refactor: The API should now consistently enforce authentication and correctly scope data and settings according to the authenticated user: __Key Changes:__

- All data and settings routes now require user authentication. Unauthenticated access will result in a 401 error.

- Settings routes have been moved from `/api/v1/users/me/settings/` to `/api/v1/users/{userId}/settings/`. Access is restricted so users can only manage their own settings (requests where `{userId}` in the path does not match the authenticated user's ID will result in a 403 Forbidden error).

- Generic data routes (`/api/v1/data/...`) now operate based on the `ModelConfig.ownership` setting:

  - For global models (e.g., Headlines, Categories), data is fetched globally but requires authentication to access.
  - For future user-owned models, data operations will be scoped to the authenticated user.

- `HtAppSettingsRepository` is now instantiated with the correct user ID within the settings route handlers, ensuring proper data scoping.

- The global middleware in `routes/_middleware.dart` has been updated to correctly provide `HtAppSettingsClient`.

The API should now consistently enforce authentication and correctly scope data and settings according to the authenticated user.

**

Author: fulleni

lib/src/registry/model_registry.dart

@@ -5,6 +5,15 @@ import 'package:dart_frog/dart_frog.dart';
 import 'package:ht_data_client/ht_data_client.dart';
 import 'package:ht_shared/ht_shared.dart';
 
+/// Defines the ownership type of a data model.
+enum ModelOwnership {
+  /// Data is global and not specific to any single user.
+  global,
+
+  /// Data is owned by a specific user.
+  userOwned,
+}
+
 /// {@template model_config}
 /// Configuration holder for a specific data model type [T].
 ///
@@ -20,17 +29,18 @@ class ModelConfig<T> {
   /// {@macro model_config}
   const ModelConfig({
     required this.fromJson,
-    // toJson removed
     required this.getId,
+    required this.ownership, // New field
   });
 
   /// Function to deserialize JSON into an object of type [T].
   final FromJson<T> fromJson;
 
-  // toJson field removed
-
   /// Function to extract the unique string ID from an item of type [T].
   final String Function(T item) getId;
+
+  /// The ownership type of this model.
+  final ModelOwnership ownership;
 }
 
 // Repository providers are no longer defined here.
@@ -54,23 +64,23 @@ class ModelConfig<T> {
 final modelRegistry = <String, ModelConfig<dynamic>>{
   'headline': ModelConfig<Headline>(
     fromJson: Headline.fromJson,
-    // toJson removed
     getId: (h) => h.id,
+    ownership: ModelOwnership.global, // Added ownership
   ),
   'category': ModelConfig<Category>(
     fromJson: Category.fromJson,
-    // toJson removed
     getId: (c) => c.id,
+    ownership: ModelOwnership.global, // Added ownership
   ),
   'source': ModelConfig<Source>(
     fromJson: Source.fromJson,
-    // toJson removed
     getId: (s) => s.id,
+    ownership: ModelOwnership.global, // Added ownership
   ),
   'country': ModelConfig<Country>(
     fromJson: Country.fromJson,
-    // toJson removed
     getId: (c) => c.id, // Assuming Country has an 'id' field
+    ownership: ModelOwnership.global, // Added ownership
   ),
 };
 

routes/_middleware.dart

@@ -14,8 +14,9 @@ import 'package:ht_api/src/services/auth_token_service.dart';
 import 'package:ht_api/src/services/jwt_auth_token_service.dart';
 import 'package:ht_api/src/services/token_blacklist_service.dart';
 import 'package:ht_api/src/services/verification_code_storage_service.dart';
+// Import HtAppSettingsClient interface
+import 'package:ht_app_settings_client/ht_app_settings_client.dart';
 import 'package:ht_app_settings_inmemory/ht_app_settings_inmemory.dart';
-import 'package:ht_app_settings_repository/ht_app_settings_repository.dart';
 import 'package:ht_data_inmemory/ht_data_inmemory.dart';
 import 'package:ht_data_repository/ht_data_repository.dart';
 import 'package:ht_email_inmemory/ht_email_inmemory.dart';
@@ -167,8 +168,7 @@ Handler middleware(Handler handler) {
   final categoryRepository = _createCategoryRepository();
   final sourceRepository = _createSourceRepository();
   final countryRepository = _createCountryRepository();
-  final settingsClient = HtAppSettingsInMemory(); // Using in-memory for now
-  final settingsRepository = HtAppSettingsRepository(client: settingsClient);
+  final settingsClientImpl = HtAppSettingsInMemory(); // Using in-memory for now
   const uuid = Uuid();
 
   // --- Auth Dependencies ---
@@ -258,7 +258,8 @@ Handler middleware(Handler handler) {
           (_) => userRepository,
         ),
       ) // Used by Auth services
-      .use(provider<HtAppSettingsRepository>((_) => settingsRepository))
+      // Provide the HtAppSettingsClient interface globally
+      .use(provider<HtAppSettingsClient>((_) => settingsClientImpl))
       .use(
         provider<HtEmailRepository>(
           (_) => emailRepository,

routes/api/v1/data/[id].dart

@@ -36,22 +36,40 @@ import '../../../_middleware.dart';
 Future<Response> onRequest(RequestContext context, String id) async {
   // Read dependencies provided by middleware
   final modelName = context.read<String>();
-  // Read ModelConfig for fromJson (needed for PUT)
   final modelConfig = context.read<ModelConfig<dynamic>>();
-  // Read the unique RequestId provided by the root middleware
   final requestId = context.read<RequestId>().id;
+  // Since requireAuthentication is used, User is guaranteed to be non-null.
+  final authenticatedUser = context.read<User>();
 
   try {
     switch (context.request.method) {
       case HttpMethod.get:
-        // Pass requestId down to the handler
-        return await _handleGet(context, id, modelName, requestId);
+        return await _handleGet(
+          context,
+          id,
+          modelName,
+          modelConfig, // Pass modelConfig
+          authenticatedUser,
+          requestId,
+        );
       case HttpMethod.put:
-        // Pass requestId down to the handler
-        return await _handlePut(context, id, modelName, modelConfig, requestId);
+        return await _handlePut(
+          context,
+          id,
+          modelName,
+          modelConfig,
+          authenticatedUser,
+          requestId,
+        );
       case HttpMethod.delete:
-        // DELETE doesn't return a body, so no metadata needed here
-        return await _handleDelete(context, id, modelName, requestId);
+        return await _handleDelete(
+          context,
+          id,
+          modelName,
+          modelConfig, // Pass modelConfig
+          authenticatedUser,
+          requestId,
+        );
       // Add cases for other methods if needed in the future
       default:
         // Methods not allowed on the item endpoint
@@ -83,24 +101,34 @@ Future<Response> _handleGet(
   RequestContext context,
   String id,
   String modelName,
-  String requestId, // Receive requestId
+  ModelConfig<dynamic> modelConfig, // Receive modelConfig
+  User authenticatedUser, // Receive authenticatedUser
+  String requestId,
 ) async {
   dynamic item; // Use dynamic
+
+  String? userIdForRepoCall;
+  if (modelConfig.ownership == ModelOwnership.userOwned) {
+    userIdForRepoCall = authenticatedUser.id;
+  } else {
+    userIdForRepoCall = null;
+  }
+
   // Repository exceptions (like NotFoundException) will propagate up.
   try {
     switch (modelName) {
       case 'headline':
         final repo = context.read<HtDataRepository<Headline>>();
-        item = await repo.read(id);
+        item = await repo.read(id: id, userId: userIdForRepoCall);
       case 'category':
         final repo = context.read<HtDataRepository<Category>>();
-        item = await repo.read(id);
+        item = await repo.read(id: id, userId: userIdForRepoCall);
       case 'source':
         final repo = context.read<HtDataRepository<Source>>();
-        item = await repo.read(id);
+        item = await repo.read(id: id, userId: userIdForRepoCall);
       case 'country':
         final repo = context.read<HtDataRepository<Country>>();
-        item = await repo.read(id);
+        item = await repo.read(id: id, userId: userIdForRepoCall);
       default:
         // This case should ideally be caught by middleware, but added for safety
         return Response(
@@ -151,7 +179,8 @@ Future<Response> _handlePut(
   String id,
   String modelName,
   ModelConfig<dynamic> modelConfig,
-  String requestId, // Receive requestId
+  User authenticatedUser, // Receive authenticatedUser
+  String requestId,
 ) async {
   final requestBody = await context.request.json() as Map<String, dynamic>?;
   if (requestBody == null) {
@@ -185,6 +214,16 @@ Future<Response> _handlePut(
   }
 
   dynamic updatedItem; // Use dynamic
+
+  String? userIdForRepoCall;
+  if (modelConfig.ownership == ModelOwnership.userOwned) {
+    userIdForRepoCall = authenticatedUser.id;
+  } else {
+    // For global models, update might imply admin rights.
+    // For now, pass null, assuming repo handles global updates or has other checks.
+    userIdForRepoCall = null;
+  }
+
   // Repository exceptions (like NotFoundException, BadRequestException)
   // will propagate up.
   try {
@@ -193,57 +232,69 @@ Future<Response> _handlePut(
         {
           final repo = context.read<HtDataRepository<Headline>>();
           final typedItem = itemToUpdate as Headline;
-          // Validate ID match between path and body
           if (typedItem.id != id) {
             return Response(
               statusCode: HttpStatus.badRequest,
               body:
                   'Bad Request: ID in request body ("${typedItem.id}") does not match ID in path ("$id").',
             );
           }
-          updatedItem = await repo.update(id, typedItem);
+          updatedItem = await repo.update(
+            id: id,
+            item: typedItem,
+            userId: userIdForRepoCall,
+          );
         }
       case 'category':
         {
           final repo = context.read<HtDataRepository<Category>>();
           final typedItem = itemToUpdate as Category;
-          // Validate ID match between path and body
           if (typedItem.id != id) {
             return Response(
               statusCode: HttpStatus.badRequest,
               body:
                   'Bad Request: ID in request body ("${typedItem.id}") does not match ID in path ("$id").',
             );
           }
-          updatedItem = await repo.update(id, typedItem);
+          updatedItem = await repo.update(
+            id: id,
+            item: typedItem,
+            userId: userIdForRepoCall,
+          );
         }
       case 'source':
         {
           final repo = context.read<HtDataRepository<Source>>();
           final typedItem = itemToUpdate as Source;
-          // Validate ID match between path and body
           if (typedItem.id != id) {
             return Response(
               statusCode: HttpStatus.badRequest,
               body:
                   'Bad Request: ID in request body ("${typedItem.id}") does not match ID in path ("$id").',
             );
           }
-          updatedItem = await repo.update(id, typedItem);
+          updatedItem = await repo.update(
+            id: id,
+            item: typedItem,
+            userId: userIdForRepoCall,
+          );
         }
       case 'country':
         {
           final repo = context.read<HtDataRepository<Country>>();
           final typedItem = itemToUpdate as Country;
-          // Validate ID match between path and body
           if (typedItem.id != id) {
             return Response(
               statusCode: HttpStatus.badRequest,
               body:
                   'Bad Request: ID in request body ("${typedItem.id}") does not match ID in path ("$id").',
             );
           }
-          updatedItem = await repo.update(id, typedItem);
+          updatedItem = await repo.update(
+            id: id,
+            item: typedItem,
+            userId: userIdForRepoCall,
+          );
         }
       default:
         // This case should ideally be caught by middleware, but added for safety
@@ -293,20 +344,38 @@ Future<Response> _handleDelete(
   RequestContext context,
   String id,
   String modelName,
-  String requestId, // Receive requestId for logging
+  ModelConfig<dynamic> modelConfig, // Receive modelConfig
+  User authenticatedUser, // Receive authenticatedUser
+  String requestId,
 ) async {
+  String? userIdForRepoCall;
+  if (modelConfig.ownership == ModelOwnership.userOwned) {
+    userIdForRepoCall = authenticatedUser.id;
+  } else {
+    // For global models, delete might imply admin rights.
+    // For now, pass null.
+    userIdForRepoCall = null;
+  }
+
   // Allow repository exceptions (e.g., NotFoundException) to propagate
   // upwards to be handled by the standard error handling mechanism.
-  // (Removed the overly broad try-catch block that was previously here).
   switch (modelName) {
     case 'headline':
-      await context.read<HtDataRepository<Headline>>().delete(id);
+      await context
+          .read<HtDataRepository<Headline>>()
+          .delete(id: id, userId: userIdForRepoCall);
     case 'category':
-      await context.read<HtDataRepository<Category>>().delete(id);
+      await context
+          .read<HtDataRepository<Category>>()
+          .delete(id: id, userId: userIdForRepoCall);
     case 'source':
-      await context.read<HtDataRepository<Source>>().delete(id);
+      await context
+          .read<HtDataRepository<Source>>()
+          .delete(id: id, userId: userIdForRepoCall);
     case 'country':
-      await context.read<HtDataRepository<Country>>().delete(id);
+      await context
+          .read<HtDataRepository<Country>>()
+          .delete(id: id, userId: userIdForRepoCall);
     default:
       // This case should ideally be caught by the data/_middleware.dart,
       // but added for safety. Consider logging this unexpected state.