You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
sqlx migration: Replaced go-gorp with sqlx for a thinner database layer. All raw SQL queries unchanged.
Middleware extraction: Moved CORS, RequestID, and JWT auth middleware from main.go into middleware/ package. Auth middleware calls models directly to avoid import cycles.
Reusable form validation: Replaced duplicated per-field error methods with a single forms.Translate(err, messages) function and declarative message maps.
Invoice example: Added invoice/ package with HTML preview and PDF download using maroto (pure Go, no external binaries).
README refreshed for v3 with API endpoint table, project structure, and new sections for invoice demo, trusted proxies, and CORS.
Security fixes
Authorization bypass fixed: Article Update/Delete now enforce user_id in SQL queries (previously any authenticated user could modify any article by ID).
DB SSL: PostgreSQL connection respects SSL env var (sslmode=require when SSL=TRUE).
Logout route: Now uses TokenAuth middleware for consistent 401 responses.
Login error handling: CreateAuth failure now returns error instead of silently issuing unusable tokens.
Token validation: ExtractTokenMetadata returns explicit errors instead of nil, nil on invalid claims.
Test credential leak: Removed fmt.Println(DB_PASS) from test output.
Trusted proxies: Added SetTrustedProxies(nil) to prevent proxy header trust warning.
Other improvements
Added DB_HOST and DB_PORT env vars for flexible DB connection
Removed dead TokenValid method from models and controllers
Replaced deprecated ioutil.ReadAll with io.ReadAll in tests
Fixed UserLoginResponse.Token Swagger type (was string, now Token struct)