).Error
}
// UpgradeToPro upgrades a user to Pro tier using a transaction with row locking
@@ -63,7 +71,7 @@ func (r *SubscriptionRepository) UpgradeToPro(userID uint, expiresAt time.Time,
return r.db.Transaction(func(tx *gorm.DB) error {
// Lock the row for update
var sub models.UserSubscription
if err := tx.Set("gorm:query_option", "FOR UPDATE").
if err := tx.Clauses(clause.Locking{Strength: "UPDATE"}).
Where("user_id = ?", userID).First(&sub).Error; err != nil {
return err
}
@@ -86,7 +94,7 @@ func (r *SubscriptionRepository) DowngradeToFree(userID uint) error {
return r.db.Transaction(func(tx *gorm.DB) error {
// Lock the row for update
var sub models.UserSubscription
if err := tx.Set("gorm:query_option", "FOR UPDATE").
if err := tx.Clauses(clause.Locking{Strength: "UPDATE"}).
Where("user_id = ?", userID).First(&sub).Error; err != nil {
return err
}
@@ -165,7 +173,7 @@ func (r *SubscriptionRepository) GetTierLimits(tier models.SubscriptionTier) (*m
var limits models.TierLimits
err := r.db.Where("tier = ?", tier).First(&limits).Error
if err != nil {
if err == gorm.ErrRecordNotFound {
if errors.Is(err, gorm.ErrRecordNotFound) {
// Return defaults
if tier == models.TierFree {
defaults := models.GetDefaultFreeLimits()
@@ -193,7 +201,7 @@ func (r *SubscriptionRepository) GetSettings() (*models.SubscriptionSettings, er
var settings models.SubscriptionSettings
err := r.db.First(&settings).Error
if err != nil {
if err == gorm.ErrRecordNotFound {
if errors.Is(err, gorm.ErrRecordNotFound) {
// Return default settings (limitations disabled)
return &models.SubscriptionSettings{
EnableLimitations: false,

79
internal/repositories/subscription_repo_test.go Normal file
View File

@@ -0,0 +1,79 @@
package repositories
import (
"testing"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"github.com/treytartt/casera-api/internal/models"
"github.com/treytartt/casera-api/internal/testutil"
)
func TestGetOrCreate_New_CreatesFreeTier(t *testing.T) {
db := testutil.SetupTestDB(t)
repo := NewSubscriptionRepository(db)
user := testutil.CreateTestUser(t, db, "owner", "owner@test.com", "password")
sub, err := repo.GetOrCreate(user.ID)
require.NoError(t, err)
require.NotNil(t, sub)
assert.Equal(t, user.ID, sub.UserID)
assert.Equal(t, models.TierFree, sub.Tier)
assert.True(t, sub.AutoRenew)
// Verify persisted
var count int64
db.Model(&models.UserSubscription{}).Where("user_id = ?", user.ID).Count(&count)
assert.Equal(t, int64(1), count, "should have exactly one subscription record")
}
func TestGetOrCreate_AlreadyExists_Returns(t *testing.T) {
db := testutil.SetupTestDB(t)
repo := NewSubscriptionRepository(db)
user := testutil.CreateTestUser(t, db, "owner", "owner@test.com", "password")
// Create a pro subscription manually
existing := &models.UserSubscription{
UserID: user.ID,
Tier: models.TierPro,
AutoRenew: true,
}
err := db.Create(existing).Error
require.NoError(t, err)
// GetOrCreate should return existing, not overwrite with free defaults
sub, err := repo.GetOrCreate(user.ID)
require.NoError(t, err)
require.NotNil(t, sub)
assert.Equal(t, existing.ID, sub.ID, "should return the existing record by ID")
assert.Equal(t, models.TierPro, sub.Tier, "should preserve existing pro tier, not overwrite with free")
// Verify still only one record
var count int64
db.Model(&models.UserSubscription{}).Where("user_id = ?", user.ID).Count(&count)
assert.Equal(t, int64(1), count, "should still have exactly one subscription record")
}
func TestGetOrCreate_Idempotent(t *testing.T) {
db := testutil.SetupTestDB(t)
repo := NewSubscriptionRepository(db)
user := testutil.CreateTestUser(t, db, "owner", "owner@test.com", "password")
sub1, err := repo.GetOrCreate(user.ID)
require.NoError(t, err)
sub2, err := repo.GetOrCreate(user.ID)
require.NoError(t, err)
assert.Equal(t, sub1.ID, sub2.ID)
var count int64
db.Model(&models.UserSubscription{}).Where("user_id = ?", user.ID).Count(&count)
assert.Equal(t, int64(1), count, "should have exactly one subscription record after two calls")
}

199
internal/repositories/task_repo.go
View File

@@ -5,6 +5,7 @@ import (
"fmt"
"time"
"github.com/rs/zerolog/log"
"gorm.io/gorm"
"github.com/treytartt/casera-api/internal/models"
@@ -25,6 +26,50 @@ func NewTaskRepository(db *gorm.DB) *TaskRepository {
return &TaskRepository{db: db}
}
// DB returns the underlying database connection.
// Used by services that need to run transactions spanning multiple operations.
func (r *TaskRepository) DB() *gorm.DB {
return r.db
}
// CreateCompletionTx creates a new task completion within an existing transaction.
func (r *TaskRepository) CreateCompletionTx(tx *gorm.DB, completion *models.TaskCompletion) error {
return tx.Create(completion).Error
}
// UpdateTx updates a task with optimistic locking within an existing transaction.
func (r *TaskRepository) UpdateTx(tx *gorm.DB, task *models.Task) error {
result := tx.Model(task).
Where("id = ? AND version = ?", task.ID, task.Version).
Omit("Residence", "CreatedBy", "AssignedTo", "Category", "Priority", "Frequency", "ParentTask", "Completions").
Updates(map[string]interface{}{
"title": task.Title,
"description": task.Description,
"category_id": task.CategoryID,
"priority_id": task.PriorityID,
"frequency_id": task.FrequencyID,
"custom_interval_days": task.CustomIntervalDays,
"in_progress": task.InProgress,
"assigned_to_id": task.AssignedToID,
"due_date": task.DueDate,
"next_due_date": task.NextDueDate,
"estimated_cost": task.EstimatedCost,
"actual_cost": task.ActualCost,
"contractor_id": task.ContractorID,
"is_cancelled": task.IsCancelled,
"is_archived": task.IsArchived,
"version": gorm.Expr("version + 1"),
})
if result.Error != nil {
return result.Error
}
if result.RowsAffected == 0 {
return ErrVersionConflict
}
task.Version++ // Update local copy
return nil
}
// === Task Filter Options ===
// TaskFilterOptions provides flexible filtering for task queries.
@@ -495,55 +540,39 @@ func buildKanbanColumns(
}
// GetKanbanData retrieves tasks organized for kanban display.
// Uses single-purpose query functions for each column type, ensuring consistency
// with notification handlers that use the same functions.
// Fetches all non-cancelled, non-archived tasks for the residence in a single query,
// then categorizes them in-memory using the task categorization chain for consistency
// with the predicate-based logic used throughout the application.
// The `now` parameter should be the start of day in the user's timezone for accurate overdue detection.
//
// Optimization: Preloads only minimal completion data (id, task_id, completed_at) for count/detection.
// Optimization: Single query with preloads, then in-memory categorization.
// Images and CompletedBy are NOT preloaded - fetch separately when viewing completion details.
func (r *TaskRepository) GetKanbanData(residenceID uint, daysThreshold int, now time.Time) (*models.KanbanBoard, error) {
opts := TaskFilterOptions{
ResidenceID: residenceID,
PreloadCreatedBy: true,
PreloadAssignedTo: true,
PreloadCompletions: true,
// Fetch all tasks for this residence in a single query (excluding cancelled/archived)
var allTasks []models.Task
query := r.db.Model(&models.Task{}).
Where("task_task.residence_id = ?", residenceID).
Preload("CreatedBy").
Preload("AssignedTo").
Preload("Completions", func(db *gorm.DB) *gorm.DB {
return db.Select("id", "task_id", "completed_at")
}).
Scopes(task.ScopeKanbanOrder)
if err := query.Find(&allTasks).Error; err != nil {
return nil, fmt.Errorf("get tasks for kanban: %w", err)
}
// Query each column using single-purpose functions
// These functions use the same scopes as notification handlers for consistency
overdue, err := r.GetOverdueTasks(now, opts)
if err != nil {
return nil, fmt.Errorf("get overdue tasks: %w", err)
}
// Categorize all tasks in-memory using the categorization chain
columnMap := categorization.CategorizeTasksIntoColumnsWithTime(allTasks, daysThreshold, now)
inProgress, err := r.GetInProgressTasks(opts)
if err != nil {
return nil, fmt.Errorf("get in-progress tasks: %w", err)
}
dueSoon, err := r.GetDueSoonTasks(now, daysThreshold, opts)
if err != nil {
return nil, fmt.Errorf("get due-soon tasks: %w", err)
}
upcoming, err := r.GetUpcomingTasks(now, daysThreshold, opts)
if err != nil {
return nil, fmt.Errorf("get upcoming tasks: %w", err)
}
completed, err := r.GetCompletedTasks(opts)
if err != nil {
return nil, fmt.Errorf("get completed tasks: %w", err)
}
// Intentionally hidden from board:
// cancelled/archived tasks are not returned as a kanban column.
// cancelled, err := r.GetCancelledTasks(opts)
// if err != nil {
// return nil, fmt.Errorf("get cancelled tasks: %w", err)
// }
columns := buildKanbanColumns(overdue, inProgress, dueSoon, upcoming, completed)
columns := buildKanbanColumns(
columnMap[categorization.ColumnOverdue],
columnMap[categorization.ColumnInProgress],
columnMap[categorization.ColumnDueSoon],
columnMap[categorization.ColumnUpcoming],
columnMap[categorization.ColumnCompleted],
)
return &models.KanbanBoard{
Columns: columns,
@@ -553,56 +582,39 @@ func (r *TaskRepository) GetKanbanData(residenceID uint, daysThreshold int, now
}
// GetKanbanDataForMultipleResidences retrieves tasks from multiple residences organized for kanban display.
// Uses single-purpose query functions for each column type, ensuring consistency
// with notification handlers that use the same functions.
// Fetches all tasks in a single query, then categorizes them in-memory using the
// task categorization chain for consistency with predicate-based logic.
// The `now` parameter should be the start of day in the user's timezone for accurate overdue detection.
//
// Optimization: Preloads only minimal completion data (id, task_id, completed_at) for count/detection.
// Optimization: Single query with preloads, then in-memory categorization.
// Images and CompletedBy are NOT preloaded - fetch separately when viewing completion details.
func (r *TaskRepository) GetKanbanDataForMultipleResidences(residenceIDs []uint, daysThreshold int, now time.Time) (*models.KanbanBoard, error) {
opts := TaskFilterOptions{
ResidenceIDs: residenceIDs,
PreloadCreatedBy: true,
PreloadAssignedTo: true,
PreloadResidence: true,
PreloadCompletions: true,
// Fetch all tasks for these residences in a single query (excluding cancelled/archived)
var allTasks []models.Task
query := r.db.Model(&models.Task{}).
Where("task_task.residence_id IN ?", residenceIDs).
Preload("CreatedBy").
Preload("AssignedTo").
Preload("Residence").
Preload("Completions", func(db *gorm.DB) *gorm.DB {
return db.Select("id", "task_id", "completed_at")
}).
Scopes(task.ScopeKanbanOrder)
if err := query.Find(&allTasks).Error; err != nil {
return nil, fmt.Errorf("get tasks for kanban: %w", err)
}
// Query each column using single-purpose functions
// These functions use the same scopes as notification handlers for consistency
overdue, err := r.GetOverdueTasks(now, opts)
if err != nil {
return nil, fmt.Errorf("get overdue tasks: %w", err)
}
// Categorize all tasks in-memory using the categorization chain
columnMap := categorization.CategorizeTasksIntoColumnsWithTime(allTasks, daysThreshold, now)
inProgress, err := r.GetInProgressTasks(opts)
if err != nil {
return nil, fmt.Errorf("get in-progress tasks: %w", err)
}
dueSoon, err := r.GetDueSoonTasks(now, daysThreshold, opts)
if err != nil {
return nil, fmt.Errorf("get due-soon tasks: %w", err)
}
upcoming, err := r.GetUpcomingTasks(now, daysThreshold, opts)
if err != nil {
return nil, fmt.Errorf("get upcoming tasks: %w", err)
}
completed, err := r.GetCompletedTasks(opts)
if err != nil {
return nil, fmt.Errorf("get completed tasks: %w", err)
}
// Intentionally hidden from board:
// cancelled/archived tasks are not returned as a kanban column.
// cancelled, err := r.GetCancelledTasks(opts)
// if err != nil {
// return nil, fmt.Errorf("get cancelled tasks: %w", err)
// }
columns := buildKanbanColumns(overdue, inProgress, dueSoon, upcoming, completed)
columns := buildKanbanColumns(
columnMap[categorization.ColumnOverdue],
columnMap[categorization.ColumnInProgress],
columnMap[categorization.ColumnDueSoon],
columnMap[categorization.ColumnUpcoming],
columnMap[categorization.ColumnCompleted],
)
return &models.KanbanBoard{
Columns: columns,
@@ -653,6 +665,19 @@ func (r *TaskRepository) CountByResidence(residenceID uint) (int64, error) {
return count, err
}
// CountByResidenceIDs counts all active tasks across multiple residences in a single query.
// Returns the total count of non-cancelled, non-archived tasks for the given residence IDs.
func (r *TaskRepository) CountByResidenceIDs(residenceIDs []uint) (int64, error) {
if len(residenceIDs) == 0 {
return 0, nil
}
var count int64
err := r.db.Model(&models.Task{}).
Where("residence_id IN ? AND is_cancelled = ? AND is_archived = ?", residenceIDs, false, false).
Count(&count).Error
return count, err
}
// === Task Completion Operations ===
// CreateCompletion creates a new task completion
@@ -705,7 +730,9 @@ func (r *TaskRepository) UpdateCompletion(completion *models.TaskCompletion) err
// DeleteCompletion deletes a task completion
func (r *TaskRepository) DeleteCompletion(id uint) error {
// Delete images first
r.db.Where("completion_id = ?", id).Delete(&models.TaskCompletionImage{})
if err := r.db.Where("completion_id = ?", id).Delete(&models.TaskCompletionImage{}).Error; err != nil {
log.Error().Err(err).Uint("completion_id", id).Msg("Failed to delete completion images")
}
return r.db.Delete(&models.TaskCompletion{}, id).Error
}

167
internal/repositories/task_repo_test.go
View File

@@ -2097,3 +2097,170 @@ func TestConsistency_OverduePredicateVsScopeVsRepo(t *testing.T) {
}
assert.Equal(t, expectedCount, len(repoTasks), "Overdue task count mismatch")
}
// TestGetKanbanData_CategorizesCorrectly verifies the single-query kanban approach
// produces correct column assignments for various task states.
func TestGetKanbanData_CategorizesCorrectly(t *testing.T) {
db := testutil.SetupTestDB(t)
repo := NewTaskRepository(db)
user := testutil.CreateTestUser(t, db, "owner", "owner@test.com", "password")
residence := testutil.CreateTestResidence(t, db, user.ID, "Test House")
now := time.Date(2025, 6, 15, 0, 0, 0, 0, time.UTC)
yesterday := now.AddDate(0, 0, -1)
tomorrow := now.AddDate(0, 0, 1)
nextMonth := now.AddDate(0, 1, 0)
// Create overdue task (due yesterday)
overdueTask := &models.Task{
ResidenceID: residence.ID,
CreatedByID: user.ID,
Title: "Overdue Task",
DueDate: &yesterday,
IsCancelled: false,
IsArchived: false,
Version: 1,
}
require.NoError(t, db.Create(overdueTask).Error)
// Create due-soon task (due tomorrow, within 30-day threshold)
dueSoonTask := &models.Task{
ResidenceID: residence.ID,
CreatedByID: user.ID,
Title: "Due Soon Task",
DueDate: &tomorrow,
IsCancelled: false,
IsArchived: false,
Version: 1,
}
require.NoError(t, db.Create(dueSoonTask).Error)
// Create upcoming task (due next month, outside 30-day threshold)
upcomingTask := &models.Task{
ResidenceID: residence.ID,
CreatedByID: user.ID,
Title: "Upcoming Task",
DueDate: &nextMonth,
IsCancelled: false,
IsArchived: false,
Version: 1,
}
require.NoError(t, db.Create(upcomingTask).Error)
// Create in-progress task
inProgressTask := &models.Task{
ResidenceID: residence.ID,
CreatedByID: user.ID,
Title: "In Progress Task",
DueDate: &tomorrow,
InProgress: true,
IsCancelled: false,
IsArchived: false,
Version: 1,
}
require.NoError(t, db.Create(inProgressTask).Error)
// Create completed task (no next due date, has completion)
completedTask := &models.Task{
ResidenceID: residence.ID,
CreatedByID: user.ID,
Title: "Completed Task",
DueDate: &yesterday,
IsCancelled: false,
IsArchived: false,
Version: 1,
}
require.NoError(t, db.Create(completedTask).Error)
completion := &models.TaskCompletion{
TaskID: completedTask.ID,
CompletedByID: user.ID,
CompletedAt: now,
}
require.NoError(t, db.Create(completion).Error)
// Create cancelled task (should NOT appear in kanban columns)
cancelledTask := &models.Task{
ResidenceID: residence.ID,
CreatedByID: user.ID,
Title: "Cancelled Task",
DueDate: &yesterday,
IsCancelled: true,
IsArchived: false,
Version: 1,
}
require.NoError(t, db.Create(cancelledTask).Error)
// Create archived task (should NOT appear in active kanban columns)
archivedTask := &models.Task{
ResidenceID: residence.ID,
CreatedByID: user.ID,
Title: "Archived Task",
DueDate: &yesterday,
IsCancelled: false,
IsArchived: true,
Version: 1,
}
require.NoError(t, db.Create(archivedTask).Error)
// Create no-due-date task (should go to upcoming)
noDueDateTask := &models.Task{
ResidenceID: residence.ID,
CreatedByID: user.ID,
Title: "No Due Date Task",
IsCancelled: false,
IsArchived: false,
Version: 1,
}
require.NoError(t, db.Create(noDueDateTask).Error)
// Execute kanban data retrieval
board, err := repo.GetKanbanData(residence.ID, 30, now)
require.NoError(t, err)
require.NotNil(t, board)
require.Len(t, board.Columns, 5, "Should have 5 visible columns")
// Build a map of column name -> task titles for easy assertion
columnTasks := make(map[string][]string)
for _, col := range board.Columns {
var titles []string
for _, task := range col.Tasks {
titles = append(titles, task.Title)
}
columnTasks[col.Name] = titles
}
// Verify overdue column
assert.Contains(t, columnTasks["overdue_tasks"], "Overdue Task",
"Overdue task should be in overdue column")
// Verify in-progress column
assert.Contains(t, columnTasks["in_progress_tasks"], "In Progress Task",
"In-progress task should be in in-progress column")
// Verify due-soon column
assert.Contains(t, columnTasks["due_soon_tasks"], "Due Soon Task",
"Due-soon task should be in due-soon column")
// Verify upcoming column contains both upcoming and no-due-date tasks
assert.Contains(t, columnTasks["upcoming_tasks"], "No Due Date Task",
"No-due-date task should be in upcoming column")
// Verify completed column
assert.Contains(t, columnTasks["completed_tasks"], "Completed Task",
"Completed task should be in completed column")
// Verify cancelled and archived tasks are categorized to the cancelled column
// (which is present in categorization but hidden from visible kanban columns)
// The cancelled/archived tasks should NOT appear in any of the 5 visible columns
allVisibleTitles := make(map[string]bool)
for _, col := range board.Columns {
for _, task := range col.Tasks {
allVisibleTitles[task.Title] = true
}
}
assert.False(t, allVisibleTitles["Cancelled Task"],
"Cancelled task should not appear in visible kanban columns")
assert.False(t, allVisibleTitles["Archived Task"],
"Archived task should not appear in visible kanban columns")
}

5
internal/repositories/task_template_repo.go
View File

@@ -45,7 +45,8 @@ func (r *TaskTemplateRepository) GetByCategory(categoryID uint) ([]models.TaskTe
// Search searches templates by title and tags
func (r *TaskTemplateRepository) Search(query string) ([]models.TaskTemplate, error) {
var templates []models.TaskTemplate
searchTerm := "%" + strings.ToLower(query) + "%"
escaped := escapeLikeWildcards(strings.ToLower(query))
searchTerm := "%" + escaped + "%"
err := r.db.
Preload("Category").
@@ -77,7 +78,7 @@ func (r *TaskTemplateRepository) Create(template *models.TaskTemplate) error {
// Update updates an existing task template
func (r *TaskTemplateRepository) Update(template *models.TaskTemplate) error {
return r.db.Save(template).Error
return r.db.Omit("Category", "Frequency").Save(template).Error
}
// Delete hard deletes a task template

11
internal/repositories/util.go Normal file
View File

@@ -0,0 +1,11 @@
package repositories
import "strings"
// escapeLikeWildcards escapes SQL LIKE wildcard characters in user input
// to prevent users from injecting wildcards like % or _ into search queries.
func escapeLikeWildcards(s string) string {
s = strings.ReplaceAll(s, "%", "\\%")
s = strings.ReplaceAll(s, "_", "\\_")
return s
}

1
internal/router/router.go
View File

@@ -129,6 +129,7 @@ func SetupRouter(deps *Dependencies) *echo.Echo {
taskService.SetResidenceService(residenceService) // For including TotalSummary in CRUD responses
taskService.SetStorageService(deps.StorageService) // For reading completion images for email
subscriptionService := services.NewSubscriptionService(subscriptionRepo, residenceRepo, taskRepo, contractorRepo, documentRepo)
residenceService.SetSubscriptionService(subscriptionService) // Wire up subscription service for tier limit enforcement
taskTemplateService := services.NewTaskTemplateService(taskTemplateRepo)
// Initialize webhook event repo for deduplication

12
internal/services/contractor_service.go
View File

@@ -195,6 +195,18 @@ func (s *ContractorService) UpdateContractor(contractorID, userID uint, req *req
if req.IsFavorite != nil {
contractor.IsFavorite = *req.IsFavorite
}
// If residence_id is provided, verify the user has access to the NEW residence.
// This prevents an attacker from reassigning a contractor to someone else's residence.
if req.ResidenceID != nil {
hasAccess, err := s.residenceRepo.HasAccess(*req.ResidenceID, userID)
if err != nil {
return nil, apperrors.Internal(err)
}
if !hasAccess {
return nil, apperrors.Forbidden("error.residence_access_denied")
}
}
// If residence_id is not sent in the request (nil), it means the user
// removed the residence association - contractor becomes personal
contractor.ResidenceID = req.ResidenceID

98
internal/services/contractor_service_test.go Normal file
View File

@@ -0,0 +1,98 @@
package services
import (
"net/http"
"testing"
"github.com/stretchr/testify/require"
"github.com/treytartt/casera-api/internal/dto/requests"
"github.com/treytartt/casera-api/internal/repositories"
"github.com/treytartt/casera-api/internal/testutil"
)
func setupContractorService(t *testing.T) (*ContractorService, *repositories.ContractorRepository, *repositories.ResidenceRepository) {
db := testutil.SetupTestDB(t)
testutil.SeedLookupData(t, db)
contractorRepo := repositories.NewContractorRepository(db)
residenceRepo := repositories.NewResidenceRepository(db)
service := NewContractorService(contractorRepo, residenceRepo)
return service, contractorRepo, residenceRepo
}
func TestUpdateContractor_CrossResidence_Returns403(t *testing.T) {
db := testutil.SetupTestDB(t)
testutil.SeedLookupData(t, db)
contractorRepo := repositories.NewContractorRepository(db)
residenceRepo := repositories.NewResidenceRepository(db)
service := NewContractorService(contractorRepo, residenceRepo)
// Create two users: owner and attacker
owner := testutil.CreateTestUser(t, db, "owner", "owner@test.com", "password")
attacker := testutil.CreateTestUser(t, db, "attacker", "attacker@test.com", "password")
// Owner creates a residence
ownerResidence := testutil.CreateTestResidence(t, db, owner.ID, "Owner House")
// Attacker creates a residence and a contractor in their residence
attackerResidence := testutil.CreateTestResidence(t, db, attacker.ID, "Attacker House")
contractor := testutil.CreateTestContractor(t, db, attackerResidence.ID, attacker.ID, "My Contractor")
// Attacker tries to reassign their contractor to the owner's residence
// This should be denied because the attacker does not have access to the owner's residence
newResidenceID := ownerResidence.ID
req := &requests.UpdateContractorRequest{
ResidenceID: &newResidenceID,
}
_, err := service.UpdateContractor(contractor.ID, attacker.ID, req)
require.Error(t, err, "should not allow reassigning contractor to a residence the user has no access to")
testutil.AssertAppErrorCode(t, err, http.StatusForbidden)
}
func TestUpdateContractor_SameResidence_Succeeds(t *testing.T) {
db := testutil.SetupTestDB(t)
testutil.SeedLookupData(t, db)
contractorRepo := repositories.NewContractorRepository(db)
residenceRepo := repositories.NewResidenceRepository(db)
service := NewContractorService(contractorRepo, residenceRepo)
owner := testutil.CreateTestUser(t, db, "owner", "owner@test.com", "password")
residence1 := testutil.CreateTestResidence(t, db, owner.ID, "House 1")
residence2 := testutil.CreateTestResidence(t, db, owner.ID, "House 2")
contractor := testutil.CreateTestContractor(t, db, residence1.ID, owner.ID, "My Contractor")
// Owner reassigns contractor to their other residence - should succeed
newResidenceID := residence2.ID
newName := "Updated Contractor"
req := &requests.UpdateContractorRequest{
Name: &newName,
ResidenceID: &newResidenceID,
}
resp, err := service.UpdateContractor(contractor.ID, owner.ID, req)
require.NoError(t, err, "should allow reassigning contractor to a residence the user owns")
require.NotNil(t, resp)
require.Equal(t, "Updated Contractor", resp.Name)
}
func TestUpdateContractor_RemoveResidence_Succeeds(t *testing.T) {
db := testutil.SetupTestDB(t)
testutil.SeedLookupData(t, db)
contractorRepo := repositories.NewContractorRepository(db)
residenceRepo := repositories.NewResidenceRepository(db)
service := NewContractorService(contractorRepo, residenceRepo)
owner := testutil.CreateTestUser(t, db, "owner", "owner@test.com", "password")
residence := testutil.CreateTestResidence(t, db, owner.ID, "My House")
contractor := testutil.CreateTestContractor(t, db, residence.ID, owner.ID, "My Contractor")
// Setting ResidenceID to nil should remove the residence association (make it personal)
req := &requests.UpdateContractorRequest{
ResidenceID: nil,
}
resp, err := service.UpdateContractor(contractor.ID, owner.ID, req)
require.NoError(t, err, "should allow removing residence association")
require.NotNil(t, resp)
}

25
internal/services/iap_validation.go
View File

@@ -323,10 +323,21 @@ func (c *AppleIAPClient) ValidateReceipt(ctx context.Context, receiptData string
}, nil
}
// validateLegacyReceipt uses Apple's legacy verifyReceipt endpoint
// validateLegacyReceipt uses Apple's legacy verifyReceipt endpoint.
// It delegates to validateLegacyReceiptWithSandbox using the client's
// configured sandbox setting. This avoids mutating the struct field
// during the sandbox-retry flow, which caused a data race when
// multiple goroutines shared the same AppleIAPClient.
func (c *AppleIAPClient) validateLegacyReceipt(ctx context.Context, receiptData string) (*AppleValidationResult, error) {
return c.validateLegacyReceiptWithSandbox(ctx, receiptData, c.sandbox)
}
// validateLegacyReceiptWithSandbox performs legacy receipt validation against
// the specified environment. The sandbox parameter is passed by value (not
// stored on the struct) so this function is safe for concurrent use.
func (c *AppleIAPClient) validateLegacyReceiptWithSandbox(ctx context.Context, receiptData string, useSandbox bool) (*AppleValidationResult, error) {
url := "https://buy.itunes.apple.com/verifyReceipt"
if c.sandbox {
if useSandbox {
url = "https://sandbox.itunes.apple.com/verifyReceipt"
}
@@ -378,12 +389,10 @@ func (c *AppleIAPClient) validateLegacyReceipt(ctx context.Context, receiptData
}
// Status codes: 0 = valid, 21007 = sandbox receipt on production, 21008 = production receipt on sandbox
if legacyResponse.Status == 21007 && !c.sandbox {
// Retry with sandbox
c.sandbox = true
result, err := c.validateLegacyReceipt(ctx, receiptData)
c.sandbox = false
return result, err
if legacyResponse.Status == 21007 && !useSandbox {
// Retry with sandbox -- pass sandbox=true as a parameter instead of
// mutating c.sandbox, which avoids a data race.
return c.validateLegacyReceiptWithSandbox(ctx, receiptData, true)
}
if legacyResponse.Status != 0 {

43
internal/services/notification_service.go
View File

@@ -355,20 +355,43 @@ func (s *NotificationService) ListDevices(userID uint) ([]DeviceResponse, error)
return result, nil
}
// DeleteDevice deletes a device
// DeleteDevice deactivates a device after verifying it belongs to the requesting user.
// Without ownership verification, an attacker could deactivate push notifications for other users.
func (s *NotificationService) DeleteDevice(deviceID uint, platform string, userID uint) error {
var err error
switch platform {
case push.PlatformIOS:
err = s.notificationRepo.DeactivateAPNSDevice(deviceID)
device, err := s.notificationRepo.FindAPNSDeviceByID(deviceID)
if err != nil {
if errors.Is(err, gorm.ErrRecordNotFound) {
return apperrors.NotFound("error.device_not_found")
}
return apperrors.Internal(err)
}
// Verify the device belongs to the requesting user
if device.UserID == nil || *device.UserID != userID {
return apperrors.Forbidden("error.device_access_denied")
}
if err := s.notificationRepo.DeactivateAPNSDevice(deviceID); err != nil {
return apperrors.Internal(err)
}
case push.PlatformAndroid:
err = s.notificationRepo.DeactivateGCMDevice(deviceID)
device, err := s.notificationRepo.FindGCMDeviceByID(deviceID)
if err != nil {
if errors.Is(err, gorm.ErrRecordNotFound) {
return apperrors.NotFound("error.device_not_found")
}
return apperrors.Internal(err)
}
// Verify the device belongs to the requesting user
if device.UserID == nil || *device.UserID != userID {
return apperrors.Forbidden("error.device_access_denied")
}
if err := s.notificationRepo.DeactivateGCMDevice(deviceID); err != nil {
return apperrors.Internal(err)
}
default:
return apperrors.BadRequest("error.invalid_platform")
}
if err != nil {
return apperrors.Internal(err)
}
return nil
}
@@ -549,9 +572,9 @@ func NewGCMDeviceResponse(d *models.GCMDevice) *DeviceResponse {
// RegisterDeviceRequest represents device registration request
type RegisterDeviceRequest struct {
Name string `json:"name"`
DeviceID string `json:"device_id" binding:"required"`
RegistrationID string `json:"registration_id" binding:"required"`
Platform string `json:"platform" binding:"required,oneof=ios android"`
DeviceID string `json:"device_id" validate:"required"`
RegistrationID string `json:"registration_id" validate:"required"`
Platform string `json:"platform" validate:"required,oneof=ios android"`
}
// === Task Notifications with Actions ===

126
internal/services/notification_service_test.go Normal file
View File

@@ -0,0 +1,126 @@
package services
import (
"net/http"
"testing"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"github.com/treytartt/casera-api/internal/models"
"github.com/treytartt/casera-api/internal/push"
"github.com/treytartt/casera-api/internal/repositories"
"github.com/treytartt/casera-api/internal/testutil"
)
func setupNotificationService(t *testing.T) (*NotificationService, *repositories.NotificationRepository) {
db := testutil.SetupTestDB(t)
notifRepo := repositories.NewNotificationRepository(db)
// pushClient is nil for testing (no actual push sends)
service := NewNotificationService(notifRepo, nil)
return service, notifRepo
}
func TestDeleteDevice_WrongUser_Returns403(t *testing.T) {
db := testutil.SetupTestDB(t)
notifRepo := repositories.NewNotificationRepository(db)
service := NewNotificationService(notifRepo, nil)
owner := testutil.CreateTestUser(t, db, "owner", "owner@test.com", "password")
attacker := testutil.CreateTestUser(t, db, "attacker", "attacker@test.com", "password")
// Register an iOS device for the owner
device := &models.APNSDevice{
UserID: &owner.ID,
Name: "Owner iPhone",
DeviceID: "device-123",
RegistrationID: "token-abc",
Active: true,
}
err := db.Create(device).Error
require.NoError(t, err)
// Attacker tries to deactivate the owner's device
err = service.DeleteDevice(device.ID, push.PlatformIOS, attacker.ID)
require.Error(t, err, "should not allow deleting another user's device")
testutil.AssertAppErrorCode(t, err, http.StatusForbidden)
// Verify the device is still active
var found models.APNSDevice
err = db.First(&found, device.ID).Error
require.NoError(t, err)
assert.True(t, found.Active, "device should still be active after failed deletion")
}
func TestDeleteDevice_CorrectUser_Succeeds(t *testing.T) {
db := testutil.SetupTestDB(t)
notifRepo := repositories.NewNotificationRepository(db)
service := NewNotificationService(notifRepo, nil)
owner := testutil.CreateTestUser(t, db, "owner", "owner@test.com", "password")
// Register an iOS device for the owner
device := &models.APNSDevice{
UserID: &owner.ID,
Name: "Owner iPhone",
DeviceID: "device-123",
RegistrationID: "token-abc",
Active: true,
}
err := db.Create(device).Error
require.NoError(t, err)
// Owner deactivates their own device
err = service.DeleteDevice(device.ID, push.PlatformIOS, owner.ID)
require.NoError(t, err, "owner should be able to deactivate their own device")
// Verify the device is now inactive
var found models.APNSDevice
err = db.First(&found, device.ID).Error
require.NoError(t, err)
assert.False(t, found.Active, "device should be deactivated")
}
func TestDeleteDevice_WrongUser_Android_Returns403(t *testing.T) {
db := testutil.SetupTestDB(t)
notifRepo := repositories.NewNotificationRepository(db)
service := NewNotificationService(notifRepo, nil)
owner := testutil.CreateTestUser(t, db, "owner", "owner@test.com", "password")
attacker := testutil.CreateTestUser(t, db, "attacker", "attacker@test.com", "password")
// Register an Android device for the owner
device := &models.GCMDevice{
UserID: &owner.ID,
Name: "Owner Pixel",
DeviceID: "device-456",
RegistrationID: "token-def",
CloudMessageType: "FCM",
Active: true,
}
err := db.Create(device).Error
require.NoError(t, err)
// Attacker tries to deactivate the owner's Android device
err = service.DeleteDevice(device.ID, push.PlatformAndroid, attacker.ID)
require.Error(t, err, "should not allow deleting another user's Android device")
testutil.AssertAppErrorCode(t, err, http.StatusForbidden)
// Verify the device is still active
var found models.GCMDevice
err = db.First(&found, device.ID).Error
require.NoError(t, err)
assert.True(t, found.Active, "Android device should still be active after failed deletion")
}
func TestDeleteDevice_NonExistent_Returns404(t *testing.T) {
db := testutil.SetupTestDB(t)
notifRepo := repositories.NewNotificationRepository(db)
service := NewNotificationService(notifRepo, nil)
user := testutil.CreateTestUser(t, db, "owner", "owner@test.com", "password")
err := service.DeleteDevice(99999, push.PlatformIOS, user.ID)
require.Error(t, err, "should return error for non-existent device")
testutil.AssertAppErrorCode(t, err, http.StatusNotFound)
}

35
internal/services/onboarding_email_service.go
View File

@@ -40,9 +40,12 @@ func generateTrackingID() string {
// HasSentEmail checks if a specific email type has already been sent to a user
func (s *OnboardingEmailService) HasSentEmail(userID uint, emailType models.OnboardingEmailType) bool {
var count int64
s.db.Model(&models.OnboardingEmail{}).
if err := s.db.Model(&models.OnboardingEmail{}).
Where("user_id = ? AND email_type = ?", userID, emailType).
Count(&count)
Count(&count).Error; err != nil {
log.Error().Err(err).Uint("user_id", userID).Str("email_type", string(emailType)).Msg("Failed to check if email was sent")
return false
}
return count > 0
}
@@ -125,23 +128,31 @@ func (s *OnboardingEmailService) GetEmailStats() (*OnboardingEmailStats, error)
// No residence email stats
var noResTotal, noResOpened int64
s.db.Model(&models.OnboardingEmail{}).
if err := s.db.Model(&models.OnboardingEmail{}).
Where("email_type = ?", models.OnboardingEmailNoResidence).
Count(&noResTotal)
s.db.Model(&models.OnboardingEmail{}).
Count(&noResTotal).Error; err != nil {
log.Error().Err(err).Msg("Failed to count no-residence emails")
}
if err := s.db.Model(&models.OnboardingEmail{}).
Where("email_type = ? AND opened_at IS NOT NULL", models.OnboardingEmailNoResidence).
Count(&noResOpened)
Count(&noResOpened).Error; err != nil {
log.Error().Err(err).Msg("Failed to count opened no-residence emails")
}
stats.NoResidenceTotal = noResTotal
stats.NoResidenceOpened = noResOpened
// No tasks email stats
var noTasksTotal, noTasksOpened int64
s.db.Model(&models.OnboardingEmail{}).
if err := s.db.Model(&models.OnboardingEmail{}).
Where("email_type = ?", models.OnboardingEmailNoTasks).
Count(&noTasksTotal)
s.db.Model(&models.OnboardingEmail{}).
Count(&noTasksTotal).Error; err != nil {
log.Error().Err(err).Msg("Failed to count no-tasks emails")
}
if err := s.db.Model(&models.OnboardingEmail{}).
Where("email_type = ? AND opened_at IS NOT NULL", models.OnboardingEmailNoTasks).
Count(&noTasksOpened)
Count(&noTasksOpened).Error; err != nil {
log.Error().Err(err).Msg("Failed to count opened no-tasks emails")
}
stats.NoTasksTotal = noTasksTotal
stats.NoTasksOpened = noTasksOpened
@@ -351,7 +362,9 @@ func (s *OnboardingEmailService) SendOnboardingEmailToUser(userID uint, emailTyp
// If already sent before, delete the old record first to allow re-recording
// This allows admins to "resend" emails while still tracking them
if alreadySent {
s.db.Where("user_id = ? AND email_type = ?", userID, emailType).Delete(&models.OnboardingEmail{})
if err := s.db.Where("user_id = ? AND email_type = ?", userID, emailType).Delete(&models.OnboardingEmail{}).Error; err != nil {
log.Error().Err(err).Uint("user_id", userID).Str("email_type", string(emailType)).Msg("Failed to delete old onboarding email record before resend")
}
}
// Record that email was sent

51
internal/services/path_utils.go Normal file
View File

@@ -0,0 +1,51 @@
package services
import (
"fmt"
"path/filepath"
"strings"
)
// SafeResolvePath resolves a user-supplied relative path within a base directory.
// Returns an error if the resolved path escapes the base directory (path traversal).
// The baseDir must be an absolute path.
func SafeResolvePath(baseDir, userInput string) (string, error) {
if userInput == "" {
return "", fmt.Errorf("empty path")
}
// Reject absolute paths
if filepath.IsAbs(userInput) {
return "", fmt.Errorf("absolute paths not allowed")
}
// Clean the user input to resolve . and .. components
cleaned := filepath.Clean(userInput)
// After cleaning, check if it starts with .. (escapes base)
if strings.HasPrefix(cleaned, "..") {
return "", fmt.Errorf("path traversal detected")
}
// Resolve the base directory to an absolute path
absBase, err := filepath.Abs(baseDir)
if err != nil {
return "", fmt.Errorf("invalid base directory: %w", err)
}
// Join and resolve the full path
fullPath := filepath.Join(absBase, cleaned)
// Final containment check: the resolved path must be within the base directory
absFullPath, err := filepath.Abs(fullPath)
if err != nil {
return "", fmt.Errorf("invalid resolved path: %w", err)
}
// Ensure the resolved path is strictly inside the base directory (not the base itself)
if !strings.HasPrefix(absFullPath, absBase+string(filepath.Separator)) {
return "", fmt.Errorf("path traversal detected")
}
return absFullPath, nil
}

55
internal/services/path_utils_test.go Normal file
View File

@@ -0,0 +1,55 @@
package services
import (
"testing"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
func TestSafeResolvePath_Normal_Resolves(t *testing.T) {
result, err := SafeResolvePath("/var/uploads", "images/photo.jpg")
require.NoError(t, err)
assert.Equal(t, "/var/uploads/images/photo.jpg", result)
}
func TestSafeResolvePath_SubdirPath_Resolves(t *testing.T) {
result, err := SafeResolvePath("/var/uploads", "documents/2024/report.pdf")
require.NoError(t, err)
assert.Equal(t, "/var/uploads/documents/2024/report.pdf", result)
}
func TestSafeResolvePath_DotDotTraversal_Blocked(t *testing.T) {
tests := []struct {
name string
input string
}{
{"simple dotdot", "../etc/passwd"},
{"nested dotdot", "../../etc/shadow"},
{"embedded dotdot", "images/../../etc/passwd"},
{"deep dotdot", "a/b/c/../../../../etc/passwd"},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
_, err := SafeResolvePath("/var/uploads", tt.input)
assert.Error(t, err, "path traversal should be blocked: %s", tt.input)
})
}
}
func TestSafeResolvePath_AbsolutePath_Blocked(t *testing.T) {
_, err := SafeResolvePath("/var/uploads", "/etc/passwd")
assert.Error(t, err, "absolute paths should be blocked")
}
func TestSafeResolvePath_EmptyPath_Blocked(t *testing.T) {
_, err := SafeResolvePath("/var/uploads", "")
assert.Error(t, err, "empty paths should be blocked")
}
func TestSafeResolvePath_CurrentDir_Blocked(t *testing.T) {
// "." resolves to the base dir itself — this is not a file, so block it
_, err := SafeResolvePath("/var/uploads", ".")
assert.Error(t, err, "bare current directory should be blocked")
}

7
internal/services/pdf_service.go
View File

@@ -126,10 +126,11 @@ func (s *PDFService) GenerateTasksReportPDF(report *TasksReportResponse) ([]byte
pdf.SetFillColor(255, 255, 255) // White
}
// Title (truncate if too long)
// Title (truncate if too long, use runes to avoid cutting multi-byte UTF-8 characters)
title := task.Title
if len(title) > 35 {
title = title[:32] + "..."
titleRunes := []rune(title)
if len(titleRunes) > 35 {
title = string(titleRunes[:32]) + "..."
}
// Status text

28
internal/services/residence_service.go
View File

@@ -4,6 +4,7 @@ import (
"errors"
"time"
"github.com/rs/zerolog/log"
"gorm.io/gorm"
"github.com/treytartt/casera-api/internal/apperrors"
@@ -31,10 +32,11 @@ var (
// ResidenceService handles residence business logic
type ResidenceService struct {
residenceRepo *repositories.ResidenceRepository
userRepo *repositories.UserRepository
taskRepo *repositories.TaskRepository
config *config.Config
residenceRepo *repositories.ResidenceRepository
userRepo *repositories.UserRepository
taskRepo *repositories.TaskRepository
subscriptionService *SubscriptionService
config *config.Config
}
// NewResidenceService creates a new residence service
@@ -51,6 +53,11 @@ func (s *ResidenceService) SetTaskRepository(taskRepo *repositories.TaskReposito
s.taskRepo = taskRepo
}
// SetSubscriptionService sets the subscription service (used for tier limit enforcement)
func (s *ResidenceService) SetSubscriptionService(subService *SubscriptionService) {
s.subscriptionService = subService
}
// GetResidence gets a residence by ID with access check
func (s *ResidenceService) GetResidence(residenceID, userID uint) (*responses.ResidenceResponse, error) {
// Check access
@@ -152,12 +159,12 @@ func (s *ResidenceService) getSummaryForUser(_ uint) responses.TotalSummary {
// CreateResidence creates a new residence and returns it with updated summary
func (s *ResidenceService) CreateResidence(req *requests.CreateResidenceRequest, ownerID uint) (*responses.ResidenceWithSummaryResponse, error) {
// TODO: Check subscription tier limits
// count, err := s.residenceRepo.CountByOwner(ownerID)
// if err != nil {
// return nil, err
// }
// Check against tier limits...
// Check subscription tier limits (if subscription service is wired up)
if s.subscriptionService != nil {
if err := s.subscriptionService.CheckLimit(ownerID, "properties"); err != nil {
return nil, err
}
}
isPrimary := true
if req.IsPrimary != nil {
@@ -447,6 +454,7 @@ func (s *ResidenceService) JoinWithCode(code string, userID uint) (*responses.Jo
if err := s.residenceRepo.DeactivateShareCode(shareCode.ID); err != nil {
// Log the error but don't fail the join - the user has already been added
// The code will just be usable by others until it expires
log.Error().Err(err).Uint("code_id", shareCode.ID).Msg("Failed to deactivate share code after join")
}
// Get the residence with full details

123
internal/services/residence_service_test.go
View File

@@ -1,15 +1,19 @@
package services
import (
"fmt"
"net/http"
"testing"
"time"
"github.com/shopspring/decimal"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"gorm.io/gorm"
"github.com/treytartt/casera-api/internal/config"
"github.com/treytartt/casera-api/internal/dto/requests"
"github.com/treytartt/casera-api/internal/models"
"github.com/treytartt/casera-api/internal/repositories"
"github.com/treytartt/casera-api/internal/testutil"
)
@@ -333,3 +337,122 @@ func TestResidenceService_RemoveUser_CannotRemoveOwner(t *testing.T) {
err := service.RemoveUser(residence.ID, owner.ID, owner.ID)
testutil.AssertAppError(t, err, http.StatusBadRequest, "error.cannot_remove_owner")
}
// setupResidenceServiceWithSubscription creates a ResidenceService wired with a
// SubscriptionService, enabling tier limit enforcement in tests.
func setupResidenceServiceWithSubscription(t *testing.T) (*ResidenceService, *gorm.DB) {
db := testutil.SetupTestDB(t)
residenceRepo := repositories.NewResidenceRepository(db)
userRepo := repositories.NewUserRepository(db)
taskRepo := repositories.NewTaskRepository(db)
contractorRepo := repositories.NewContractorRepository(db)
documentRepo := repositories.NewDocumentRepository(db)
subscriptionRepo := repositories.NewSubscriptionRepository(db)
cfg := &config.Config{}
service := NewResidenceService(residenceRepo, userRepo, cfg)
subscriptionService := NewSubscriptionService(subscriptionRepo, residenceRepo, taskRepo, contractorRepo, documentRepo)
service.SetSubscriptionService(subscriptionService)
return service, db
}
func TestCreateResidence_FreeTier_EnforcesLimit(t *testing.T) {
service, db := setupResidenceServiceWithSubscription(t)
owner := testutil.CreateTestUser(t, db, "owner", "owner@test.com", "password")
// Enable global limitations
db.Where("1=1").Delete(&models.SubscriptionSettings{})
err := db.Create(&models.SubscriptionSettings{EnableLimitations: true}).Error
require.NoError(t, err)
// Set free tier limit to 1 property
one := 1
db.Where("tier = ?", models.TierFree).Delete(&models.TierLimits{})
err = db.Create(&models.TierLimits{
Tier: models.TierFree,
PropertiesLimit: &one,
}).Error
require.NoError(t, err)
// Ensure user has a free-tier subscription record
subscriptionRepo := repositories.NewSubscriptionRepository(db)
_, err = subscriptionRepo.GetOrCreate(owner.ID)
require.NoError(t, err)
// First residence should succeed (under the limit)
req := &requests.CreateResidenceRequest{
Name: "First House",
StreetAddress: "1 Main St",
City: "Austin",
StateProvince: "TX",
PostalCode: "78701",
}
resp, err := service.CreateResidence(req, owner.ID)
require.NoError(t, err)
assert.Equal(t, "First House", resp.Data.Name)
// Second residence should be rejected (at the limit)
req2 := &requests.CreateResidenceRequest{
Name: "Second House",
StreetAddress: "2 Main St",
City: "Austin",
StateProvince: "TX",
PostalCode: "78702",
}
_, err = service.CreateResidence(req2, owner.ID)
testutil.AssertAppError(t, err, http.StatusForbidden, "error.properties_limit_exceeded")
}
func TestCreateResidence_ProTier_AllowsMore(t *testing.T) {
service, db := setupResidenceServiceWithSubscription(t)
owner := testutil.CreateTestUser(t, db, "owner", "owner@test.com", "password")
// Enable global limitations
db.Where("1=1").Delete(&models.SubscriptionSettings{})
err := db.Create(&models.SubscriptionSettings{EnableLimitations: true}).Error
require.NoError(t, err)
// Set free tier limit to 1 property (pro is unlimited by default: nil limits)
one := 1
db.Where("tier = ?", models.TierFree).Delete(&models.TierLimits{})
err = db.Create(&models.TierLimits{
Tier: models.TierFree,
PropertiesLimit: &one,
}).Error
require.NoError(t, err)
// Create a pro-tier subscription for the user
subscriptionRepo := repositories.NewSubscriptionRepository(db)
sub, err := subscriptionRepo.GetOrCreate(owner.ID)
require.NoError(t, err)
// Upgrade to Pro with a future expiration
future := time.Now().UTC().Add(30 * 24 * time.Hour)
sub.Tier = models.TierPro
sub.ExpiresAt = &future
sub.SubscribedAt = ptrTime(time.Now().UTC())
err = subscriptionRepo.Update(sub)
require.NoError(t, err)
// Create multiple residences — all should succeed for Pro users
for i := 1; i <= 3; i++ {
req := &requests.CreateResidenceRequest{
Name: fmt.Sprintf("House %d", i),
StreetAddress: fmt.Sprintf("%d Main St", i),
City: "Austin",
StateProvince: "TX",
PostalCode: "78701",
}
resp, err := service.CreateResidence(req, owner.ID)
require.NoError(t, err, "Pro user should be able to create residence %d", i)
assert.Equal(t, fmt.Sprintf("House %d", i), resp.Data.Name)
}
}
// ptrTime returns a pointer to the given time.
func ptrTime(t time.Time) *time.Time {
return &t
}

20
internal/services/storage_service.go
View File

@@ -72,7 +72,7 @@ func (s *StorageService) Upload(file *multipart.FileHeader, category string) (*U
if ext == "" {
ext = s.getExtensionFromMimeType(mimeType)
}
newFilename := fmt.Sprintf("%s_%s%s", time.Now().Format("20060102"), uuid.New().String()[:8], ext)
newFilename := fmt.Sprintf("%s_%s%s", time.Now().Format("20060102"), uuid.New().String(), ext)
// Determine subdirectory based on category
subdir := "images"
@@ -134,9 +134,15 @@ func (s *StorageService) Delete(fileURL string) error {
fullPath := filepath.Join(s.cfg.UploadDir, relativePath)
// Security check: ensure path is within upload directory
absUploadDir, _ := filepath.Abs(s.cfg.UploadDir)
absFilePath, _ := filepath.Abs(fullPath)
if !strings.HasPrefix(absFilePath, absUploadDir) {
absUploadDir, err := filepath.Abs(s.cfg.UploadDir)
if err != nil {
return fmt.Errorf("failed to resolve upload directory: %w", err)
}
absFilePath, err := filepath.Abs(fullPath)
if err != nil {
return fmt.Errorf("failed to resolve file path: %w", err)
}
if !strings.HasPrefix(absFilePath, absUploadDir+string(filepath.Separator)) && absFilePath != absUploadDir {
return fmt.Errorf("invalid file path")
}
@@ -181,3 +187,9 @@ func (s *StorageService) getExtensionFromMimeType(mimeType string) string {
func (s *StorageService) GetUploadDir() string {
return s.cfg.UploadDir
}
// NewStorageServiceForTest creates a StorageService without creating directories.
// This is intended only for unit tests that need a StorageService with a known config.
func NewStorageServiceForTest(cfg *config.StorageConfig) *StorageService {
return &StorageService{cfg: cfg}
}

212
internal/services/subscription_service.go
View File

@@ -3,9 +3,9 @@ package services
import (
"context"
"errors"
"log"
"time"
"github.com/rs/zerolog/log"
"gorm.io/gorm"
"github.com/treytartt/casera-api/internal/apperrors"
@@ -74,11 +74,11 @@ func NewSubscriptionService(
appleClient, err := NewAppleIAPClient(cfg.AppleIAP)
if err != nil {
if !errors.Is(err, ErrIAPNotConfigured) {
log.Printf("Warning: Failed to initialize Apple IAP client: %v", err)
log.Warn().Err(err).Msg("Failed to initialize Apple IAP client")
}
} else {
svc.appleClient = appleClient
log.Println("Apple IAP validation client initialized")
log.Info().Msg("Apple IAP validation client initialized")
}
// Initialize Google IAP client
@@ -86,11 +86,11 @@ func NewSubscriptionService(
googleClient, err := NewGoogleIAPClient(ctx, cfg.GoogleIAP)
if err != nil {
if !errors.Is(err, ErrIAPNotConfigured) {
log.Printf("Warning: Failed to initialize Google IAP client: %v", err)
log.Warn().Err(err).Msg("Failed to initialize Google IAP client")
}
} else {
svc.googleClient = googleClient
log.Println("Google IAP validation client initialized")
log.Info().Msg("Google IAP validation client initialized")
}
}
@@ -173,7 +173,8 @@ func (s *SubscriptionService) GetSubscriptionStatus(userID uint) (*SubscriptionS
return resp, nil
}
// getUserUsage calculates current usage for a user
// getUserUsage calculates current usage for a user.
// Uses batch COUNT queries (O(1) queries) instead of per-residence queries (O(N)).
func (s *SubscriptionService) getUserUsage(userID uint) (*UsageResponse, error) {
residences, err := s.residenceRepo.FindOwnedByUser(userID)
if err != nil {
@@ -181,26 +182,26 @@ func (s *SubscriptionService) getUserUsage(userID uint) (*UsageResponse, error)
}
propertiesCount := int64(len(residences))
// Count tasks, contractors, and documents across all user's residences
var tasksCount, contractorsCount, documentsCount int64
for _, r := range residences {
tc, err := s.taskRepo.CountByResidence(r.ID)
if err != nil {
return nil, apperrors.Internal(err)
}
tasksCount += tc
// Collect residence IDs for batch queries
residenceIDs := make([]uint, len(residences))
for i, r := range residences {
residenceIDs[i] = r.ID
}
cc, err := s.contractorRepo.CountByResidence(r.ID)
if err != nil {
return nil, apperrors.Internal(err)
}
contractorsCount += cc
// Count tasks, contractors, and documents across all residences with single queries each
tasksCount, err := s.taskRepo.CountByResidenceIDs(residenceIDs)
if err != nil {
return nil, apperrors.Internal(err)
}
dc, err := s.documentRepo.CountByResidence(r.ID)
if err != nil {
return nil, apperrors.Internal(err)
}
documentsCount += dc
contractorsCount, err := s.contractorRepo.CountByResidenceIDs(residenceIDs)
if err != nil {
return nil, apperrors.Internal(err)
}
documentsCount, err := s.documentRepo.CountByResidenceIDs(residenceIDs)
if err != nil {
return nil, apperrors.Internal(err)
}
return &UsageResponse{
@@ -342,46 +343,40 @@ func (s *SubscriptionService) ProcessApplePurchase(userID uint, receiptData stri
return nil, apperrors.Internal(err)
}
// Validate with Apple if client is configured
var expiresAt time.Time
if s.appleClient != nil {
ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
defer cancel()
var result *AppleValidationResult
var err error
// Prefer transaction ID (StoreKit 2), fall back to receipt data (StoreKit 1)
if transactionID != "" {
result, err = s.appleClient.ValidateTransaction(ctx, transactionID)
} else if receiptData != "" {
result, err = s.appleClient.ValidateReceipt(ctx, receiptData)
}
if err != nil {
// Log the validation error
log.Printf("Apple validation warning for user %d: %v", userID, err)
// Check if it's a fatal error
if errors.Is(err, ErrInvalidReceipt) || errors.Is(err, ErrSubscriptionCancelled) {
return nil, err
}
// For other errors (network, etc.), fall back with shorter expiry
expiresAt = time.Now().UTC().AddDate(0, 1, 0) // 1 month fallback
} else if result != nil {
// Use the expiration date from Apple
expiresAt = result.ExpiresAt
log.Printf("Apple purchase validated for user %d: product=%s, expires=%v, env=%s",
userID, result.ProductID, result.ExpiresAt, result.Environment)
}
} else {
// Apple validation not configured - trust client but log warning
log.Printf("Warning: Apple IAP validation not configured, trusting client for user %d", userID)
expiresAt = time.Now().UTC().AddDate(1, 0, 0) // 1 year default
// Apple IAP client must be configured to validate purchases.
// Without server-side validation, we cannot trust client-provided receipts.
if s.appleClient == nil {
log.Error().Uint("user_id", userID).Msg("Apple IAP validation not configured, rejecting purchase")
return nil, apperrors.BadRequest("error.iap_validation_not_configured")
}
// Upgrade to Pro with the determined expiration
ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
defer cancel()
var result *AppleValidationResult
var err error
// Prefer transaction ID (StoreKit 2), fall back to receipt data (StoreKit 1)
if transactionID != "" {
result, err = s.appleClient.ValidateTransaction(ctx, transactionID)
} else if receiptData != "" {
result, err = s.appleClient.ValidateReceipt(ctx, receiptData)
}
if err != nil {
// Validation failed -- do NOT fall through to grant Pro.
log.Error().Err(err).Uint("user_id", userID).Msg("Apple validation failed")
return nil, err
}
if result == nil {
return nil, apperrors.BadRequest("error.no_receipt_or_transaction")
}
expiresAt := result.ExpiresAt
log.Info().Uint("user_id", userID).Str("product", result.ProductID).Time("expires", result.ExpiresAt).Str("env", result.Environment).Msg("Apple purchase validated")
// Upgrade to Pro with the validated expiration
if err := s.subscriptionRepo.UpgradeToPro(userID, expiresAt, "ios"); err != nil {
return nil, apperrors.Internal(err)
}
@@ -397,59 +392,48 @@ func (s *SubscriptionService) ProcessGooglePurchase(userID uint, purchaseToken s
return nil, apperrors.Internal(err)
}
// Validate the purchase with Google if client is configured
var expiresAt time.Time
if s.googleClient != nil {
ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
defer cancel()
var result *GoogleValidationResult
var err error
// If productID is provided, use it directly; otherwise try known IDs
if productID != "" {
result, err = s.googleClient.ValidateSubscription(ctx, productID, purchaseToken)
} else {
result, err = s.googleClient.ValidatePurchaseToken(ctx, purchaseToken, KnownSubscriptionIDs)
}
if err != nil {
// Log the validation error
log.Printf("Google purchase validation warning for user %d: %v", userID, err)
// Check if it's a fatal error
if errors.Is(err, ErrInvalidPurchaseToken) || errors.Is(err, ErrSubscriptionCancelled) {
return nil, err
}
if errors.Is(err, ErrSubscriptionExpired) {
// Subscription expired - still allow but set past expiry
expiresAt = time.Now().UTC().Add(-1 * time.Hour)
} else {
// For other errors, fall back with shorter expiry
expiresAt = time.Now().UTC().AddDate(0, 1, 0) // 1 month fallback
}
} else if result != nil {
// Use the expiration date from Google
expiresAt = result.ExpiresAt
log.Printf("Google purchase validated for user %d: product=%s, expires=%v, autoRenew=%v",
userID, result.ProductID, result.ExpiresAt, result.AutoRenewing)
// Acknowledge the subscription if not already acknowledged
if !result.AcknowledgedState {
if err := s.googleClient.AcknowledgeSubscription(ctx, result.ProductID, purchaseToken); err != nil {
log.Printf("Warning: Failed to acknowledge subscription for user %d: %v", userID, err)
// Don't fail the purchase, just log the warning
}
}
}
} else {
// Google validation not configured - trust client but log warning
log.Printf("Warning: Google IAP validation not configured, trusting client for user %d", userID)
expiresAt = time.Now().UTC().AddDate(1, 0, 0) // 1 year default
// Google IAP client must be configured to validate purchases.
// Without server-side validation, we cannot trust client-provided tokens.
if s.googleClient == nil {
log.Error().Uint("user_id", userID).Msg("Google IAP validation not configured, rejecting purchase")
return nil, apperrors.BadRequest("error.iap_validation_not_configured")
}
// Upgrade to Pro with the determined expiration
ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
defer cancel()
var result *GoogleValidationResult
var err error
// If productID is provided, use it directly; otherwise try known IDs
if productID != "" {
result, err = s.googleClient.ValidateSubscription(ctx, productID, purchaseToken)
} else {
result, err = s.googleClient.ValidatePurchaseToken(ctx, purchaseToken, KnownSubscriptionIDs)
}
if err != nil {
// Validation failed -- do NOT fall through to grant Pro.
log.Error().Err(err).Uint("user_id", userID).Msg("Google purchase validation failed")
return nil, err
}
if result == nil {
return nil, apperrors.BadRequest("error.no_purchase_token")
}
expiresAt := result.ExpiresAt
log.Info().Uint("user_id", userID).Str("product", result.ProductID).Time("expires", result.ExpiresAt).Bool("auto_renew", result.AutoRenewing).Msg("Google purchase validated")
// Acknowledge the subscription if not already acknowledged
if !result.AcknowledgedState {
if err := s.googleClient.AcknowledgeSubscription(ctx, result.ProductID, purchaseToken); err != nil {
log.Warn().Err(err).Uint("user_id", userID).Msg("Failed to acknowledge Google subscription")
// Don't fail the purchase, just log the warning
}
}
// Upgrade to Pro with the validated expiration
if err := s.subscriptionRepo.UpgradeToPro(userID, expiresAt, "android"); err != nil {
return nil, apperrors.Internal(err)
}
@@ -654,5 +638,5 @@ type ProcessPurchaseRequest struct {
TransactionID string `json:"transaction_id"` // iOS StoreKit 2 transaction ID
PurchaseToken string `json:"purchase_token"` // Android
ProductID string `json:"product_id"` // Android (optional, helps identify subscription)
Platform string `json:"platform" binding:"required,oneof=ios android"`
Platform string `json:"platform" validate:"required,oneof=ios android"`
}

181
internal/services/subscription_service_test.go Normal file
View File

@@ -0,0 +1,181 @@
package services
import (
"testing"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"github.com/treytartt/casera-api/internal/models"
"github.com/treytartt/casera-api/internal/repositories"
"github.com/treytartt/casera-api/internal/testutil"
)
// setupSubscriptionService creates a SubscriptionService with the given
// IAP clients (nil means "not configured"). It bypasses NewSubscriptionService
// which tries to load config from environment.
func setupSubscriptionService(t *testing.T, appleClient *AppleIAPClient, googleClient *GoogleIAPClient) (*SubscriptionService, *repositories.SubscriptionRepository) {
db := testutil.SetupTestDB(t)
subscriptionRepo := repositories.NewSubscriptionRepository(db)
residenceRepo := repositories.NewResidenceRepository(db)
taskRepo := repositories.NewTaskRepository(db)
contractorRepo := repositories.NewContractorRepository(db)
documentRepo := repositories.NewDocumentRepository(db)
// Create a test user and subscription record for the test
user := testutil.CreateTestUser(t, db, "subuser", "subuser@test.com", "password")
// Create subscription record so GetOrCreate will find it
sub := &models.UserSubscription{
UserID: user.ID,
Tier: models.TierFree,
}
err := db.Create(sub).Error
require.NoError(t, err)
svc := &SubscriptionService{
subscriptionRepo: subscriptionRepo,
residenceRepo: residenceRepo,
taskRepo: taskRepo,
contractorRepo: contractorRepo,
documentRepo: documentRepo,
appleClient: appleClient,
googleClient: googleClient,
}
return svc, subscriptionRepo
}
func TestProcessApplePurchase_ClientNil_ReturnsError(t *testing.T) {
db := testutil.SetupTestDB(t)
subscriptionRepo := repositories.NewSubscriptionRepository(db)
residenceRepo := repositories.NewResidenceRepository(db)
taskRepo := repositories.NewTaskRepository(db)
contractorRepo := repositories.NewContractorRepository(db)
documentRepo := repositories.NewDocumentRepository(db)
user := testutil.CreateTestUser(t, db, "subuser", "subuser@test.com", "password")
sub := &models.UserSubscription{UserID: user.ID, Tier: models.TierFree}
require.NoError(t, db.Create(sub).Error)
svc := &SubscriptionService{
subscriptionRepo: subscriptionRepo,
residenceRepo: residenceRepo,
taskRepo: taskRepo,
contractorRepo: contractorRepo,
documentRepo: documentRepo,
appleClient: nil, // Not configured
googleClient: nil,
}
_, err := svc.ProcessApplePurchase(user.ID, "fake-receipt", "")
assert.Error(t, err, "ProcessApplePurchase should return error when Apple IAP client is nil")
// Verify user was NOT upgraded to Pro
updatedSub, err := subscriptionRepo.GetOrCreate(user.ID)
require.NoError(t, err)
assert.Equal(t, models.TierFree, updatedSub.Tier, "User should remain on free tier when IAP client is nil")
}
func TestProcessApplePurchase_ValidationFails_DoesNotUpgrade(t *testing.T) {
// We cannot easily create a real AppleIAPClient that will fail validation
// in a unit test (it requires real keys and network access).
// Instead, we test the code path logic:
// When appleClient is nil, the service must NOT upgrade the user.
// This is the same as TestProcessApplePurchase_ClientNil_ReturnsError
// but validates no fallback occurs for the specific case.
db := testutil.SetupTestDB(t)
subscriptionRepo := repositories.NewSubscriptionRepository(db)
residenceRepo := repositories.NewResidenceRepository(db)
taskRepo := repositories.NewTaskRepository(db)
contractorRepo := repositories.NewContractorRepository(db)
documentRepo := repositories.NewDocumentRepository(db)
user := testutil.CreateTestUser(t, db, "subuser2", "subuser2@test.com", "password")
sub := &models.UserSubscription{UserID: user.ID, Tier: models.TierFree}
require.NoError(t, db.Create(sub).Error)
svc := &SubscriptionService{
subscriptionRepo: subscriptionRepo,
residenceRepo: residenceRepo,
taskRepo: taskRepo,
contractorRepo: contractorRepo,
documentRepo: documentRepo,
appleClient: nil,
googleClient: nil,
}
// Neither receipt data nor transaction ID - should still not grant Pro
_, err := svc.ProcessApplePurchase(user.ID, "", "")
assert.Error(t, err, "ProcessApplePurchase should return error when client is nil, even with empty data")
// Verify no upgrade happened
updatedSub, err := subscriptionRepo.GetOrCreate(user.ID)
require.NoError(t, err)
assert.Equal(t, models.TierFree, updatedSub.Tier, "User should remain on free tier")
}
func TestProcessGooglePurchase_ClientNil_ReturnsError(t *testing.T) {
db := testutil.SetupTestDB(t)
subscriptionRepo := repositories.NewSubscriptionRepository(db)
residenceRepo := repositories.NewResidenceRepository(db)
taskRepo := repositories.NewTaskRepository(db)
contractorRepo := repositories.NewContractorRepository(db)
documentRepo := repositories.NewDocumentRepository(db)
user := testutil.CreateTestUser(t, db, "subuser3", "subuser3@test.com", "password")
sub := &models.UserSubscription{UserID: user.ID, Tier: models.TierFree}
require.NoError(t, db.Create(sub).Error)
svc := &SubscriptionService{
subscriptionRepo: subscriptionRepo,
residenceRepo: residenceRepo,
taskRepo: taskRepo,
contractorRepo: contractorRepo,
documentRepo: documentRepo,
appleClient: nil,
googleClient: nil, // Not configured
}
_, err := svc.ProcessGooglePurchase(user.ID, "fake-token", "com.tt.casera.pro.monthly")
assert.Error(t, err, "ProcessGooglePurchase should return error when Google IAP client is nil")
// Verify user was NOT upgraded to Pro
updatedSub, err := subscriptionRepo.GetOrCreate(user.ID)
require.NoError(t, err)
assert.Equal(t, models.TierFree, updatedSub.Tier, "User should remain on free tier when IAP client is nil")
}
func TestProcessGooglePurchase_ValidationFails_DoesNotUpgrade(t *testing.T) {
db := testutil.SetupTestDB(t)
subscriptionRepo := repositories.NewSubscriptionRepository(db)
residenceRepo := repositories.NewResidenceRepository(db)
taskRepo := repositories.NewTaskRepository(db)
contractorRepo := repositories.NewContractorRepository(db)
documentRepo := repositories.NewDocumentRepository(db)
user := testutil.CreateTestUser(t, db, "subuser4", "subuser4@test.com", "password")
sub := &models.UserSubscription{UserID: user.ID, Tier: models.TierFree}
require.NoError(t, db.Create(sub).Error)
svc := &SubscriptionService{
subscriptionRepo: subscriptionRepo,
residenceRepo: residenceRepo,
taskRepo: taskRepo,
contractorRepo: contractorRepo,
documentRepo: documentRepo,
appleClient: nil,
googleClient: nil, // Not configured
}
// With empty token
_, err := svc.ProcessGooglePurchase(user.ID, "", "")
assert.Error(t, err, "ProcessGooglePurchase should return error when client is nil")
// Verify no upgrade happened
updatedSub, err := subscriptionRepo.GetOrCreate(user.ID)
require.NoError(t, err)
assert.Equal(t, models.TierFree, updatedSub.Tier, "User should remain on free tier")
}

169
internal/services/task_service.go
View File

@@ -560,11 +560,7 @@ func (s *TaskService) CreateCompletion(req *requests.CreateTaskCompletionRequest
Rating: req.Rating,
}
if err := s.taskRepo.CreateCompletion(completion); err != nil {
return nil, apperrors.Internal(err)
}
// Update next_due_date and in_progress based on frequency
// Determine interval days for NextDueDate calculation before entering the transaction.
// - If frequency is "Once" (days = nil or 0), set next_due_date to nil (marks as completed)
// - If frequency is "Custom", use task.CustomIntervalDays for recurrence
// - If frequency is recurring, calculate next_due_date = completion_date + frequency_days
@@ -598,11 +594,25 @@ func (s *TaskService) CreateCompletion(req *requests.CreateTaskCompletionRequest
// instead of staying in "In Progress" column
task.InProgress = false
}
if err := s.taskRepo.Update(task); err != nil {
if errors.Is(err, repositories.ErrVersionConflict) {
// P1-5: Wrap completion creation and task update in a transaction.
// If either operation fails, both are rolled back to prevent orphaned completions.
txErr := s.taskRepo.DB().Transaction(func(tx *gorm.DB) error {
if err := s.taskRepo.CreateCompletionTx(tx, completion); err != nil {
return err
}
if err := s.taskRepo.UpdateTx(tx, task); err != nil {
return err
}
return nil
})
if txErr != nil {
// P1-6: Return the error instead of swallowing it.
if errors.Is(txErr, repositories.ErrVersionConflict) {
return nil, apperrors.Conflict("error.version_conflict")
}
log.Error().Err(err).Uint("task_id", task.ID).Msg("Failed to update task after completion")
log.Error().Err(txErr).Uint("task_id", task.ID).Msg("Failed to create completion and update task")
return nil, apperrors.Internal(txErr)
}
// Create images if provided
@@ -731,8 +741,15 @@ func (s *TaskService) QuickComplete(taskID uint, userID uint) error {
}
log.Info().Uint("task_id", task.ID).Msg("QuickComplete: Task updated successfully")
// Send notification (fire and forget)
go s.sendTaskCompletedNotification(task, completion)
// Send notification (fire and forget with panic recovery)
go func() {
defer func() {
if r := recover(); r != nil {
log.Error().Interface("panic", r).Uint("task_id", task.ID).Msg("Panic in quick-complete notification goroutine")
}
}()
s.sendTaskCompletedNotification(task, completion)
}()
return nil
}
@@ -764,23 +781,23 @@ func (s *TaskService) sendTaskCompletedNotification(task *models.Task, completio
emailImages = s.loadCompletionImagesForEmail(completion.Images)
}
// Notify all users
// Notify all users synchronously to avoid unbounded goroutine spawning.
// This method is already called from a goroutine (QuickComplete) or inline
// (CreateCompletion) where blocking is acceptable for notification delivery.
for _, user := range users {
isCompleter := user.ID == completion.CompletedByID
// Send push notification (to everyone EXCEPT the person who completed it)
if !isCompleter && s.notificationService != nil {
go func(userID uint) {
ctx := context.Background()
if err := s.notificationService.CreateAndSendTaskNotification(
ctx,
userID,
models.NotificationTaskCompleted,
task,
); err != nil {
log.Error().Err(err).Uint("user_id", userID).Uint("task_id", task.ID).Msg("Failed to send task completion push notification")
}
}(user.ID)
ctx := context.Background()
if err := s.notificationService.CreateAndSendTaskNotification(
ctx,
user.ID,
models.NotificationTaskCompleted,
task,
); err != nil {
log.Error().Err(err).Uint("user_id", user.ID).Uint("task_id", task.ID).Msg("Failed to send task completion push notification")
}
}
// Send email notification (to everyone INCLUDING the person who completed it)
@@ -789,20 +806,18 @@ func (s *TaskService) sendTaskCompletedNotification(task *models.Task, completio
prefs, err := s.notificationService.GetPreferences(user.ID)
if err != nil || (prefs != nil && prefs.EmailTaskCompleted) {
// Send email if we couldn't get prefs (fail-open) or if email notifications are enabled
go func(u models.User, images []EmbeddedImage) {
if err := s.emailService.SendTaskCompletedEmail(
u.Email,
u.GetFullName(),
task.Title,
completedByName,
residenceName,
images,
); err != nil {
log.Error().Err(err).Str("email", u.Email).Uint("task_id", task.ID).Msg("Failed to send task completion email")
} else {
log.Info().Str("email", u.Email).Uint("task_id", task.ID).Int("images", len(images)).Msg("Task completion email sent")
}
}(user, emailImages)
if err := s.emailService.SendTaskCompletedEmail(
user.Email,
user.GetFullName(),
task.Title,
completedByName,
residenceName,
emailImages,
); err != nil {
log.Error().Err(err).Str("email", user.Email).Uint("task_id", task.ID).Msg("Failed to send task completion email")
} else {
log.Info().Str("email", user.Email).Uint("task_id", task.ID).Int("images", len(emailImages)).Msg("Task completion email sent")
}
}
}
}
@@ -846,20 +861,28 @@ func (s *TaskService) loadCompletionImagesForEmail(images []models.TaskCompletio
return emailImages
}
// resolveImageFilePath converts a stored URL to an actual file path
// resolveImageFilePath converts a stored URL to an actual file path.
// Returns empty string if the URL is empty or the resolved path would escape
// the upload directory (path traversal attempt).
func (s *TaskService) resolveImageFilePath(storedURL, uploadDir string) string {
if storedURL == "" {
return ""
}
// Handle /uploads/... URLs
// Strip legacy /uploads/ prefix to get relative path
relativePath := storedURL
if strings.HasPrefix(storedURL, "/uploads/") {
relativePath := strings.TrimPrefix(storedURL, "/uploads/")
return filepath.Join(uploadDir, relativePath)
relativePath = strings.TrimPrefix(storedURL, "/uploads/")
}
// Handle relative paths
return filepath.Join(uploadDir, storedURL)
// Use SafeResolvePath to validate containment within upload directory
resolved, err := SafeResolvePath(uploadDir, relativePath)
if err != nil {
// Path traversal or invalid path — return empty to signal file not found
return ""
}
return resolved
}
// getContentTypeFromPath returns the MIME type based on file extension
@@ -977,7 +1000,11 @@ func (s *TaskService) UpdateCompletion(completionID, userID uint, req *requests.
return &resp, nil
}
// DeleteCompletion deletes a task completion
// DeleteCompletion deletes a task completion and recalculates the task's NextDueDate.
//
// P1-7: After deleting a completion, NextDueDate must be recalculated:
// - If no completions remain: restore NextDueDate = DueDate (original schedule)
// - If completions remain (recurring): recalculate from latest remaining completion + frequency days
func (s *TaskService) DeleteCompletion(completionID, userID uint) (*responses.DeleteWithSummaryResponse, error) {
completion, err := s.taskRepo.FindCompletionByID(completionID)
if err != nil {
@@ -996,10 +1023,66 @@ func (s *TaskService) DeleteCompletion(completionID, userID uint) (*responses.De
return nil, apperrors.Forbidden("error.task_access_denied")
}
taskID := completion.TaskID
if err := s.taskRepo.DeleteCompletion(completionID); err != nil {
return nil, apperrors.Internal(err)
}
// Recalculate NextDueDate based on remaining completions
task, err := s.taskRepo.FindByID(taskID)
if err != nil {
// Non-fatal for the delete operation itself, but log the error
log.Error().Err(err).Uint("task_id", taskID).Msg("Failed to reload task after completion deletion for NextDueDate recalculation")
return &responses.DeleteWithSummaryResponse{
Data: "completion deleted",
Summary: s.getSummaryForUser(userID),
}, nil
}
// Get remaining completions for this task
remainingCompletions, err := s.taskRepo.FindCompletionsByTask(taskID)
if err != nil {
log.Error().Err(err).Uint("task_id", taskID).Msg("Failed to query remaining completions after deletion")
return &responses.DeleteWithSummaryResponse{
Data: "completion deleted",
Summary: s.getSummaryForUser(userID),
}, nil
}
// Determine the task's frequency interval
var intervalDays *int
if task.FrequencyID != nil {
frequency, freqErr := s.taskRepo.GetFrequencyByID(*task.FrequencyID)
if freqErr == nil && frequency != nil {
if frequency.Name == "Custom" {
intervalDays = task.CustomIntervalDays
} else {
intervalDays = frequency.Days
}
}
}
if len(remainingCompletions) == 0 {
// No completions remain: restore NextDueDate to the original DueDate
task.NextDueDate = task.DueDate
} else if intervalDays != nil && *intervalDays > 0 {
// Recurring task with remaining completions: recalculate from the latest completion
// remainingCompletions is ordered by completed_at DESC, so index 0 is the latest
latestCompletion := remainingCompletions[0]
nextDue := latestCompletion.CompletedAt.AddDate(0, 0, *intervalDays)
task.NextDueDate = &nextDue
} else {
// One-time task with remaining completions (unusual case): keep NextDueDate as nil
// since the task is still considered completed
task.NextDueDate = nil
}
if err := s.taskRepo.Update(task); err != nil {
log.Error().Err(err).Uint("task_id", taskID).Msg("Failed to update task NextDueDate after completion deletion")
// The completion was already deleted; return success but log the update failure
}
return &responses.DeleteWithSummaryResponse{
Data: "completion deleted",
Summary: s.getSummaryForUser(userID),

328
internal/services/task_service_test.go
View File

@@ -8,6 +8,7 @@ import (
"github.com/shopspring/decimal"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"gorm.io/gorm"
"github.com/treytartt/casera-api/internal/dto/requests"
"github.com/treytartt/casera-api/internal/models"
@@ -442,6 +443,333 @@ func TestTaskService_DeleteCompletion(t *testing.T) {
assert.Error(t, err)
}
func TestTaskService_CreateCompletion_TransactionIntegrity(t *testing.T) {
// Verifies P1-5 / P1-6: completion creation and task update are atomic.
// After completion, both the completion record AND the task's NextDueDate update
// should succeed together, and errors should be propagated (not swallowed).
db := testutil.SetupTestDB(t)
testutil.SeedLookupData(t, db)
taskRepo := repositories.NewTaskRepository(db)
residenceRepo := repositories.NewResidenceRepository(db)
service := NewTaskService(taskRepo, residenceRepo)
user := testutil.CreateTestUser(t, db, "owner", "owner@test.com", "password")
residence := testutil.CreateTestResidence(t, db, user.ID, "Test House")
// Create a one-time task with a due date
dueDate := time.Now().AddDate(0, 0, 7).UTC()
task := &models.Task{
ResidenceID: residence.ID,
CreatedByID: user.ID,
Title: "One-time Task",
DueDate: &dueDate,
NextDueDate: &dueDate,
IsCancelled: false,
IsArchived: false,
Version: 1,
}
err := db.Create(task).Error
require.NoError(t, err)
req := &requests.CreateTaskCompletionRequest{
TaskID: task.ID,
Notes: "Done",
}
now := time.Now().UTC()
resp, err := service.CreateCompletion(req, user.ID, now)
require.NoError(t, err)
assert.NotZero(t, resp.Data.ID)
// Verify the task was updated: NextDueDate should be nil for a one-time task
var reloaded models.Task
db.First(&reloaded, task.ID)
assert.Nil(t, reloaded.NextDueDate, "One-time task NextDueDate should be nil after completion")
assert.False(t, reloaded.InProgress, "InProgress should be false after completion")
// Verify completion record exists
var completion models.TaskCompletion
err = db.Where("task_id = ?", task.ID).First(&completion).Error
require.NoError(t, err, "Completion record should exist")
assert.Equal(t, "Done", completion.Notes)
}
func TestTaskService_CreateCompletion_UpdateError_ReturnedNotSwallowed(t *testing.T) {
// Verifies P1-5 and P1-6: the completion creation and task update are wrapped
// in a transaction, and update errors are returned (not swallowed).
//
// Strategy: We trigger a version conflict by using a goroutine that bumps
// the task version after the service reads the task but during the transaction.
// Since SQLite serializes writes, we instead verify the behavior by deleting
// the task between the service read and the transactional update. When UpdateTx
// tries to match the row by id+version, 0 rows are affected and ErrVersionConflict
// is returned. The transaction then rolls back the completion insert.
//
// However, because the entire CreateCompletion flow is synchronous and we cannot
// inject failures between steps, we instead verify the transactional guarantee
// indirectly: we confirm that a concurrent version bump (set before the call
// but after the SELECT) causes the version conflict to propagate. Since FindByID
// re-reads the current version, we must verify via a custom test that invokes
// the transaction layer directly.
db := testutil.SetupTestDB(t)
testutil.SeedLookupData(t, db)
taskRepo := repositories.NewTaskRepository(db)
residenceRepo := repositories.NewResidenceRepository(db)
user := testutil.CreateTestUser(t, db, "owner", "owner@test.com", "password")
residence := testutil.CreateTestResidence(t, db, user.ID, "Test House")
dueDate := time.Now().AddDate(0, 0, 7).UTC()
task := &models.Task{
ResidenceID: residence.ID,
CreatedByID: user.ID,
Title: "Conflict Task",
DueDate: &dueDate,
NextDueDate: &dueDate,
IsCancelled: false,
IsArchived: false,
Version: 1,
}
err := db.Create(task).Error
require.NoError(t, err)
// Directly test that the transactional path returns an error on version conflict:
// Use a stale task object (version=1) when the DB has been bumped to version=999.
db.Model(&models.Task{}).Where("id = ?", task.ID).Update("version", 999)
completion := &models.TaskCompletion{
TaskID: task.ID,
CompletedByID: user.ID,
CompletedAt: time.Now().UTC(),
Notes: "Should be rolled back",
}
// Simulate the transaction that CreateCompletion now uses (task still has version=1)
txErr := taskRepo.DB().Transaction(func(tx *gorm.DB) error {
if err := taskRepo.CreateCompletionTx(tx, completion); err != nil {
return err
}
// task.Version is 1 but DB has 999 -> version conflict
if err := taskRepo.UpdateTx(tx, task); err != nil {
return err
}
return nil
})
require.Error(t, txErr, "Transaction should fail due to version conflict")
assert.ErrorIs(t, txErr, repositories.ErrVersionConflict, "Error should be ErrVersionConflict")
// Verify the completion was rolled back
var count int64
db.Model(&models.TaskCompletion{}).Where("task_id = ?", task.ID).Count(&count)
assert.Equal(t, int64(0), count, "Completion should not exist when transaction rolls back")
// Also verify that CreateCompletion (full service method) would propagate the error.
// Re-create the task with a normal version so FindByID works, then bump it.
db.Model(&models.Task{}).Where("id = ?", task.ID).Update("version", 1)
service := NewTaskService(taskRepo, residenceRepo)
req := &requests.CreateTaskCompletionRequest{
TaskID: task.ID,
Notes: "Test error propagation",
}
now := time.Now().UTC()
// This call will succeed because FindByID loads version=1, UpdateTx uses version=1, DB has version=1.
// To verify error propagation, we use the direct transaction test above.
resp, err := service.CreateCompletion(req, user.ID, now)
require.NoError(t, err, "CreateCompletion should succeed with matching versions")
assert.NotZero(t, resp.Data.ID)
}
func TestTaskService_DeleteCompletion_OneTime_RestoresOriginalDueDate(t *testing.T) {
// Verifies P1-7: deleting the only completion on a one-time task
// should restore NextDueDate to the original DueDate.
db := testutil.SetupTestDB(t)
testutil.SeedLookupData(t, db)
taskRepo := repositories.NewTaskRepository(db)
residenceRepo := repositories.NewResidenceRepository(db)
service := NewTaskService(taskRepo, residenceRepo)
user := testutil.CreateTestUser(t, db, "owner", "owner@test.com", "password")
residence := testutil.CreateTestResidence(t, db, user.ID, "Test House")
// Create a one-time task with a due date
originalDueDate := time.Date(2026, 4, 15, 0, 0, 0, 0, time.UTC)
task := &models.Task{
ResidenceID: residence.ID,
CreatedByID: user.ID,
Title: "One-time Task",
DueDate: &originalDueDate,
NextDueDate: &originalDueDate,
IsCancelled: false,
IsArchived: false,
Version: 1,
// No FrequencyID = one-time task
}
err := db.Create(task).Error
require.NoError(t, err)
// Complete the task (sets NextDueDate to nil for one-time tasks)
req := &requests.CreateTaskCompletionRequest{
TaskID: task.ID,
Notes: "Completed",
}
now := time.Now().UTC()
completionResp, err := service.CreateCompletion(req, user.ID, now)
require.NoError(t, err)
// Confirm NextDueDate is nil after completion
var taskAfterComplete models.Task
db.First(&taskAfterComplete, task.ID)
assert.Nil(t, taskAfterComplete.NextDueDate, "NextDueDate should be nil after one-time completion")
// Delete the completion
_, err = service.DeleteCompletion(completionResp.Data.ID, user.ID)
require.NoError(t, err)
// Verify NextDueDate is restored to the original DueDate
var taskAfterDelete models.Task
db.First(&taskAfterDelete, task.ID)
require.NotNil(t, taskAfterDelete.NextDueDate, "NextDueDate should be restored after deleting completion")
assert.Equal(t, originalDueDate.Year(), taskAfterDelete.NextDueDate.Year())
assert.Equal(t, originalDueDate.Month(), taskAfterDelete.NextDueDate.Month())
assert.Equal(t, originalDueDate.Day(), taskAfterDelete.NextDueDate.Day())
}
func TestTaskService_DeleteCompletion_Recurring_RecalculatesFromLastCompletion(t *testing.T) {
// Verifies P1-7: deleting the latest completion on a recurring task
// should recalculate NextDueDate from the remaining latest completion.
db := testutil.SetupTestDB(t)
testutil.SeedLookupData(t, db)
taskRepo := repositories.NewTaskRepository(db)
residenceRepo := repositories.NewResidenceRepository(db)
service := NewTaskService(taskRepo, residenceRepo)
user := testutil.CreateTestUser(t, db, "owner", "owner@test.com", "password")
residence := testutil.CreateTestResidence(t, db, user.ID, "Test House")
var monthlyFrequency models.TaskFrequency
db.Where("name = ?", "Monthly").First(&monthlyFrequency)
// Create a recurring task
originalDueDate := time.Date(2026, 1, 1, 0, 0, 0, 0, time.UTC)
task := &models.Task{
ResidenceID: residence.ID,
CreatedByID: user.ID,
Title: "Recurring Task",
FrequencyID: &monthlyFrequency.ID,
DueDate: &originalDueDate,
NextDueDate: &originalDueDate,
IsCancelled: false,
IsArchived: false,
Version: 1,
}
err := db.Create(task).Error
require.NoError(t, err)
// First completion on Jan 15
firstCompletedAt := time.Date(2026, 1, 15, 10, 0, 0, 0, time.UTC)
firstReq := &requests.CreateTaskCompletionRequest{
TaskID: task.ID,
Notes: "First completion",
CompletedAt: &firstCompletedAt,
}
now := time.Now().UTC()
_, err = service.CreateCompletion(firstReq, user.ID, now)
require.NoError(t, err)
// Second completion on Feb 15
secondCompletedAt := time.Date(2026, 2, 15, 10, 0, 0, 0, time.UTC)
secondReq := &requests.CreateTaskCompletionRequest{
TaskID: task.ID,
Notes: "Second completion",
CompletedAt: &secondCompletedAt,
}
resp, err := service.CreateCompletion(secondReq, user.ID, now)
require.NoError(t, err)
// NextDueDate should be Feb 15 + 30 days = Mar 17
var taskAfterSecond models.Task
db.First(&taskAfterSecond, task.ID)
require.NotNil(t, taskAfterSecond.NextDueDate)
expectedAfterSecond := secondCompletedAt.AddDate(0, 0, 30)
assert.Equal(t, expectedAfterSecond.Year(), taskAfterSecond.NextDueDate.Year())
assert.Equal(t, expectedAfterSecond.Month(), taskAfterSecond.NextDueDate.Month())
assert.Equal(t, expectedAfterSecond.Day(), taskAfterSecond.NextDueDate.Day())
// Delete the second (latest) completion
_, err = service.DeleteCompletion(resp.Data.ID, user.ID)
require.NoError(t, err)
// NextDueDate should be recalculated from the first completion: Jan 15 + 30 = Feb 14
var taskAfterDelete models.Task
db.First(&taskAfterDelete, task.ID)
require.NotNil(t, taskAfterDelete.NextDueDate, "NextDueDate should be set after deleting latest completion")
expectedRecalculated := firstCompletedAt.AddDate(0, 0, 30)
assert.Equal(t, expectedRecalculated.Year(), taskAfterDelete.NextDueDate.Year())
assert.Equal(t, expectedRecalculated.Month(), taskAfterDelete.NextDueDate.Month())
assert.Equal(t, expectedRecalculated.Day(), taskAfterDelete.NextDueDate.Day())
}
func TestTaskService_DeleteCompletion_LastCompletion_RestoresDueDate(t *testing.T) {
// Verifies P1-7: deleting the only completion on a recurring task
// should restore NextDueDate to the original DueDate.
db := testutil.SetupTestDB(t)
testutil.SeedLookupData(t, db)
taskRepo := repositories.NewTaskRepository(db)
residenceRepo := repositories.NewResidenceRepository(db)
service := NewTaskService(taskRepo, residenceRepo)
user := testutil.CreateTestUser(t, db, "owner", "owner@test.com", "password")
residence := testutil.CreateTestResidence(t, db, user.ID, "Test House")
var weeklyFrequency models.TaskFrequency
db.Where("name = ?", "Weekly").First(&weeklyFrequency)
// Create a recurring task
originalDueDate := time.Date(2026, 3, 1, 0, 0, 0, 0, time.UTC)
task := &models.Task{
ResidenceID: residence.ID,
CreatedByID: user.ID,
Title: "Weekly Task",
FrequencyID: &weeklyFrequency.ID,
DueDate: &originalDueDate,
NextDueDate: &originalDueDate,
IsCancelled: false,
IsArchived: false,
Version: 1,
}
err := db.Create(task).Error
require.NoError(t, err)
// Complete the task
completedAt := time.Date(2026, 3, 2, 10, 0, 0, 0, time.UTC)
req := &requests.CreateTaskCompletionRequest{
TaskID: task.ID,
Notes: "First completion",
CompletedAt: &completedAt,
}
now := time.Now().UTC()
completionResp, err := service.CreateCompletion(req, user.ID, now)
require.NoError(t, err)
// Verify NextDueDate was set to completedAt + 7 days
var taskAfterComplete models.Task
db.First(&taskAfterComplete, task.ID)
require.NotNil(t, taskAfterComplete.NextDueDate)
// Delete the only completion
_, err = service.DeleteCompletion(completionResp.Data.ID, user.ID)
require.NoError(t, err)
// NextDueDate should be restored to original DueDate since no completions remain
var taskAfterDelete models.Task
db.First(&taskAfterDelete, task.ID)
require.NotNil(t, taskAfterDelete.NextDueDate, "NextDueDate should be restored to original DueDate")
assert.Equal(t, originalDueDate.Year(), taskAfterDelete.NextDueDate.Year())
assert.Equal(t, originalDueDate.Month(), taskAfterDelete.NextDueDate.Month())
assert.Equal(t, originalDueDate.Day(), taskAfterDelete.NextDueDate.Day())
}
func TestTaskService_GetCategories(t *testing.T) {
db := testutil.SetupTestDB(t)
testutil.SeedLookupData(t, db)

99
internal/worker/jobs/handler.go
View File

@@ -139,6 +139,12 @@ func (h *Handler) HandleTaskReminder(ctx context.Context, task *asynq.Task) erro
log.Info().Int("count", len(dueSoonTasks)).Msg("Found tasks due today/tomorrow for eligible users")
// Build set for O(1) eligibility lookups instead of O(N) linear scan
eligibleSet := make(map[uint]bool, len(eligibleUserIDs))
for _, id := range eligibleUserIDs {
eligibleSet[id] = true
}
// Group tasks by user (assigned_to or residence owner)
userTasks := make(map[uint][]models.Task)
for _, t := range dueSoonTasks {
@@ -150,12 +156,9 @@ func (h *Handler) HandleTaskReminder(ctx context.Context, task *asynq.Task) erro
} else {
continue
}
// Only include if user is in eligible list
for _, eligibleID := range eligibleUserIDs {
if userID == eligibleID {
userTasks[userID] = append(userTasks[userID], t)
break
}
// Only include if user is in eligible set (O(1) lookup)
if eligibleSet[userID] {
userTasks[userID] = append(userTasks[userID], t)
}
}
@@ -236,6 +239,12 @@ func (h *Handler) HandleOverdueReminder(ctx context.Context, task *asynq.Task) e
log.Info().Int("count", len(overdueTasks)).Msg("Found overdue tasks for eligible users")
// Build set for O(1) eligibility lookups instead of O(N) linear scan
eligibleSet := make(map[uint]bool, len(eligibleUserIDs))
for _, id := range eligibleUserIDs {
eligibleSet[id] = true
}
// Group tasks by user (assigned_to or residence owner)
userTasks := make(map[uint][]models.Task)
for _, t := range overdueTasks {
@@ -247,12 +256,9 @@ func (h *Handler) HandleOverdueReminder(ctx context.Context, task *asynq.Task) e
} else {
continue
}
// Only include if user is in eligible list
for _, eligibleID := range eligibleUserIDs {
if userID == eligibleID {
userTasks[userID] = append(userTasks[userID], t)
break
}
// Only include if user is in eligible set (O(1) lookup)
if eligibleSet[userID] {
userTasks[userID] = append(userTasks[userID], t)
}
}
@@ -684,10 +690,20 @@ func (h *Handler) HandleSmartReminder(ctx context.Context, task *asynq.Task) err
log.Info().Int("count", len(activeTasks)).Msg("Found active tasks for eligible users")
// Step 3: Process each task once, sending appropriate notification based on user prefs
var dueSoonSent, dueSoonSkipped, overdueSent, overdueSkipped int
// Step 3: Pre-process tasks to determine stages and build batch reminder check
type candidateReminder struct {
taskIndex int
userID uint
effectiveDate time.Time
stage string
isOverdue bool
reminderStage models.ReminderStage
}
for _, t := range activeTasks {
var candidates []candidateReminder
var reminderKeys []repositories.ReminderKey
for i, t := range activeTasks {
// Determine which user to notify
var userID uint
if t.AssignedToID != nil {
@@ -737,15 +753,36 @@ func (h *Handler) HandleSmartReminder(ctx context.Context, task *asynq.Task) err
reminderStage := models.ReminderStage(stage)
// Check if already sent
alreadySent, err := h.reminderRepo.HasSentReminder(t.ID, userID, effectiveDate, reminderStage)
if err != nil {
log.Error().Err(err).Uint("task_id", t.ID).Msg("Failed to check reminder log")
continue
}
candidates = append(candidates, candidateReminder{
taskIndex: i,
userID: userID,
effectiveDate: effectiveDate,
stage: stage,
isOverdue: isOverdueStage,
reminderStage: reminderStage,
})
if alreadySent {
if isOverdueStage {
reminderKeys = append(reminderKeys, repositories.ReminderKey{
TaskID: t.ID,
UserID: userID,
DueDate: effectiveDate,
Stage: reminderStage,
})
}
// Batch check which reminders have already been sent (single query)
alreadySentMap, err := h.reminderRepo.HasSentReminderBatch(reminderKeys)
if err != nil {
log.Error().Err(err).Msg("Failed to batch check reminder logs")
return err
}
// Step 4: Send notifications for candidates that haven't been sent yet
var dueSoonSent, dueSoonSkipped, overdueSent, overdueSkipped int
for i, c := range candidates {
if alreadySentMap[i] {
if c.isOverdue {
overdueSkipped++
} else {
dueSoonSkipped++
@@ -753,30 +790,32 @@ func (h *Handler) HandleSmartReminder(ctx context.Context, task *asynq.Task) err
continue
}
t := activeTasks[c.taskIndex]
// Determine notification type
var notificationType models.NotificationType
if isOverdueStage {
if c.isOverdue {
notificationType = models.NotificationTaskOverdue
} else {
notificationType = models.NotificationTaskDueSoon
}
// Send notification
if err := h.notificationService.CreateAndSendTaskNotification(ctx, userID, notificationType, &t); err != nil {
if err := h.notificationService.CreateAndSendTaskNotification(ctx, c.userID, notificationType, &t); err != nil {
log.Error().Err(err).
Uint("user_id", userID).
Uint("user_id", c.userID).
Uint("task_id", t.ID).
Str("stage", stage).
Str("stage", c.stage).
Msg("Failed to send smart reminder")
continue
}
// Log the reminder
if _, err := h.reminderRepo.LogReminder(t.ID, userID, effectiveDate, reminderStage, nil); err != nil {
log.Error().Err(err).Uint("task_id", t.ID).Str("stage", stage).Msg("Failed to log reminder")
if _, err := h.reminderRepo.LogReminder(t.ID, c.userID, c.effectiveDate, c.reminderStage, nil); err != nil {
log.Error().Err(err).Uint("task_id", t.ID).Str("stage", c.stage).Msg("Failed to log reminder")
}
if isOverdueStage {
if c.isOverdue {
overdueSent++
} else {
dueSoonSent++