Code Room
Code reviewMediumcr-g548
Subject Security access control idorLevel Mid–Senior~18 minCommon in Security interviewsIndustries Software development

Question

Review this Go handler that returns an invoice.

What a strong answer looks like

Separate real bugs from style. Rank issues by severity, point at the root cause rather than the symptom, and suggest a concrete fix — specific and kind.

Talk through your review
Code to reviewgo
func GetInvoice(w http.ResponseWriter, r *http.Request) {    userID := authFromContext(r.Context()) // authenticated user    invoiceID := r.URL.Query().Get("id")    var inv Invoice    err := db.QueryRow(        "SELECT id, customer_id, amount, pdf_url FROM invoices WHERE id = $1",        invoiceID,    ).Scan(&inv.ID, &inv.CustomerID, &inv.Amount, &inv.PDFURL)    if err != nil {        http.Error(w, "not found", 404)        return    }    json.NewEncoder(w).Encode(inv)    _ = userID}
Run or narrate your approach, then ask the coach.