- fix: The AccessTTL and RefreshTTL fields in JWTConfig now use
time.Duration type directly instead of string with ParseDuration
methods. The config validation now checks for positive durations
rather than parsing strings.
- Add TokenType enum and include in Claims struct
- GenerateRefreshToken now creates tokens with TokenRefresh type
- AuthRequired middleware rejects refresh tokens
- AuthService.Refresh validates token type
- Tests verify type validation
- Add GORM dependencies for SQLite and PostgreSQL
- Create domain models (User, Session, File) with common errors
- Implement repository interfaces and database layer with migrations
- Update WebApp to bootstrap with database and repositories
- Add comprehensive unit tests for repository methods
- Update config structure to support multiple database drivers
- Extend AGENTS.md with debugging principles and dependency rules
Add application container, Gin router, graceful shutdown handler,
and version endpoint. This establishes the skeleton for the WebDisk
HTTP API as described in the architecture.
- Add internal/app/WebApp for runtime dependencies and version
- Add internal/server/router with GET /api/v1/version route
- Add graceful shutdown runner with signal handling in cmd/serve
- Add internal/api/ErrorResponse for standard HTTP error body
- Update roadmap, architecture, and decisions documentation
- The mapstructure library is no longer needed for direct duration
parsing since we now store TTLs as string durations (e.g., "15m",
"168h") and parse them on demand via helper methods.
- This allows more flexible duration formats in configuration and moves
the parsing responsibility to the JWT config struct itself.
