feat(18-03): add profile routes, public setup endpoint, and auth middleware updates

- GET /api/users/:id/profile: public profile with public setups (no auth)
- PUT /api/auth/profile: update own profile (requires auth)
- GET /api/setups/:id/public: public setup view with items (no auth)
- Auth middleware skips public profile and public setup GET endpoints
- Register profileRoutes at /api/users in index.ts
- Add getOrCreateUncategorized to category service (Rule 3 fix)
- 10 route tests covering auth, public access, and 404 cases
This commit is contained in:
2026-04-05 13:10:13 +02:00
parent 854811dd6b
commit eb8f4b7cb2
6 changed files with 326 additions and 2 deletions

View File

@@ -8,6 +8,7 @@ import {
} from "../../shared/schemas.ts";
import { parseId } from "../lib/params.ts";
import { withImageUrls } from "../services/storage.service.ts";
import { getPublicSetupWithItems } from "../services/profile.service.ts";
import {
createSetup,
deleteSetup,
@@ -40,6 +41,16 @@ app.post("/", zValidator("json", createSetupSchema), async (c) => {
return c.json(setup, 201);
});
// Public setup view (no auth required — skipped in index.ts middleware)
app.get("/:id/public", async (c) => {
const db = c.get("db");
const id = parseId(c.req.param("id"));
if (!id) return c.json({ error: "Invalid setup ID" }, 400);
const setup = await getPublicSetupWithItems(db, id);
if (!setup) return c.json({ error: "Setup not found" }, 404);
return c.json(setup);
});
app.get("/:id", async (c) => {
const db = c.get("db");
const userId = c.get("userId")!;