This commit significantly increases the test coverage across the application and fixes several underlying bugs that were discovered while writing the new tests.
The key changes include:
- **New Tests:** Added extensive integration and unit tests for GraphQL resolvers, application services, and data repositories, substantially increasing the test coverage for packages like `graphql`, `user`, `translation`, and `analytics`.
- **Authorization Bug Fixes:**
- Fixed a critical bug where a user creating a `Work` was not correctly associated as its author, causing subsequent permission failures.
- Corrected the authorization logic in `authz.Service` to properly check for entity ownership by non-admin users.
- **Test Refactoring:**
- Refactored numerous test suites to use `testify/mock` instead of manual mocks, improving test clarity and maintainability.
- Isolated integration tests by creating a fresh admin user and token for each test run, eliminating test pollution.
- Centralized domain errors into `internal/domain/errors.go` and updated repositories to use them, making error handling more consistent.
- **Code Quality Improvements:**
- Replaced manual mock implementations with `testify/mock` for better consistency.
- Cleaned up redundant and outdated test files.
These changes stabilize the test suite, improve the overall quality of the codebase, and move the project closer to the goal of 80% test coverage.
This commit introduces a comprehensive set of foundational improvements to make the API more robust, secure, and observable.
The following features have been implemented:
- **Observability Stack:** A new `internal/observability` package has been added, providing structured logging with `zerolog`, Prometheus metrics, and OpenTelemetry tracing. This stack is fully integrated into the application's request pipeline.
- **Centralized Authorization:** A new `internal/app/authz` service has been created to centralize authorization logic. This service is now used by the `user`, `work`, and `comment` services to protect all Create, Update, and Delete operations.
- **Standardized Input Validation:** The previous ad-hoc validation has been replaced with a more robust, struct-tag-based system using the `go-playground/validator` library. This has been applied to all GraphQL input models.
- **Structured Error Handling:** A new set of custom error types has been introduced in the `internal/domain` package. A custom `gqlgen` error presenter has been implemented to map these domain errors to structured GraphQL error responses with specific error codes.
- **`updateUser` Endpoint:** The `updateUser` mutation has been fully implemented as a proof of concept for the new patterns, including support for partial updates and comprehensive authorization checks.
- **Test Refactoring:** The test suite has been significantly improved by decoupling mock repositories from the shared `testutil` package, resolving circular dependency issues and making the tests more maintainable.
