diff --git a/internal/handler/address_handler.go b/internal/handler/address_handler.go index 143896e..c197128 100644 --- a/internal/handler/address_handler.go +++ b/internal/handler/address_handler.go @@ -46,9 +46,10 @@ func (h *AddressHandler) GetAddressByUserID(c *fiber.Ctx) error { } func (h *AddressHandler) GetAddressByID(c *fiber.Ctx) error { + userID := c.Locals("userID").(string) addressID := c.Params("address_id") - address, err := h.AddressService.GetAddressByID(addressID) + address, err := h.AddressService.GetAddressByID(userID, addressID) if err != nil { return utils.GenericErrorResponse(c, fiber.StatusNotFound, err.Error()) } @@ -57,6 +58,7 @@ func (h *AddressHandler) GetAddressByID(c *fiber.Ctx) error { } func (h *AddressHandler) UpdateAddress(c *fiber.Ctx) error { + userID := c.Locals("userID").(string) addressID := c.Params("address_id") var addressDTO dto.CreateAddressDTO @@ -69,7 +71,7 @@ func (h *AddressHandler) UpdateAddress(c *fiber.Ctx) error { return utils.ValidationErrorResponse(c, errors) } - updatedAddress, err := h.AddressService.UpdateAddress(addressID, addressDTO) + updatedAddress, err := h.AddressService.UpdateAddress(userID, addressID, addressDTO) if err != nil { return utils.GenericErrorResponse(c, fiber.StatusNotFound, err.Error()) } @@ -78,12 +80,13 @@ func (h *AddressHandler) UpdateAddress(c *fiber.Ctx) error { } func (h *AddressHandler) DeleteAddress(c *fiber.Ctx) error { - id := c.Params("address_id") + userID := c.Locals("userID").(string) + addressID := c.Params("address_id") - err := h.AddressService.DeleteAddress(id) + err := h.AddressService.DeleteAddress(userID, addressID) if err != nil { - return utils.GenericErrorResponse(c, fiber.StatusNotFound, err.Error()) + return utils.GenericErrorResponse(c, fiber.StatusForbidden, err.Error()) } - return utils.GenericErrorResponse(c, fiber.StatusOK, "Address deleted successfully") + return utils.SuccessResponse(c, nil, "Address deleted successfully") } diff --git a/internal/services/address_service.go b/internal/services/address_service.go index 2297b43..7e3f22f 100644 --- a/internal/services/address_service.go +++ b/internal/services/address_service.go @@ -13,9 +13,9 @@ import ( type AddressService interface { CreateAddress(userID string, request dto.CreateAddressDTO) (*dto.AddressResponseDTO, error) GetAddressByUserID(userID string) ([]dto.AddressResponseDTO, error) - GetAddressByID(id string) (*dto.AddressResponseDTO, error) - UpdateAddress(id string, addressDTO dto.CreateAddressDTO) (*dto.AddressResponseDTO, error) - DeleteAddress(id string) error + GetAddressByID(userID, id string) (*dto.AddressResponseDTO, error) + UpdateAddress(userID, id string, addressDTO dto.CreateAddressDTO) (*dto.AddressResponseDTO, error) + DeleteAddress(userID, id string) error } type addressService struct { @@ -198,7 +198,16 @@ func (s *addressService) GetAddressByUserID(userID string) ([]dto.AddressRespons return addressDTOs, nil } -func (s *addressService) GetAddressByID(id string) (*dto.AddressResponseDTO, error) { +func (s *addressService) GetAddressByID(userID, id string) (*dto.AddressResponseDTO, error) { + address, err := s.AddressRepo.FindAddressByID(id) + if err != nil { + return nil, fmt.Errorf("address not found: %v", err) + } + + if address.UserID != userID { + return nil, fmt.Errorf("you are not authorized to update this address") + } + cacheKey := fmt.Sprintf("address:%s", id) cachedData, err := utils.GetJSONData(cacheKey) if err == nil && cachedData != nil { @@ -221,11 +230,6 @@ func (s *addressService) GetAddressByID(id string) (*dto.AddressResponseDTO, err } } - address, err := s.AddressRepo.FindAddressByID(id) - if err != nil { - return nil, fmt.Errorf("failed to fetch address: %v", err) - } - createdAt, _ := utils.FormatDateToIndonesianFormat(address.CreatedAt) updatedAt, _ := utils.FormatDateToIndonesianFormat(address.UpdatedAt) @@ -254,7 +258,16 @@ func (s *addressService) GetAddressByID(id string) (*dto.AddressResponseDTO, err return addressDTO, nil } -func (s *addressService) UpdateAddress(id string, addressDTO dto.CreateAddressDTO) (*dto.AddressResponseDTO, error) { +func (s *addressService) UpdateAddress(userID, id string, addressDTO dto.CreateAddressDTO) (*dto.AddressResponseDTO, error) { + + address, err := s.AddressRepo.FindAddressByID(id) + if err != nil { + return nil, fmt.Errorf("address not found: %v", err) + } + + if address.UserID != userID { + return nil, fmt.Errorf("you are not authorized to update this address") + } province, _, err := s.WilayahRepo.FindProvinceByID(addressDTO.Province, 0, 0) if err != nil { @@ -276,11 +289,6 @@ func (s *addressService) UpdateAddress(id string, addressDTO dto.CreateAddressDT return nil, fmt.Errorf("invalid village_id") } - address, err := s.AddressRepo.FindAddressByID(id) - if err != nil { - return nil, fmt.Errorf("address not found: %v", err) - } - address.Province = province.Name address.Regency = regency.Name address.District = district.Name @@ -298,7 +306,7 @@ func (s *addressService) UpdateAddress(id string, addressDTO dto.CreateAddressDT addressCacheKey := fmt.Sprintf("address:%s", id) utils.DeleteData(addressCacheKey) - userAddressesCacheKey := fmt.Sprintf("user:%s:addresses", address.UserID) + userAddressesCacheKey := fmt.Sprintf("user:%s:addresses", userID) utils.DeleteData(userAddressesCacheKey) createdAt, _ := utils.FormatDateToIndonesianFormat(address.CreatedAt) @@ -362,19 +370,23 @@ func (s *addressService) UpdateAddress(id string, addressDTO dto.CreateAddressDT return addressResponseDTO, nil } -func (s *addressService) DeleteAddress(id string) error { +func (s *addressService) DeleteAddress(userID, addressID string) error { - address, err := s.AddressRepo.FindAddressByID(id) + address, err := s.AddressRepo.FindAddressByID(addressID) if err != nil { return fmt.Errorf("address not found: %v", err) } - err = s.AddressRepo.DeleteAddress(id) + if address.UserID != userID { + return fmt.Errorf("you are not authorized to delete this address") + } + + err = s.AddressRepo.DeleteAddress(addressID) if err != nil { return fmt.Errorf("failed to delete address: %v", err) } - addressCacheKey := fmt.Sprintf("address:%s", id) + addressCacheKey := fmt.Sprintf("address:%s", addressID) err = utils.DeleteData(addressCacheKey) if err != nil { fmt.Printf("Error deleting address cache: %v\n", err)