From 1101fabc4ddcf79e7859ec6ca720f8af54482c81 Mon Sep 17 00:00:00 2001 From: JustHiro55 Date: Sat, 30 Nov 2024 18:47:32 +0900 Subject: [PATCH 1/5] fix: hide database error messages in API responses --- app/infrastructure/userinfo.go | 3 ++- app/interfaces/handler/userinfo.go | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/app/infrastructure/userinfo.go b/app/infrastructure/userinfo.go index 2e8cde0..2697467 100644 --- a/app/infrastructure/userinfo.go +++ b/app/infrastructure/userinfo.go @@ -5,6 +5,7 @@ import ( "backend/app/domain/repository" "github.com/jmoiron/sqlx" + "github.com/pkg/errors" ) type userinfoRepositoryImpl struct { @@ -28,7 +29,7 @@ func (ur *userinfoRepositoryImpl) SelectUserinfoByUserID(userID string) (*entity "WHERE UP.user_id = ? LIMIT 1;", userID) if err != nil { - return nil, err + return nil, errors.New("failed to retrieve user profile") } } diff --git a/app/interfaces/handler/userinfo.go b/app/interfaces/handler/userinfo.go index 0d5afd8..b3952a4 100644 --- a/app/interfaces/handler/userinfo.go +++ b/app/interfaces/handler/userinfo.go @@ -31,7 +31,7 @@ func (h *UserinfoHandler) GetUserinfo(w http.ResponseWriter, r *http.Request) { userinfo, works, err := h.userinfoUseCase.GetUserinfo(userID) if err != nil { log.Println(err) - _ = response.ReturnErrorResponse(w, http.StatusBadRequest, err.Error()) + http.Error(w, "Failed to fetch user information", http.StatusInternalServerError) return } From 0488b5f1ed4d6e783d33b7ccfd6d15ee00ba289c Mon Sep 17 00:00:00 2001 From: JustHiro55 Date: Mon, 2 Dec 2024 15:50:40 +0900 Subject: [PATCH 2/5] fix: prevent exposure of database error messages in GET work response --- app/usecase/work.go | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/app/usecase/work.go b/app/usecase/work.go index 92aa263..7f94933 100644 --- a/app/usecase/work.go +++ b/app/usecase/work.go @@ -3,6 +3,7 @@ package usecase import ( "backend/app/domain/entity" "backend/app/domain/repository" + "errors" ) type WorkUseCase struct { @@ -75,12 +76,12 @@ func (w *WorkUseCase) ReadWorks(numberOfWorks uint, tag string) (*[]*entity.Read func (w *WorkUseCase) ReadWork(workID string) (*entity.ReadWork, *entity.User, error) { work, err := w.workRepository.SelectWork(workID) if err != nil { - return nil, nil, err + return nil, nil, errors.New("failed to retrieve work") } user, err := w.workRepository.SelectWorkUser(work.UserId) if err != nil { - return nil, nil, err + return nil, nil, errors.New("failed to retrieve work user") } return work, user, nil From bdf88c2e876e1d89f1eac6ae399e4994e0300b36 Mon Sep 17 00:00:00 2001 From: JustHiro55 Date: Mon, 2 Dec 2024 15:52:19 +0900 Subject: [PATCH 3/5] fix: prevent exposure of database error messages in GET works response --- app/usecase/work.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/app/usecase/work.go b/app/usecase/work.go index 7f94933..ca3cf4b 100644 --- a/app/usecase/work.go +++ b/app/usecase/work.go @@ -59,14 +59,14 @@ func (w *WorkUseCase) ReadWorks(numberOfWorks uint, tag string) (*[]*entity.Read if len(tag) == 0 { works, err := w.workRepository.SelectWorks(numberOfWorks) if err != nil { - return &[]*entity.ReadWorksList{}, err + return &[]*entity.ReadWorksList{}, errors.New("failed to retrieve works") } return works, nil } else { works, err := w.workRepository.SelectWorksByTag(numberOfWorks, tag) if err != nil { - return &[]*entity.ReadWorksList{}, err + return &[]*entity.ReadWorksList{}, errors.New("failed to retrieve works by tag") } return works, nil From 7772a2939b1dec438e140876298e4bb8ef9ab474 Mon Sep 17 00:00:00 2001 From: JustHiro55 Date: Mon, 2 Dec 2024 16:00:05 +0900 Subject: [PATCH 4/5] feat: prevent direct exposure of DB error messages for group, skill, and sns --- app/infrastructure/userinfo.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/app/infrastructure/userinfo.go b/app/infrastructure/userinfo.go index 2697467..4abe0fe 100644 --- a/app/infrastructure/userinfo.go +++ b/app/infrastructure/userinfo.go @@ -45,7 +45,7 @@ func (ur *userinfoRepositoryImpl) SelectUserinfoByUserID(userID string) (*entity "WHERE user_id = ?;", userID) if err != nil { - return nil, err + return nil, errors.New("failed to retrieve joined groups") } } @@ -57,7 +57,7 @@ func (ur *userinfoRepositoryImpl) SelectUserinfoByUserID(userID string) (*entity "SELECT skill_name, user_id FROM skills WHERE user_id = ?;", userID) if err != nil { - return nil, err + return nil, errors.New("failed to retrieve skills") } } @@ -69,7 +69,7 @@ func (ur *userinfoRepositoryImpl) SelectUserinfoByUserID(userID string) (*entity "SELECT user_id, sns FROM sns WHERE user_id = ?;", userID) if err != nil { - return nil, err + return nil, errors.New("failed to retrieve sns") } } From a94b7cf232845ea25d622a685015a5f46983279a Mon Sep 17 00:00:00 2001 From: JustHiro55 Date: Mon, 2 Dec 2024 17:09:21 +0900 Subject: [PATCH 5/5] fix: rename text column to content in comment table migration file --- db/migration/sql/20240701062632_create_comments_table.up.sql | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/db/migration/sql/20240701062632_create_comments_table.up.sql b/db/migration/sql/20240701062632_create_comments_table.up.sql index 5f821dd..5977b69 100644 --- a/db/migration/sql/20240701062632_create_comments_table.up.sql +++ b/db/migration/sql/20240701062632_create_comments_table.up.sql @@ -2,8 +2,9 @@ CREATE TABLE `comment` ( `id` varchar(64) COLLATE utf8mb4_unicode_ci NOT NULL COMMENT 'コメントID', `user_id` varchar(255) COLLATE utf8mb4_unicode_ci NOT NULL COMMENT 'ユーザーID', `works_id` varchar(255) COLLATE utf8mb4_unicode_ci NOT NULL COMMENT '作品ID', - `text` varchar(255) COLLATE utf8mb4_unicode_ci NOT NULL COMMENT '本文', + `content` varchar(255) COLLATE utf8mb4_unicode_ci NOT NULL COMMENT '本文', `created_at` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP COMMENT '作成日時', `updated_at` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP COMMENT '更新日時', - PRIMARY KEY (`id`) + PRIMARY KEY (`id`), + CONSTRAINT `fk_comment_works` FOREIGN KEY (`works_id`) REFERENCES `works` (`id`) ON DELETE CASCADE ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;