- Updated database models and repositories to replace uint IDs with UUIDs.
- Modified test fixtures to generate and use UUIDs for authors, translations, users, and works.
- Adjusted mock implementations to align with the new UUID structure.
- Ensured all relevant functions and methods are updated to handle UUIDs correctly.
- Added necessary imports for UUID handling in various files.
This commit significantly increases the test coverage across the application and fixes several underlying bugs that were discovered while writing the new tests.
The key changes include:
- **New Tests:** Added extensive integration and unit tests for GraphQL resolvers, application services, and data repositories, substantially increasing the test coverage for packages like `graphql`, `user`, `translation`, and `analytics`.
- **Authorization Bug Fixes:**
- Fixed a critical bug where a user creating a `Work` was not correctly associated as its author, causing subsequent permission failures.
- Corrected the authorization logic in `authz.Service` to properly check for entity ownership by non-admin users.
- **Test Refactoring:**
- Refactored numerous test suites to use `testify/mock` instead of manual mocks, improving test clarity and maintainability.
- Isolated integration tests by creating a fresh admin user and token for each test run, eliminating test pollution.
- Centralized domain errors into `internal/domain/errors.go` and updated repositories to use them, making error handling more consistent.
- **Code Quality Improvements:**
- Replaced manual mock implementations with `testify/mock` for better consistency.
- Cleaned up redundant and outdated test files.
These changes stabilize the test suite, improve the overall quality of the codebase, and move the project closer to the goal of 80% test coverage.
This commit introduces a comprehensive set of foundational improvements to make the API more robust, secure, and observable.
The following features have been implemented:
- **Observability Stack:** A new `internal/observability` package has been added, providing structured logging with `zerolog`, Prometheus metrics, and OpenTelemetry tracing. This stack is fully integrated into the application's request pipeline.
- **Centralized Authorization:** A new `internal/app/authz` service has been created to centralize authorization logic. This service is now used by the `user`, `work`, and `comment` services to protect all Create, Update, and Delete operations.
- **Standardized Input Validation:** The previous ad-hoc validation has been replaced with a more robust, struct-tag-based system using the `go-playground/validator` library. This has been applied to all GraphQL input models.
- **Structured Error Handling:** A new set of custom error types has been introduced in the `internal/domain` package. A custom `gqlgen` error presenter has been implemented to map these domain errors to structured GraphQL error responses with specific error codes.
- **`updateUser` Endpoint:** The `updateUser` mutation has been fully implemented as a proof of concept for the new patterns, including support for partial updates and comprehensive authorization checks.
- **Test Refactoring:** The test suite has been significantly improved by decoupling mock repositories from the shared `testutil` package, resolving circular dependency issues and making the tests more maintainable.
