refactor: standardize error handling with exception.Builder

- Replace hardcoded error messages with structured error codes using exception.Builder. - Introduce new common error constants in exception/common.go (CommonErrorInvalidInput, CommonErrorUserNotFound, etc.). - Update exception/specific.go with domain-specific errors and remove redundant ones. - Apply consistent error handling across auth, event, user services and middleware. Co-authored-by: Gemini <gemini@google.com> Signed-off-by: Noa Virellia <noa@requiem.garden>
2026-01-21 12:47:49 +08:00
parent 5dbbdc62e6
commit e4329dfc2b
14 changed files with 611 additions and 69 deletions
--- a/service/auth/exchange.go
+++ b/service/auth/exchange.go
@@ -4,6 +4,7 @@ import (
 	"fmt"
 	"net/url"
 	"nixcn-cms/data"
+	"nixcn-cms/exception"
 	"nixcn-cms/pkgs/authcode"
 	"nixcn-cms/utils"

@@ -23,38 +24,80 @@ func Exchange(c *gin.Context) {
 	err := c.ShouldBindJSON(&exchangeReq)
 	if err != nil {
 		fmt.Println(err)
-		utils.HttpResponse(c, 400, "", "invalid request")
+		errorCode := new(exception.Builder).
+			SetStatus(exception.ErrorStatusClient).
+			SetService(exception.AuthService).
+			SetEndpoint(exception.AuthExchangeEndpoint).
+			SetType(exception.ErrorTypeCommon).
+			SetOriginal(exception.CommonErrorInvalidInput).
+			Build()
+		utils.HttpResponse(c, 400, errorCode)
 		return
 	}

 	userIdOrig, ok := c.Get("user_id")
 	if !ok {
-		utils.HttpResponse(c, 401, "", "unauthorized")
+		errorCode := new(exception.Builder).
+			SetStatus(exception.ErrorStatusClient).
+			SetService(exception.AuthService).
+			SetEndpoint(exception.AuthExchangeEndpoint).
+			SetType(exception.ErrorTypeCommon).
+			SetOriginal(exception.CommonErrorUnauthorized).
+			Build()
+		utils.HttpResponse(c, 401, errorCode)
 		return
 	}

 	userId, err := uuid.Parse(userIdOrig.(string))
 	if err != nil {
-		utils.HttpResponse(c, 500, "", "failed to parse uuid")
+		errorCode := new(exception.Builder).
+			SetStatus(exception.ErrorStatusServer).
+			SetService(exception.AuthService).
+			SetEndpoint(exception.AuthExchangeEndpoint).
+			SetType(exception.ErrorTypeCommon).
+			SetOriginal(exception.CommonErrorUuidParseFailed).
+			Build()
+		utils.HttpResponse(c, 500, errorCode)
 		return
 	}

 	userData := new(data.User)
 	user, err := userData.GetByUserId(userId)
 	if err != nil {
-		utils.HttpResponse(c, 500, "", "failed to get user id")
+		errorCode := new(exception.Builder).
+			SetStatus(exception.ErrorStatusServer).
+			SetService(exception.AuthService).
+			SetEndpoint(exception.AuthExchangeEndpoint).
+			SetType(exception.ErrorTypeSpecific).
+			SetOriginal(exception.AuthExchangeGetUserIdFailed).
+			Build()
+		utils.HttpResponse(c, 500, errorCode)
 		return
 	}

 	code, err := authcode.NewAuthCode(exchangeReq.ClientId, user.Email)
 	if err != nil {
-		utils.HttpResponse(c, 500, "", "code gen failed")
+		errorCode := new(exception.Builder).
+			SetStatus(exception.ErrorStatusServer).
+			SetService(exception.AuthService).
+			SetEndpoint(exception.AuthExchangeEndpoint).
+			SetType(exception.ErrorTypeSpecific).
+			SetOriginal(exception.AuthExchangeCodeGenFailed).
+			Build()
+		utils.HttpResponse(c, 500, errorCode)
 		return
 	}

 	url, err := url.Parse(exchangeReq.RedirectUri)
 	if err != nil {
-		utils.HttpResponse(c, 400, "", "invalid redirect uri")
+		errorCode := new(exception.Builder).
+			SetStatus(exception.ErrorStatusClient).
+			SetService(exception.AuthService).
+			SetEndpoint(exception.AuthExchangeEndpoint).
+			SetType(exception.ErrorTypeSpecific).
+			SetOriginal(exception.AuthExchangeInvalidRedirectUri).
+			Build()
+		utils.HttpResponse(c, 400, errorCode)
 		return
 	}
 	query := url.Query()
--- a/service/auth/magic.go
+++ b/service/auth/magic.go
@@ -2,6 +2,7 @@ package auth

 import (
 	"net/url"
+	"nixcn-cms/exception"
 	"nixcn-cms/pkgs/authcode"
 	"nixcn-cms/pkgs/email"
 	"nixcn-cms/pkgs/turnstile"
@@ -23,27 +24,55 @@ func Magic(c *gin.Context) {
 	// Parse request
 	var req MagicRequest
 	if err := c.ShouldBindJSON(&req); err != nil {
-		utils.HttpResponse(c, 400, "", "invalid request")
+		errorCode := new(exception.Builder).
+			SetStatus(exception.ErrorStatusClient).
+			SetService(exception.AuthService).
+			SetEndpoint(exception.AuthMagicEndpoint).
+			SetType(exception.ErrorTypeCommon).
+			SetOriginal(exception.CommonErrorInvalidInput).
+			Build()
+		utils.HttpResponse(c, 400, errorCode)
 		return
 	}

 	// Cloudflare turnstile
 	ok, err := turnstile.VerifyTurnstile(req.TurnstileToken, c.ClientIP())
 	if err != nil || !ok {
-		utils.HttpResponse(c, 403, "", "turnstile failed")
+		errorCode := new(exception.Builder).
+			SetStatus(exception.ErrorStatusClient).
+			SetService(exception.AuthService).
+			SetEndpoint(exception.AuthMagicEndpoint).
+			SetType(exception.ErrorTypeSpecific).
+			SetOriginal(exception.AuthMagicTurnstileFailed).
+			Build()
+		utils.HttpResponse(c, 403, errorCode)
 		return
 	}

 	code, err := authcode.NewAuthCode(req.ClientId, req.Email)
 	if err != nil {
-		utils.HttpResponse(c, 500, "", "code gen failed")
+		errorCode := new(exception.Builder).
+			SetStatus(exception.ErrorStatusServer).
+			SetService(exception.AuthService).
+			SetEndpoint(exception.AuthMagicEndpoint).
+			SetType(exception.ErrorTypeSpecific).
+			SetOriginal(exception.AuthMagicCodeGenFailed).
+			Build()
+		utils.HttpResponse(c, 500, errorCode)
 		return
 	}

 	externalUrl := viper.GetString("server.external_url")
 	url, err := url.Parse(externalUrl)
 	if err != nil {
-		utils.HttpResponse(c, 500, "", "invalid external url")
+		errorCode := new(exception.Builder).
+			SetStatus(exception.ErrorStatusServer).
+			SetService(exception.AuthService).
+			SetEndpoint(exception.AuthMagicEndpoint).
+			SetType(exception.ErrorTypeSpecific).
+			SetOriginal(exception.AuthMagicInvalidExternalUrl).
+			Build()
+		utils.HttpResponse(c, 500, errorCode)
 		return
 	}

@@ -66,7 +95,14 @@ func Magic(c *gin.Context) {
 		// Send email using resend
 		emailClient, err := new(email.Client).NewSMTPClient()
 		if err != nil {
-			utils.HttpResponse(c, 500, "", "invalid email config")
+			errorCode := new(exception.Builder).
+				SetStatus(exception.ErrorStatusServer).
+				SetService(exception.AuthService).
+				SetEndpoint(exception.AuthMagicEndpoint).
+				SetType(exception.ErrorTypeSpecific).
+				SetOriginal(exception.AuthMagicInvalidEmailConfig).
+				Build()
+			utils.HttpResponse(c, 500, errorCode)
 			return
 		}
 		emailClient.Send(
--- a/service/auth/redirect.go
+++ b/service/auth/redirect.go
@@ -3,6 +3,7 @@ package auth
 import (
 	"net/url"
 	"nixcn-cms/data"
+	"nixcn-cms/exception"
 	"nixcn-cms/pkgs/authcode"
 	"nixcn-cms/utils"

@@ -14,19 +15,40 @@ import (
 func Redirect(c *gin.Context) {
 	clientId := c.Query("client_id")
 	if clientId == "" {
-		utils.HttpResponse(c, 400, "", "invalid request")
+		errorCode := new(exception.Builder).
+			SetStatus(exception.ErrorStatusClient).
+			SetService(exception.AuthService).
+			SetEndpoint(exception.AuthRedirectEndpoint).
+			SetType(exception.ErrorTypeCommon).
+			SetOriginal(exception.CommonErrorInvalidInput).
+			Build()
+		utils.HttpResponse(c, 400, errorCode)
 		return
 	}

 	redirectUri := c.Query("redirect_uri")
 	if redirectUri == "" {
-		utils.HttpResponse(c, 400, "", "invalid request")
+		errorCode := new(exception.Builder).
+			SetStatus(exception.ErrorStatusClient).
+			SetService(exception.AuthService).
+			SetEndpoint(exception.AuthRedirectEndpoint).
+			SetType(exception.ErrorTypeCommon).
+			SetOriginal(exception.CommonErrorInvalidInput).
+			Build()
+		utils.HttpResponse(c, 400, errorCode)
 		return
 	}

 	state := c.Query("state")
 	if state == "" {
-		utils.HttpResponse(c, 400, "", "invalid request")
+		errorCode := new(exception.Builder).
+			SetStatus(exception.ErrorStatusClient).
+			SetService(exception.AuthService).
+			SetEndpoint(exception.AuthRedirectEndpoint).
+			SetType(exception.ErrorTypeCommon).
+			SetOriginal(exception.CommonErrorInvalidInput).
+			Build()
+		utils.HttpResponse(c, 400, errorCode)
 		return
 	}

@@ -35,7 +57,14 @@ func Redirect(c *gin.Context) {
 	// Verify email token
 	authCode, ok := authcode.VerifyAuthCode(code)
 	if !ok {
-		utils.HttpResponse(c, 403, "", "invalid or expired token")
+		errorCode := new(exception.Builder).
+			SetStatus(exception.ErrorStatusClient).
+			SetService(exception.AuthService).
+			SetEndpoint(exception.AuthRedirectEndpoint).
+			SetType(exception.ErrorTypeSpecific).
+			SetOriginal(exception.AuthRedirectTokenInvalid).
+			Build()
+		utils.HttpResponse(c, 403, errorCode)
 		return
 	}

@@ -52,11 +81,25 @@ func Redirect(c *gin.Context) {
 			user.Username = user.UserId.String()
 			user.PermissionLevel = 10
 			if err := user.Create(); err != nil {
-				utils.HttpResponse(c, 500, "", "internal server error")
+				errorCode := new(exception.Builder).
+					SetStatus(exception.ErrorStatusServer).
+					SetService(exception.AuthService).
+					SetEndpoint(exception.AuthRedirectEndpoint).
+					SetType(exception.ErrorTypeCommon).
+					SetOriginal(exception.CommonErrorInternal).
+					Build()
+				utils.HttpResponse(c, 500, errorCode)
 				return
 			}
 		} else {
-			utils.HttpResponse(c, 500, "", "internal server error")
+			errorCode := new(exception.Builder).
+				SetStatus(exception.ErrorStatusServer).
+				SetService(exception.AuthService).
+				SetEndpoint(exception.AuthRedirectEndpoint).
+				SetType(exception.ErrorTypeCommon).
+				SetOriginal(exception.CommonErrorInternal).
+				Build()
+			utils.HttpResponse(c, 500, errorCode)
 			return
 		}
 	}
@@ -64,25 +107,53 @@ func Redirect(c *gin.Context) {
 	clientData := new(data.Client)
 	client, err := clientData.GetClientByClientId(clientId)
 	if err != nil {
-		utils.HttpResponse(c, 400, "", "client not found")
+		errorCode := new(exception.Builder).
+			SetStatus(exception.ErrorStatusClient).
+			SetService(exception.AuthService).
+			SetEndpoint(exception.AuthRedirectEndpoint).
+			SetType(exception.ErrorTypeSpecific).
+			SetOriginal(exception.AuthRedirectClientNotFound).
+			Build()
+		utils.HttpResponse(c, 400, errorCode)
 		return
 	}

 	err = client.ValidateRedirectURI(redirectUri)
 	if err != nil {
-		utils.HttpResponse(c, 400, "", "redirect uri not match")
+		errorCode := new(exception.Builder).
+			SetStatus(exception.ErrorStatusClient).
+			SetService(exception.AuthService).
+			SetEndpoint(exception.AuthRedirectEndpoint).
+			SetType(exception.ErrorTypeSpecific).
+			SetOriginal(exception.AuthRedirectUriMismatch).
+			Build()
+		utils.HttpResponse(c, 400, errorCode)
 		return
 	}

 	newCode, err := authcode.NewAuthCode(clientId, authCode.Email)
 	if err != nil {
-		utils.HttpResponse(c, 500, "", "internal server error")
+		errorCode := new(exception.Builder).
+			SetStatus(exception.ErrorStatusServer).
+			SetService(exception.AuthService).
+			SetEndpoint(exception.AuthRedirectEndpoint).
+			SetType(exception.ErrorTypeCommon).
+			SetOriginal(exception.CommonErrorInternal).
+			Build()
+		utils.HttpResponse(c, 500, errorCode)
 		return
 	}

 	url, err := url.Parse(redirectUri)
 	if err != nil {
-		utils.HttpResponse(c, 400, "", "invalid redirect uri")
+		errorCode := new(exception.Builder).
+			SetStatus(exception.ErrorStatusClient).
+			SetService(exception.AuthService).
+			SetEndpoint(exception.AuthRedirectEndpoint).
+			SetType(exception.ErrorTypeSpecific).
+			SetOriginal(exception.AuthRedirectInvalidUri).
+			Build()
+		utils.HttpResponse(c, 400, errorCode)
 		return
 	}
 	query := url.Query()
--- a/service/auth/refresh.go
+++ b/service/auth/refresh.go
@@ -1,6 +1,7 @@
 package auth

 import (
+	"nixcn-cms/exception"
 	"nixcn-cms/pkgs/authtoken"
 	"nixcn-cms/utils"

@@ -14,7 +15,14 @@ func Refresh(c *gin.Context) {
 	}

 	if err := c.ShouldBindJSON(&req); err != nil {
-		utils.HttpResponse(c, 400, "", "invalid request")
+		errorCode := new(exception.Builder).
+			SetStatus(exception.ErrorStatusClient).
+			SetService(exception.AuthService).
+			SetEndpoint(exception.AuthRefreshEndpoint).
+			SetType(exception.ErrorTypeCommon).
+			SetOriginal(exception.CommonErrorInvalidInput).
+			Build()
+		utils.HttpResponse(c, 400, errorCode)
 		return
 	}

@@ -24,13 +32,27 @@ func Refresh(c *gin.Context) {

 	accessToken, err := JwtTool.RefreshAccessToken(req.RefreshToken)
 	if err != nil {
-		utils.HttpResponse(c, 401, "", "invalid refresh token")
+		errorCode := new(exception.Builder).
+			SetStatus(exception.ErrorStatusClient).
+			SetService(exception.AuthService).
+			SetEndpoint(exception.AuthRefreshEndpoint).
+			SetType(exception.ErrorTypeSpecific).
+			SetOriginal(exception.AuthRefreshInvalidToken).
+			Build()
+		utils.HttpResponse(c, 401, errorCode)
 		return
 	}

 	refreshToken, err := JwtTool.RenewRefreshToken(req.RefreshToken)
 	if err != nil {
-		utils.HttpResponse(c, 500, "", "error renew refresh token")
+		errorCode := new(exception.Builder).
+			SetStatus(exception.ErrorStatusServer).
+			SetService(exception.AuthService).
+			SetEndpoint(exception.AuthRefreshEndpoint).
+			SetType(exception.ErrorTypeSpecific).
+			SetOriginal(exception.AuthRefreshRenewFailed).
+			Build()
+		utils.HttpResponse(c, 500, errorCode)
 		return
 	}

--- a/service/auth/token.go
+++ b/service/auth/token.go
@@ -2,6 +2,7 @@ package auth

 import (
 	"nixcn-cms/data"
+	"nixcn-cms/exception"
 	"nixcn-cms/pkgs/authcode"
 	"nixcn-cms/pkgs/authtoken"
 	"nixcn-cms/utils"
@@ -19,20 +20,41 @@ func Token(c *gin.Context) {

 	err := c.ShouldBindJSON(&req)
 	if err != nil {
-		utils.HttpResponse(c, 400, "", "invalid request")
+		errorCode := new(exception.Builder).
+			SetStatus(exception.ErrorStatusClient).
+			SetService(exception.AuthService).
+			SetEndpoint(exception.AuthTokenEndpoint).
+			SetType(exception.ErrorTypeCommon).
+			SetOriginal(exception.CommonErrorInvalidInput).
+			Build()
+		utils.HttpResponse(c, 400, errorCode)
 		return
 	}

 	authCode, ok := authcode.VerifyAuthCode(req.Code)
 	if !ok {
-		utils.HttpResponse(c, 403, "", "invalid or expired token")
+		errorCode := new(exception.Builder).
+			SetStatus(exception.ErrorStatusClient).
+			SetService(exception.AuthService).
+			SetEndpoint(exception.AuthTokenEndpoint).
+			SetType(exception.ErrorTypeSpecific).
+			SetOriginal(exception.AuthTokenInvalidToken).
+			Build()
+		utils.HttpResponse(c, 403, errorCode)
 		return
 	}

 	userData := new(data.User)
 	user, err := userData.GetByEmail(authCode.Email)
 	if err != nil {
-		utils.HttpResponse(c, 500, "", "internal server error")
+		errorCode := new(exception.Builder).
+			SetStatus(exception.ErrorStatusServer).
+			SetService(exception.AuthService).
+			SetEndpoint(exception.AuthTokenEndpoint).
+			SetType(exception.ErrorTypeCommon).
+			SetOriginal(exception.CommonErrorInternal).
+			Build()
+		utils.HttpResponse(c, 500, errorCode)
 		return
 	}

@@ -42,7 +64,14 @@ func Token(c *gin.Context) {
 	}
 	accessToken, refreshToken, err := JwtTool.IssueTokens(authCode.ClientId, user.UserId)
 	if err != nil {
-		utils.HttpResponse(c, 500, "", "error generating tokens")
+		errorCode := new(exception.Builder).
+			SetStatus(exception.ErrorStatusServer).
+			SetService(exception.AuthService).
+			SetEndpoint(exception.AuthTokenEndpoint).
+			SetType(exception.ErrorTypeSpecific).
+			SetOriginal(exception.AuthTokenGenFailed).
+			Build()
+		utils.HttpResponse(c, 500, errorCode)
 		return
 	}