senke/veza
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
veza/veza-backend-api/internal/handlers/comment_handler.go

398 lines
15 KiB
Go
Raw Normal View History

adding initial backend API (Go)
2025-12-03 19:29:37 +00:00
package handlers
import (
[T0-006] test(backend): Ajout tests pour search_handlers et comment_handler - Tests complets pour search_handlers.go (6 tests) - Tests complets pour comment_handler.go (12 tests) - Interfaces créées pour permettre le mock (SearchServiceInterface, CommentServiceInterface) - Couverture actuelle: 30.6% (objectif: 80%) Files: veza-backend-api/internal/handlers/search_handlers.go veza-backend-api/internal/handlers/search_handlers_test.go veza-backend-api/internal/handlers/comment_handler.go veza-backend-api/internal/handlers/comment_handler_test.go VEZA_ROADMAP.json Hours: 16 estimated, 17 actual
2025-12-28 21:18:33 +00:00
"context"
STABILISATION: phase 3–5 – API contract, tests & chat-server hardening
2025-12-06 16:21:59 +00:00
"errors"
adding initial backend API (Go)
2025-12-03 19:29:37 +00:00
"net/http"
"strconv"
[BE-API-013] be-api: Implement track comments endpoints - Added GET /tracks/:id/comments route (public) - Added POST /tracks/:id/comments route (protected) - Added DELETE /comments/:id route (protected) - Initialized CommentService and CommentHandler in setupTrackRoutes - Standardized API responses in comment handlers - Handlers use RespondSuccess and RespondWithAppError Phase: PHASE-2 Priority: P1 Progress: 22/267 (8.2%)
2025-12-24 10:19:05 +00:00
apperrors "veza-backend-api/internal/errors"
[T0-006] test(backend): Ajout tests pour search_handlers et comment_handler - Tests complets pour search_handlers.go (6 tests) - Tests complets pour comment_handler.go (12 tests) - Interfaces créées pour permettre le mock (SearchServiceInterface, CommentServiceInterface) - Couverture actuelle: 30.6% (objectif: 80%) Files: veza-backend-api/internal/handlers/search_handlers.go veza-backend-api/internal/handlers/search_handlers_test.go veza-backend-api/internal/handlers/comment_handler.go veza-backend-api/internal/handlers/comment_handler_test.go VEZA_ROADMAP.json Hours: 16 estimated, 17 actual
2025-12-28 21:18:33 +00:00
"veza-backend-api/internal/models"
stabilizing veza-backend-api: phase 1
2025-12-16 16:23:49 +00:00
"veza-backend-api/internal/services"
[BE-SEC-009] be-sec: Implement input sanitization - Created comprehensive sanitization utility functions - SanitizeInput, SanitizeText, SanitizeHTML, SanitizeURL, SanitizeEmail, SanitizeUsername - Applied sanitization to profile handler (username, bio, names, search) - Applied sanitization to social posts content - Applied sanitization to comment content - Applied sanitization to playlist titles and descriptions - All functions prevent XSS via HTML escaping and remove dangerous URL schemes - Removes control characters and limits input length to prevent DoS
2025-12-24 11:15:25 +00:00
"veza-backend-api/internal/utils"
stabilizing veza-backend-api: phase 1
2025-12-16 16:23:49 +00:00
adding initial backend API (Go)
2025-12-03 19:29:37 +00:00
"github.com/gin-gonic/gin"
P0: stabilisation backend/chat/stream + nouvelle base migrations v1 Backend Go: - Remplacement complet des anciennes migrations par la base V1 alignée sur ORIGIN. - Durcissement global du parsing JSON (BindAndValidateJSON + RespondWithAppError). - Sécurisation de config.go, CORS, statuts de santé et monitoring. - Implémentation des transactions P0 (RBAC, duplication de playlists, social toggles). - Ajout d’un job worker structuré (emails, analytics, thumbnails) + tests associés. - Nouvelle doc backend : AUDIT_CONFIG, BACKEND_CONFIG, AUTH_PASSWORD_RESET, JOB_WORKER_*. Chat server (Rust): - Refonte du pipeline JWT + sécurité, audit et rate limiting avancé. - Implémentation complète du cycle de message (read receipts, delivered, edit/delete, typing). - Nettoyage des panics, gestion d’erreurs robuste, logs structurés. - Migrations chat alignées sur le schéma UUID et nouvelles features. Stream server (Rust): - Refonte du moteur de streaming (encoding pipeline + HLS) et des modules core. - Transactions P0 pour les jobs et segments, garanties d’atomicité. - Documentation détaillée de la pipeline (AUDIT_STREAM_*, DESIGN_STREAM_PIPELINE, TRANSACTIONS_P0_IMPLEMENTATION). Documentation & audits: - TRIAGE.md et AUDIT_STABILITY.md à jour avec l’état réel des 3 services. - Cartographie complète des migrations et des transactions (DB_MIGRATIONS_*, DB_TRANSACTION_PLAN, AUDIT_DB_TRANSACTIONS, TRANSACTION_TESTS_PHASE3). - Scripts de reset et de cleanup pour la lab DB et la V1. Ce commit fige l’ensemble du travail de stabilisation P0 (UUID, backend, chat et stream) avant les phases suivantes (Coherence Guardian, WS hardening, etc.).
2025-12-06 10:14:38 +00:00
"github.com/google/uuid"
"go.uber.org/zap"
adding initial backend API (Go)
2025-12-03 19:29:37 +00:00
)
[T0-006] test(backend): Ajout tests pour search_handlers et comment_handler - Tests complets pour search_handlers.go (6 tests) - Tests complets pour comment_handler.go (12 tests) - Interfaces créées pour permettre le mock (SearchServiceInterface, CommentServiceInterface) - Couverture actuelle: 30.6% (objectif: 80%) Files: veza-backend-api/internal/handlers/search_handlers.go veza-backend-api/internal/handlers/search_handlers_test.go veza-backend-api/internal/handlers/comment_handler.go veza-backend-api/internal/handlers/comment_handler_test.go VEZA_ROADMAP.json Hours: 16 estimated, 17 actual
2025-12-28 21:18:33 +00:00
// CommentServiceInterface defines the interface for comment operations
// This allows for easier testing with mocks
type CommentServiceInterface interface {
CreateComment(ctx context.Context, trackID uuid.UUID, userID uuid.UUID, content string, timestamp float64, parentID *uuid.UUID) (*models.TrackComment, error)
GetComments(ctx context.Context, trackID uuid.UUID, page, limit int) ([]models.TrackComment, int64, error)
UpdateComment(ctx context.Context, commentID uuid.UUID, userID uuid.UUID, content string) (*models.TrackComment, error)
DeleteComment(ctx context.Context, commentID uuid.UUID, userID uuid.UUID, isAdmin bool) error
GetReplies(ctx context.Context, parentID uuid.UUID, page, limit int) ([]models.TrackComment, int64, error)
chore: consolidate CI, E2E, backend and frontend updates - CI: workflows updates (cd, ci), remove playwright.yml - E2E: global-setup, auth/playlists/profile specs - Remove playwright-report and test-results artifacts from tracking - Backend: auth, handlers, services, workers, migrations - Frontend: components, features, vite config - Add e2e-results.json to gitignore - Docs: REMEDIATION_PROGRESS, audit archive - Rust: chat-server, stream-server updates
2026-02-17 15:43:21 +00:00
GetTrackCreatorID(ctx context.Context, trackID uuid.UUID) (uuid.UUID, error)
[T0-006] test(backend): Ajout tests pour search_handlers et comment_handler - Tests complets pour search_handlers.go (6 tests) - Tests complets pour comment_handler.go (12 tests) - Interfaces créées pour permettre le mock (SearchServiceInterface, CommentServiceInterface) - Couverture actuelle: 30.6% (objectif: 80%) Files: veza-backend-api/internal/handlers/search_handlers.go veza-backend-api/internal/handlers/search_handlers_test.go veza-backend-api/internal/handlers/comment_handler.go veza-backend-api/internal/handlers/comment_handler_test.go VEZA_ROADMAP.json Hours: 16 estimated, 17 actual
2025-12-28 21:18:33 +00:00
}
adding initial backend API (Go)
2025-12-03 19:29:37 +00:00
// CommentHandler gère les opérations sur les commentaires de tracks
type CommentHandler struct {
v0.9.4
2026-03-05 22:03:43 +00:00
commentService CommentServiceInterface
chore: consolidate CI, E2E, backend and frontend updates - CI: workflows updates (cd, ci), remove playwright.yml - E2E: global-setup, auth/playlists/profile specs - Remove playwright-report and test-results artifacts from tracking - Backend: auth, handlers, services, workers, migrations - Frontend: components, features, vite config - Add e2e-results.json to gitignore - Docs: REMEDIATION_PROGRESS, audit archive - Rust: chat-server, stream-server updates
2026-02-17 15:43:21 +00:00
notificationService *services.NotificationService // Phase 2.2: Optional, for comment notifications
v0.9.4
2026-03-05 22:03:43 +00:00
commonHandler *CommonHandler
adding initial backend API (Go)
2025-12-03 19:29:37 +00:00
}
// NewCommentHandler crée un nouveau handler de commentaires
P0: stabilisation backend/chat/stream + nouvelle base migrations v1 Backend Go: - Remplacement complet des anciennes migrations par la base V1 alignée sur ORIGIN. - Durcissement global du parsing JSON (BindAndValidateJSON + RespondWithAppError). - Sécurisation de config.go, CORS, statuts de santé et monitoring. - Implémentation des transactions P0 (RBAC, duplication de playlists, social toggles). - Ajout d’un job worker structuré (emails, analytics, thumbnails) + tests associés. - Nouvelle doc backend : AUDIT_CONFIG, BACKEND_CONFIG, AUTH_PASSWORD_RESET, JOB_WORKER_*. Chat server (Rust): - Refonte du pipeline JWT + sécurité, audit et rate limiting avancé. - Implémentation complète du cycle de message (read receipts, delivered, edit/delete, typing). - Nettoyage des panics, gestion d’erreurs robuste, logs structurés. - Migrations chat alignées sur le schéma UUID et nouvelles features. Stream server (Rust): - Refonte du moteur de streaming (encoding pipeline + HLS) et des modules core. - Transactions P0 pour les jobs et segments, garanties d’atomicité. - Documentation détaillée de la pipeline (AUDIT_STREAM_*, DESIGN_STREAM_PIPELINE, TRANSACTIONS_P0_IMPLEMENTATION). Documentation & audits: - TRIAGE.md et AUDIT_STABILITY.md à jour avec l’état réel des 3 services. - Cartographie complète des migrations et des transactions (DB_MIGRATIONS_*, DB_TRANSACTION_PLAN, AUDIT_DB_TRANSACTIONS, TRANSACTION_TESTS_PHASE3). - Scripts de reset et de cleanup pour la lab DB et la V1. Ce commit fige l’ensemble du travail de stabilisation P0 (UUID, backend, chat et stream) avant les phases suivantes (Coherence Guardian, WS hardening, etc.).
2025-12-06 10:14:38 +00:00
func NewCommentHandler(commentService *services.CommentService, logger *zap.Logger) *CommentHandler {
return &CommentHandler{
commentService: commentService,
commonHandler: NewCommonHandler(logger),
}
adding initial backend API (Go)
2025-12-03 19:29:37 +00:00
}
[T0-006] test(backend): Ajout tests pour search_handlers et comment_handler - Tests complets pour search_handlers.go (6 tests) - Tests complets pour comment_handler.go (12 tests) - Interfaces créées pour permettre le mock (SearchServiceInterface, CommentServiceInterface) - Couverture actuelle: 30.6% (objectif: 80%) Files: veza-backend-api/internal/handlers/search_handlers.go veza-backend-api/internal/handlers/search_handlers_test.go veza-backend-api/internal/handlers/comment_handler.go veza-backend-api/internal/handlers/comment_handler_test.go VEZA_ROADMAP.json Hours: 16 estimated, 17 actual
2025-12-28 21:18:33 +00:00
// NewCommentHandlerWithInterface crée un nouveau handler avec une interface (pour les tests)
func NewCommentHandlerWithInterface(commentService CommentServiceInterface, logger *zap.Logger) *CommentHandler {
return &CommentHandler{
commentService: commentService,
commonHandler: NewCommonHandler(logger),
}
}
chore: consolidate CI, E2E, backend and frontend updates - CI: workflows updates (cd, ci), remove playwright.yml - E2E: global-setup, auth/playlists/profile specs - Remove playwright-report and test-results artifacts from tracking - Backend: auth, handlers, services, workers, migrations - Frontend: components, features, vite config - Add e2e-results.json to gitignore - Docs: REMEDIATION_PROGRESS, audit archive - Rust: chat-server, stream-server updates
2026-02-17 15:43:21 +00:00
// SetNotificationService sets the notification service for comment notifications (Phase 2.2)
func (h *CommentHandler) SetNotificationService(notificationService *services.NotificationService) {
h.notificationService = notificationService
}
adding initial backend API (Go)
2025-12-03 19:29:37 +00:00
// CreateCommentRequest représente la requête pour créer un commentaire
stabilizing veza-backend-api: P1 & P2
2025-12-16 18:34:08 +00:00
// MOD-P1-001: Ajout tags validate pour validation systématique
feat(v0.10.3): Commentaires & Interactions Sociales - F201-F215 - F201: Commentaires avec timestamp cliquable, modération mots-clés - F202: Likes privés (compteur visible créateur uniquement) - F203: Reposts de tracks sur le profil, bouton Repost, onglet Reposts - F204: Notifications (commentaire, repost), pas de gamification Backend: migrations 127/128, comment_moderation_service, track_repost_service, GetTrackLikes/GetTrack masquent like_count pour non-créateurs Frontend: LikeButton isCreator, RepostButton, Reposts tab profil, timestamp seek
2026-03-09 09:30:47 +00:00
// v0.10.3 F201: Timestamp (position in track in seconds) for seekable comments
adding initial backend API (Go)
2025-12-03 19:29:37 +00:00
type CreateCommentRequest struct {
feat(v0.10.3): Commentaires & Interactions Sociales - F201-F215 - F201: Commentaires avec timestamp cliquable, modération mots-clés - F202: Likes privés (compteur visible créateur uniquement) - F203: Reposts de tracks sur le profil, bouton Repost, onglet Reposts - F204: Notifications (commentaire, repost), pas de gamification Backend: migrations 127/128, comment_moderation_service, track_repost_service, GetTrackLikes/GetTrack masquent like_count pour non-créateurs Frontend: LikeButton isCreator, RepostButton, Reposts tab profil, timestamp seek
2026-03-09 09:30:47 +00:00
Content string `json:"content" binding:"required,min=1,max=5000" validate:"required,min=1,max=5000"`
ParentID *uuid.UUID `json:"parent_id,omitempty" validate:"omitempty"`
Timestamp *float64 `json:"timestamp,omitempty"` // Position in seconds (0 = top-level, no specific time)
adding initial backend API (Go)
2025-12-03 19:29:37 +00:00
}
// UpdateCommentRequest représente la requête pour mettre à jour un commentaire
stabilizing veza-backend-api: P1 & P2
2025-12-16 18:34:08 +00:00
// MOD-P1-001: Ajout tags validate pour validation systématique
adding initial backend API (Go)
2025-12-03 19:29:37 +00:00
type UpdateCommentRequest struct {
stabilizing veza-backend-api: P1 & P2
2025-12-16 18:34:08 +00:00
Content string `json:"content" binding:"required,min=1,max=5000" validate:"required,min=1,max=5000"`
adding initial backend API (Go)
2025-12-03 19:29:37 +00:00
}
// CreateComment gère la création d'un commentaire sur un track
[INT-010] int: Add API documentation (OpenAPI/Swagger)
2025-12-25 14:23:19 +00:00
// @Summary Create comment
stabilisation commit A
2026-01-07 18:39:21 +00:00
// @Description Create a new comment on a track. Can be a top-level comment or a reply to another comment (using parent_id).
[INT-010] int: Add API documentation (OpenAPI/Swagger)
2025-12-25 14:23:19 +00:00
// @Tags Comment
// @Accept json
// @Produce json
// @Security BearerAuth
stabilisation commit A
2026-01-07 18:39:21 +00:00
// @Param id path string true "Track ID (UUID)"
// @Param comment body handlers.CreateCommentRequest true "Comment data"
[INT-010] int: Add API documentation (OpenAPI/Swagger)
2025-12-25 14:23:19 +00:00
// @Success 201 {object} handlers.APIResponse{data=object{comment=object}}
// @Failure 400 {object} handlers.APIResponse "Validation error"
// @Failure 401 {object} handlers.APIResponse "Unauthorized"
// @Failure 404 {object} handlers.APIResponse "Track not found"
stabilisation commit A
2026-01-07 18:39:21 +00:00
// @Failure 500 {object} handlers.APIResponse "Internal server error"
[INT-010] int: Add API documentation (OpenAPI/Swagger)
2025-12-25 14:23:19 +00:00
// @Router /tracks/{id}/comments [post]
adding initial backend API (Go)
2025-12-03 19:29:37 +00:00
func (h *CommentHandler) CreateComment(c *gin.Context) {
stabilizing veza-backend-api: phase 1
2025-12-16 16:23:49 +00:00
userID, ok := GetUserIDUUID(c)
if !ok {
return // Erreur déjà envoyée par GetUserIDUUID
}
adding initial backend API (Go)
2025-12-03 19:29:37 +00:00
if userID == uuid.Nil {
api-contracts: update backend handlers to use wrapped format - Updated system_metrics.go to use RespondSuccess() helper - Updated bitrate_handler.go success responses to use wrapped format - Updated frontend_log_handler.go to use RespondSuccess() helper - Updated csrf.go to use RespondSuccess() and RespondWithError() helpers - Updated audit.go: all 30+ error and success responses now use wrapped format helpers - Updated comment_handler.go error responses to use RespondWithError() - Updated system_metrics_test.go to expect wrapped format {success, data} - All handlers now consistently use wrapped format helpers - Build and tests pass successfully - Action 1.3.2.1 complete - backend handlers standardized to wrapped format
2026-01-15 16:32:02 +00:00
// Action 1.3.2.1: Use wrapped format helper for errors
RespondWithError(c, int(apperrors.ErrCodeUnauthorized), "unauthorized")
adding initial backend API (Go)
2025-12-03 19:29:37 +00:00
return
}
trackIDStr := c.Param("id")
if trackIDStr == "" {
api-contracts: update backend handlers to use wrapped format - Updated system_metrics.go to use RespondSuccess() helper - Updated bitrate_handler.go success responses to use wrapped format - Updated frontend_log_handler.go to use RespondSuccess() helper - Updated csrf.go to use RespondSuccess() and RespondWithError() helpers - Updated audit.go: all 30+ error and success responses now use wrapped format helpers - Updated comment_handler.go error responses to use RespondWithError() - Updated system_metrics_test.go to expect wrapped format {success, data} - All handlers now consistently use wrapped format helpers - Build and tests pass successfully - Action 1.3.2.1 complete - backend handlers standardized to wrapped format
2026-01-15 16:32:02 +00:00
// Action 1.3.2.1: Use wrapped format helper for errors
RespondWithError(c, int(apperrors.ErrCodeValidation), "track id is required")
adding initial backend API (Go)
2025-12-03 19:29:37 +00:00
return
}
trackID, err := uuid.Parse(trackIDStr) // Changed to uuid.Parse
if err != nil {
api-contracts: update backend handlers to use wrapped format - Updated system_metrics.go to use RespondSuccess() helper - Updated bitrate_handler.go success responses to use wrapped format - Updated frontend_log_handler.go to use RespondSuccess() helper - Updated csrf.go to use RespondSuccess() and RespondWithError() helpers - Updated audit.go: all 30+ error and success responses now use wrapped format helpers - Updated comment_handler.go error responses to use RespondWithError() - Updated system_metrics_test.go to expect wrapped format {success, data} - All handlers now consistently use wrapped format helpers - Build and tests pass successfully - Action 1.3.2.1 complete - backend handlers standardized to wrapped format
2026-01-15 16:32:02 +00:00
// Action 1.3.2.1: Use wrapped format helper for errors
RespondWithError(c, int(apperrors.ErrCodeValidation), "invalid track id")
adding initial backend API (Go)
2025-12-03 19:29:37 +00:00
return
}
var req CreateCommentRequest
P0: stabilisation backend/chat/stream + nouvelle base migrations v1 Backend Go: - Remplacement complet des anciennes migrations par la base V1 alignée sur ORIGIN. - Durcissement global du parsing JSON (BindAndValidateJSON + RespondWithAppError). - Sécurisation de config.go, CORS, statuts de santé et monitoring. - Implémentation des transactions P0 (RBAC, duplication de playlists, social toggles). - Ajout d’un job worker structuré (emails, analytics, thumbnails) + tests associés. - Nouvelle doc backend : AUDIT_CONFIG, BACKEND_CONFIG, AUTH_PASSWORD_RESET, JOB_WORKER_*. Chat server (Rust): - Refonte du pipeline JWT + sécurité, audit et rate limiting avancé. - Implémentation complète du cycle de message (read receipts, delivered, edit/delete, typing). - Nettoyage des panics, gestion d’erreurs robuste, logs structurés. - Migrations chat alignées sur le schéma UUID et nouvelles features. Stream server (Rust): - Refonte du moteur de streaming (encoding pipeline + HLS) et des modules core. - Transactions P0 pour les jobs et segments, garanties d’atomicité. - Documentation détaillée de la pipeline (AUDIT_STREAM_*, DESIGN_STREAM_PIPELINE, TRANSACTIONS_P0_IMPLEMENTATION). Documentation & audits: - TRIAGE.md et AUDIT_STABILITY.md à jour avec l’état réel des 3 services. - Cartographie complète des migrations et des transactions (DB_MIGRATIONS_*, DB_TRANSACTION_PLAN, AUDIT_DB_TRANSACTIONS, TRANSACTION_TESTS_PHASE3). - Scripts de reset et de cleanup pour la lab DB et la V1. Ce commit fige l’ensemble du travail de stabilisation P0 (UUID, backend, chat et stream) avant les phases suivantes (Coherence Guardian, WS hardening, etc.).
2025-12-06 10:14:38 +00:00
if appErr := h.commonHandler.BindAndValidateJSON(c, &req); appErr != nil {
RespondWithAppError(c, appErr)
adding initial backend API (Go)
2025-12-03 19:29:37 +00:00
return
}
[BE-SEC-009] be-sec: Implement input sanitization - Created comprehensive sanitization utility functions - SanitizeInput, SanitizeText, SanitizeHTML, SanitizeURL, SanitizeEmail, SanitizeUsername - Applied sanitization to profile handler (username, bio, names, search) - Applied sanitization to social posts content - Applied sanitization to comment content - Applied sanitization to playlist titles and descriptions - All functions prevent XSS via HTML escaping and remove dangerous URL schemes - Removes control characters and limits input length to prevent DoS
2025-12-24 11:15:25 +00:00
// BE-SEC-009: Sanitize user inputs to prevent XSS and injection attacks
req.Content = utils.SanitizeText(req.Content, 5000)
feat(v0.10.3): Commentaires & Interactions Sociales - F201-F215 - F201: Commentaires avec timestamp cliquable, modération mots-clés - F202: Likes privés (compteur visible créateur uniquement) - F203: Reposts de tracks sur le profil, bouton Repost, onglet Reposts - F204: Notifications (commentaire, repost), pas de gamification Backend: migrations 127/128, comment_moderation_service, track_repost_service, GetTrackLikes/GetTrack masquent like_count pour non-créateurs Frontend: LikeButton isCreator, RepostButton, Reposts tab profil, timestamp seek
2026-03-09 09:30:47 +00:00
timestamp := 0.0
if req.Timestamp != nil && *req.Timestamp >= 0 {
timestamp = *req.Timestamp
}
comment, err := h.commentService.CreateComment(c.Request.Context(), trackID, userID, req.Content, timestamp, req.ParentID)
adding initial backend API (Go)
2025-12-03 19:29:37 +00:00
if err != nil {
feat(v0.10.3): Commentaires & Interactions Sociales - F201-F215 - F201: Commentaires avec timestamp cliquable, modération mots-clés - F202: Likes privés (compteur visible créateur uniquement) - F203: Reposts de tracks sur le profil, bouton Repost, onglet Reposts - F204: Notifications (commentaire, repost), pas de gamification Backend: migrations 127/128, comment_moderation_service, track_repost_service, GetTrackLikes/GetTrack masquent like_count pour non-créateurs Frontend: LikeButton isCreator, RepostButton, Reposts tab profil, timestamp seek
2026-03-09 09:30:47 +00:00
if errors.Is(err, services.ErrModerationRejected) {
RespondWithAppError(c, apperrors.NewValidationError("content does not comply with moderation rules"))
return
}
STABILISATION: phase 3–5 – API contract, tests & chat-server hardening
2025-12-06 16:21:59 +00:00
if errors.Is(err, services.ErrTrackNotFound) {
[BE-API-013] be-api: Implement track comments endpoints - Added GET /tracks/:id/comments route (public) - Added POST /tracks/:id/comments route (protected) - Added DELETE /comments/:id route (protected) - Initialized CommentService and CommentHandler in setupTrackRoutes - Standardized API responses in comment handlers - Handlers use RespondSuccess and RespondWithAppError Phase: PHASE-2 Priority: P1 Progress: 22/267 (8.2%)
2025-12-24 10:19:05 +00:00
RespondWithAppError(c, apperrors.NewNotFoundError("track"))
adding initial backend API (Go)
2025-12-03 19:29:37 +00:00
return
}
STABILISATION: phase 3–5 – API contract, tests & chat-server hardening
2025-12-06 16:21:59 +00:00
if errors.Is(err, services.ErrParentCommentNotFound) {
[BE-API-013] be-api: Implement track comments endpoints - Added GET /tracks/:id/comments route (public) - Added POST /tracks/:id/comments route (protected) - Added DELETE /comments/:id route (protected) - Initialized CommentService and CommentHandler in setupTrackRoutes - Standardized API responses in comment handlers - Handlers use RespondSuccess and RespondWithAppError Phase: PHASE-2 Priority: P1 Progress: 22/267 (8.2%)
2025-12-24 10:19:05 +00:00
RespondWithAppError(c, apperrors.NewNotFoundError("parent comment"))
adding initial backend API (Go)
2025-12-03 19:29:37 +00:00
return
}
STABILISATION: phase 3–5 – API contract, tests & chat-server hardening
2025-12-06 16:21:59 +00:00
if errors.Is(err, services.ErrParentTrackMismatch) {
[BE-API-013] be-api: Implement track comments endpoints - Added GET /tracks/:id/comments route (public) - Added POST /tracks/:id/comments route (protected) - Added DELETE /comments/:id route (protected) - Initialized CommentService and CommentHandler in setupTrackRoutes - Standardized API responses in comment handlers - Handlers use RespondSuccess and RespondWithAppError Phase: PHASE-2 Priority: P1 Progress: 22/267 (8.2%)
2025-12-24 10:19:05 +00:00
RespondWithAppError(c, apperrors.NewValidationError("parent comment does not belong to the same track"))
adding initial backend API (Go)
2025-12-03 19:29:37 +00:00
return
}
[BE-API-013] be-api: Implement track comments endpoints - Added GET /tracks/:id/comments route (public) - Added POST /tracks/:id/comments route (protected) - Added DELETE /comments/:id route (protected) - Initialized CommentService and CommentHandler in setupTrackRoutes - Standardized API responses in comment handlers - Handlers use RespondSuccess and RespondWithAppError Phase: PHASE-2 Priority: P1 Progress: 22/267 (8.2%)
2025-12-24 10:19:05 +00:00
h.commonHandler.logger.Error("failed to create comment", zap.Error(err))
RespondWithAppError(c, apperrors.Wrap(apperrors.ErrCodeInternal, "Failed to create comment", err))
adding initial backend API (Go)
2025-12-03 19:29:37 +00:00
return
}
feat(v0.10.5): Notifications complètes — F551-F555 F555: Backend pagination/filter GetNotifications (type, page, limit) + frontend pagination F551: WebSocket real-time — backend inject chat hub, send on CreateNotification; frontend useChat invalidates F553: Quiet hours — migration 132, CreateNotification skips push/WS, UI in PushPreferencesSection F554: Notification grouping — migration 133, group_key/actor_count for like/comment, UI format F552: Weekly digest — migration 134, NotificationDigestWorker, email template, prefs UI Acceptance: no gamification notif; defaults unchanged; individual toggles for marketing
2026-03-10 09:02:21 +00:00
// Phase 2.2: Create notification for track creator (skip if user comments on own track). F554: grouping by track
chore: consolidate CI, E2E, backend and frontend updates - CI: workflows updates (cd, ci), remove playwright.yml - E2E: global-setup, auth/playlists/profile specs - Remove playwright-report and test-results artifacts from tracking - Backend: auth, handlers, services, workers, migrations - Frontend: components, features, vite config - Add e2e-results.json to gitignore - Docs: REMEDIATION_PROGRESS, audit archive - Rust: chat-server, stream-server updates
2026-02-17 15:43:21 +00:00
if h.notificationService != nil {
creatorID, err := h.commentService.GetTrackCreatorID(c.Request.Context(), trackID)
if err == nil && creatorID != userID {
link := "/tracks/" + trackID.String()
feat(v0.10.5): Notifications complètes — F551-F555 F555: Backend pagination/filter GetNotifications (type, page, limit) + frontend pagination F551: WebSocket real-time — backend inject chat hub, send on CreateNotification; frontend useChat invalidates F553: Quiet hours — migration 132, CreateNotification skips push/WS, UI in PushPreferencesSection F554: Notification grouping — migration 133, group_key/actor_count for like/comment, UI format F552: Weekly digest — migration 134, NotificationDigestWorker, email template, prefs UI Acceptance: no gamification notif; defaults unchanged; individual toggles for marketing
2026-03-10 09:02:21 +00:00
if err := h.notificationService.CreateNotificationWithGroup(creatorID, "comment", "New comment", "Someone commented on your track", link, "comment:track:"+trackID.String(), userID); err != nil {
chore: consolidate CI, E2E, backend and frontend updates - CI: workflows updates (cd, ci), remove playwright.yml - E2E: global-setup, auth/playlists/profile specs - Remove playwright-report and test-results artifacts from tracking - Backend: auth, handlers, services, workers, migrations - Frontend: components, features, vite config - Add e2e-results.json to gitignore - Docs: REMEDIATION_PROGRESS, audit archive - Rust: chat-server, stream-server updates
2026-02-17 15:43:21 +00:00
h.commonHandler.logger.Warn("failed to create comment notification", zap.Error(err))
}
}
}
[BE-API-013] be-api: Implement track comments endpoints - Added GET /tracks/:id/comments route (public) - Added POST /tracks/:id/comments route (protected) - Added DELETE /comments/:id route (protected) - Initialized CommentService and CommentHandler in setupTrackRoutes - Standardized API responses in comment handlers - Handlers use RespondSuccess and RespondWithAppError Phase: PHASE-2 Priority: P1 Progress: 22/267 (8.2%)
2025-12-24 10:19:05 +00:00
RespondSuccess(c, http.StatusCreated, comment)
adding initial backend API (Go)
2025-12-03 19:29:37 +00:00
}
// GetComments gère la récupération des commentaires d'un track
[INT-010] int: Add API documentation (OpenAPI/Swagger)
2025-12-25 14:23:19 +00:00
// @Summary Get track comments
// @Description Get paginated list of comments for a track
// @Tags Comment
// @Accept json
// @Produce json
// @Param id path string true "Track ID"
// @Param page query int false "Page number" default(1)
// @Param limit query int false "Items per page" default(20)
// @Success 200 {object} handlers.APIResponse{data=object{comments=array,pagination=object}}
// @Failure 400 {object} handlers.APIResponse "Validation error"
// @Failure 404 {object} handlers.APIResponse "Track not found"
// @Failure 500 {object} handlers.APIResponse "Internal server error"
// @Router /tracks/{id}/comments [get]
adding initial backend API (Go)
2025-12-03 19:29:37 +00:00
func (h *CommentHandler) GetComments(c *gin.Context) {
trackIDStr := c.Param("id")
if trackIDStr == "" {
[BE-API-013] be-api: Implement track comments endpoints - Added GET /tracks/:id/comments route (public) - Added POST /tracks/:id/comments route (protected) - Added DELETE /comments/:id route (protected) - Initialized CommentService and CommentHandler in setupTrackRoutes - Standardized API responses in comment handlers - Handlers use RespondSuccess and RespondWithAppError Phase: PHASE-2 Priority: P1 Progress: 22/267 (8.2%)
2025-12-24 10:19:05 +00:00
RespondWithAppError(c, apperrors.NewValidationError("track id is required"))
adding initial backend API (Go)
2025-12-03 19:29:37 +00:00
return
}
trackID, err := uuid.Parse(trackIDStr) // Changed to uuid.Parse
if err != nil {
[BE-API-013] be-api: Implement track comments endpoints - Added GET /tracks/:id/comments route (public) - Added POST /tracks/:id/comments route (protected) - Added DELETE /comments/:id route (protected) - Initialized CommentService and CommentHandler in setupTrackRoutes - Standardized API responses in comment handlers - Handlers use RespondSuccess and RespondWithAppError Phase: PHASE-2 Priority: P1 Progress: 22/267 (8.2%)
2025-12-24 10:19:05 +00:00
RespondWithAppError(c, apperrors.NewValidationError("invalid track id"))
adding initial backend API (Go)
2025-12-03 19:29:37 +00:00
return
}
page, _ := strconv.Atoi(c.DefaultQuery("page", "1"))
limit, _ := strconv.Atoi(c.DefaultQuery("limit", "20"))
fix(v0.12.6.1): remediate remaining 15 MEDIUM + LOW pentest findings MEDIUM-002: Remove manual X-Forwarded-For parsing in metrics_protection.go, use c.ClientIP() only (respects SetTrustedProxies) MEDIUM-003: Pin ClamAV Docker image to 1.4 across all compose files MEDIUM-004: Add clampLimit(100) to 15+ handlers that parsed limit directly MEDIUM-006: Remove unsafe-eval from CSP script-src on Swagger routes MEDIUM-007: Pin all GitHub Actions to SHA in 11 workflow files MEDIUM-008: Replace rabbitmq:3-management-alpine with rabbitmq:3-alpine in prod MEDIUM-009: Add trial-already-used check in subscription service MEDIUM-010: Add 60s periodic token re-validation to WebSocket connections MEDIUM-011: Mask email in auth handler logs with maskEmail() helper MEDIUM-012: Add k-anonymity threshold (k=5) to playback analytics stats LOW-001: Align frontend password policy to 12 chars (matching backend) LOW-003: Replace deprecated dotenv with dotenvy crate in Rust stream server LOW-004: Enable xpack.security in Elasticsearch dev/local compose files LOW-005: Accept context.Context in CleanupExpiredSessions instead of Background() LOW-002: Noted — Hyperswitch version update deferred (requires payment integration tests) 29/30 findings remediated. 1 noted (LOW-002). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-12 05:13:38 +00:00
limit = clampLimit(limit) // SECURITY(MEDIUM-004)
adding initial backend API (Go)
2025-12-03 19:29:37 +00:00
if page < 1 {
page = 1
}
if limit < 1 {
limit = 20
}
if limit > 100 {
limit = 100
}
comments, total, err := h.commentService.GetComments(c.Request.Context(), trackID, page, limit)
if err != nil {
[BE-API-013] be-api: Implement track comments endpoints - Added GET /tracks/:id/comments route (public) - Added POST /tracks/:id/comments route (protected) - Added DELETE /comments/:id route (protected) - Initialized CommentService and CommentHandler in setupTrackRoutes - Standardized API responses in comment handlers - Handlers use RespondSuccess and RespondWithAppError Phase: PHASE-2 Priority: P1 Progress: 22/267 (8.2%)
2025-12-24 10:19:05 +00:00
h.commonHandler.logger.Error("failed to get comments", zap.Error(err))
RespondWithAppError(c, apperrors.Wrap(apperrors.ErrCodeInternal, "Failed to get comments", err))
adding initial backend API (Go)
2025-12-03 19:29:37 +00:00
return
}
[INT-007] int: Standardize pagination format
2025-12-25 14:14:26 +00:00
// INT-007: Standardize pagination format
pagination := BuildPaginationData(page, limit, total)
[BE-API-013] be-api: Implement track comments endpoints - Added GET /tracks/:id/comments route (public) - Added POST /tracks/:id/comments route (protected) - Added DELETE /comments/:id route (protected) - Initialized CommentService and CommentHandler in setupTrackRoutes - Standardized API responses in comment handlers - Handlers use RespondSuccess and RespondWithAppError Phase: PHASE-2 Priority: P1 Progress: 22/267 (8.2%)
2025-12-24 10:19:05 +00:00
RespondSuccess(c, http.StatusOK, gin.H{
[INT-007] int: Standardize pagination format
2025-12-25 14:14:26 +00:00
"comments": comments,
"pagination": pagination,
adding initial backend API (Go)
2025-12-03 19:29:37 +00:00
})
}
// UpdateComment gère la mise à jour d'un commentaire
stabilisation commit A
2026-01-07 18:39:21 +00:00
// @Summary Update comment
// @Description Update a comment (only by owner)
// @Tags Comment
// @Accept json
// @Produce json
// @Security BearerAuth
// @Param id path string true "Comment ID (UUID)"
// @Param comment body handlers.UpdateCommentRequest true "Updated comment content"
// @Success 200 {object} handlers.APIResponse{data=object{comment=object}}
// @Failure 400 {object} handlers.APIResponse "Validation error"
// @Failure 401 {object} handlers.APIResponse "Unauthorized"
// @Failure 403 {object} handlers.APIResponse "Forbidden - can only edit own comments"
// @Failure 404 {object} handlers.APIResponse "Comment not found"
// @Failure 500 {object} handlers.APIResponse "Internal server error"
// @Router /comments/{id} [put]
adding initial backend API (Go)
2025-12-03 19:29:37 +00:00
func (h *CommentHandler) UpdateComment(c *gin.Context) {
stabilizing veza-backend-api: phase 1
2025-12-16 16:23:49 +00:00
userID, ok := GetUserIDUUID(c)
if !ok {
return // Erreur déjà envoyée par GetUserIDUUID
}
adding initial backend API (Go)
2025-12-03 19:29:37 +00:00
if userID == uuid.Nil {
v0.9.8 beta
2026-03-06 23:54:35 +00:00
RespondWithAppError(c, apperrors.NewUnauthorizedError("unauthorized"))
adding initial backend API (Go)
2025-12-03 19:29:37 +00:00
return
}
commentIDStr := c.Param("id")
if commentIDStr == "" {
v0.9.8 beta
2026-03-06 23:54:35 +00:00
RespondWithAppError(c, apperrors.NewValidationError("comment id is required"))
adding initial backend API (Go)
2025-12-03 19:29:37 +00:00
return
}
commentID, err := uuid.Parse(commentIDStr) // Changed to uuid.Parse
if err != nil {
v0.9.8 beta
2026-03-06 23:54:35 +00:00
RespondWithAppError(c, apperrors.NewValidationError("invalid comment id"))
adding initial backend API (Go)
2025-12-03 19:29:37 +00:00
return
}
var req UpdateCommentRequest
P0: stabilisation backend/chat/stream + nouvelle base migrations v1 Backend Go: - Remplacement complet des anciennes migrations par la base V1 alignée sur ORIGIN. - Durcissement global du parsing JSON (BindAndValidateJSON + RespondWithAppError). - Sécurisation de config.go, CORS, statuts de santé et monitoring. - Implémentation des transactions P0 (RBAC, duplication de playlists, social toggles). - Ajout d’un job worker structuré (emails, analytics, thumbnails) + tests associés. - Nouvelle doc backend : AUDIT_CONFIG, BACKEND_CONFIG, AUTH_PASSWORD_RESET, JOB_WORKER_*. Chat server (Rust): - Refonte du pipeline JWT + sécurité, audit et rate limiting avancé. - Implémentation complète du cycle de message (read receipts, delivered, edit/delete, typing). - Nettoyage des panics, gestion d’erreurs robuste, logs structurés. - Migrations chat alignées sur le schéma UUID et nouvelles features. Stream server (Rust): - Refonte du moteur de streaming (encoding pipeline + HLS) et des modules core. - Transactions P0 pour les jobs et segments, garanties d’atomicité. - Documentation détaillée de la pipeline (AUDIT_STREAM_*, DESIGN_STREAM_PIPELINE, TRANSACTIONS_P0_IMPLEMENTATION). Documentation & audits: - TRIAGE.md et AUDIT_STABILITY.md à jour avec l’état réel des 3 services. - Cartographie complète des migrations et des transactions (DB_MIGRATIONS_*, DB_TRANSACTION_PLAN, AUDIT_DB_TRANSACTIONS, TRANSACTION_TESTS_PHASE3). - Scripts de reset et de cleanup pour la lab DB et la V1. Ce commit fige l’ensemble du travail de stabilisation P0 (UUID, backend, chat et stream) avant les phases suivantes (Coherence Guardian, WS hardening, etc.).
2025-12-06 10:14:38 +00:00
if appErr := h.commonHandler.BindAndValidateJSON(c, &req); appErr != nil {
RespondWithAppError(c, appErr)
adding initial backend API (Go)
2025-12-03 19:29:37 +00:00
return
}
[BE-SEC-009] be-sec: Implement input sanitization - Created comprehensive sanitization utility functions - SanitizeInput, SanitizeText, SanitizeHTML, SanitizeURL, SanitizeEmail, SanitizeUsername - Applied sanitization to profile handler (username, bio, names, search) - Applied sanitization to social posts content - Applied sanitization to comment content - Applied sanitization to playlist titles and descriptions - All functions prevent XSS via HTML escaping and remove dangerous URL schemes - Removes control characters and limits input length to prevent DoS
2025-12-24 11:15:25 +00:00
// BE-SEC-009: Sanitize user inputs to prevent XSS and injection attacks
req.Content = utils.SanitizeText(req.Content, 5000)
adding initial backend API (Go)
2025-12-03 19:29:37 +00:00
comment, err := h.commentService.UpdateComment(c.Request.Context(), commentID, userID, req.Content)
if err != nil {
STABILISATION: phase 3–5 – API contract, tests & chat-server hardening
2025-12-06 16:21:59 +00:00
if errors.Is(err, services.ErrCommentNotFound) {
v0.9.8 beta
2026-03-06 23:54:35 +00:00
RespondWithAppError(c, apperrors.NewNotFoundError("comment"))
adding initial backend API (Go)
2025-12-03 19:29:37 +00:00
return
}
STABILISATION: phase 3–5 – API contract, tests & chat-server hardening
2025-12-06 16:21:59 +00:00
if errors.Is(err, services.ErrForbidden) {
v0.9.8 beta
2026-03-06 23:54:35 +00:00
RespondWithAppError(c, apperrors.NewForbiddenError("unauthorized: you can only edit your own comments"))
adding initial backend API (Go)
2025-12-03 19:29:37 +00:00
return
}
v0.9.8 beta
2026-03-06 23:54:35 +00:00
RespondWithAppError(c, apperrors.NewInternalErrorWrap("Failed to update comment", err))
adding initial backend API (Go)
2025-12-03 19:29:37 +00:00
return
}
v0.9.8 beta
2026-03-06 23:54:35 +00:00
RespondSuccess(c, http.StatusOK, gin.H{"comment": comment})
adding initial backend API (Go)
2025-12-03 19:29:37 +00:00
}
// DeleteComment gère la suppression d'un commentaire
[INT-010] int: Add API documentation (OpenAPI/Swagger)
2025-12-25 14:23:19 +00:00
// @Summary Delete comment
// @Description Delete a comment (only by owner or admin)
// @Tags Comment
// @Accept json
// @Produce json
// @Security BearerAuth
// @Param id path string true "Track ID"
// @Param comment_id path string true "Comment ID"
// @Success 200 {object} handlers.APIResponse{data=object{message=string}}
// @Failure 400 {object} handlers.APIResponse "Validation error"
// @Failure 401 {object} handlers.APIResponse "Unauthorized"
// @Failure 403 {object} handlers.APIResponse "Forbidden - not comment owner"
// @Failure 404 {object} handlers.APIResponse "Comment not found"
// @Router /tracks/{id}/comments/{comment_id} [delete]
adding initial backend API (Go)
2025-12-03 19:29:37 +00:00
func (h *CommentHandler) DeleteComment(c *gin.Context) {
stabilizing veza-backend-api: phase 1
2025-12-16 16:23:49 +00:00
userID, ok := GetUserIDUUID(c)
if !ok {
return // Erreur déjà envoyée par GetUserIDUUID
}
adding initial backend API (Go)
2025-12-03 19:29:37 +00:00
if userID == uuid.Nil {
[BE-API-013] be-api: Implement track comments endpoints - Added GET /tracks/:id/comments route (public) - Added POST /tracks/:id/comments route (protected) - Added DELETE /comments/:id route (protected) - Initialized CommentService and CommentHandler in setupTrackRoutes - Standardized API responses in comment handlers - Handlers use RespondSuccess and RespondWithAppError Phase: PHASE-2 Priority: P1 Progress: 22/267 (8.2%)
2025-12-24 10:19:05 +00:00
RespondWithAppError(c, apperrors.NewUnauthorizedError("unauthorized"))
adding initial backend API (Go)
2025-12-03 19:29:37 +00:00
return
}
commentIDStr := c.Param("id")
if commentIDStr == "" {
[BE-API-013] be-api: Implement track comments endpoints - Added GET /tracks/:id/comments route (public) - Added POST /tracks/:id/comments route (protected) - Added DELETE /comments/:id route (protected) - Initialized CommentService and CommentHandler in setupTrackRoutes - Standardized API responses in comment handlers - Handlers use RespondSuccess and RespondWithAppError Phase: PHASE-2 Priority: P1 Progress: 22/267 (8.2%)
2025-12-24 10:19:05 +00:00
RespondWithAppError(c, apperrors.NewValidationError("comment id is required"))
adding initial backend API (Go)
2025-12-03 19:29:37 +00:00
return
}
commentID, err := uuid.Parse(commentIDStr) // Changed to uuid.Parse
if err != nil {
[BE-API-013] be-api: Implement track comments endpoints - Added GET /tracks/:id/comments route (public) - Added POST /tracks/:id/comments route (protected) - Added DELETE /comments/:id route (protected) - Initialized CommentService and CommentHandler in setupTrackRoutes - Standardized API responses in comment handlers - Handlers use RespondSuccess and RespondWithAppError Phase: PHASE-2 Priority: P1 Progress: 22/267 (8.2%)
2025-12-24 10:19:05 +00:00
RespondWithAppError(c, apperrors.NewValidationError("invalid comment id"))
adding initial backend API (Go)
2025-12-03 19:29:37 +00:00
return
}
err = h.commentService.DeleteComment(c.Request.Context(), commentID, userID, false) // Added false for isAdmin
if err != nil {
STABILISATION: phase 3–5 – API contract, tests & chat-server hardening
2025-12-06 16:21:59 +00:00
if errors.Is(err, services.ErrCommentNotFound) {
[BE-API-013] be-api: Implement track comments endpoints - Added GET /tracks/:id/comments route (public) - Added POST /tracks/:id/comments route (protected) - Added DELETE /comments/:id route (protected) - Initialized CommentService and CommentHandler in setupTrackRoutes - Standardized API responses in comment handlers - Handlers use RespondSuccess and RespondWithAppError Phase: PHASE-2 Priority: P1 Progress: 22/267 (8.2%)
2025-12-24 10:19:05 +00:00
RespondWithAppError(c, apperrors.NewNotFoundError("comment"))
adding initial backend API (Go)
2025-12-03 19:29:37 +00:00
return
}
STABILISATION: phase 3–5 – API contract, tests & chat-server hardening
2025-12-06 16:21:59 +00:00
if errors.Is(err, services.ErrForbidden) {
[BE-API-013] be-api: Implement track comments endpoints - Added GET /tracks/:id/comments route (public) - Added POST /tracks/:id/comments route (protected) - Added DELETE /comments/:id route (protected) - Initialized CommentService and CommentHandler in setupTrackRoutes - Standardized API responses in comment handlers - Handlers use RespondSuccess and RespondWithAppError Phase: PHASE-2 Priority: P1 Progress: 22/267 (8.2%)
2025-12-24 10:19:05 +00:00
RespondWithAppError(c, apperrors.NewForbiddenError("you can only delete your own comments"))
adding initial backend API (Go)
2025-12-03 19:29:37 +00:00
return
}
[BE-API-013] be-api: Implement track comments endpoints - Added GET /tracks/:id/comments route (public) - Added POST /tracks/:id/comments route (protected) - Added DELETE /comments/:id route (protected) - Initialized CommentService and CommentHandler in setupTrackRoutes - Standardized API responses in comment handlers - Handlers use RespondSuccess and RespondWithAppError Phase: PHASE-2 Priority: P1 Progress: 22/267 (8.2%)
2025-12-24 10:19:05 +00:00
h.commonHandler.logger.Error("failed to delete comment", zap.Error(err))
RespondWithAppError(c, apperrors.Wrap(apperrors.ErrCodeInternal, "Failed to delete comment", err))
adding initial backend API (Go)
2025-12-03 19:29:37 +00:00
return
}
[BE-API-013] be-api: Implement track comments endpoints - Added GET /tracks/:id/comments route (public) - Added POST /tracks/:id/comments route (protected) - Added DELETE /comments/:id route (protected) - Initialized CommentService and CommentHandler in setupTrackRoutes - Standardized API responses in comment handlers - Handlers use RespondSuccess and RespondWithAppError Phase: PHASE-2 Priority: P1 Progress: 22/267 (8.2%)
2025-12-24 10:19:05 +00:00
RespondSuccess(c, http.StatusOK, gin.H{"message": "Comment deleted successfully"})
adding initial backend API (Go)
2025-12-03 19:29:37 +00:00
}
// GetReplies gère la récupération des réponses d'un commentaire
stabilisation commit A
2026-01-07 18:39:21 +00:00
// @Summary Get comment replies
// @Description Get paginated list of replies to a comment
// @Tags Comment
// @Accept json
// @Produce json
// @Param id path string true "Parent Comment ID (UUID)"
// @Param page query int false "Page number" default(1) minimum(1)
// @Param limit query int false "Items per page" default(20) minimum(1) maximum(100)
// @Success 200 {object} handlers.APIResponse{data=object{replies=array,pagination=object}}
// @Failure 400 {object} handlers.APIResponse "Validation error"
// @Failure 404 {object} handlers.APIResponse "Parent comment not found"
// @Failure 500 {object} handlers.APIResponse "Internal server error"
// @Router /comments/{id}/replies [get]
adding initial backend API (Go)
2025-12-03 19:29:37 +00:00
func (h *CommentHandler) GetReplies(c *gin.Context) {
parentIDStr := c.Param("id")
if parentIDStr == "" {
v0.9.8 beta
2026-03-06 23:54:35 +00:00
RespondWithAppError(c, apperrors.NewValidationError("parent comment id is required"))
adding initial backend API (Go)
2025-12-03 19:29:37 +00:00
return
}
parentID, err := uuid.Parse(parentIDStr) // Changed to uuid.Parse
if err != nil {
v0.9.8 beta
2026-03-06 23:54:35 +00:00
RespondWithAppError(c, apperrors.NewValidationError("invalid parent comment id"))
adding initial backend API (Go)
2025-12-03 19:29:37 +00:00
return
}
page, _ := strconv.Atoi(c.DefaultQuery("page", "1"))
limit, _ := strconv.Atoi(c.DefaultQuery("limit", "20"))
fix(v0.12.6.1): remediate remaining 15 MEDIUM + LOW pentest findings MEDIUM-002: Remove manual X-Forwarded-For parsing in metrics_protection.go, use c.ClientIP() only (respects SetTrustedProxies) MEDIUM-003: Pin ClamAV Docker image to 1.4 across all compose files MEDIUM-004: Add clampLimit(100) to 15+ handlers that parsed limit directly MEDIUM-006: Remove unsafe-eval from CSP script-src on Swagger routes MEDIUM-007: Pin all GitHub Actions to SHA in 11 workflow files MEDIUM-008: Replace rabbitmq:3-management-alpine with rabbitmq:3-alpine in prod MEDIUM-009: Add trial-already-used check in subscription service MEDIUM-010: Add 60s periodic token re-validation to WebSocket connections MEDIUM-011: Mask email in auth handler logs with maskEmail() helper MEDIUM-012: Add k-anonymity threshold (k=5) to playback analytics stats LOW-001: Align frontend password policy to 12 chars (matching backend) LOW-003: Replace deprecated dotenv with dotenvy crate in Rust stream server LOW-004: Enable xpack.security in Elasticsearch dev/local compose files LOW-005: Accept context.Context in CleanupExpiredSessions instead of Background() LOW-002: Noted — Hyperswitch version update deferred (requires payment integration tests) 29/30 findings remediated. 1 noted (LOW-002). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-12 05:13:38 +00:00
limit = clampLimit(limit) // SECURITY(MEDIUM-004)
adding initial backend API (Go)
2025-12-03 19:29:37 +00:00
if page < 1 {
page = 1
}
if limit < 1 {
limit = 20
}
if limit > 100 {
limit = 100
}
replies, total, err := h.commentService.GetReplies(c.Request.Context(), parentID, page, limit)
if err != nil {
STABILISATION: phase 3–5 – API contract, tests & chat-server hardening
2025-12-06 16:21:59 +00:00
if errors.Is(err, services.ErrParentCommentNotFound) {
v0.9.8 beta
2026-03-06 23:54:35 +00:00
RespondWithAppError(c, apperrors.NewNotFoundError("parent comment"))
adding initial backend API (Go)
2025-12-03 19:29:37 +00:00
return
}
v0.9.8 beta
2026-03-06 23:54:35 +00:00
RespondWithAppError(c, apperrors.NewInternalErrorWrap("Failed to get replies", err))
adding initial backend API (Go)
2025-12-03 19:29:37 +00:00
return
}
v0.9.8 beta
2026-03-06 23:54:35 +00:00
RespondSuccess(c, http.StatusOK, gin.H{
adding initial backend API (Go)
2025-12-03 19:29:37 +00:00
"replies": replies,
"total": total,
"page": page,
"limit": limit,
})
}
Reference in a new issue Copy permalink