marktvogt.de/backend/internal/pkg/validate/validate.go

package validate

import (
	"encoding/json"
	"errors"
	"fmt"
	"io"
	"net/http"
	"strings"

	"github.com/gin-gonic/gin"
	"github.com/go-playground/validator/v10"

	"marktvogt.de/backend/internal/pkg/apierror"
)

var v = validator.New()

func Struct(s any) *apierror.Error {
	if err := v.Struct(s); err != nil {
		var ve validator.ValidationErrors
		if errors.As(err, &ve) {
			var msgs []string
			for _, fe := range ve {
				msgs = append(msgs, formatFieldError(fe))
			}
			return apierror.Validation(strings.Join(msgs, "; "))
		}
		return apierror.Validation(err.Error())
	}
	return nil
}

// BindJSON decodes the request body into dest and runs struct validation.
// Unlike gin's ShouldBindJSON it (a) refuses unknown JSON fields and (b)
// surfaces http.MaxBytesReader limits as a 413 instead of a generic 400.
// Together with middleware.BodyLimitBytes this closes audit H11.
func BindJSON(c *gin.Context, dest any) *apierror.Error {
	if c.Request == nil || c.Request.Body == nil {
		return apierror.BadRequest("invalid_json", "request body is required")
	}
	dec := json.NewDecoder(c.Request.Body)
	dec.DisallowUnknownFields()

	if err := dec.Decode(dest); err != nil {
		var maxErr *http.MaxBytesError
		if errors.As(err, &maxErr) {
			return &apierror.Error{
				Status:  http.StatusRequestEntityTooLarge,
				Code:    "body_too_large",
				Message: fmt.Sprintf("request body exceeds %d bytes", maxErr.Limit),
			}
		}
		return apierror.BadRequest("invalid_json", fmt.Sprintf("invalid request body: %s", err.Error()))
	}
	// Reject trailing JSON tokens — `{"a":1}{"b":2}` should not silently parse.
	if err := dec.Decode(&struct{}{}); err != io.EOF {
		return apierror.BadRequest("invalid_json", "request body must contain a single JSON document")
	}
	return Struct(dest)
}

func formatFieldError(fe validator.FieldError) string {
	field := fe.Field()
	switch fe.Tag() {
	case "required":
		return fmt.Sprintf("%s is required", field)
	case "email":
		return fmt.Sprintf("%s must be a valid email address", field)
	case "min":
		return fmt.Sprintf("%s must be at least %s characters", field, fe.Param())
	case "max":
		return fmt.Sprintf("%s must be at most %s characters", field, fe.Param())
	case "gte":
		return fmt.Sprintf("%s must be at least %s", field, fe.Param())
	case "lte":
		return fmt.Sprintf("%s must be at most %s", field, fe.Param())
	default:
		return fmt.Sprintf("%s failed validation: %s", field, fe.Tag())
	}
}