validations

Author: prkhrkat

api/restHandler/UserAttributesRestHandler.go

@@ -18,15 +18,14 @@ package restHandler
 
 import (
 	"encoding/json"
-	"errors"
-	"github.com/devtron-labs/devtron/pkg/attributes/bean"
 	"net/http"
 
+	"github.com/devtron-labs/devtron/pkg/attributes/bean"
+
 	"github.com/devtron-labs/devtron/api/restHandler/common"
 	"github.com/devtron-labs/devtron/pkg/attributes"
 	"github.com/devtron-labs/devtron/pkg/auth/authorisation/casbin"
 	"github.com/devtron-labs/devtron/pkg/auth/user"
-	"github.com/gorilla/mux"
 	"go.uber.org/zap"
 )
 
@@ -56,18 +55,32 @@ func NewUserAttributesRestHandlerImpl(logger *zap.SugaredLogger, enforcer casbin
 }
 
 func (handler *UserAttributesRestHandlerImpl) AddUserAttributes(w http.ResponseWriter, r *http.Request) {
-	dto, success := handler.validateUserAttributesRequest(w, r, "PatchUserAttributes")
+	dto, success := handler.validateUserAttributesRequest(w, r, "AddUserAttributes")
 	if !success {
 		return
 	}
 
-	handler.logger.Infow("request payload, AddUserAttributes", "payload", dto)
+	handler.logger.Infow("Adding user attributes",
+		"operation", "add_user_attributes",
+		"userId", dto.UserId,
+		"key", dto.Key)
+
 	resp, err := handler.userAttributesService.AddUserAttributes(dto)
 	if err != nil {
-		handler.logger.Errorw("service err, AddUserAttributes", "err", err, "payload", dto)
-		common.WriteJsonResp(w, err, nil, http.StatusInternalServerError)
+		handler.logger.Errorw("Failed to add user attributes",
+			"operation", "add_user_attributes",
+			"userId", dto.UserId,
+			"key", dto.Key,
+			"err", err)
+
+		// Use enhanced error response builder
+		errBuilder := common.NewErrorResponseBuilder(w, r).
+			WithOperation("user attributes creation").
+			WithResource("user attribute", dto.Key)
+		errBuilder.HandleError(err)
 		return
 	}
+
 	common.WriteJsonResp(w, nil, resp, http.StatusOK)
 }
 
@@ -78,18 +91,32 @@ func (handler *UserAttributesRestHandlerImpl) AddUserAttributes(w http.ResponseW
 // @Success 200 {object} attributes.UserAttributesDto
 // @Router /orchestrator/attributes/user/update [POST]
 func (handler *UserAttributesRestHandlerImpl) UpdateUserAttributes(w http.ResponseWriter, r *http.Request) {
-	dto, success := handler.validateUserAttributesRequest(w, r, "PatchUserAttributes")
+	dto, success := handler.validateUserAttributesRequest(w, r, "UpdateUserAttributes")
 	if !success {
 		return
 	}
 
-	handler.logger.Infow("request payload, UpdateUserAttributes", "payload", dto)
+	handler.logger.Infow("Updating user attributes",
+		"operation", "update_user_attributes",
+		"userId", dto.UserId,
+		"key", dto.Key)
+
 	resp, err := handler.userAttributesService.UpdateUserAttributes(dto)
 	if err != nil {
-		handler.logger.Errorw("service err, UpdateUserAttributes", "err", err, "payload", dto)
-		common.WriteJsonResp(w, err, nil, http.StatusInternalServerError)
+		handler.logger.Errorw("Failed to update user attributes",
+			"operation", "update_user_attributes",
+			"userId", dto.UserId,
+			"key", dto.Key,
+			"err", err)
+
+		// Use enhanced error response builder
+		errBuilder := common.NewErrorResponseBuilder(w, r).
+			WithOperation("user attributes update").
+			WithResource("user attribute", dto.Key)
+		errBuilder.HandleError(err)
 		return
 	}
+
 	common.WriteJsonResp(w, nil, resp, http.StatusOK)
 }
 
@@ -99,38 +126,68 @@ func (handler *UserAttributesRestHandlerImpl) PatchUserAttributes(w http.Respons
 		return
 	}
 
-	handler.logger.Infow("request payload, PatchUserAttributes", "payload", dto)
+	handler.logger.Infow("Patching user attributes",
+		"operation", "patch_user_attributes",
+		"userId", dto.UserId,
+		"key", dto.Key)
+
 	resp, err := handler.userAttributesService.PatchUserAttributes(dto)
 	if err != nil {
-		handler.logger.Errorw("service err, PatchUserAttributes", "err", err, "payload", dto)
-		common.WriteJsonResp(w, err, nil, http.StatusInternalServerError)
+		handler.logger.Errorw("Failed to patch user attributes",
+			"operation", "patch_user_attributes",
+			"userId", dto.UserId,
+			"key", dto.Key,
+			"err", err)
+
+		// Use enhanced error response builder
+		errBuilder := common.NewErrorResponseBuilder(w, r).
+			WithOperation("user attributes patch").
+			WithResource("user attribute", dto.Key)
+		errBuilder.HandleError(err)
 		return
 	}
+
 	common.WriteJsonResp(w, nil, resp, http.StatusOK)
 }
 
 func (handler *UserAttributesRestHandlerImpl) validateUserAttributesRequest(w http.ResponseWriter, r *http.Request, operation string) (*bean.UserAttributesDto, bool) {
+	// 1. Authentication check using enhanced error handling
 	userId, err := handler.userService.GetLoggedInUser(r)
 	if userId == 0 || err != nil {
 		common.HandleUnauthorized(w, r)
 		return nil, false
 	}
 
+	// 2. Request body parsing with enhanced error handling
 	decoder := json.NewDecoder(r.Body)
 	var dto bean.UserAttributesDto
 	err = decoder.Decode(&dto)
 	if err != nil {
-		handler.logger.Errorw("request err, "+operation, "err", err, "payload", dto)
-		common.WriteJsonResp(w, err, nil, http.StatusBadRequest)
+		handler.logger.Errorw("Request parsing error",
+			"operation", operation,
+			"err", err,
+			"userId", userId)
+
+		// Use enhanced error response builder for request parsing errors
+		errBuilder := common.NewErrorResponseBuilder(w, r).
+			WithOperation(operation).
+			WithResource("user attributes", "")
+		errBuilder.HandleError(err)
 		return nil, false
 	}
 
 	dto.UserId = userId
 
+	// 3. Get user email with enhanced error handling
 	emailId, err := handler.userService.GetActiveEmailById(userId)
 	if err != nil {
-		handler.logger.Errorw("request err, "+operation, "err", err, "payload", dto)
-		common.WriteJsonResp(w, errors.New("unauthorized"), nil, http.StatusForbidden)
+		handler.logger.Errorw("Failed to get user email",
+			"operation", operation,
+			"userId", userId,
+			"err", err)
+
+		// Use enhanced error response for forbidden access
+		common.WriteForbiddenError(w, "access user attributes", "user")
 		return nil, false
 	}
 	dto.EmailId = emailId
@@ -145,36 +202,58 @@ func (handler *UserAttributesRestHandlerImpl) validateUserAttributesRequest(w ht
 // @Success 200 {object} attributes.UserAttributesDto
 // @Router /orchestrator/attributes/user/get [GET]
 func (handler *UserAttributesRestHandlerImpl) GetUserAttribute(w http.ResponseWriter, r *http.Request) {
+	// 1. Authentication check using enhanced error handling
 	userId, err := handler.userService.GetLoggedInUser(r)
 	if userId == 0 || err != nil {
 		common.HandleUnauthorized(w, r)
 		return
 	}
 
-	vars := mux.Vars(r)
-	key := vars["key"]
-	if key == "" {
-		handler.logger.Errorw("request err, GetUserAttribute", "err", err, "key", key)
-		common.WriteJsonResp(w, err, nil, http.StatusBadRequest)
+	// 2. Enhanced parameter extraction with automatic validation
+	key, err := common.ExtractStringPathParamWithContext(w, r, "key")
+	if err != nil {
+		// Error already written by ExtractStringPathParamWithContext
 		return
 	}
 
-	dto := bean.UserAttributesDto{}
-
+	// 3. Get user email with enhanced error handling
 	emailId, err := handler.userService.GetActiveEmailById(userId)
 	if err != nil {
-		handler.logger.Errorw("request err, UpdateUserAttributes", "err", err, "payload", dto)
-		common.WriteJsonResp(w, errors.New("unauthorized"), nil, http.StatusForbidden)
+		handler.logger.Errorw("Failed to get user email",
+			"operation", "get_user_attribute",
+			"userId", userId,
+			"key", key,
+			"err", err)
+
+		// Use enhanced error response for forbidden access
+		common.WriteForbiddenError(w, "access user attributes", "user")
 		return
 	}
-	dto.EmailId = emailId
-	dto.Key = key
 
+	// 4. Prepare DTO
+	dto := bean.UserAttributesDto{
+		UserId:  userId,
+		EmailId: emailId,
+		Key:     key,
+	}
+
+	// 5. Service call with enhanced error handling
 	res, err := handler.userAttributesService.GetUserAttribute(&dto)
 	if err != nil {
-		handler.logger.Errorw("service err, GetAttributesById", "err", err)
-		common.WriteJsonResp(w, err, nil, http.StatusInternalServerError)
+		handler.logger.Errorw("Failed to get user attribute",
+			"operation", "get_user_attribute",
+			"userId", userId,
+			"key", key,
+			"err", err)
+
+		// Use enhanced error response builder
+		errBuilder := common.NewErrorResponseBuilder(w, r).
+			WithOperation("user attribute retrieval").
+			WithResource("user attribute", key)
+		errBuilder.HandleError(err)
 		return
 	}
+
+	// 6. Success response
 	common.WriteJsonResp(w, nil, res, http.StatusOK)
 }

api/restHandler/common/ApiResponseWriter.go

@@ -18,8 +18,9 @@ package common
 
 import (
 	"encoding/json"
-	"github.com/devtron-labs/devtron/internal/util"
 	"net/http"
+
+	"github.com/devtron-labs/devtron/internal/util"
 )
 
 type ApiResponse struct {

api/restHandler/common/ParamParserUtils.go

@@ -38,6 +38,28 @@ func ExtractIntPathParamWithContext(w http.ResponseWriter, r *http.Request, para
 	return paramIntValue, nil
 }
 
+// ExtractStringPathParamWithContext provides enhanced error messages for string path parameters
+func ExtractStringPathParamWithContext(w http.ResponseWriter, r *http.Request, paramName string) (string, error) {
+	vars := mux.Vars(r)
+	paramValue := vars[paramName]
+
+	if paramValue == "" {
+		apiErr := util.NewMissingRequiredFieldError(paramName)
+		WriteJsonResp(w, apiErr, nil, apiErr.HttpStatusCode)
+		return "", apiErr
+	}
+
+	// Trim whitespace and validate
+	paramValue = strings.TrimSpace(paramValue)
+	if paramValue == "" {
+		apiErr := util.NewValidationErrorForField(paramName, "cannot be empty or contain only whitespace")
+		WriteJsonResp(w, apiErr, nil, apiErr.HttpStatusCode)
+		return "", apiErr
+	}
+
+	return paramValue, nil
+}
+
 func convertToInt(w http.ResponseWriter, paramValue string) (int, error) {
 	paramIntValue, err := strconv.Atoi(paramValue)
 	if err != nil {