The integration tests for admin-only mutations were failing due to an authorization issue. The root cause was that the JWT token used in the tests did not reflect the user's admin role, which was being set directly in the database.
This commit fixes the issue by:
1. Updating the `CreateAuthenticatedUser` test helper to generate a new JWT token after a user's role is changed. This ensures the token contains the correct, up-to-date role.
2. Removing all uses of `auth.ContextWithAdminUser` from the integration tests, making the JWT token the single source of truth for authorization.
This change also removes unused imports and variables that were causing build failures after the refactoring. All integration tests now pass.
This commit introduces a comprehensive set of foundational improvements to make the API more robust, secure, and observable.
The following features have been implemented:
- **Observability Stack:** A new `internal/observability` package has been added, providing structured logging with `zerolog`, Prometheus metrics, and OpenTelemetry tracing. This stack is fully integrated into the application's request pipeline.
- **Centralized Authorization:** A new `internal/app/authz` service has been created to centralize authorization logic. This service is now used by the `user`, `work`, and `comment` services to protect all Create, Update, and Delete operations.
- **Standardized Input Validation:** The previous ad-hoc validation has been replaced with a more robust, struct-tag-based system using the `go-playground/validator` library. This has been applied to all GraphQL input models.
- **Structured Error Handling:** A new set of custom error types has been introduced in the `internal/domain` package. A custom `gqlgen` error presenter has been implemented to map these domain errors to structured GraphQL error responses with specific error codes.
- **`updateUser` Endpoint:** The `updateUser` mutation has been fully implemented as a proof of concept for the new patterns, including support for partial updates and comprehensive authorization checks.
- **Test Refactoring:** The test suite has been significantly improved by decoupling mock repositories from the shared `testutil` package, resolving circular dependency issues and making the tests more maintainable.
This commit introduces a comprehensive observability stack to the application, addressing a key objective from the TODO list.
The following features have been implemented:
- **Centralized Logging:** Replaced the existing custom logger with `zerolog` for structured, leveled, and performant logging. The logger is configured to output human-friendly console logs in development and JSON logs in production.
- **Distributed Tracing:** Integrated OpenTelemetry to provide distributed tracing capabilities. A new middleware has been added to create spans for all incoming HTTP requests, and the trace context is propagated.
- **Prometheus Metrics:** Added Prometheus metrics to monitor HTTP request latency and total request counts. A new `/metrics` endpoint is exposed on port 9090 to serve these metrics.
- **Request ID:** Implemented a middleware to add a unique request ID to every incoming request and response, improving traceability.
The new observability components are encapsulated in the `internal/observability` package, and the existing `internal/platform/log` package has been refactored to be a backward-compatible wrapper around the new logger.
The main application entry point (`cmd/api/main.go`) has been updated to initialize and gracefully shut down the new observability components.
This commit isolates the `Work` aggregate into its own package at `internal/domain/work`, following the first step of the refactoring plan in `refactor.md`.
- The `Work` struct, related types, and the `WorkRepository` interface have been moved to the new package.
- A circular dependency between `domain` and `work` was resolved by moving the `AnalyticsRepository` to the `app` layer.
- All references to the moved types have been updated across the entire codebase to fix compilation errors.
- Test files, including mocks and integration tests, have been updated to reflect the new structure.
This commit refactors the GraphQL test suite to resolve persistent build failures and establish a stable, mock-based unit testing environment.
The key changes include:
- Consolidating all GraphQL test helper functions into a single, canonical file (`internal/adapters/graphql/graphql_test_utils_test.go`).
- Removing duplicated test helper code from `integration_test.go` and other test files.
- Creating a new, dedicated unit test file for the `like` and `unlike` mutations (`internal/adapters/graphql/like_resolvers_unit_test.go`) using a mock-based approach.
- Introducing mock services (`MockLikeService`, `MockAnalyticsService`) and updating mock repositories (`MockLikeRepository`, `MockWorkRepository`) in the `internal/testutil` package to support `testify/mock`.
- Adding a `ContextWithUserID` helper function to `internal/platform/auth/middleware.go` to facilitate testing of authenticated resolvers.
These changes resolve the `redeclared in this block` and package collision errors, resulting in a clean and passing test suite. This provides a solid foundation for future Test-Driven Development.
This change introduces a major architectural refactoring of the application, with a focus on improving testability, decoupling, and observability.
The following domains have been successfully refactored:
- `localization`: Wrote a full suite of unit tests and added logging.
- `auth`: Introduced a `JWTManager` interface, wrote comprehensive unit tests, and added logging.
- `copyright`: Separated integration tests, wrote a full suite of unit tests, and added logging.
- `monetization`: Wrote a full suite of unit tests and added logging.
- `search`: Refactored the Weaviate client usage by creating a wrapper to improve testability, and achieved 100% test coverage.
For each of these domains, 100% test coverage has been achieved for the refactored code.
The refactoring of the `work` domain is currently in progress. Unit tests have been written for the commands and queries, but there is a persistent build issue with the query tests that needs to be resolved. The error indicates that the query methods are undefined, despite appearing to be correctly defined and called.
This commit includes the following changes:
- Refactored all data repositories in `internal/data/sql/` to use a consistent `sql` package and to align with the new `domain` models.
- Fixed the GraphQL structure by moving the server creation logic from `internal/app` to `cmd/api`, which resolved an import cycle.
- Corrected numerous incorrect import paths for packages like `graph`, `linguistics`, `syncjob`, and the legacy `models` package.
- Resolved several package and function redeclaration errors.
- Removed legacy migration code.
