# Digest 1: cmd/, admin/dto, admin/handlers (first 15 files)

## Systemic Issues (across all admin handlers)
- **SQL Injection via SortBy**: Every admin list handler concatenates `filters.SortBy` directly into GORM `Order()` without allowlist validation
- **Unchecked Count() errors**: Every paginated handler ignores GORM Count error returns
- **Unchecked post-mutation Preload errors**: After Save/Create, handlers reload with Preload but ignore errors
- **`binding` vs `validate` tag mismatch**: Some request DTOs use `binding` (Gin) instead of `validate` (Echo)
- **Direct DB access**: All admin handlers bypass Service layer, accessing `*gorm.DB` directly
- **Unsafe type assertions**: `c.Get(key).(*models.AdminUser)` without comma-ok

## Per-File Highlights

### cmd/api/main.go - App entry point, wires dependencies
### cmd/worker/main.go - Background worker entry point

### admin/handlers/admin_user_handler.go (347 lines)
- N+1 query: `toUserResponse` does 2 extra DB queries per user (residence count, task count)
- Line 64: SortBy SQL injection
- Line 173: Unchecked profile creation error (user created without profile)

### admin/handlers/apple_social_auth_handler.go - CRUD for Apple social auth records
- Same systemic SQL injection and unchecked errors

### admin/handlers/auth_handler.go - Admin login/session management
### admin/handlers/auth_token_handler.go - Auth token CRUD
### admin/handlers/completion_handler.go - Task completion CRUD
### admin/handlers/completion_image_handler.go - Completion image CRUD
### admin/handlers/confirmation_code_handler.go - Email confirmation code CRUD
### admin/handlers/contractor_handler.go - Contractor CRUD
### admin/handlers/dashboard_handler.go - Admin dashboard stats

### admin/handlers/device_handler.go (317 lines)
- Exposes device push tokens (RegistrationID) in API responses
- Lines 293-296: Unchecked Count errors in GetStats

### admin/handlers/document_handler.go (394 lines)
- Lines 176-183: Date parsing errors silently ignored
- Line 379: Precision loss from decimal.Float64() discarded