bb7493f033
Remediate all P0-S priority findings from cross-platform architecture audit: - Add input validation and authorization checks across handlers - Harden social auth (Apple/Google) token validation - Add document ownership verification and file type validation - Add rate limiting config and CORS origin restrictions - Add subscription tier enforcement in handlers - Add OpenAPI 3.0.3 spec (81 schemas, 104 operations) - Add URL-level contract test (KMP API routes match spec paths) - Add model-level contract test (65 schemas, 464 fields validated) - Add CI workflow for backend tests Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
200 lines
5.6 KiB
Go
200 lines
5.6 KiB
Go
package handlers
|
|
|
|
import (
|
|
"net/http"
|
|
"strconv"
|
|
|
|
"github.com/labstack/echo/v4"
|
|
|
|
"github.com/treytartt/casera-api/internal/apperrors"
|
|
"github.com/treytartt/casera-api/internal/middleware"
|
|
"github.com/treytartt/casera-api/internal/models"
|
|
"github.com/treytartt/casera-api/internal/services"
|
|
)
|
|
|
|
// NotificationHandler handles notification-related HTTP requests
|
|
type NotificationHandler struct {
|
|
notificationService *services.NotificationService
|
|
}
|
|
|
|
// NewNotificationHandler creates a new notification handler
|
|
func NewNotificationHandler(notificationService *services.NotificationService) *NotificationHandler {
|
|
return &NotificationHandler{notificationService: notificationService}
|
|
}
|
|
|
|
// ListNotifications handles GET /api/notifications/
|
|
func (h *NotificationHandler) ListNotifications(c echo.Context) error {
|
|
user := c.Get(middleware.AuthUserKey).(*models.User)
|
|
|
|
limit := 50
|
|
offset := 0
|
|
if l := c.QueryParam("limit"); l != "" {
|
|
if parsed, err := strconv.Atoi(l); err == nil && parsed > 0 {
|
|
limit = parsed
|
|
}
|
|
}
|
|
if o := c.QueryParam("offset"); o != "" {
|
|
if parsed, err := strconv.Atoi(o); err == nil && parsed >= 0 {
|
|
offset = parsed
|
|
}
|
|
}
|
|
|
|
notifications, err := h.notificationService.GetNotifications(user.ID, limit, offset)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
return c.JSON(http.StatusOK, map[string]interface{}{
|
|
"count": len(notifications),
|
|
"results": notifications,
|
|
})
|
|
}
|
|
|
|
// GetUnreadCount handles GET /api/notifications/unread-count/
|
|
func (h *NotificationHandler) GetUnreadCount(c echo.Context) error {
|
|
user := c.Get(middleware.AuthUserKey).(*models.User)
|
|
|
|
count, err := h.notificationService.GetUnreadCount(user.ID)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
return c.JSON(http.StatusOK, map[string]interface{}{"unread_count": count})
|
|
}
|
|
|
|
// MarkAsRead handles POST /api/notifications/:id/read/
|
|
func (h *NotificationHandler) MarkAsRead(c echo.Context) error {
|
|
user := c.Get(middleware.AuthUserKey).(*models.User)
|
|
|
|
notificationID, err := strconv.ParseUint(c.Param("id"), 10, 32)
|
|
if err != nil {
|
|
return apperrors.BadRequest("error.invalid_notification_id")
|
|
}
|
|
|
|
err = h.notificationService.MarkAsRead(uint(notificationID), user.ID)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
return c.JSON(http.StatusOK, map[string]interface{}{"message": "message.notification_marked_read"})
|
|
}
|
|
|
|
// MarkAllAsRead handles POST /api/notifications/mark-all-read/
|
|
func (h *NotificationHandler) MarkAllAsRead(c echo.Context) error {
|
|
user := c.Get(middleware.AuthUserKey).(*models.User)
|
|
|
|
err := h.notificationService.MarkAllAsRead(user.ID)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
return c.JSON(http.StatusOK, map[string]interface{}{"message": "message.all_notifications_marked_read"})
|
|
}
|
|
|
|
// GetPreferences handles GET /api/notifications/preferences/
|
|
func (h *NotificationHandler) GetPreferences(c echo.Context) error {
|
|
user := c.Get(middleware.AuthUserKey).(*models.User)
|
|
|
|
prefs, err := h.notificationService.GetPreferences(user.ID)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
return c.JSON(http.StatusOK, prefs)
|
|
}
|
|
|
|
// UpdatePreferences handles PUT/PATCH /api/notifications/preferences/
|
|
func (h *NotificationHandler) UpdatePreferences(c echo.Context) error {
|
|
user := c.Get(middleware.AuthUserKey).(*models.User)
|
|
|
|
var req services.UpdatePreferencesRequest
|
|
if err := c.Bind(&req); err != nil {
|
|
return apperrors.BadRequest("error.invalid_request")
|
|
}
|
|
|
|
prefs, err := h.notificationService.UpdatePreferences(user.ID, &req)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
return c.JSON(http.StatusOK, prefs)
|
|
}
|
|
|
|
// RegisterDevice handles POST /api/notifications/devices/
|
|
func (h *NotificationHandler) RegisterDevice(c echo.Context) error {
|
|
user := c.Get(middleware.AuthUserKey).(*models.User)
|
|
|
|
var req services.RegisterDeviceRequest
|
|
if err := c.Bind(&req); err != nil {
|
|
return apperrors.BadRequest("error.invalid_request")
|
|
}
|
|
|
|
device, err := h.notificationService.RegisterDevice(user.ID, &req)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
return c.JSON(http.StatusCreated, device)
|
|
}
|
|
|
|
// ListDevices handles GET /api/notifications/devices/
|
|
func (h *NotificationHandler) ListDevices(c echo.Context) error {
|
|
user := c.Get(middleware.AuthUserKey).(*models.User)
|
|
|
|
devices, err := h.notificationService.ListDevices(user.ID)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
return c.JSON(http.StatusOK, devices)
|
|
}
|
|
|
|
// UnregisterDevice handles POST /api/notifications/devices/unregister/
|
|
// Accepts {registration_id, platform} and deactivates the matching device
|
|
func (h *NotificationHandler) UnregisterDevice(c echo.Context) error {
|
|
user := c.Get(middleware.AuthUserKey).(*models.User)
|
|
|
|
var req struct {
|
|
RegistrationID string `json:"registration_id"`
|
|
Platform string `json:"platform"`
|
|
}
|
|
if err := c.Bind(&req); err != nil {
|
|
return apperrors.BadRequest("error.invalid_request")
|
|
}
|
|
if req.RegistrationID == "" {
|
|
return apperrors.BadRequest("error.registration_id_required")
|
|
}
|
|
if req.Platform == "" {
|
|
req.Platform = "ios" // Default to iOS
|
|
}
|
|
|
|
err := h.notificationService.UnregisterDevice(req.RegistrationID, req.Platform, user.ID)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
return c.JSON(http.StatusOK, map[string]interface{}{"message": "message.device_unregistered"})
|
|
}
|
|
|
|
// DeleteDevice handles DELETE /api/notifications/devices/:id/
|
|
func (h *NotificationHandler) DeleteDevice(c echo.Context) error {
|
|
user := c.Get(middleware.AuthUserKey).(*models.User)
|
|
|
|
deviceID, err := strconv.ParseUint(c.Param("id"), 10, 32)
|
|
if err != nil {
|
|
return apperrors.BadRequest("error.invalid_device_id")
|
|
}
|
|
|
|
platform := c.QueryParam("platform")
|
|
if platform == "" {
|
|
platform = "ios" // Default to iOS
|
|
}
|
|
|
|
err = h.notificationService.DeleteDevice(uint(deviceID), platform, user.ID)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
return c.JSON(http.StatusOK, map[string]interface{}{"message": "message.device_removed"})
|
|
}
|