# Digest 4: dto/responses (remaining), echohelpers, handlers (first half)

### dto/responses/residence.go (215 lines) - NewResidenceResponse no nil check on param. Owner zero-value if not preloaded.
### dto/responses/task_template.go (135 lines) - No nil check on template param
### dto/responses/task.go (399 lines) - No nil checks on params in factory functions
### dto/responses/user.go (20 lines) - Clean data types
### echohelpers/helpers.go (46 lines) - Clean utilities
### echohelpers/pagination.go (33 lines) - Clean, properly bounded

### handlers/auth_handler.go (379 lines)
- **ARCHITECTURE**: Lines 83, 178, 207, 241, 329, 370: SIX goroutine spawns for email — violates "no goroutines in handlers" rule
- Line 308-312: AppError constructed directly instead of factory function

### handlers/contractor_handler.go (154 lines)
- Line 28+: Unchecked type assertions throughout (7 instances)
- Line 31: Raw err.Error() returned to client
- Line 55: CreateContractor missing c.Validate() call

### handlers/document_handler.go (336 lines)
- Line 37+: Unchecked type assertions (10 instances)
- Line 92-93: Raw error leaked to client
- Line 137: No DocumentType validation — any string accepted
- Lines 187, 217: Missing c.Validate() calls

### handlers/media_handler.go (172 lines)
- **SECURITY**: Line 156-171: resolveFilePath uses filepath.Join with user-influenced data — PATH TRAVERSAL vulnerability. TrimPrefix doesn't sanitize ../
- Line 19-22: Handler accesses repositories directly, bypasses service layer

### handlers/notification_handler.go (200 lines)
- Line 29-40: No upper bound on limit — unbounded query with limit=999999999
- Line 168: Silent default to "ios" platform

### handlers/residence_handler.go (365 lines)
- Line 38+: Unchecked type assertions (14 instances)
- Lines 187, 209, 303: Bind errors silently discarded
- Line 224: JoinWithCode missing c.Validate()

### handlers/static_data_handler.go (152 lines) - Uses interface{} instead of concrete types
### handlers/subscription_handler.go (176 lines) - Lines 97, 150: Missing c.Validate() calls
- Line 159-163: RestoreSubscription doesn't validate receipt/transaction ID presence

### handlers/subscription_webhook_handler.go (821 lines)
- **SECURITY**: Line 190-192: Apple JWS payload decoded WITHOUT signature verification
- **SECURITY**: Line 787-793: VerifyGooglePubSubToken ALWAYS returns true — webhook unauthenticated
- Line 639-643: Subscription duration guessed by string matching product ID
- Line 657, 694: Hardcoded 1-month extension regardless of actual plan
- Line 759, 772: Unchecked type assertions in VerifyAppleSignature
- Line 162: Apple renewal info error silently discarded