admin: address Gemini + Codex review (write endpoints)

bootjp · bootjp · commit 2a4ac951acda · 2026-04-26T00:44:45.000+09:00
- adapter/dynamodb_admin.go: drop the redundant empty-table-name check
  in AdminCreateTable. buildLegacyCreateTableInput already rejects an
  empty TableName, so the second guard was dead code that just
  shifted the error path.

- internal/admin/dynamo_handler.go: reject trailing JSON tokens after
  the create-table body (Codex P2). `decodeCreateTableRequest` now
  calls dec.More() after the first Decode() and returns 400 if the
  client sent additional values; previously a `{...}{garbage}` body
  silently used the first object and ignored the rest.

- Split out validateCreateTableRequest so the decoder + validator
  each stay under cyclop=10 after adding the dec.More() check.

- Tests: extend TestDynamoHandler_CreateTable_RejectsBadJSON to cover
  both trailing JSON object and trailing scalar.
diff --git a/adapter/dynamodb_admin.go b/adapter/dynamodb_admin.go
@@ -209,9 +209,8 @@ func (d *DynamoDBServer) AdminCreateTable(ctx context.Context, principal AdminPr
 	if err != nil {
 		return nil, err
 	}
-	if strings.TrimSpace(legacy.TableName) == "" {
-		return nil, newDynamoAPIError(http.StatusBadRequest, dynamoErrValidation, "missing table name")
-	}
+	// buildLegacyCreateTableInput already rejects an empty table
+	// name; the previous duplicated check here was dead code.
 	unlock := d.lockTableOperations([]string{legacy.TableName})
 	defer unlock()
 	schema, err := buildCreateTableSchema(legacy)
diff --git a/internal/admin/dynamo_handler.go b/internal/admin/dynamo_handler.go
@@ -367,23 +367,42 @@ func decodeCreateTableRequest(body io.Reader) (CreateTableRequest, error) {
 		}
 		return CreateTableRequest{}, errors.New("request body is not valid JSON")
 	}
-	if strings.TrimSpace(out.TableName) == "" {
-		return CreateTableRequest{}, errors.New("table_name is required")
-	}
-	if err := validateAttribute(out.PartitionKey, "partition_key"); err != nil {
+	// Reject trailing JSON tokens — `{"table_name":"a", ...}{...}`
+	// must surface as 400, not silently accept the first object and
+	// drop the rest. dec.More() returns true when there is at least
+	// one more JSON value in the stream beyond the one we just
+	// decoded.
+	if dec.More() {
+		return CreateTableRequest{}, errors.New("request body has trailing data after the JSON object")
+	}
+	if err := validateCreateTableRequest(&out); err != nil {
 		return CreateTableRequest{}, err
 	}
-	if out.SortKey != nil {
-		if err := validateAttribute(*out.SortKey, "sort_key"); err != nil {
-			return CreateTableRequest{}, err
+	return out, nil
+}
+
+// validateCreateTableRequest is the field-level validation pass
+// kept separate from the JSON decoding so each function stays under
+// the project's cyclomatic-complexity ceiling and the decoder is
+// trivially auditable on its own.
+func validateCreateTableRequest(in *CreateTableRequest) error {
+	if strings.TrimSpace(in.TableName) == "" {
+		return errors.New("table_name is required")
+	}
+	if err := validateAttribute(in.PartitionKey, "partition_key"); err != nil {
+		return err
+	}
+	if in.SortKey != nil {
+		if err := validateAttribute(*in.SortKey, "sort_key"); err != nil {
+			return err
 		}
 	}
-	for i := range out.GSI {
-		if err := validateGSI(&out.GSI[i], i); err != nil {
-			return CreateTableRequest{}, err
+	for i := range in.GSI {
+		if err := validateGSI(&in.GSI[i], i); err != nil {
+			return err
 		}
 	}
-	return out, nil
+	return nil
 }
 
 // validateAttribute enforces the "S | N | B" rule for primary-key
diff --git a/internal/admin/dynamo_handler_test.go b/internal/admin/dynamo_handler_test.go
@@ -438,6 +438,8 @@ func TestDynamoHandler_CreateTable_RejectsBadJSON(t *testing.T) {
 		`{"table_name":"u","partition_key":{"name":"id","type":"X"}}`,                                   // bad type
 		`{"table_name":"u","partition_key":{"name":"id","type":"S"},"sort_key":{"name":"","type":"S"}}`, // bad sort key
 		`{"table_name":"u","partition_key":{"name":"id","type":"S"},"unknown_field":1}`,                 // strict decode
+		`{"table_name":"u","partition_key":{"name":"id","type":"S"}}{"second":"object"}`,                // trailing JSON
+		`{"table_name":"u","partition_key":{"name":"id","type":"S"}} 42`,                                // trailing scalar
 	}
 	for _, body := range cases {
 		t.Run(body, func(t *testing.T) {

Original file line number	Diff line number	Diff line change
`@@ -438,6 +438,8 @@ func TestDynamoHandler_CreateTable_RejectsBadJSON(t *testing.T) {`
`438`	`438`	`{"table_name":"u","partition_key":{"name":"id","type":"X"}}`, // bad type
`439`	`439`	`{"table_name":"u","partition_key":{"name":"id","type":"S"},"sort_key":{"name":"","type":"S"}}`, // bad sort key
`440`	`440`	`{"table_name":"u","partition_key":{"name":"id","type":"S"},"unknown_field":1}`, // strict decode
	`441`	+ `{"table_name":"u","partition_key":{"name":"id","type":"S"}}{"second":"object"}`, // trailing JSON
	`442`	+ `{"table_name":"u","partition_key":{"name":"id","type":"S"}} 42`, // trailing scalar
`441`	`443`	`}`
`442`	`444`	`for _, body := range cases {`
`443`	`445`	`t.Run(body, func(t *testing.T) {`