Skip to content

fix: 存在しないリストに対するアイテム操作で404を返すように修正 #24

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
mohadayo merged 2 commits into from
Apr 21, 2026
Merged

fix: 存在しないリストに対するアイテム操作で404を返すように修正 #24

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
b69e9d9
fix: 存在しないリストに対するアイテム操作で404を返すように修正
mohadayo Apr 21, 2026
22bc9c9
test: 存在しないリストに対するアイテム操作テスト5件追加
mohadayo Apr 21, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 20 additions & 0 deletions handler.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -142,6 +142,10 @@ func handleShowList(store *Store) http.HandlerFunc {
func handleAddItem(store *Store) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
token := r.PathValue("token")
if store.GetList(token) == nil {
http.NotFound(w, r)
return
}
name := strings.TrimSpace(r.FormValue("name"))
if name == "" {
http.Redirect(w, r, "/lists/"+token, http.StatusSeeOther)
Expand All @@ -158,6 +162,10 @@ func handleAddItem(store *Store) http.HandlerFunc {
func handleTogglePrepared(store *Store) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
token := r.PathValue("token")
if store.GetList(token) == nil {
http.NotFound(w, r)
return
}
id := r.PathValue("id")
store.TogglePrepared(token, id)
http.Redirect(w, r, "/lists/"+token, http.StatusSeeOther)
Expand All @@ -167,6 +175,10 @@ func handleTogglePrepared(store *Store) http.HandlerFunc {
func handleToggleRequired(store *Store) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
token := r.PathValue("token")
if store.GetList(token) == nil {
http.NotFound(w, r)
return
}
id := r.PathValue("id")
store.ToggleRequired(token, id)
http.Redirect(w, r, "/lists/"+token, http.StatusSeeOther)
Expand All @@ -176,6 +188,10 @@ func handleToggleRequired(store *Store) http.HandlerFunc {
func handleUpdateAssignee(store *Store) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
token := r.PathValue("token")
if store.GetList(token) == nil {
http.NotFound(w, r)
return
}
id := r.PathValue("id")
assignee := truncateRunes(strings.TrimSpace(r.FormValue("assignee")), maxAssigneeLen)
store.UpdateAssignee(token, id, assignee)
Expand All @@ -186,6 +202,10 @@ func handleUpdateAssignee(store *Store) http.HandlerFunc {
func handleDeleteItem(store *Store) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
token := r.PathValue("token")
if store.GetList(token) == nil {
http.NotFound(w, r)
return
}
id := r.PathValue("id")
store.DeleteItem(token, id)
http.Redirect(w, r, "/lists/"+token, http.StatusSeeOther)
Expand Down
59 changes: 59 additions & 0 deletions handler_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -503,6 +503,65 @@ func TestUpdateAssigneeTruncation(t *testing.T) {
}
}

func TestHandlerAddItemToNonExistentList(t *testing.T) {
mux, _ := setupTestServer()
form := url.Values{"name": {"テント"}, "assignee": {"太郎"}}
req := httptest.NewRequest("POST", "/lists/nonexistent-token/items", strings.NewReader(form.Encode()))
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
w := httptest.NewRecorder()
mux.ServeHTTP(w, req)

if w.Code != http.StatusNotFound {
t.Fatalf("expected 404 for adding item to non-existent list, got %d", w.Code)
}
}

func TestTogglePreparedOnNonExistentList(t *testing.T) {
mux, _ := setupTestServer()
req := httptest.NewRequest("POST", "/lists/nonexistent-token/items/1/toggle-prepared", nil)
w := httptest.NewRecorder()
mux.ServeHTTP(w, req)

if w.Code != http.StatusNotFound {
t.Fatalf("expected 404 for toggle-prepared on non-existent list, got %d", w.Code)
}
}

func TestToggleRequiredOnNonExistentList(t *testing.T) {
mux, _ := setupTestServer()
req := httptest.NewRequest("POST", "/lists/nonexistent-token/items/1/toggle-required", nil)
w := httptest.NewRecorder()
mux.ServeHTTP(w, req)

if w.Code != http.StatusNotFound {
t.Fatalf("expected 404 for toggle-required on non-existent list, got %d", w.Code)
}
}

func TestUpdateAssigneeOnNonExistentList(t *testing.T) {
mux, _ := setupTestServer()
form := url.Values{"assignee": {"花子"}}
req := httptest.NewRequest("POST", "/lists/nonexistent-token/items/1/assignee", strings.NewReader(form.Encode()))
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
w := httptest.NewRecorder()
mux.ServeHTTP(w, req)

if w.Code != http.StatusNotFound {
t.Fatalf("expected 404 for update assignee on non-existent list, got %d", w.Code)
}
}

func TestDeleteItemOnNonExistentList(t *testing.T) {
mux, _ := setupTestServer()
req := httptest.NewRequest("POST", "/lists/nonexistent-token/items/1/delete", nil)
w := httptest.NewRecorder()
mux.ServeHTTP(w, req)

if w.Code != http.StatusNotFound {
t.Fatalf("expected 404 for delete item on non-existent list, got %d", w.Code)
}
}

func TestSecurityHeaders(t *testing.T) {
mux, _ := setupTestServer()
handler := securityHeaders(mux)
Expand Down
Loading