refactor: update OrderSummaryListResponse to return ListResponseDTO directly and improve unauthorized access handling in order handler

gustaavik · gustaavik · commit 869520c762bc · 2025-06-25T13:36:53.000+02:00
diff --git a/internal/dto/order.go b/internal/dto/order.go
@@ -147,20 +147,22 @@ func OrderUpdateStatusResponse(order *entity.Order) ResponseDTO[OrderSummaryDTO]
 	return SuccessResponseWithMessage(ToOrderSummaryDTO(order), "Order status updated successfully")
 }
 
-func OrderSummaryListResponse(orders []*entity.Order, page, pageSize, total int) ResponseDTO[ListResponseDTO[OrderSummaryDTO]] {
+func OrderSummaryListResponse(orders []*entity.Order, page, pageSize, total int) ListResponseDTO[OrderSummaryDTO] {
 	var orderSummaries []OrderSummaryDTO
 	for _, order := range orders {
 		orderSummaries = append(orderSummaries, ToOrderSummaryDTO(order))
 	}
 
-	return SuccessResponseWithMessage(ListResponseDTO[OrderSummaryDTO]{
-		Data: orderSummaries,
+	return ListResponseDTO[OrderSummaryDTO]{
+		Success: true,
+		Message: "Order summaries retrieved successfully",
+		Data:    orderSummaries,
 		Pagination: PaginationDTO{
 			Page:     page,
 			PageSize: pageSize,
 			Total:    total,
 		},
-	}, "Orders retrieved successfully")
+	}
 }
 
 func OrderDetailResponse(order *entity.Order) ResponseDTO[OrderDTO] {
diff --git a/internal/interfaces/api/handler/order_handler.go b/internal/interfaces/api/handler/order_handler.go
@@ -31,12 +31,12 @@ func NewOrderHandler(orderUseCase *usecase.OrderUseCase, logger logger.Logger) *
 func (h *OrderHandler) GetOrder(w http.ResponseWriter, r *http.Request) {
 	// Get user ID from context
 	userID, ok := r.Context().Value(middleware.UserIDKey).(uint)
-
-	h.logger.Debug("User ID from context: %d", userID)
-
 	if !ok {
 		h.logger.Error("Unauthorized access attempt")
-		http.Error(w, "Unauthorized", http.StatusUnauthorized)
+		response := dto.ErrorResponse("Unauthorized")
+		w.Header().Set("Content-Type", "application/json")
+		w.WriteHeader(http.StatusUnauthorized)
+		json.NewEncoder(w).Encode(response)
 		return
 	}
 
@@ -83,10 +83,13 @@ func (h *OrderHandler) GetOrder(w http.ResponseWriter, r *http.Request) {
 // ListOrders handles listing orders for a user
 func (h *OrderHandler) ListOrders(w http.ResponseWriter, r *http.Request) {
 	// Get user ID from context
-	userID, ok := r.Context().Value("user_id").(uint)
+	userID, ok := r.Context().Value(middleware.UserIDKey).(uint)
 	if !ok {
 		h.logger.Error("Unauthorized access attempt")
-		http.Error(w, "Unauthorized", http.StatusUnauthorized)
+		response := dto.ErrorResponse("Unauthorized")
+		w.Header().Set("Content-Type", "application/json")
+		w.WriteHeader(http.StatusUnauthorized)
+		json.NewEncoder(w).Encode(response)
 		return
 	}
 
@@ -124,6 +127,17 @@ func (h *OrderHandler) ListOrders(w http.ResponseWriter, r *http.Request) {
 
 // ListAllOrders handles listing all orders (admin only)
 func (h *OrderHandler) ListAllOrders(w http.ResponseWriter, r *http.Request) {
+	// Get user ID from context
+	_, ok := r.Context().Value(middleware.UserIDKey).(uint)
+	if !ok {
+		h.logger.Error("Unauthorized access attempt")
+		response := dto.ErrorResponse("Unauthorized")
+		w.Header().Set("Content-Type", "application/json")
+		w.WriteHeader(http.StatusUnauthorized)
+		json.NewEncoder(w).Encode(response)
+		return
+	}
+
 	// Parse pagination parameters
 	page, _ := strconv.Atoi(r.URL.Query().Get("page"))
 	pageSize, _ := strconv.Atoi(r.URL.Query().Get("pageSize"))
@@ -167,6 +181,16 @@ func (h *OrderHandler) ListAllOrders(w http.ResponseWriter, r *http.Request) {
 
 // UpdateOrderStatus handles updating an order's status (admin only)
 func (h *OrderHandler) UpdateOrderStatus(w http.ResponseWriter, r *http.Request) {
+	_, ok := r.Context().Value(middleware.UserIDKey).(uint)
+	if !ok {
+		h.logger.Error("Unauthorized access attempt")
+		response := dto.ErrorResponse("Unauthorized")
+		w.Header().Set("Content-Type", "application/json")
+		w.WriteHeader(http.StatusUnauthorized)
+		json.NewEncoder(w).Encode(response)
+		return
+	}
+
 	// Get order ID from URL
 	vars := mux.Vars(r)
 	id, err := strconv.ParseUint(vars["orderId"], 10, 32)
diff --git a/internal/interfaces/api/middleware/auth_middleware.go b/internal/interfaces/api/middleware/auth_middleware.go
@@ -64,9 +64,6 @@ func (m *AuthMiddleware) Authenticate(next http.Handler) http.Handler {
 		ctx = context.WithValue(ctx, emailKey, claims.Email)
 		ctx = context.WithValue(ctx, RoleKey, claims.Role)
 
-		// print user ID and role for debugging
-		m.logger.Debug("Authenticated user ID: %d, Role: %s", claims.UserID, claims.Role)
-
 		// Call the next handler with the updated context
 		next.ServeHTTP(w, r.WithContext(ctx))
 	})
