feat(auth): apply ownership check middleware to item routes

- Creates a new `_middleware.dart` file for the `/[id]` path.
- Applies the `ownershipCheckMiddleware` to all item-specific
  requests (GET, PUT, DELETE).
- This ensures ownership is verified after authentication and
  authorization checks have passed but before the route handler
  is executed.

Author: fulleni

routes/api/v1/data/[id]/_middleware.dart

@@ -0,0 +1,19 @@
+import 'package:dart_frog/dart_frog.dart';
+import 'package:ht_api/src/middlewares/ownership_check_middleware.dart';
+
+/// Middleware specific to the item-level `/api/v1/data/[id]` route path.
+///
+/// This middleware applies the [ownershipCheckMiddleware] to perform an
+/// ownership check on the requested item *after* the parent middleware
+/// (`/api/v1/data/_middleware.dart`) has already performed authentication and
+/// authorization checks.
+///
+/// This ensures that only authorized users can proceed, and then this
+/// middleware adds the final layer of security by verifying item ownership
+/// for non-admin users when required by the model's configuration.
+Handler middleware(Handler handler) {
+  // The `ownershipCheckMiddleware` will run after the middleware from
+  // `/api/v1/data/_middleware.dart` (authn, authz, model validation).
+  return handler.use(ownershipCheckMiddleware());
+}
+

routes/api/v1/data/[id].dart renamed to routes/api/v1/data/[id]/index.dart

@@ -8,7 +8,7 @@ import 'package:ht_api/src/services/user_preference_limit_service.dart'; // Impo
 import 'package:ht_data_repository/ht_data_repository.dart';
 import 'package:ht_shared/ht_shared.dart';
 
-import '../../../_middleware.dart'; // Assuming RequestId is here
+import '../../../../_middleware.dart'; // Assuming RequestId is here
 
 /// Handles requests for the /api/v1/data/[id] endpoint.
 /// Dispatches requests to specific handlers based on the HTTP method.