From 75af86c643d0627b9d41fc00ac0bce2103153513 Mon Sep 17 00:00:00 2001 From: Vinit khandal <111434418+vinit717@users.noreply.github.com> Date: Fri, 11 Oct 2024 23:46:53 +0530 Subject: [PATCH] Removed /users API due to security concerns allowing user details visibility (#133) * chore: remove users list api * chore: remove users list dto --- controllers/users.go | 34 --------------------------------- dtos/http_response.go | 4 ---- routes/users.go | 12 ++++-------- tests/integration/users_test.go | 16 ---------------- 4 files changed, 4 insertions(+), 62 deletions(-) diff --git a/controllers/users.go b/controllers/users.go index 83a287e..ea80bde 100644 --- a/controllers/users.go +++ b/controllers/users.go @@ -11,40 +11,6 @@ import ( "github.com/uptrace/bun" ) -func GetUserList(ctx *gin.Context, db *bun.DB) { - var users []models.User - err := db.NewSelect().Model(&users).OrderExpr("id ASC").Limit(10).Scan(ctx) - - if err != nil { - ctx.JSON(http.StatusInternalServerError, dtos.UserListResponse{ - Message: "Failed to fetch users: " + err.Error(), - }) - return - } - - if len(users) == 0 { - ctx.JSON(http.StatusNotFound, dtos.UserListResponse{ - Message: "No users found", - }) - return - } - - var dtoUsers []dtos.User - for _, user := range users { - dtoUsers = append(dtoUsers, dtos.User{ - ID: user.ID, - UserName: user.UserName, - Email: user.Email, - CreatedAt: user.CreatedAt, - }) - } - - ctx.JSON(http.StatusOK, dtos.UserListResponse{ - Message: "users fetched successfully", - Data: dtoUsers, - }) -} - func GetUserByID(ctx *gin.Context, db *bun.DB) { id := ctx.Param("id") diff --git a/dtos/http_response.go b/dtos/http_response.go index 7f43a64..769447f 100644 --- a/dtos/http_response.go +++ b/dtos/http_response.go @@ -37,10 +37,6 @@ type URLNotFoundResponse struct { Message string `json:"message"` } -type UserListResponse struct { - Message string `json:"message"` - Data []User `json:"data,omitempty"` -} type UserResponse struct { Message string `json:"message"` Data User `json:"data,omitempty"` diff --git a/routes/users.go b/routes/users.go index 70e276d..b82a0c9 100644 --- a/routes/users.go +++ b/routes/users.go @@ -1,10 +1,10 @@ package routes import ( - "github.com/gin-gonic/gin" - "github.com/uptrace/bun" - "github.com/Real-Dev-Squad/tiny-site-backend/controllers" - "github.com/Real-Dev-Squad/tiny-site-backend/middlewares" + controller "github.com/Real-Dev-Squad/tiny-site-backend/controllers" + middleware "github.com/Real-Dev-Squad/tiny-site-backend/middlewares" + "github.com/gin-gonic/gin" + "github.com/uptrace/bun" ) func UserRoutes(rg *gin.RouterGroup, db *bun.DB) { @@ -14,10 +14,6 @@ func UserRoutes(rg *gin.RouterGroup, db *bun.DB) { users.Use(middleware.AuthMiddleware()) user.Use(middleware.AuthMiddleware()) - users.GET("", func(ctx *gin.Context) { - controller.GetUserList(ctx, db) - }) - users.GET("/:id", func(ctx *gin.Context) { controller.GetUserByID(ctx, db) }) diff --git a/tests/integration/users_test.go b/tests/integration/users_test.go index c5a2323..1a4ae2c 100644 --- a/tests/integration/users_test.go +++ b/tests/integration/users_test.go @@ -12,22 +12,6 @@ import ( "github.com/stretchr/testify/assert" ) -// TestGetUsersSuccess tests the successful retrieval of a list of users. -func (suite *AppTestSuite) TestGetUsersSuccess() { - // Setup the router and route - router := gin.Default() - router.GET("/v1/users", func(ctx *gin.Context) { - controller.GetUserList(ctx, suite.db) - }) - - // Create a request and recorder to test the endpoint - req, _ := http.NewRequest("GET", "/v1/users", nil) - w := httptest.NewRecorder() - - router.ServeHTTP(w, req) - assert.Equal(suite.T(), http.StatusOK, w.Code, "Expected status code to be 200 for successful user retrieval") -} - // TestGetUserByIDExistingUser tests the retrieval of a user by ID for an existing user and expects a successful response. func (suite *AppTestSuite) TestGetUserByIDExistingUser() { router := gin.Default()