From 4ac5b1c10150a942ed9525b6477f5f20be00ca66 Mon Sep 17 00:00:00 2001
From: Asai Neko <sugar@sne.moe>
Date: Wed, 21 Jan 2026 10:01:13 +0800
Subject: [PATCH] Fix error reponses

Signed-off-by: Asai Neko <sugar@sne.moe>
---
 data/attendance.go           |  4 ++--
 data/client.go               |  2 +-
 internal/cryptography/aes.go | 12 ++++++------
 middleware/gin_logger.go     |  4 ++++
 pkgs/authtoken/authtoken.go  | 16 ++++++++--------
 pkgs/email/email.go          |  8 ++++----
 pkgs/kyc/kyc.go              |  6 +++---
 7 files changed, 28 insertions(+), 24 deletions(-)

diff --git a/data/attendance.go b/data/attendance.go
index 53fd25b..67ed0dc 100644
--- a/data/attendance.go
+++ b/data/attendance.go
@@ -228,13 +228,13 @@ func (self *Attendance) VerifyCheckinCode(checkinCode string) error {
 
 	val, err := Redis.Get(ctx, "checkin_code:"+checkinCode).Result()
 	if err != nil {
-		return errors.New("invalid or expired checkin code")
+		return errors.New("[Attendance Data] invalid or expired checkin code")
 	}
 
 	// Expected format: user_id:<uuid>:event_id:<uuid>
 	parts := strings.Split(val, ":")
 	if len(parts) != 4 {
-		return errors.New("invalid checkin code format")
+		return errors.New("[Attendance Data] invalid checkin code format")
 	}
 
 	userIdStr := parts[1]
diff --git a/data/client.go b/data/client.go
index f0a024e..539e30a 100644
--- a/data/client.go
+++ b/data/client.go
@@ -87,5 +87,5 @@ func (self *Client) ValidateRedirectURI(redirectURI string) error {
 			return nil
 		}
 	}
-	return errors.New("redirect uri not match")
+	return errors.New("[Client Data] redirect uri not match")
 }
diff --git a/internal/cryptography/aes.go b/internal/cryptography/aes.go
index 7aeef35..7e7cdb0 100644
--- a/internal/cryptography/aes.go
+++ b/internal/cryptography/aes.go
@@ -21,7 +21,7 @@ func normalizeKey(key []byte) ([]byte, error) {
 	case 16, 24, 32:
 		return key, nil
 	default:
-		return nil, errors.New("AES key length must be 16, 24, or 32 bytes")
+		return nil, errors.New("[Cryptography AES] AES key length must be 16, 24, or 32 bytes")
 	}
 }
 
@@ -74,7 +74,7 @@ func AESGCMDecrypt(encoded string, key []byte) ([]byte, error) {
 	}
 
 	if len(data) < gcm.NonceSize() {
-		return nil, errors.New("ciphertext too short")
+		return nil, errors.New("[Cryptography AES] ciphertext too short")
 	}
 
 	nonce := data[:gcm.NonceSize()]
@@ -92,11 +92,11 @@ func pkcs7Pad(data []byte, blockSize int) []byte {
 func pkcs7Unpad(data []byte) ([]byte, error) {
 	length := len(data)
 	if length == 0 {
-		return nil, errors.New("invalid padding")
+		return nil, errors.New("[Cryptography AES] invalid padding")
 	}
 	padding := int(data[length-1])
 	if padding == 0 || padding > length {
-		return nil, errors.New("invalid padding")
+		return nil, errors.New("[Cryptography AES] invalid padding")
 	}
 	return data[:length-padding], nil
 }
@@ -143,7 +143,7 @@ func AESCBCDecrypt(encoded string, key []byte) ([]byte, error) {
 	}
 
 	if len(data) < block.BlockSize() {
-		return nil, errors.New("ciphertext too short")
+		return nil, errors.New("[Cryptography AES] ciphertext too short")
 	}
 
 	iv := data[:block.BlockSize()]
@@ -195,7 +195,7 @@ func AESCFBDecrypt(encoded string, key []byte) ([]byte, error) {
 	}
 
 	if len(data) < block.BlockSize() {
-		return nil, errors.New("ciphertext too short")
+		return nil, errors.New("[Cryptography AES] ciphertext too short")
 	}
 
 	iv := data[:block.BlockSize()]
diff --git a/middleware/gin_logger.go b/middleware/gin_logger.go
index 22f629e..4ccd67c 100644
--- a/middleware/gin_logger.go
+++ b/middleware/gin_logger.go
@@ -2,6 +2,7 @@ package middleware
 
 import (
 	"bytes"
+	"encoding/json"
 	"io"
 	"log/slog"
 	"time"
@@ -17,6 +18,8 @@ func GinLogger() gin.HandlerFunc {
 			c.Request.Body = io.NopCloser(bytes.NewBuffer(body))
 		}
 
+		headerJSON, _ := json.Marshal(c.Request.Header)
+
 		startTime := time.Now()
 
 		c.Next()
@@ -33,6 +36,7 @@ func GinLogger() gin.HandlerFunc {
 			"ip", c.ClientIP(),
 			"latency", time.Since(startTime).String(),
 			"user_agent", c.Request.UserAgent(),
+			"headers", string(headerJSON),
 			"request_body", string(body),
 			"errors", errorMessage,
 		}
diff --git a/pkgs/authtoken/authtoken.go b/pkgs/authtoken/authtoken.go
index ac135c8..df1be0c 100644
--- a/pkgs/authtoken/authtoken.go
+++ b/pkgs/authtoken/authtoken.go
@@ -129,14 +129,14 @@ func (self *Token) RefreshAccessToken(refreshToken string) (string, error) {
 	// read refresh token bind data
 	dataMap, err := data.Redis.HGetAll(ctx, key).Result()
 	if err != nil || len(dataMap) == 0 {
-		return "", errors.New("invalid refresh token")
+		return "", errors.New("[Auth Token] invalid refresh token")
 	}
 
 	userIdStr := dataMap["user_id"]
 	clientId := dataMap["client_id"]
 
 	if userIdStr == "" || clientId == "" {
-		return "", errors.New("refresh token corrupted")
+		return "", errors.New("[Auth Token] refresh token corrupted")
 	}
 
 	userId, err := uuid.Parse(userIdStr)
@@ -157,14 +157,14 @@ func (self *Token) RenewRefreshToken(refreshToken string) (string, error) {
 	// read old refresh token bind data
 	dataMap, err := data.Redis.HGetAll(ctx, oldKey).Result()
 	if err != nil || len(dataMap) == 0 {
-		return "", errors.New("invalid refresh token")
+		return "", errors.New("[Auth Token] invalid refresh token")
 	}
 
 	userIdStr := dataMap["user_id"]
 	clientId := dataMap["client_id"]
 
 	if userIdStr == "" || clientId == "" {
-		return "", errors.New("refresh token corrupted")
+		return "", errors.New("[Auth Token] refresh token corrupted")
 	}
 
 	// generate new refresh token
@@ -254,7 +254,7 @@ func (self *Token) HeaderVerify(header string) (string, error) {
 	// Split header to 2
 	parts := strings.SplitN(header, " ", 2)
 	if len(parts) != 2 || parts[0] != "Bearer" {
-		return "", errors.New("invalid Authorization header format")
+		return "", errors.New("[Auth Token] invalid Authorization header format")
 	}
 
 	tokenStr := parts[1]
@@ -266,11 +266,11 @@ func (self *Token) HeaderVerify(header string) (string, error) {
 		claims,
 		func(token *jwt.Token) (any, error) {
 			if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
-				return nil, errors.New("unexpected signing method")
+				return nil, errors.New("[Auth Token] unexpected signing method")
 			}
 
 			if claims.ClientId == "" {
-				return nil, errors.New("client_id missing in token")
+				return nil, errors.New("[Auth Token] client_id missing in token")
 			}
 
 			clientData, err := new(data.Client).GetClientByClientId(claims.ClientId)
@@ -289,7 +289,7 @@ func (self *Token) HeaderVerify(header string) (string, error) {
 
 	if err != nil || !token.Valid {
 		fmt.Println(err)
-		return "", errors.New("invalid or expired token")
+		return "", errors.New("[Auth Token] invalid or expired token")
 	}
 
 	return claims.UserID.String(), nil
diff --git a/pkgs/email/email.go b/pkgs/email/email.go
index e5da6e6..a7ca683 100644
--- a/pkgs/email/email.go
+++ b/pkgs/email/email.go
@@ -30,11 +30,11 @@ func (self *Client) NewSMTPClient() (*Client, error) {
 	insecure := viper.GetBool("email.insecure_skip_verify")
 
 	if host == "" || port == 0 || user == "" {
-		return nil, errors.New("SMTP config not set")
+		return nil, errors.New("[Email] SMTP config not set")
 	}
 
 	if pass == "" {
-		return nil, errors.New("SMTP basic auth requires email.password")
+		return nil, errors.New("[Email] SMTP basic auth requires email.password")
 	}
 
 	dialer := gomail.NewDialer(host, port, user, pass)
@@ -52,7 +52,7 @@ func (self *Client) NewSMTPClient() (*Client, error) {
 		dialer.SSL = false
 		dialer.TLSConfig = nil
 	default:
-		return nil, errors.New("unknown smtp security mode: " + security)
+		return nil, errors.New("[Email] unknown smtp security mode: " + security)
 	}
 
 	return &Client{
@@ -67,7 +67,7 @@ func (self *Client) NewSMTPClient() (*Client, error) {
 
 func (c *Client) Send(from, to, subject, html string) (string, error) {
 	if c.dialer == nil {
-		return "", errors.New("SMTP dialer not initialized")
+		return "", errors.New("[Email] SMTP dialer not initialized")
 	}
 
 	m := gomail.NewMessage()
diff --git a/pkgs/kyc/kyc.go b/pkgs/kyc/kyc.go
index a4c77d2..228ca16 100644
--- a/pkgs/kyc/kyc.go
+++ b/pkgs/kyc/kyc.go
@@ -21,12 +21,12 @@ import (
 func DecodeB64Json(b64Json string) (*KycInfo, error) {
 	rawJson, err := base64.StdEncoding.DecodeString(b64Json)
 	if err != nil {
-		return nil, errors.New("invalid base64 json")
+		return nil, errors.New("[KYC] invalid base64 json")
 	}
 
 	var kyc KycInfo
 	if err := json.Unmarshal(rawJson, &kyc); err != nil {
-		return nil, errors.New("invalid json structure")
+		return nil, errors.New("[KYC] invalid json structure")
 	}
 
 	return &kyc, nil
@@ -56,7 +56,7 @@ func DecodeAES(cipherStr string) (*KycInfo, error) {
 
 	var kyc KycInfo
 	if err := json.Unmarshal(plainBytes, &kyc); err != nil {
-		return nil, errors.New("invalid decrypted json")
+		return nil, errors.New("[KYC] invalid decrypted json")
 	}
 
 	return &kyc, nil