ga-plugins-cli 0.1.0 → 0.1.1

package/plugins/go-scaffolder/reference-service/internal/handler/booking.go

@@ -0,0 +1,242 @@
+package handler
+
+import (
+	"encoding/json"
+	"errors"
+	"fmt"
+	"io"
+	"net/http"
+	"strconv"
+
+	"github.com/go-chi/chi/v5"
+	"github.com/go-chi/chi/v5/middleware"
+	"go.uber.org/zap"
+
+	"github.com/zokypesch/booking-service/internal/domain"
+)
+
+const maxBodyBytes = 1 << 20 // 1 MB — prevent OOM from oversized payloads
+
+// BookingHandler implements the HTTP layer for booking resources.
+// It is intentionally thin: decode → call usecase → encode. No business logic here.
+type BookingHandler struct {
+	uc     domain.BookingUsecase
+	logger *zap.Logger
+}
+
+// NewBookingHandler constructs a BookingHandler wired to the given usecase.
+func NewBookingHandler(uc domain.BookingUsecase, logger *zap.Logger) *BookingHandler {
+	if uc == nil {
+		panic("handler: uc must not be nil")
+	}
+	if logger == nil {
+		panic("handler: logger must not be nil")
+	}
+	return &BookingHandler{uc: uc, logger: logger}
+}
+
+// Routes mounts all booking CRUD routes on the provided chi.Router.
+// Call as: r.Route("/bookings", bookingHandler.Routes)
+func (h *BookingHandler) Routes(r chi.Router) {
+	r.Get("/", h.List)
+	r.Post("/", h.Create)
+	r.Get("/{id}", h.GetByID)
+	r.Put("/{id}", h.Update)
+	r.Delete("/{id}", h.Cancel)
+}
+
+// Create handles POST /bookings — creates a new PENDING booking.
+//
+//	Request body:  {"customer_id":"...","flight_id":"...","seat_count":2,"total_price":450.00}
+//	Response 201:  domain.Booking JSON
+func (h *BookingHandler) Create(w http.ResponseWriter, r *http.Request) {
+	var input domain.CreateBookingInput
+	if err := decodeJSON(r, &input); err != nil {
+		respondErrorStatus(w, http.StatusBadRequest, err.Error(), "BAD_REQUEST")
+		return
+	}
+
+	booking, err := h.uc.CreateBooking(r.Context(), input)
+	if err != nil {
+		h.logger.Error("create booking",
+			zap.Error(err),
+			zap.String("request_id", middleware.GetReqID(r.Context())),
+		)
+		respondError(w, err)
+		return
+	}
+
+	respondJSON(w, http.StatusCreated, booking)
+}
+
+// GetByID handles GET /bookings/{id} — retrieves a single booking.
+//
+//	Response 200: domain.Booking JSON
+//	Response 404: when booking not found
+func (h *BookingHandler) GetByID(w http.ResponseWriter, r *http.Request) {
+	id := chi.URLParam(r, "id")
+
+	booking, err := h.uc.GetBooking(r.Context(), id)
+	if err != nil {
+		h.logger.Error("get booking",
+			zap.Error(err),
+			zap.String("id", id),
+			zap.String("request_id", middleware.GetReqID(r.Context())),
+		)
+		respondError(w, err)
+		return
+	}
+
+	respondJSON(w, http.StatusOK, booking)
+}
+
+// Update handles PUT /bookings/{id} — updates mutable fields of a booking.
+//
+//	Request body:  {"seat_count":3,"total_price":675.00}  (all fields optional)
+//	Response 200:  updated domain.Booking JSON
+func (h *BookingHandler) Update(w http.ResponseWriter, r *http.Request) {
+	id := chi.URLParam(r, "id")
+
+	var input domain.UpdateBookingInput
+	if err := decodeJSON(r, &input); err != nil {
+		respondErrorStatus(w, http.StatusBadRequest, err.Error(), "BAD_REQUEST")
+		return
+	}
+
+	booking, err := h.uc.UpdateBooking(r.Context(), id, input)
+	if err != nil {
+		h.logger.Error("update booking",
+			zap.Error(err),
+			zap.String("id", id),
+			zap.String("request_id", middleware.GetReqID(r.Context())),
+		)
+		respondError(w, err)
+		return
+	}
+
+	respondJSON(w, http.StatusOK, booking)
+}
+
+// List handles GET /bookings — returns a paginated list of bookings.
+//
+//	Query params: limit (default 20, max 100), offset (default 0)
+//	Response 200: []domain.Booking JSON
+func (h *BookingHandler) List(w http.ResponseWriter, r *http.Request) {
+	limit := queryInt(r, "limit", 20)
+	offset := queryInt(r, "offset", 0)
+
+	bookings, err := h.uc.ListBookings(r.Context(), limit, offset)
+	if err != nil {
+		h.logger.Error("list bookings",
+			zap.Error(err),
+			zap.String("request_id", middleware.GetReqID(r.Context())),
+		)
+		respondError(w, err)
+		return
+	}
+
+	respondJSON(w, http.StatusOK, bookings)
+}
+
+// Cancel handles DELETE /bookings/{id} — transitions a booking to CANCELLED status.
+//
+//	Response 200:  cancelled domain.Booking JSON
+//	Response 422:  when status transition is invalid
+func (h *BookingHandler) Cancel(w http.ResponseWriter, r *http.Request) {
+	id := chi.URLParam(r, "id")
+
+	booking, err := h.uc.CancelBooking(r.Context(), id)
+	if err != nil {
+		h.logger.Error("cancel booking",
+			zap.Error(err),
+			zap.String("id", id),
+			zap.String("request_id", middleware.GetReqID(r.Context())),
+		)
+		respondError(w, err)
+		return
+	}
+
+	respondJSON(w, http.StatusOK, booking)
+}
+
+// --- Request helpers ---
+
+// decodeJSON decodes the JSON request body into dst.
+// Enforces a 1 MB body size limit and disallows unknown fields.
+func decodeJSON(r *http.Request, dst any) error {
+	r.Body = http.MaxBytesReader(nil, r.Body, maxBodyBytes)
+	dec := json.NewDecoder(r.Body)
+	dec.DisallowUnknownFields()
+
+	if err := dec.Decode(dst); err != nil {
+		var syntaxErr *json.SyntaxError
+		var unmarshalErr *json.UnmarshalTypeError
+		switch {
+		case errors.As(err, &syntaxErr):
+			return fmt.Errorf("malformed JSON at position %d", syntaxErr.Offset)
+		case errors.As(err, &unmarshalErr):
+			return fmt.Errorf("invalid value for field %q", unmarshalErr.Field)
+		case errors.Is(err, io.EOF):
+			return errors.New("request body must not be empty")
+		default:
+			return fmt.Errorf("decoding request: %w", err)
+		}
+	}
+	return nil
+}
+
+// queryInt reads a query parameter as an integer, returning defaultVal on missing or invalid.
+func queryInt(r *http.Request, key string, defaultVal int) int {
+	raw := r.URL.Query().Get(key)
+	if raw == "" {
+		return defaultVal
+	}
+	v, err := strconv.Atoi(raw)
+	if err != nil || v < 0 {
+		return defaultVal
+	}
+	return v
+}
+
+// --- Response helpers ---
+
+type errorBody struct {
+	Error string `json:"error"`
+	Code  string `json:"code"`
+}
+
+// respondJSON serialises data as JSON with the given HTTP status code.
+func respondJSON(w http.ResponseWriter, status int, data any) {
+	w.Header().Set("Content-Type", "application/json")
+	w.WriteHeader(status)
+	if data != nil {
+		_ = json.NewEncoder(w).Encode(data)
+	}
+}
+
+// respondError maps domain sentinel errors to HTTP status codes and writes an error body.
+func respondError(w http.ResponseWriter, err error) {
+	switch {
+	case errors.Is(err, domain.ErrBookingNotFound):
+		respondErrorStatus(w, http.StatusNotFound, err.Error(), "NOT_FOUND")
+	case errors.Is(err, domain.ErrInvalidStatus):
+		respondErrorStatus(w, http.StatusUnprocessableEntity, err.Error(), "INVALID_STATUS_TRANSITION")
+	case errors.Is(err, domain.ErrAlreadyExists):
+		respondErrorStatus(w, http.StatusConflict, err.Error(), "CONFLICT")
+	case errors.Is(err, domain.ErrInvalidInput):
+		respondErrorStatus(w, http.StatusBadRequest, err.Error(), "BAD_REQUEST")
+	case errors.Is(err, domain.ErrUnauthorized):
+		respondErrorStatus(w, http.StatusUnauthorized, err.Error(), "UNAUTHORIZED")
+	case errors.Is(err, domain.ErrForbidden):
+		respondErrorStatus(w, http.StatusForbidden, err.Error(), "FORBIDDEN")
+	default:
+		respondErrorStatus(w, http.StatusInternalServerError, "internal server error", "INTERNAL")
+	}
+}
+
+// respondErrorStatus writes a JSON error body with the given status, message, and machine code.
+func respondErrorStatus(w http.ResponseWriter, status int, message, code string) {
+	w.Header().Set("Content-Type", "application/json")
+	w.WriteHeader(status)
+	_ = json.NewEncoder(w).Encode(errorBody{Error: message, Code: code})
+}

package/plugins/go-scaffolder/reference-service/internal/handler/booking_test.go

@@ -0,0 +1,451 @@
+package handler
+
+import (
+	"bytes"
+	"context"
+	"encoding/json"
+	"fmt"
+	"net/http"
+	"net/http/httptest"
+	"strings"
+	"testing"
+	"time"
+
+	"github.com/go-chi/chi/v5"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+	"go.uber.org/zap"
+
+	"github.com/zokypesch/booking-service/internal/domain"
+)
+
+// -------------------------------------------------------------------------
+// Hand-rolled mock for domain.BookingUsecase
+// -------------------------------------------------------------------------
+
+// mockBookingUsecase is a simple, test-local mock — no code-generation required.
+// Each method field is a function variable; tests override only what they need.
+type mockBookingUsecase struct {
+	createFn      func(ctx context.Context, input domain.CreateBookingInput) (*domain.Booking, error)
+	getFn         func(ctx context.Context, id string) (*domain.Booking, error)
+	updateFn      func(ctx context.Context, id string, input domain.UpdateBookingInput) (*domain.Booking, error)
+	listFn        func(ctx context.Context, limit, offset int) ([]*domain.Booking, error)
+	cancelFn      func(ctx context.Context, id string) (*domain.Booking, error)
+}
+
+func (m *mockBookingUsecase) CreateBooking(ctx context.Context, input domain.CreateBookingInput) (*domain.Booking, error) {
+	if m.createFn != nil {
+		return m.createFn(ctx, input)
+	}
+	return nil, fmt.Errorf("CreateBooking not stubbed")
+}
+
+func (m *mockBookingUsecase) GetBooking(ctx context.Context, id string) (*domain.Booking, error) {
+	if m.getFn != nil {
+		return m.getFn(ctx, id)
+	}
+	return nil, fmt.Errorf("GetBooking not stubbed")
+}
+
+func (m *mockBookingUsecase) UpdateBooking(ctx context.Context, id string, input domain.UpdateBookingInput) (*domain.Booking, error) {
+	if m.updateFn != nil {
+		return m.updateFn(ctx, id, input)
+	}
+	return nil, fmt.Errorf("UpdateBooking not stubbed")
+}
+
+func (m *mockBookingUsecase) ListBookings(ctx context.Context, limit, offset int) ([]*domain.Booking, error) {
+	if m.listFn != nil {
+		return m.listFn(ctx, limit, offset)
+	}
+	return nil, fmt.Errorf("ListBookings not stubbed")
+}
+
+func (m *mockBookingUsecase) CancelBooking(ctx context.Context, id string) (*domain.Booking, error) {
+	if m.cancelFn != nil {
+		return m.cancelFn(ctx, id)
+	}
+	return nil, fmt.Errorf("CancelBooking not stubbed")
+}
+
+// -------------------------------------------------------------------------
+// Test helpers
+// -------------------------------------------------------------------------
+
+// newTestHandler builds a BookingHandler backed by the provided mock and a no-op logger.
+func newTestHandler(mock *mockBookingUsecase) *BookingHandler {
+	return NewBookingHandler(mock, zap.NewNop())
+}
+
+// newChiRouter mounts the handler on a chi router, mirroring production routing.
+func newChiRouter(h *BookingHandler) http.Handler {
+	r := chi.NewRouter()
+	r.Route("/bookings", h.Routes)
+	return r
+}
+
+// fixedBooking returns a deterministic Booking for use in test assertions.
+func fixedBooking(id string) *domain.Booking {
+	return &domain.Booking{
+		ID:         id,
+		CustomerID: "cust-001",
+		FlightID:   "flight-GA123",
+		Status:     domain.StatusPending,
+		SeatCount:  2,
+		TotalPrice: 450.00,
+		CreatedAt:  time.Date(2024, 1, 15, 10, 0, 0, 0, time.UTC),
+		UpdatedAt:  time.Date(2024, 1, 15, 10, 0, 0, 0, time.UTC),
+	}
+}
+
+// -------------------------------------------------------------------------
+// Tests: Create
+// -------------------------------------------------------------------------
+
+func TestBookingHandler_Create_Success(t *testing.T) {
+	const bookingID = "booking-abc-123"
+
+	mock := &mockBookingUsecase{
+		createFn: func(_ context.Context, input domain.CreateBookingInput) (*domain.Booking, error) {
+			// Validate the handler correctly decoded the request body.
+			assert.Equal(t, "cust-001", input.CustomerID)
+			assert.Equal(t, "flight-GA123", input.FlightID)
+			assert.Equal(t, 2, input.SeatCount)
+			assert.InDelta(t, 450.00, input.TotalPrice, 0.001)
+			return fixedBooking(bookingID), nil
+		},
+	}
+
+	body := `{"customer_id":"cust-001","flight_id":"flight-GA123","seat_count":2,"total_price":450.00}`
+	req := httptest.NewRequest(http.MethodPost, "/bookings", strings.NewReader(body))
+	req.Header.Set("Content-Type", "application/json")
+	rec := httptest.NewRecorder()
+
+	newChiRouter(newTestHandler(mock)).ServeHTTP(rec, req)
+
+	require.Equal(t, http.StatusCreated, rec.Code)
+
+	var got domain.Booking
+	require.NoError(t, json.NewDecoder(rec.Body).Decode(&got))
+	assert.Equal(t, bookingID, got.ID)
+	assert.Equal(t, "cust-001", got.CustomerID)
+	assert.Equal(t, domain.StatusPending, got.Status)
+}
+
+func TestBookingHandler_Create_InvalidBody(t *testing.T) {
+	tests := []struct {
+		name         string
+		body         string
+		wantStatus   int
+		wantCode     string
+	}{
+		{
+			name:       "empty body",
+			body:       "",
+			wantStatus: http.StatusBadRequest,
+			wantCode:   "BAD_REQUEST",
+		},
+		{
+			name:       "malformed JSON",
+			body:       `{"customer_id": "cust-001"`,
+			wantStatus: http.StatusBadRequest,
+			wantCode:   "BAD_REQUEST",
+		},
+		{
+			name:       "unknown field",
+			body:       `{"customer_id":"cust-001","unknown_field":"x"}`,
+			wantStatus: http.StatusBadRequest,
+			wantCode:   "BAD_REQUEST",
+		},
+	}
+
+	for _, tc := range tests {
+		t.Run(tc.name, func(t *testing.T) {
+			// The mock's createFn should never be called for invalid bodies.
+			mock := &mockBookingUsecase{
+				createFn: func(_ context.Context, _ domain.CreateBookingInput) (*domain.Booking, error) {
+					t.Fatal("CreateBooking should not be called with an invalid body")
+					return nil, nil
+				},
+			}
+
+			req := httptest.NewRequest(http.MethodPost, "/bookings", strings.NewReader(tc.body))
+			req.Header.Set("Content-Type", "application/json")
+			rec := httptest.NewRecorder()
+
+			newChiRouter(newTestHandler(mock)).ServeHTTP(rec, req)
+
+			assert.Equal(t, tc.wantStatus, rec.Code, "status mismatch for case: %s", tc.name)
+
+			var errResp errorBody
+			require.NoError(t, json.NewDecoder(rec.Body).Decode(&errResp))
+			assert.Equal(t, tc.wantCode, errResp.Code)
+			assert.NotEmpty(t, errResp.Error)
+		})
+	}
+}
+
+func TestBookingHandler_Create_UsecaseValidationError(t *testing.T) {
+	mock := &mockBookingUsecase{
+		createFn: func(_ context.Context, _ domain.CreateBookingInput) (*domain.Booking, error) {
+			return nil, fmt.Errorf("%w: seat_count must be at least 1", domain.ErrInvalidInput)
+		},
+	}
+
+	body := `{"customer_id":"cust-001","flight_id":"GA123","seat_count":0,"total_price":0}`
+	req := httptest.NewRequest(http.MethodPost, "/bookings", strings.NewReader(body))
+	req.Header.Set("Content-Type", "application/json")
+	rec := httptest.NewRecorder()
+
+	newChiRouter(newTestHandler(mock)).ServeHTTP(rec, req)
+
+	assert.Equal(t, http.StatusBadRequest, rec.Code)
+
+	var errResp errorBody
+	require.NoError(t, json.NewDecoder(rec.Body).Decode(&errResp))
+	assert.Equal(t, "BAD_REQUEST", errResp.Code)
+}
+
+// -------------------------------------------------------------------------
+// Tests: GetByID
+// -------------------------------------------------------------------------
+
+func TestBookingHandler_GetByID_Success(t *testing.T) {
+	const bookingID = "booking-xyz-789"
+
+	mock := &mockBookingUsecase{
+		getFn: func(_ context.Context, id string) (*domain.Booking, error) {
+			assert.Equal(t, bookingID, id)
+			return fixedBooking(bookingID), nil
+		},
+	}
+
+	req := httptest.NewRequest(http.MethodGet, "/bookings/"+bookingID, nil)
+	rec := httptest.NewRecorder()
+
+	newChiRouter(newTestHandler(mock)).ServeHTTP(rec, req)
+
+	require.Equal(t, http.StatusOK, rec.Code)
+	assert.Equal(t, "application/json", rec.Header().Get("Content-Type"))
+
+	var got domain.Booking
+	require.NoError(t, json.NewDecoder(rec.Body).Decode(&got))
+	assert.Equal(t, bookingID, got.ID)
+	assert.Equal(t, domain.StatusPending, got.Status)
+}
+
+func TestBookingHandler_GetByID_NotFound(t *testing.T) {
+	mock := &mockBookingUsecase{
+		getFn: func(_ context.Context, id string) (*domain.Booking, error) {
+			return nil, domain.ErrBookingNotFound
+		},
+	}
+
+	req := httptest.NewRequest(http.MethodGet, "/bookings/does-not-exist", nil)
+	rec := httptest.NewRecorder()
+
+	newChiRouter(newTestHandler(mock)).ServeHTTP(rec, req)
+
+	assert.Equal(t, http.StatusNotFound, rec.Code)
+
+	var errResp errorBody
+	require.NoError(t, json.NewDecoder(rec.Body).Decode(&errResp))
+	assert.Equal(t, "NOT_FOUND", errResp.Code)
+	assert.NotEmpty(t, errResp.Error)
+}
+
+// -------------------------------------------------------------------------
+// Tests: Cancel
+// -------------------------------------------------------------------------
+
+func TestBookingHandler_Cancel_Success(t *testing.T) {
+	const bookingID = "booking-to-cancel"
+
+	cancelled := fixedBooking(bookingID)
+	cancelled.Status = domain.StatusCancelled
+
+	mock := &mockBookingUsecase{
+		cancelFn: func(_ context.Context, id string) (*domain.Booking, error) {
+			assert.Equal(t, bookingID, id)
+			return cancelled, nil
+		},
+	}
+
+	req := httptest.NewRequest(http.MethodDelete, "/bookings/"+bookingID, nil)
+	rec := httptest.NewRecorder()
+
+	newChiRouter(newTestHandler(mock)).ServeHTTP(rec, req)
+
+	require.Equal(t, http.StatusOK, rec.Code)
+
+	var got domain.Booking
+	require.NoError(t, json.NewDecoder(rec.Body).Decode(&got))
+	assert.Equal(t, bookingID, got.ID)
+	assert.Equal(t, domain.StatusCancelled, got.Status)
+}
+
+func TestBookingHandler_Cancel_InvalidStatusTransition(t *testing.T) {
+	mock := &mockBookingUsecase{
+		cancelFn: func(_ context.Context, id string) (*domain.Booking, error) {
+			return nil, fmt.Errorf("%w: cannot cancel a booking with status CANCELLED",
+				domain.ErrInvalidStatus)
+		},
+	}
+
+	req := httptest.NewRequest(http.MethodDelete, "/bookings/already-cancelled", nil)
+	rec := httptest.NewRecorder()
+
+	newChiRouter(newTestHandler(mock)).ServeHTTP(rec, req)
+
+	assert.Equal(t, http.StatusUnprocessableEntity, rec.Code)
+
+	var errResp errorBody
+	require.NoError(t, json.NewDecoder(rec.Body).Decode(&errResp))
+	assert.Equal(t, "INVALID_STATUS_TRANSITION", errResp.Code)
+}
+
+func TestBookingHandler_Cancel_NotFound(t *testing.T) {
+	mock := &mockBookingUsecase{
+		cancelFn: func(_ context.Context, id string) (*domain.Booking, error) {
+			return nil, domain.ErrBookingNotFound
+		},
+	}
+
+	req := httptest.NewRequest(http.MethodDelete, "/bookings/ghost-booking", nil)
+	rec := httptest.NewRecorder()
+
+	newChiRouter(newTestHandler(mock)).ServeHTTP(rec, req)
+
+	assert.Equal(t, http.StatusNotFound, rec.Code)
+
+	var errResp errorBody
+	require.NoError(t, json.NewDecoder(rec.Body).Decode(&errResp))
+	assert.Equal(t, "NOT_FOUND", errResp.Code)
+}
+
+// -------------------------------------------------------------------------
+// Tests: List
+// -------------------------------------------------------------------------
+
+func TestBookingHandler_List_Success(t *testing.T) {
+	bookings := []*domain.Booking{
+		fixedBooking("booking-1"),
+		fixedBooking("booking-2"),
+	}
+
+	mock := &mockBookingUsecase{
+		listFn: func(_ context.Context, limit, offset int) ([]*domain.Booking, error) {
+			assert.Equal(t, 10, limit)
+			assert.Equal(t, 0, offset)
+			return bookings, nil
+		},
+	}
+
+	req := httptest.NewRequest(http.MethodGet, "/bookings?limit=10&offset=0", nil)
+	rec := httptest.NewRecorder()
+
+	newChiRouter(newTestHandler(mock)).ServeHTTP(rec, req)
+
+	require.Equal(t, http.StatusOK, rec.Code)
+
+	var got []*domain.Booking
+	require.NoError(t, json.NewDecoder(rec.Body).Decode(&got))
+	require.Len(t, got, 2)
+	assert.Equal(t, "booking-1", got[0].ID)
+	assert.Equal(t, "booking-2", got[1].ID)
+}
+
+func TestBookingHandler_List_DefaultPagination(t *testing.T) {
+	mock := &mockBookingUsecase{
+		listFn: func(_ context.Context, limit, offset int) ([]*domain.Booking, error) {
+			// Without query params, handler should default to limit=20, offset=0
+			assert.Equal(t, 20, limit)
+			assert.Equal(t, 0, offset)
+			return []*domain.Booking{}, nil
+		},
+	}
+
+	req := httptest.NewRequest(http.MethodGet, "/bookings", nil)
+	rec := httptest.NewRecorder()
+
+	newChiRouter(newTestHandler(mock)).ServeHTTP(rec, req)
+
+	assert.Equal(t, http.StatusOK, rec.Code)
+}
+
+// -------------------------------------------------------------------------
+// Tests: Update
+// -------------------------------------------------------------------------
+
+func TestBookingHandler_Update_Success(t *testing.T) {
+	const bookingID = "booking-to-update"
+
+	updatedPrice := 675.00
+	updated := fixedBooking(bookingID)
+	updated.TotalPrice = updatedPrice
+
+	mock := &mockBookingUsecase{
+		updateFn: func(_ context.Context, id string, input domain.UpdateBookingInput) (*domain.Booking, error) {
+			assert.Equal(t, bookingID, id)
+			require.NotNil(t, input.TotalPrice)
+			assert.InDelta(t, updatedPrice, *input.TotalPrice, 0.001)
+			return updated, nil
+		},
+	}
+
+	body, _ := json.Marshal(map[string]interface{}{"total_price": updatedPrice})
+	req := httptest.NewRequest(http.MethodPut, "/bookings/"+bookingID, bytes.NewReader(body))
+	req.Header.Set("Content-Type", "application/json")
+	rec := httptest.NewRecorder()
+
+	newChiRouter(newTestHandler(mock)).ServeHTTP(rec, req)
+
+	require.Equal(t, http.StatusOK, rec.Code)
+
+	var got domain.Booking
+	require.NoError(t, json.NewDecoder(rec.Body).Decode(&got))
+	assert.InDelta(t, updatedPrice, got.TotalPrice, 0.001)
+}
+
+// -------------------------------------------------------------------------
+// Tests: Content-Type and response shape invariants
+// -------------------------------------------------------------------------
+
+func TestBookingHandler_AlwaysSetsContentType(t *testing.T) {
+	// Any response — success or error — must set Content-Type: application/json.
+	mock := &mockBookingUsecase{
+		getFn: func(_ context.Context, _ string) (*domain.Booking, error) {
+			return nil, domain.ErrBookingNotFound // trigger a 404 error path
+		},
+	}
+
+	req := httptest.NewRequest(http.MethodGet, "/bookings/any-id", nil)
+	rec := httptest.NewRecorder()
+
+	newChiRouter(newTestHandler(mock)).ServeHTTP(rec, req)
+
+	assert.Equal(t, "application/json", rec.Header().Get("Content-Type"))
+}
+
+func TestBookingHandler_InternalError_HidesDetails(t *testing.T) {
+	// Unexpected errors must not leak internal details to the client.
+	mock := &mockBookingUsecase{
+		getFn: func(_ context.Context, _ string) (*domain.Booking, error) {
+			return nil, fmt.Errorf("internal db connection error: socket timeout to 10.0.0.5:5432")
+		},
+	}
+
+	req := httptest.NewRequest(http.MethodGet, "/bookings/any-id", nil)
+	rec := httptest.NewRecorder()
+
+	newChiRouter(newTestHandler(mock)).ServeHTTP(rec, req)
+
+	assert.Equal(t, http.StatusInternalServerError, rec.Code)
+
+	var errResp errorBody
+	require.NoError(t, json.NewDecoder(rec.Body).Decode(&errResp))
+	assert.Equal(t, "INTERNAL", errResp.Code)
+	// The internal message must NOT appear in the response body.
+	assert.NotContains(t, errResp.Error, "10.0.0.5")
+	assert.NotContains(t, errResp.Error, "socket timeout")
+}