feat: validation, postgress connection,

projects/greenlight/cmd/api/errors.go

@@ -5,6 +5,12 @@ import (
 	"net/http"
 )
 
+// Note that the errors parameter here has the type map[string]string, which is exactly
+// the same as the errors map contained in our Validator type.
+func (app *application) failedValidationResponse(w http.ResponseWriter, r *http.Request, errors map[string]string) {
+	app.errorResponse(w, r, http.StatusUnprocessableEntity, errors)
+}
+
 // The logError() method is a generic helper for logging an error message. “Later in the
 // book we'll upgrade this to use structured logging, and record additional information
 // about the request including the HTTP method and URL.

projects/greenlight/cmd/api/helpers.go

@@ -8,6 +8,7 @@ import (
 	"maps"
 	"net/http"
 	"strconv"
+	"strings"
 
 	"github.com/julienschmidt/httprouter"
 )
@@ -46,59 +47,72 @@ func (app *application) writeJSON(w http.ResponseWriter, status int, data envelo
 	return nil
 }
 
-func (app *application) readJSON(w http.ResponseWriter, r *http.Request, dst interface{}) error {
-	// Decode the request body into the target destination.
-	err := json.NewDecoder(r.Body).Decode(dst)
+func (app *application) readJSON(w http.ResponseWriter, r *http.Request, dst any) error {
+	// Use http.MaxBytesReader() to limit the size of the request body to 1MB.
+	maxBytes := 1_048_576
+	r.Body = http.MaxBytesReader(w, r.Body, int64(maxBytes))
+
+	// Initialize the json.Decoder, and call the DisallowUnknownFields() method on it
+	// before decoding. This means that if the JSON from the client now includes any
+	// field which cannot be mapped to the target destination, the decoder will return
+	// an error instead of just ignoring the field.
+	dec := json.NewDecoder(r.Body)
+	dec.DisallowUnknownFields()
+
+	// Decode the request body to the destination.
+	err := dec.Decode(dst)
 	if err != nil {
-		// If there is an error during decoding, start the triage...
 		var syntaxError *json.SyntaxError
 		var unmarshalTypeError *json.UnmarshalTypeError
 		var invalidUnmarshalError *json.InvalidUnmarshalError
 
 		switch {
-		// Use the errors.As() function to check whether the error has the type
-
-		// *json.SyntaxError. If it does, then return a plain-english error message
-		// which includes the location of the problem.
 		case errors.As(err, &syntaxError):
 			return fmt.Errorf("body contains badly-formed JSON (at character %d)", syntaxError.Offset)
 
-		// In some circumstances Decode() may also return an io.ErrUnexpectedEOF error
-		// for syntax errors in the JSON. So we check for this using errors.Is() and
-		// return a generic error message. There is an open issue regarding this at
-		// https://github.com/golang/go/issues/25956.
 		case errors.Is(err, io.ErrUnexpectedEOF):
 			return errors.New("body contains badly-formed JSON")
 
-		// Likewise, catch any *json.UnmarshalTypeError errors. These occur when the
-		// JSON value is the wrong type for the target destination. If the error relates
-		// to a specific field, then we include that in our error message to make it
-		// easier for the client to debug.
 		case errors.As(err, &unmarshalTypeError):
 			if unmarshalTypeError.Field != "" {
 				return fmt.Errorf("body contains incorrect JSON type for field %q", unmarshalTypeError.Field)
 			}
 			return fmt.Errorf("body contains incorrect JSON type (at character %d)", unmarshalTypeError.Offset)
 
-		// An io.EOF error will be returned by Decode() if the request body is empty. We
-		// check for this with errors.Is() and return a plain-english error message
-		// instead.
 		case errors.Is(err, io.EOF):
 			return errors.New("body must not be empty")
+			// If the JSON contains a field which cannot be mapped to the target destination
+		// then Decode() will now return an error message in the format "json: unknown
+		// field "<name>"". We check for this, extract the field name from the error,
+		// and interpolate it into our custom error message. Note that there's an open
+		// issue at https://github.com/golang/go/issues/29035 regarding turning this
+		// into a distinct error type in the future.
+		case strings.HasPrefix(err.Error(), "json: unknown field "):
+			fieldName := strings.TrimPrefix(err.Error(), "json: unknown field ")
+			return fmt.Errorf("body contains unknown key %s", fieldName)
+
+		// If the request body exceeds 1MB in size the decode will now fail with the
+		// error "http: request body too large". There is an open issue about turning
+		// this into a distinct error type at https://github.com/golang/go/issues/30715.
+		case err.Error() == "http: request body too large":
+			return fmt.Errorf("body must not be larger than %d bytes", maxBytes)
 
-		// A json.InvalidUnmarshalError error will be returned if we pass a non-nil
-		// pointer to Decode(). We catch this and panic, rather than returning an error
-		// to our handler. At the end of this chapter we'll talk about panicking
-		// versus returning errors, and discuss why it's an appropriate thing to do in
-		// this specific situation.
 		case errors.As(err, &invalidUnmarshalError):
 			panic(err)
 
-		// For anything else, return the error message as-is.
 		default:
 			return err
 		}
 	}
 
+	// Call Decode() again, using a pointer to an empty anonymous struct as the
+	// destination. If the request body only contained a single JSON value this will
+	// return an io.EOF error. So if we get anything else, we know that there is
+	// additional data in the request body and we return our own custom error message.
+	err = dec.Decode(&struct{}{})
+	if err != io.EOF {
+		return errors.New("body must only contain a single JSON value")
+	}
+
 	return nil
 }

projects/greenlight/cmd/api/main.go

@@ -1,12 +1,17 @@
 package main
 
 import (
+	"context"
+	"database/sql"
 	"flag"
 	"fmt"
 	"log"
 	"net/http"
 	"os"
 	"time"
+
+	"github.com/joho/godotenv"
+	_ "github.com/lib/pq"
 )
 
 // Declare a string containing the application version number. Later in the book we'll
@@ -22,6 +27,9 @@ const version = "1.0.0"
 type config struct {
 	port int
 	env  string
+	db   struct {
+		dsn string
+	}
 }
 
 // Define an application struct to hold the dependencies for our HTTP handlers, helpers,
@@ -33,13 +41,38 @@ type application struct {
 }
 
 func main() {
+	logger := log.New(os.Stdout, "", log.Ldate|log.Ltime)
 	var cfg config
 
+	err := godotenv.Load()
+	if err != nil {
+		logger.Fatal(err)
+	}
+	dsn := os.Getenv("DATABASE_DSN")
+
 	flag.IntVar(&cfg.port, "port", 4000, "API server port")
 	flag.StringVar(&cfg.env, "env", "development", "Environment (development|staging|production)")
+	// Read the DSN value from the db-dsn command-line flag into the config struct. We
+	// default to using our development DSN if no flag is provided.
+	flag.StringVar(&cfg.db.dsn, "db-dsn", dsn, "PostgreSQL DSN")
+
 	flag.Parse()
 
-	logger := log.New(os.Stdout, "", log.Ldate|log.Ltime)
+	// Call the openDB() helper function (see below) to create the connection pool,
+	// passing in the config struct. If this returns an error, we log it and exit the
+	// application immediately.
+	db, err := openDB(cfg)
+	if err != nil {
+		logger.Fatal(err)
+	}
+
+	// Defer a call to db.Close() so that the connection pool is closed before the
+	// main() function exits.
+	defer db.Close()
+
+	// Also log a message to say that the connection pool has been successfully
+	// established.
+	logger.Printf("database connection pool established")
 
 	app := &application{
 		config: cfg,
@@ -56,6 +89,31 @@ func main() {
 	}
 
 	logger.Printf("starting %s server on %s", cfg.env, srv.Addr)
-	err := srv.ListenAndServe()
+	err = srv.ListenAndServe()
 	logger.Fatal(err)
 }
+
+func openDB(cfg config) (*sql.DB, error) {
+	// Use sql.Open() to create an empty connection pool, using the DSN from the config
+	// struct.
+	db, err := sql.Open("postgres", cfg.db.dsn)
+	if err != nil {
+		return nil, err
+	}
+
+	// Create a context with a 5-second timeout deadline.
+	ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
+	defer cancel()
+
+	// Use PingContext() to establish a new connection to the database, passing in the
+	// context we created above as a parameter. If the connection couldn't be
+	// established successfully within the 5 second deadline, then this will return an
+	// error.
+	err = db.PingContext(ctx)
+	if err != nil {
+		return nil, err
+	}
+
+	// Return the sql.DB connection pool.
+	return db, nil
+}

projects/greenlight/cmd/api/movies.go

@@ -6,26 +6,41 @@ import (
 	"time"
 
 	"greenlight.debuggingjon.dev/internal/data"
+	"greenlight.debuggingjon.dev/internal/validator"
 )
 
 func (app *application) createMovieHandler(w http.ResponseWriter, r *http.Request) {
 	var input struct {
-		Title   string   `json:"title"`
-		Year    int32    `json:"year"`
-		Runtime int32    `json:"runtime"`
-		Genres  []string `json:"genres"`
+		Title   string       `json:"title"`
+		Year    int32        `json:"year"`
+		Runtime data.Runtime `json:"runtime"`
+		Genres  []string     `json:"genres"`
 	}
 
-	// Use the new readJSON() helper to decode the request body into the input struct.
-	// If this returns an error we send the client the error message along with a 400
-	// Bad Request status code, just like before.
 	err := app.readJSON(w, r, &input)
 	if err != nil {
-		// Use the new badRequestResponse() helper.
 		app.badRequestResponse(w, r, err)
 		return
 	}
 
+	// Copy the values from the input struct to a new Movie struct.
+	movie := &data.Movie{
+		Title:   input.Title,
+		Year:    input.Year,
+		Runtime: input.Runtime,
+		Genres:  input.Genres,
+	}
+
+	// Initialize a new Validator.
+	v := validator.New()
+
+	// Call the ValidateMovie() function and return a response containing the errors if
+	// any of the checks fail.
+	if data.ValidateMovie(v, movie); !v.Valid() {
+		app.failedValidationResponse(w, r, v.Errors)
+		return
+	}
+
 	fmt.Fprintf(w, "%+v\n", input)
 }