- fix: replace multipart form parsing with streaming multipart reads and
apply request body limits when max_upload_size is configured.
- refactor: route uploads through staging paths before promotion to
long-term data paths, keeping incomplete uploads out of durable
storage records.
- test: cover oversized uploads, unlimited uploads, staged cleanup, and
local storage promotion boundaries.
- docs: document the staged upload model and multipart parent_id query
parameter.
- Initialize slog in the serve command with terminal/file support
- Introduce `AppError` with HTTP status for unified service-layer errors
- Replace ad-hoc `api.Error` calls with `api.RespondError`
- Wrap internal errors with `model.NewInternalError` and add reference
IDs
- Add `RequestID` middleware and switch router from `gin.Default` to
`gin.New`
- Fix: replace repeated authorization checks in handlers with the new
MustGetUserID helper, which panics if the user ID is missing. This
simplifies handler code by eliminating redundant error handling.
- Tests: update auth tests to verify the panic behavior in unprotected
routes.
- Implement FileHandler with CRUD operations for files/directories
- Add FileService with business logic and SHA-256 hashing
- Create LocalStorage backend for filesystem persistence
- Add database repository with pagination and name uniqueness
constraints
- Configure max upload size in storage settings
- Include comprehensive tests for all layers