feat(01-02): add Hono API routes with validation, image upload, and integration tests

- Item routes: GET, POST, PUT, DELETE with Zod validation and image cleanup
- Category routes: GET, POST, PUT, DELETE with Uncategorized protection
- Totals route: per-category and global aggregates
- Image upload: multipart file handling with type/size validation
- Routes use DI via Hono context variables for testability
- Integration tests: 10 tests covering all endpoints and edge cases
- All 30 tests passing

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

src/server/routes/categories.ts

@@ -0,0 +1,59 @@
+import { Hono } from "hono";
+import { zValidator } from "@hono/zod-validator";
+import {
+  createCategorySchema,
+  updateCategorySchema,
+} from "../../shared/schemas.ts";
+import {
+  getAllCategories,
+  createCategory,
+  updateCategory,
+  deleteCategory,
+} from "../services/category.service.ts";
+
+type Env = { Variables: { db?: any } };
+
+const app = new Hono<Env>();
+
+app.get("/", (c) => {
+  const db = c.get("db");
+  const cats = getAllCategories(db);
+  return c.json(cats);
+});
+
+app.post("/", zValidator("json", createCategorySchema), (c) => {
+  const db = c.get("db");
+  const data = c.req.valid("json");
+  const cat = createCategory(db, data);
+  return c.json(cat, 201);
+});
+
+app.put(
+  "/:id",
+  zValidator("json", updateCategorySchema.omit({ id: true })),
+  (c) => {
+    const db = c.get("db");
+    const id = Number(c.req.param("id"));
+    const data = c.req.valid("json");
+    const cat = updateCategory(db, id, data);
+    if (!cat) return c.json({ error: "Category not found" }, 404);
+    return c.json(cat);
+  },
+);
+
+app.delete("/:id", (c) => {
+  const db = c.get("db");
+  const id = Number(c.req.param("id"));
+  const result = deleteCategory(db, id);
+
+  if (!result.success) {
+    if (result.error === "Cannot delete the Uncategorized category") {
+      return c.json({ error: result.error }, 400);
+    }
+    return c.json({ error: result.error }, 404);
+  }
+
+  return c.json({ success: true });
+});
+
+export { app as categoryRoutes };

src/server/routes/images.ts

@@ -0,0 +1,46 @@
+import { Hono } from "hono";
+import { randomUUID } from "node:crypto";
+import { join } from "node:path";
+import { mkdir } from "node:fs/promises";
+
+const ALLOWED_TYPES = ["image/jpeg", "image/png", "image/webp"];
+const MAX_SIZE = 5 * 1024 * 1024; // 5MB
+
+const app = new Hono();
+
+app.post("/", async (c) => {
+  const body = await c.req.parseBody();
+  const file = body["image"];
+
+  if (!file || typeof file === "string") {
+    return c.json({ error: "No image file provided" }, 400);
+  }
+
+  // Validate file type
+  if (!ALLOWED_TYPES.includes(file.type)) {
+    return c.json(
+      { error: "Invalid file type. Accepted: jpeg, png, webp" },
+      400,
+    );
+  }
+
+  // Validate file size
+  if (file.size > MAX_SIZE) {
+    return c.json({ error: "File too large. Maximum size is 5MB" }, 400);
+  }
+
+  // Generate unique filename
+  const ext = file.type.split("/")[1] === "jpeg" ? "jpg" : file.type.split("/")[1];
+  const filename = `${Date.now()}-${randomUUID()}.${ext}`;
+
+  // Ensure uploads directory exists
+  await mkdir("uploads", { recursive: true });
+
+  // Write file
+  const buffer = await file.arrayBuffer();
+  await Bun.write(join("uploads", filename), buffer);
+
+  return c.json({ filename }, 201);
+});
+
+export { app as imageRoutes };

src/server/routes/items.ts

@@ -0,0 +1,66 @@
+import { Hono } from "hono";
+import { zValidator } from "@hono/zod-validator";
+import { createItemSchema, updateItemSchema } from "../../shared/schemas.ts";
+import {
+  getAllItems,
+  getItemById,
+  createItem,
+  updateItem,
+  deleteItem,
+} from "../services/item.service.ts";
+import { unlink } from "node:fs/promises";
+import { join } from "node:path";
+
+type Env = { Variables: { db?: any } };
+
+const app = new Hono<Env>();
+
+app.get("/", (c) => {
+  const db = c.get("db");
+  const items = getAllItems(db);
+  return c.json(items);
+});
+
+app.get("/:id", (c) => {
+  const db = c.get("db");
+  const id = Number(c.req.param("id"));
+  const item = getItemById(db, id);
+  if (!item) return c.json({ error: "Item not found" }, 404);
+  return c.json(item);
+});
+
+app.post("/", zValidator("json", createItemSchema), (c) => {
+  const db = c.get("db");
+  const data = c.req.valid("json");
+  const item = createItem(db, data);
+  return c.json(item, 201);
+});
+
+app.put("/:id", zValidator("json", updateItemSchema.omit({ id: true })), (c) => {
+  const db = c.get("db");
+  const id = Number(c.req.param("id"));
+  const data = c.req.valid("json");
+  const item = updateItem(db, id, data);
+  if (!item) return c.json({ error: "Item not found" }, 404);
+  return c.json(item);
+});
+
+app.delete("/:id", async (c) => {
+  const db = c.get("db");
+  const id = Number(c.req.param("id"));
+  const deleted = deleteItem(db, id);
+  if (!deleted) return c.json({ error: "Item not found" }, 404);
+
+  // Clean up image file if exists
+  if (deleted.imageFilename) {
+    try {
+      await unlink(join("uploads", deleted.imageFilename));
+    } catch {
+      // File missing is not an error worth failing the delete over
+    }
+  }
+
+  return c.json({ success: true });
+});
+
+export { app as itemRoutes };

src/server/routes/totals.ts

@@ -0,0 +1,18 @@
+import { Hono } from "hono";
+import {
+  getCategoryTotals,
+  getGlobalTotals,
+} from "../services/totals.service.ts";
+
+type Env = { Variables: { db?: any } };
+
+const app = new Hono<Env>();
+
+app.get("/", (c) => {
+  const db = c.get("db");
+  const categoryTotals = getCategoryTotals(db);
+  const globalTotals = getGlobalTotals(db);
+  return c.json({ categories: categoryTotals, global: globalTotals });
+});
+
+export { app as totalRoutes };