error

handlers/auth_handler.go

@@ -11,6 +11,7 @@ import (
 	"otpm/services"
 
 	"github.com/golang-jwt/jwt"
+	"github.com/julienschmidt/httprouter"
 )
 
 // AuthHandler handles authentication related requests
@@ -27,7 +28,7 @@ func NewAuthHandler(authService *services.AuthService) *AuthHandler {
 
 // LoginRequest represents a login request
 type LoginRequest struct {
-	Code string `json:"code"`
+	Code string `json:"code" validate:"required,min=32,max=128"`
 }
 
 // LoginResponse represents a login response
@@ -36,14 +37,19 @@ type LoginResponse struct {
 	OpenID string `json:"openid"`
 }
 
+// TokenRequest represents a token verification request
+type TokenRequest struct {
+	Token string `validate:"required,min=32"`
+}
+
 // Login handles WeChat login
-func (h *AuthHandler) Login(w http.ResponseWriter, r *http.Request) {
+func (h *AuthHandler) Login(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
 	start := time.Now()
 
 	// Limit request body size to prevent DOS
 	r.Body = http.MaxBytesReader(w, r.Body, 1024) // 1KB max for login request
 
-	// Parse request
+	// Parse and validate request
 	var req LoginRequest
 	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
 		api.NewResponseWriter(w).WriteErrorWithCode(api.CodeInvalidParams,
@@ -52,11 +58,11 @@ func (h *AuthHandler) Login(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	// Validate request
-	if req.Code == "" {
+	// Validate using validator
+	if err := api.Validate.Struct(req); err != nil {
 		api.NewResponseWriter(w).WriteErrorWithCode(api.CodeInvalidParams,
-			"Code is required")
-		log.Printf("Login request validation failed: empty code")
+			fmt.Sprintf("Invalid request parameters: %v", err))
+		log.Printf("Login request validation failed: %v", err)
 		return
 	}
 
@@ -79,7 +85,7 @@ func (h *AuthHandler) Login(w http.ResponseWriter, r *http.Request) {
 }
 
 // VerifyToken handles token verification
-func (h *AuthHandler) VerifyToken(w http.ResponseWriter, r *http.Request) {
+func (h *AuthHandler) VerifyToken(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
 	start := time.Now()
 
 	// Get token from Authorization header
@@ -100,10 +106,13 @@ func (h *AuthHandler) VerifyToken(w http.ResponseWriter, r *http.Request) {
 	}
 
 	token := authHeader[7:]
-	if len(token) < 32 { // Basic length check
+
+	// Validate token using validator
+	tokenReq := TokenRequest{Token: token}
+	if err := api.Validate.Struct(tokenReq); err != nil {
 		api.NewResponseWriter(w).WriteErrorWithCode(api.CodeInvalidParams,
-			"Invalid token length")
-		log.Printf("Token verification failed: token too short")
+			"Invalid token format")
+		log.Printf("Token verification failed: %v", err)
 		return
 	}
 
@@ -139,9 +148,9 @@ func maskToken(token string) string {
 }
 
 // Routes returns all routes for the auth handler
-func (h *AuthHandler) Routes() map[string]http.HandlerFunc {
-	return map[string]http.HandlerFunc{
-		"/login":        h.Login,
-		"/verify-token": h.VerifyToken,
+func (h *AuthHandler) Routes() map[string]httprouter.Handle {
+	return map[string]httprouter.Handle{
+		"/api/login":        h.Login,
+		"/api/verify-token": h.VerifyToken,
 	}
 }