- Fix: replace repeated authorization checks in handlers with the new
MustGetUserID helper, which panics if the user ID is missing. This
simplifies handler code by eliminating redundant error handling.
- Tests: update auth tests to verify the panic behavior in unprotected
routes.