Close all 25 codex audit findings and add KMP contract tests

Remediate all P0-S priority findings from cross-platform architecture audit: - Add input validation and authorization checks across handlers - Harden social auth (Apple/Google) token validation - Add document ownership verification and file type validation - Add rate limiting config and CORS origin restrictions - Add subscription tier enforcement in handlers - Add OpenAPI 3.0.3 spec (81 schemas, 104 operations) - Add URL-level contract test (KMP API routes match spec paths) - Add model-level contract test (65 schemas, 464 fields validated) - Add CI workflow for backend tests Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-18 13:15:07 -06:00
parent 215e7c895d
commit bb7493f033
23 changed files with 6549 additions and 43 deletions
--- a/internal/handlers/residence_handler.go
+++ b/internal/handlers/residence_handler.go
@@ -149,6 +149,28 @@ func (h *ResidenceHandler) DeleteResidence(c echo.Context) error {
 	return c.JSON(http.StatusOK, response)
 }

+// GetShareCode handles GET /api/residences/:id/share-code/
+// Returns the active share code for a residence, or null if none exists
+func (h *ResidenceHandler) GetShareCode(c echo.Context) error {
+	user := c.Get(middleware.AuthUserKey).(*models.User)
+
+	residenceID, err := strconv.ParseUint(c.Param("id"), 10, 32)
+	if err != nil {
+		return apperrors.BadRequest("error.invalid_residence_id")
+	}
+
+	shareCode, err := h.residenceService.GetShareCode(uint(residenceID), user.ID)
+	if err != nil {
+		return err
+	}
+
+	if shareCode == nil {
+		return c.JSON(http.StatusOK, map[string]interface{}{"share_code": nil})
+	}
+
+	return c.JSON(http.StatusOK, map[string]interface{}{"share_code": shareCode})
+}
+
 // GenerateShareCode handles POST /api/residences/:id/generate-share-code/
 func (h *ResidenceHandler) GenerateShareCode(c echo.Context) error {
 	user := c.Get(middleware.AuthUserKey).(*models.User)