Close all 25 codex audit findings and add KMP contract tests

Remediate all P0-S priority findings from cross-platform architecture audit: - Add input validation and authorization checks across handlers - Harden social auth (Apple/Google) token validation - Add document ownership verification and file type validation - Add rate limiting config and CORS origin restrictions - Add subscription tier enforcement in handlers - Add OpenAPI 3.0.3 spec (81 schemas, 104 operations) - Add URL-level contract test (KMP API routes match spec paths) - Add model-level contract test (65 schemas, 464 fields validated) - Add CI workflow for backend tests Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-18 13:15:07 -06:00
parent 215e7c895d
commit bb7493f033
23 changed files with 6549 additions and 43 deletions
--- a/internal/services/residence_service.go
+++ b/internal/services/residence_service.go
@@ -353,6 +353,29 @@ func (s *ResidenceService) GenerateShareCode(residenceID, userID uint, expiresIn
 	}, nil
 }

+// GetShareCode retrieves the active share code for a residence (if any)
+func (s *ResidenceService) GetShareCode(residenceID, userID uint) (*responses.ShareCodeResponse, error) {
+	// Check access
+	hasAccess, err := s.residenceRepo.HasAccess(residenceID, userID)
+	if err != nil {
+		return nil, apperrors.Internal(err)
+	}
+	if !hasAccess {
+		return nil, apperrors.Forbidden("error.residence_access_denied")
+	}
+
+	shareCode, err := s.residenceRepo.GetActiveShareCode(residenceID)
+	if err != nil {
+		return nil, apperrors.Internal(err)
+	}
+	if shareCode == nil {
+		return nil, nil
+	}
+
+	resp := responses.NewShareCodeResponse(shareCode)
+	return &resp, nil
+}
+
 // GenerateSharePackage generates a share code and returns package metadata for .casera file
 func (s *ResidenceService) GenerateSharePackage(residenceID, userID uint, expiresInHours int) (*responses.SharePackageResponse, error) {
 	// Check ownership (only owners can share residences)