validators: add validators (#15)

What
This PR adds the validation layer to the project using the go-validator library.

Why
This is to make the request/object validation easier.

go.mod

@@ -4,6 +4,7 @@ go 1.22.0
 
 require (
 	github.com/go-chi/chi v4.1.2+incompatible
+	github.com/go-playground/validator/v10 v10.20.0
 	github.com/jmoiron/sqlx v1.3.5
 	github.com/lib/pq v1.10.9
 	github.com/rubenv/sql-migrate v1.6.1
@@ -32,10 +33,13 @@ require (
 	github.com/djherbis/fscache v0.10.1 // indirect
 	github.com/felixge/httpsnoop v1.0.4 // indirect
 	github.com/fsnotify/fsnotify v1.6.0 // indirect
+	github.com/gabriel-vasile/mimetype v1.4.3 // indirect
 	github.com/go-errors/errors v1.5.1 // indirect
 	github.com/go-gorp/gorp/v3 v3.1.0 // indirect
 	github.com/go-logr/logr v1.3.0 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
+	github.com/go-playground/locales v0.14.1 // indirect
+	github.com/go-playground/universal-translator v0.18.1 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.3 // indirect
 	github.com/google/s2a-go v0.1.7 // indirect
@@ -49,6 +53,7 @@ require (
 	github.com/jmespath/go-jmespath v0.4.0 // indirect
 	github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 // indirect
 	github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 // indirect
+	github.com/leodido/go-urn v1.4.0 // indirect
 	github.com/magiconair/properties v1.8.7 // indirect
 	github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
@@ -78,13 +83,13 @@ require (
 	go.opentelemetry.io/otel/metric v1.21.0 // indirect
 	go.opentelemetry.io/otel/trace v1.21.0 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
-	golang.org/x/crypto v0.18.0 // indirect
+	golang.org/x/crypto v0.19.0 // indirect
 	golang.org/x/exp v0.0.0-20231006140011-7918f672742d // indirect
 	golang.org/x/mod v0.13.0 // indirect
-	golang.org/x/net v0.20.0 // indirect
+	golang.org/x/net v0.21.0 // indirect
 	golang.org/x/oauth2 v0.16.0 // indirect
 	golang.org/x/sync v0.6.0 // indirect
-	golang.org/x/sys v0.16.0 // indirect
+	golang.org/x/sys v0.17.0 // indirect
 	golang.org/x/text v0.14.0 // indirect
 	golang.org/x/time v0.5.0 // indirect
 	golang.org/x/tools v0.14.0 // indirect

go.sum

@@ -101,6 +101,8 @@ github.com/frankban/quicktest v1.14.4 h1:g2rn0vABPOOXmZUj+vbmUp0lPoXEMuhTpIluN0X
 github.com/frankban/quicktest v1.14.4/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0=
 github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY=
 github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw=
+github.com/gabriel-vasile/mimetype v1.4.3 h1:in2uUcidCuFcDKtdcBxlR0rJ1+fsokWf+uqxgUFjbI0=
+github.com/gabriel-vasile/mimetype v1.4.3/go.mod h1:d8uq/6HKRL6CGdk+aubisF/M5GcPfT7nKyLpA0lbSSk=
 github.com/gavv/monotime v0.0.0-20161010190848-47d58efa6955 h1:gmtGRvSexPU4B1T/yYo0sLOKzER1YT+b4kPxPpm0Ty4=
 github.com/gavv/monotime v0.0.0-20161010190848-47d58efa6955/go.mod h1:vmp8DIyckQMXOPl0AQVHt+7n5h7Gb7hS6CUydiV8QeA=
 github.com/go-chi/chi v4.1.2+incompatible h1:fGFk2Gmi/YKXk0OmGfBh0WgmN3XB8lVnEyNz34tQRec=
@@ -117,6 +119,14 @@ github.com/go-logr/logr v1.3.0 h1:2y3SDp0ZXuc6/cjLSZ+Q3ir+QB9T/iG5yYRXqsagWSY=
 github.com/go-logr/logr v1.3.0/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
 github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
 github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
+github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s=
+github.com/go-playground/assert/v2 v2.2.0/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
+github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA=
+github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY=
+github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY=
+github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY=
+github.com/go-playground/validator/v10 v10.20.0 h1:K9ISHbSaI0lyB2eWMPJo+kOS/FBExVwjEviJTixqxL8=
+github.com/go-playground/validator/v10 v10.20.0/go.mod h1:dbuPbCMFw/DrkbEynArYaCwl3amGuJotoKCe95atGMM=
 github.com/go-sql-driver/mysql v1.6.0 h1:BCTh4TKNUYmOmMUcQ3IipzF5prigylS7XXjEkfCHuOE=
 github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
@@ -237,6 +247,8 @@ github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 h1:SOEGU9fKiNWd/HOJuq
 github.com/lann/builder v0.0.0-20180802200727-47ae307949d0/go.mod h1:dXGbAdH5GtBTC4WfIxhKZfyBF/HBFgRZSWwZ9g/He9o=
 github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 h1:P6pPBnrTSX3DEVR4fDembhRWSsG5rVo6hYhAB/ADZrk=
 github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0/go.mod h1:vmVJ0l/dxyfGW6FmdpVm2joNMFikkuWg0EoCKLGUMNw=
+github.com/leodido/go-urn v1.4.0 h1:WT9HwE9SGECu3lg4d/dIA+jxlljEa1/ffXKmRjqdmIQ=
+github.com/leodido/go-urn v1.4.0/go.mod h1:bvxc+MVxLKB4z00jd1z+Dvzr47oO32F/QSNjSBOlFxI=
 github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
 github.com/lib/pq v1.10.9 h1:YXG7RB+JIjhP29X+OtkiDnYaXQwpS4JEWq7dtCCRUEw=
 github.com/lib/pq v1.10.9/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
@@ -382,8 +394,8 @@ golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPh
 golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.18.0 h1:PGVlW0xEltQnzFZ55hkuX5+KLyrMYhHld1YHO4AKcdc=
-golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg=
+golang.org/x/crypto v0.19.0 h1:ENy+Az/9Y1vSrlrvBSyna3PITt4tiZLf7sgCjZBX7Wo=
+golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@@ -457,8 +469,8 @@ golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=
-golang.org/x/net v0.20.0 h1:aCL9BSgETF1k+blQaYUBx9hJ9LOGP3gAVemcZlf1Kpo=
-golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY=
+golang.org/x/net v0.21.0 h1:AQyQV4dYCvJ7vGmJyKki9+PBdyvhkSd8EIx/qb0AYv4=
+golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -523,8 +535,8 @@ golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.16.0 h1:xWw16ngr6ZMtmxDyKyIgsE93KNKz5HKmMa3b8ALHidU=
-golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.17.0 h1:25cE3gD+tdBA7lp7QfhuV+rJiE9YXTcS3VG1SqssI/Y=
+golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=

internal/serve/httperror/errors.go

@@ -8,61 +8,65 @@ import (
 	"github.com/stellar/go/support/render/httpjson"
 )
 
-type errorResponse struct {
-	Status int    `json:"-"`
-	Error  string `json:"error"`
+type ErrorResponse struct {
+	Status int                    `json:"-"`
+	Error  string                 `json:"error"`
+	Extras map[string]interface{} `json:"extras,omitempty"`
 }
 
-func (e errorResponse) Render(w http.ResponseWriter) {
+func (e ErrorResponse) Render(w http.ResponseWriter) {
 	httpjson.RenderStatus(w, e.Status, e, httpjson.JSON)
 }
 
 type ErrorHandler struct {
-	Error errorResponse
+	Error ErrorResponse
 }
 
 func (h ErrorHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	h.Error.Render(w)
 }
 
-var NotFound = errorResponse{
+var NotFound = ErrorResponse{
 	Status: http.StatusNotFound,
 	Error:  "The resource at the url requested was not found.",
 }
 
-var MethodNotAllowed = errorResponse{
+var MethodNotAllowed = ErrorResponse{
 	Status: http.StatusMethodNotAllowed,
 	Error:  "The method is not allowed for resource at the url requested.",
 }
 
-func BadRequest(message string) errorResponse {
+func BadRequest(message string, extras map[string]interface{}) *ErrorResponse {
 	if message == "" {
 		message = "Invalid request"
 	}
 
-	return errorResponse{
+	return &ErrorResponse{
 		Status: http.StatusBadRequest,
 		Error:  message,
+		Extras: extras,
 	}
 }
 
-func Unauthorized(message string) errorResponse {
+func Unauthorized(message string, extras map[string]interface{}) *ErrorResponse {
 	if message == "" {
 		message = "Not authorized."
 	}
 
-	return errorResponse{
+	return &ErrorResponse{
 		Status: http.StatusUnauthorized,
 		Error:  message,
+		Extras: extras,
 	}
 }
 
-func InternalServerError(ctx context.Context, message string, err error) errorResponse {
+func InternalServerError(ctx context.Context, message string, err error, extras map[string]interface{}) *ErrorResponse {
 	// TODO: track error in Sentry
 	log.Ctx(ctx).Error(err)
 
-	return errorResponse{
+	return &ErrorResponse{
 		Status: http.StatusInternalServerError,
 		Error:  "An error occurred while processing this request.",
+		Extras: extras,
 	}
 }

internal/serve/httperror/errors_test.go

@@ -14,20 +14,29 @@ import (
 
 func TestErrorResponseRender(t *testing.T) {
 	testCases := []struct {
-		in   errorResponse
-		want errorResponse
+		in                   ErrorResponse
+		want                 ErrorResponse
+		expectedResponseBody string
 	}{
 		{
-			in:   InternalServerError(context.Background(), "", nil),
-			want: errorResponse{Status: http.StatusInternalServerError, Error: "An error occurred while processing this request."},
+			in:                   *InternalServerError(context.Background(), "", nil, nil),
+			want:                 ErrorResponse{Status: http.StatusInternalServerError, Error: "An error occurred while processing this request."},
+			expectedResponseBody: `{"error": "An error occurred while processing this request."}`,
 		},
 		{
-			in:   NotFound,
-			want: errorResponse{Status: http.StatusNotFound, Error: "The resource at the url requested was not found."},
+			in:                   NotFound,
+			want:                 ErrorResponse{Status: http.StatusNotFound, Error: "The resource at the url requested was not found."},
+			expectedResponseBody: `{"error": "The resource at the url requested was not found."}`,
 		},
 		{
-			in:   MethodNotAllowed,
-			want: errorResponse{Status: http.StatusMethodNotAllowed, Error: "The method is not allowed for resource at the url requested."},
+			in:                   MethodNotAllowed,
+			want:                 ErrorResponse{Status: http.StatusMethodNotAllowed, Error: "The method is not allowed for resource at the url requested."},
+			expectedResponseBody: `{"error": "The method is not allowed for resource at the url requested."}`,
+		},
+		{
+			in:                   *BadRequest("Validation error.", map[string]interface{}{"field": "field error"}),
+			want:                 ErrorResponse{Status: http.StatusBadRequest, Error: "Validation error."},
+			expectedResponseBody: `{"error": "Validation error.", "extras": {"field": "field error"}}`,
 		},
 	}
 
@@ -39,27 +48,27 @@ func TestErrorResponseRender(t *testing.T) {
 			assert.Equal(t, tc.want.Status, resp.StatusCode)
 			body, err := io.ReadAll(resp.Body)
 			require.NoError(t, err)
-			assert.JSONEq(t, fmt.Sprintf(`{"error":%q}`, tc.want.Error), string(body))
+			assert.JSONEq(t, tc.expectedResponseBody, string(body))
 		})
 	}
 }
 
 func TestErrorHandler(t *testing.T) {
 	testCases := []struct {
 		in   ErrorHandler
-		want errorResponse
+		want ErrorResponse
 	}{
 		{
-			in:   ErrorHandler{InternalServerError(context.Background(), "", nil)},
-			want: errorResponse{Status: http.StatusInternalServerError, Error: "An error occurred while processing this request."},
+			in:   ErrorHandler{*InternalServerError(context.Background(), "", nil, nil)},
+			want: ErrorResponse{Status: http.StatusInternalServerError, Error: "An error occurred while processing this request."},
 		},
 		{
 			in:   ErrorHandler{NotFound},
-			want: errorResponse{Status: http.StatusNotFound, Error: "The resource at the url requested was not found."},
+			want: ErrorResponse{Status: http.StatusNotFound, Error: "The resource at the url requested was not found."},
 		},
 		{
 			in:   ErrorHandler{MethodNotAllowed},
-			want: errorResponse{Status: http.StatusMethodNotAllowed, Error: "The method is not allowed for resource at the url requested."},
+			want: ErrorResponse{Status: http.StatusMethodNotAllowed, Error: "The method is not allowed for resource at the url requested."},
 		},
 	}
 

internal/serve/httphandler/payments_handler.go

@@ -3,7 +3,6 @@ package httphandler
 import (
 	"net/http"
 
-	"github.com/stellar/go/support/http/httpdecode"
 	"github.com/stellar/wallet-backend/internal/data"
 	"github.com/stellar/wallet-backend/internal/serve/httperror"
 )
@@ -13,22 +12,22 @@ type PaymentsHandler struct {
 }
 
 type PaymentsSubscribeRequest struct {
-	Address string `json:"address"`
+	Address string `json:"address" validate:"required,public_key"`
 }
 
 func (h PaymentsHandler) SubscribeAddress(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
 
 	var reqBody PaymentsSubscribeRequest
-	err := httpdecode.DecodeJSON(r, &reqBody)
-	if err != nil {
-		httperror.BadRequest("Invalid request body").Render(w)
+	httpErr := DecodeJSONAndValidate(ctx, r, &reqBody)
+	if httpErr != nil {
+		httpErr.Render(w)
 		return
 	}
 
-	err = h.PaymentModel.SubscribeAddress(ctx, reqBody.Address)
+	err := h.PaymentModel.SubscribeAddress(ctx, reqBody.Address)
 	if err != nil {
-		httperror.InternalServerError(ctx, "", err).Render(w)
+		httperror.InternalServerError(ctx, "", err, nil).Render(w)
 		return
 	}
 }
@@ -37,15 +36,15 @@ func (h PaymentsHandler) UnsubscribeAddress(w http.ResponseWriter, r *http.Reque
 	ctx := r.Context()
 
 	var reqBody PaymentsSubscribeRequest
-	err := httpdecode.DecodeJSON(r, &reqBody)
-	if err != nil {
-		httperror.BadRequest("Invalid request body").Render(w)
+	httpErr := DecodeJSONAndValidate(ctx, r, &reqBody)
+	if httpErr != nil {
+		httpErr.Render(w)
 		return
 	}
 
-	err = h.PaymentModel.UnsubscribeAddress(ctx, reqBody.Address)
+	err := h.PaymentModel.UnsubscribeAddress(ctx, reqBody.Address)
 	if err != nil {
-		httperror.InternalServerError(ctx, "", err).Render(w)
+		httperror.InternalServerError(ctx, "", err, nil).Render(w)
 		return
 	}
 }