fix: add ID validation and normalization functions for comment handling

Author: LinkinStars

internal/controller/comment_controller.go

@@ -33,7 +33,6 @@ import (
 	"github.com/apache/answer/internal/service/comment"
 	"github.com/apache/answer/internal/service/permission"
 	"github.com/apache/answer/internal/service/rank"
-	"github.com/apache/answer/pkg/uid"
 	"github.com/gin-gonic/gin"
 	"github.com/segmentfault/pacman/errors"
 )
@@ -86,7 +85,6 @@ func (cc *CommentController) AddComment(ctx *gin.Context) {
 			cc.rateLimitMiddleware.DuplicateRequestClear(ctx, rejectKey)
 		}
 	}()
-	req.ObjectID = uid.DeShortID(req.ObjectID)
 	req.UserID = middleware.GetLoginUserIDFromContext(ctx)
 
 	canList, err := cc.rankService.CheckOperationPermissions(ctx, req.UserID, []string{
@@ -245,8 +243,6 @@ func (cc *CommentController) GetCommentWithPage(ctx *gin.Context) {
 	if handler.BindAndCheck(ctx, req) {
 		return
 	}
-	req.ObjectID = uid.DeShortID(req.ObjectID)
-	req.CommentID = uid.DeShortID(req.CommentID)
 	req.UserID = middleware.GetLoginUserIDFromContext(ctx)
 	canList, err := cc.rankService.CheckOperationPermissions(ctx, req.UserID, []string{
 		permission.CommentEdit,

internal/repo/comment/comment_repo.go

@@ -31,6 +31,7 @@ import (
 	"github.com/apache/answer/internal/service/comment"
 	"github.com/apache/answer/internal/service/comment_common"
 	"github.com/apache/answer/internal/service/unique"
+	"github.com/apache/answer/pkg/uid"
 	"github.com/segmentfault/pacman/errors"
 )
 
@@ -107,6 +108,9 @@ func (cr *commentRepo) UpdateCommentStatus(ctx context.Context, commentID string
 func (cr *commentRepo) GetComment(ctx context.Context, commentID string) (
 	comment *entity.Comment, exist bool, err error) {
 	comment = &entity.Comment{}
+	if !uid.IsValidNumericID(commentID) {
+		return comment, false, nil
+	}
 	exist, err = cr.data.DB.Context(ctx).Where("status = ?", entity.CommentStatusAvailable).ID(commentID).Get(comment)
 	if err != nil {
 		err = errors.InternalServer(reason.DatabaseError).WithError(err).WithStack()
@@ -118,6 +122,9 @@ func (cr *commentRepo) GetComment(ctx context.Context, commentID string) (
 func (cr *commentRepo) GetCommentWithoutStatus(ctx context.Context, commentID string) (
 	comment *entity.Comment, exist bool, err error) {
 	comment = &entity.Comment{}
+	if !uid.IsValidNumericID(commentID) {
+		return comment, false, nil
+	}
 	exist, err = cr.data.DB.Context(ctx).ID(commentID).Get(comment)
 	if err != nil {
 		err = errors.InternalServer(reason.DatabaseError).WithError(err).WithStack()

pkg/uid/sid.go

@@ -21,6 +21,7 @@ package uid
 
 import (
 	"strconv"
+	"strings"
 
 	"github.com/segmentfault/pacman/utils"
 )
@@ -90,3 +91,41 @@ func IsShortID(id string) bool {
 	}
 	return false
 }
+
+// IsValidNumericID checks whether id can be parsed as a positive int64.
+func IsValidNumericID(id string) bool {
+	id = strings.TrimSpace(id)
+	if len(id) == 0 {
+		return false
+	}
+	num, err := strconv.ParseInt(id, 10, 64)
+	if err != nil {
+		return false
+	}
+	return num > 0
+}
+
+// NormalizeOptionalID normalizes a raw id parameter.
+// It accepts short id and long id, treats empty/null/undefined as "not provided".
+// Returns normalized id, whether caller provided a value, and whether value is valid.
+func NormalizeOptionalID(raw string) (normalizedID string, provided bool, valid bool) {
+	raw = strings.TrimSpace(raw)
+	if len(raw) == 0 || strings.EqualFold(raw, "null") || strings.EqualFold(raw, "undefined") {
+		return "", false, true
+	}
+	normalizedID = DeShortID(raw)
+	if !IsValidNumericID(normalizedID) {
+		return "", true, false
+	}
+	return normalizedID, true, true
+}
+
+// NormalizeRequiredID normalizes a required id parameter.
+// Returns normalized id and whether the value is valid.
+func NormalizeRequiredID(raw string) (normalizedID string, valid bool) {
+	normalizedID, provided, valid := NormalizeOptionalID(raw)
+	if !provided {
+		return "", false
+	}
+	return normalizedID, valid
+}