pahmiudahgede
/
MIF_E31222379_BE
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: fixing not authorized user akses

This commit is contained in:
pahmiudahgede 2025-02-08 01:41:17 +07:00
parent 6609734867
commit 26cbe82891
2 changed files with 41 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
internal/handler/address_handler.go
View File

@ -46,9 +46,10 @@ func (h *AddressHandler) GetAddressByUserID(c *fiber.Ctx) error {
} }
func (h *AddressHandler) GetAddressByID(c *fiber.Ctx) error { func (h *AddressHandler) GetAddressByID(c *fiber.Ctx) error {
userID := c.Locals("userID").(string)
addressID := c.Params("address_id") addressID := c.Params("address_id")
address, err := h.AddressService.GetAddressByID(addressID) address, err := h.AddressService.GetAddressByID(userID, addressID)
if err != nil { if err != nil {
return utils.GenericErrorResponse(c, fiber.StatusNotFound, err.Error()) return utils.GenericErrorResponse(c, fiber.StatusNotFound, err.Error())
} }
@ -57,6 +58,7 @@ func (h *AddressHandler) GetAddressByID(c *fiber.Ctx) error {
} }
func (h *AddressHandler) UpdateAddress(c *fiber.Ctx) error { func (h *AddressHandler) UpdateAddress(c *fiber.Ctx) error {
userID := c.Locals("userID").(string)
addressID := c.Params("address_id") addressID := c.Params("address_id")
var addressDTO dto.CreateAddressDTO var addressDTO dto.CreateAddressDTO
@ -69,7 +71,7 @@ func (h *AddressHandler) UpdateAddress(c *fiber.Ctx) error {
return utils.ValidationErrorResponse(c, errors) return utils.ValidationErrorResponse(c, errors)
} }
updatedAddress, err := h.AddressService.UpdateAddress(addressID, addressDTO) updatedAddress, err := h.AddressService.UpdateAddress(userID, addressID, addressDTO)
if err != nil { if err != nil {
return utils.GenericErrorResponse(c, fiber.StatusNotFound, err.Error()) return utils.GenericErrorResponse(c, fiber.StatusNotFound, err.Error())
} }
@ -78,12 +80,13 @@ func (h *AddressHandler) UpdateAddress(c *fiber.Ctx) error {
} }
func (h *AddressHandler) DeleteAddress(c *fiber.Ctx) error { func (h *AddressHandler) DeleteAddress(c *fiber.Ctx) error {
id := c.Params("address_id") userID := c.Locals("userID").(string)
addressID := c.Params("address_id")
err := h.AddressService.DeleteAddress(id) err := h.AddressService.DeleteAddress(userID, addressID)
if err != nil { if err != nil {
return utils.GenericErrorResponse(c, fiber.StatusNotFound, err.Error()) return utils.GenericErrorResponse(c, fiber.StatusForbidden, err.Error())
} }
return utils.GenericErrorResponse(c, fiber.StatusOK, "Address deleted successfully") return utils.SuccessResponse(c, nil, "Address deleted successfully")
} }

52
internal/services/address_service.go
View File

@ -13,9 +13,9 @@ import (
type AddressService interface { type AddressService interface {
CreateAddress(userID string, request dto.CreateAddressDTO) (*dto.AddressResponseDTO, error) CreateAddress(userID string, request dto.CreateAddressDTO) (*dto.AddressResponseDTO, error)
GetAddressByUserID(userID string) ([]dto.AddressResponseDTO, error) GetAddressByUserID(userID string) ([]dto.AddressResponseDTO, error)
GetAddressByID(id string) (*dto.AddressResponseDTO, error) GetAddressByID(userID, id string) (*dto.AddressResponseDTO, error)
UpdateAddress(id string, addressDTO dto.CreateAddressDTO) (*dto.AddressResponseDTO, error) UpdateAddress(userID, id string, addressDTO dto.CreateAddressDTO) (*dto.AddressResponseDTO, error)
DeleteAddress(id string) error DeleteAddress(userID, id string) error
} }
type addressService struct { type addressService struct {
@ -198,7 +198,16 @@ func (s *addressService) GetAddressByUserID(userID string) ([]dto.AddressRespons
return addressDTOs, nil return addressDTOs, nil
} }
func (s *addressService) GetAddressByID(id string) (*dto.AddressResponseDTO, error) { func (s *addressService) GetAddressByID(userID, id string) (*dto.AddressResponseDTO, error) {
address, err := s.AddressRepo.FindAddressByID(id)
if err != nil {
return nil, fmt.Errorf("address not found: %v", err)
}
if address.UserID != userID {
return nil, fmt.Errorf("you are not authorized to update this address")
}
cacheKey := fmt.Sprintf("address:%s", id) cacheKey := fmt.Sprintf("address:%s", id)
cachedData, err := utils.GetJSONData(cacheKey) cachedData, err := utils.GetJSONData(cacheKey)
if err == nil && cachedData != nil { if err == nil && cachedData != nil {
@ -221,11 +230,6 @@ func (s *addressService) GetAddressByID(id string) (*dto.AddressResponseDTO, err
} }
} }
address, err := s.AddressRepo.FindAddressByID(id)
if err != nil {
return nil, fmt.Errorf("failed to fetch address: %v", err)
}
createdAt, _ := utils.FormatDateToIndonesianFormat(address.CreatedAt) createdAt, _ := utils.FormatDateToIndonesianFormat(address.CreatedAt)
updatedAt, _ := utils.FormatDateToIndonesianFormat(address.UpdatedAt) updatedAt, _ := utils.FormatDateToIndonesianFormat(address.UpdatedAt)
@ -254,7 +258,16 @@ func (s *addressService) GetAddressByID(id string) (*dto.AddressResponseDTO, err
return addressDTO, nil return addressDTO, nil
} }
func (s *addressService) UpdateAddress(id string, addressDTO dto.CreateAddressDTO) (*dto.AddressResponseDTO, error) { func (s *addressService) UpdateAddress(userID, id string, addressDTO dto.CreateAddressDTO) (*dto.AddressResponseDTO, error) {
address, err := s.AddressRepo.FindAddressByID(id)
if err != nil {
return nil, fmt.Errorf("address not found: %v", err)
}
if address.UserID != userID {
return nil, fmt.Errorf("you are not authorized to update this address")
}
province, _, err := s.WilayahRepo.FindProvinceByID(addressDTO.Province, 0, 0) province, _, err := s.WilayahRepo.FindProvinceByID(addressDTO.Province, 0, 0)
if err != nil { if err != nil {
@ -276,11 +289,6 @@ func (s *addressService) UpdateAddress(id string, addressDTO dto.CreateAddressDT
return nil, fmt.Errorf("invalid village_id") return nil, fmt.Errorf("invalid village_id")
} }
address, err := s.AddressRepo.FindAddressByID(id)
if err != nil {
return nil, fmt.Errorf("address not found: %v", err)
}
address.Province = province.Name address.Province = province.Name
address.Regency = regency.Name address.Regency = regency.Name
address.District = district.Name address.District = district.Name
@ -298,7 +306,7 @@ func (s *addressService) UpdateAddress(id string, addressDTO dto.CreateAddressDT
addressCacheKey := fmt.Sprintf("address:%s", id) addressCacheKey := fmt.Sprintf("address:%s", id)
utils.DeleteData(addressCacheKey) utils.DeleteData(addressCacheKey)
userAddressesCacheKey := fmt.Sprintf("user:%s:addresses", address.UserID) userAddressesCacheKey := fmt.Sprintf("user:%s:addresses", userID)
utils.DeleteData(userAddressesCacheKey) utils.DeleteData(userAddressesCacheKey)
createdAt, _ := utils.FormatDateToIndonesianFormat(address.CreatedAt) createdAt, _ := utils.FormatDateToIndonesianFormat(address.CreatedAt)
@ -362,19 +370,23 @@ func (s *addressService) UpdateAddress(id string, addressDTO dto.CreateAddressDT
return addressResponseDTO, nil return addressResponseDTO, nil
} }
func (s *addressService) DeleteAddress(id string) error { func (s *addressService) DeleteAddress(userID, addressID string) error {
address, err := s.AddressRepo.FindAddressByID(id) address, err := s.AddressRepo.FindAddressByID(addressID)
if err != nil { if err != nil {
return fmt.Errorf("address not found: %v", err) return fmt.Errorf("address not found: %v", err)
} }
err = s.AddressRepo.DeleteAddress(id) if address.UserID != userID {
return fmt.Errorf("you are not authorized to delete this address")
}
err = s.AddressRepo.DeleteAddress(addressID)
if err != nil { if err != nil {
return fmt.Errorf("failed to delete address: %v", err) return fmt.Errorf("failed to delete address: %v", err)
} }
addressCacheKey := fmt.Sprintf("address:%s", id) addressCacheKey := fmt.Sprintf("address:%s", addressID)
err = utils.DeleteData(addressCacheKey) err = utils.DeleteData(addressCacheKey)
if err != nil { if err != nil {
fmt.Printf("Error deleting address cache: %v\n", err) fmt.Printf("Error deleting address cache: %v\n", err)