From 851e62dbac5e10f8aa15dff280277675faf09bd3 Mon Sep 17 00:00:00 2001
From: "$(pass /github/name)" <$(pass /github/email)>
Date: Fri, 20 Sep 2024 08:26:07 +0200
Subject: [PATCH] add xss validation

---
 internal/services/membership_service.go | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/internal/services/membership_service.go b/internal/services/membership_service.go
index 8124846..d75de8f 100644
--- a/internal/services/membership_service.go
+++ b/internal/services/membership_service.go
@@ -1,7 +1,6 @@
 package services
 
 import (
-	"net/http"
 	"slices"
 	"time"
 
@@ -9,6 +8,7 @@ import (
 
 	"GoMembership/internal/models"
 	"GoMembership/internal/repositories"
+	"GoMembership/internal/utils"
 	"GoMembership/pkg/errors"
 )
 
@@ -38,7 +38,7 @@ func (service *MembershipService) FindMembershipByUserID(userID int64) (*models.
 // Membership_Subscriptions
 func (service *MembershipService) RegisterSubscription(subscription *models.SubscriptionModel) (int64, error) {
 	if err := validateSubscriptionData(subscription); err != nil {
-		return http.StatusNotAcceptable, err
+		return -1, err
 	}
 	return service.SubscriptionRepo.CreateSubscriptionModel(subscription)
 }
@@ -65,8 +65,9 @@ func (service *MembershipService) GetSubscriptions(where map[string]interface{})
 
 func validateSubscriptionData(subscription *models.SubscriptionModel) error {
 	validate := validator.New()
-
+	// subscriptionModel and membershipField don't have to be evaluated if adding a new subscription
 	validate.RegisterValidation("subscriptionModel", func(fl validator.FieldLevel) bool { return true })
 	validate.RegisterValidation("membershipField", func(fl validator.FieldLevel) bool { return true })
+	validate.RegisterValidation("safe_content", utils.ValidateSafeContent)
 	return validate.Struct(subscription)
 }