Commit Graph

8 Commits

Author SHA1 Message Date
ld 3ad61244dc fix: properly handle repository errors and remove unused hash field
- fix: wrap errors from sessionRepo.Delete, credentialRepo operations
  with internal error context in Logout, ListPasskeys, and RevokePasskey
- fix: remove Hash field from fileInfoResponse DTO (unused)
2026-07-05 23:57:19 +08:00
ld 63ede5c237 refactor(api): enforce protocol-neutral service boundaries
- refactor: move HTTP status and DTO concerns out of model and service
  layers into API and handler code.
- feat: add admin service boundary and route auth through services
  instead of direct repository access.
- test: add architecture and error tests covering package boundaries,
  redaction, and service behavior.
- docs: record the protocol-neutral boundary decision and update
  architecture and roadmap notes.
2026-07-05 23:30:17 +08:00
ld 28e17a5b08 refactor: add AppError helpers and harden upload/download error handling
- refactor: replace inline AppError literals with model.New*Error
  constructors in service and handler layers
- feat: PromoteStaged falls back to copy/delete when os.Rename returns
  EXDEV (cross-device link)
- fix: upload error messages no longer leak internal multipart field
  names or parser implementation details
- fix: upload size violations are converted to domain error
  ErrUploadTooLarge at the handler boundary
- fix: download logs error and size mismatch when io.Copy fails or
  writes fewer bytes than expected
- test: add tests for field name leak prevention, parser error
  sanitization, read errors after response start, and EXDEV fallback
2026-07-05 17:35:34 +08:00
ld b988b4b15e fix(file)!: stream uploads through staged storage
- fix: replace multipart form parsing with streaming multipart reads and
  apply request body limits when max_upload_size is configured.
- refactor: route uploads through staging paths before promotion to
  long-term data paths, keeping incomplete uploads out of durable
  storage records.
- test: cover oversized uploads, unlimited uploads, staged cleanup, and
  local storage promotion boundaries.
- docs: document the staged upload model and multipart parent_id query
  parameter.
2026-07-05 17:18:19 +08:00
ld 1dfccf513a Add structured logging and centralized error handling
- Initialize slog in the serve command with terminal/file support
- Introduce `AppError` with HTTP status for unified service-layer errors
- Replace ad-hoc `api.Error` calls with `api.RespondError`
- Wrap internal errors with `model.NewInternalError` and add reference
  IDs
- Add `RequestID` middleware and switch router from `gin.Default` to
  `gin.New`
2026-07-04 16:24:22 +08:00
ld a78d43b166 Remove client MIME type parameter from Upload
- Fix: Always detect MIME type server-side from file content instead of
  trusting or forwarding the client-supplied value.
2026-06-24 20:27:22 +08:00
ld be4fcad605 Refactor handlers to use MustGetUserID
- Fix: replace repeated authorization checks in handlers with the new
  MustGetUserID helper, which panics if the user ID is missing. This
  simplifies handler code by eliminating redundant error handling.
- Tests: update auth tests to verify the panic behavior in unprotected
  routes.
2026-06-24 14:43:38 +08:00
ld e2af482cc9 Add file management API with local storage backend
- Implement FileHandler with CRUD operations for files/directories
- Add FileService with business logic and SHA-256 hashing
- Create LocalStorage backend for filesystem persistence
- Add database repository with pagination and name uniqueness
  constraints
- Configure max upload size in storage settings
- Include comprehensive tests for all layers
2026-06-24 14:08:57 +08:00