- Creates a new `_middleware.dart` file for the `/[id]` path.
- Applies the `ownershipCheckMiddleware` to all item-specific
  requests (GET, PUT, DELETE).
- This ensures ownership is verified after authentication and
  authorization checks have passed but before the route handler
  is executed.

- Rewrites the `_handleGet` method in the collection route handler
  to accept a single, JSON-encoded `filter` parameter.
- Removes the complex logic for translating individual URL parameters
  into a query map.
- Eliminates the `_camelToSnake` helper, as the API now passes
  native model field names to the data layer.
- This change simplifies the API handler and aligns it with a
  document-native query model, making it more flexible and robust.

- Rewrites the `_handleGet` method in the collection route handler
  to accept a single, JSON-encoded `filter` parameter.
- Removes the complex logic for translating individual URL parameters
  into a query map.
- Eliminates the `_camelToSnake` helper, as the API now passes
  native model field names to the data layer.
- This change simplifies the API handler and aligns it with a
  document-native query model, making it more flexible and robust.

- Rewrites `DatabaseSeedingService` to work with a MongoDB `Db` instance.
- Removes table creation logic, as MongoDB collections are schemaless.
- Implements idempotent seeding using `bulkWrite` with `upsert` operations,
  preventing duplicate data on subsequent runs.
- Correctly handles the conversion of string IDs from fixtures to MongoDB
  `ObjectId` for the `_id` field.
- Ensures complex nested objects in fixtures are properly JSON-encoded
  before insertion.

- Rewrites `DatabaseSeedingService` to work with a MongoDB `Db` instance.
- Removes table creation logic, as MongoDB collections are schemaless.
- Implements idempotent seeding using `bulkWrite` with `upsert` operations,
  preventing duplicate data on subsequent runs.
- Correctly handles the conversion of string IDs from fixtures to MongoDB
  `ObjectId` for the `_id` field.
- Ensures complex nested objects in fixtures are properly JSON-encoded
  before insertion.

- Removes `ht_data_postgres` and `postgres` from the `pubspec.yaml`.
- This is a key step in migrating the data layer from PostgreSQL to
  MongoDB, severing the project's dependency on the old database
  implementation.

- Rewrites `AppDependencies` to use `MongoDbConnectionManager` instead of
  the PostgreSQL equivalent.
- Initializes the MongoDB connection and runs the new `DatabaseSeedingService`.
- Instantiates `HtDataMongodb` clients for all data models.
- Wires up all `HtDataRepository` instances and application services to use
  the new MongoDB-backed data layer.
- This completes the core dependency injection part of the migration.

- Updates the prerequisites in the README to specify MongoDB instead of
  PostgreSQL.
- Changes the example `DATABASE_URL` to a MongoDB connection string.
- Rewrites the description of the server startup process to reflect
  idempotent seeding of MongoDB collections.
- Removes a duplicate bullet point for clarity.

- Replaces the obsolete `readAllByQuery` method with the new `readAll`
  method in `AuthService`.
- Passes the query conditions as a `filter` map, aligning the service
  with the new document-based data access pattern.
- This change completes the service-level refactoring for the MongoDB
  migration.

- Changes the example DATABASE_URL to the standard MongoDB format.

- Refactors `EnvironmentConfig` to actively search for the `.env` file
  by traversing up the directory tree from the current working directory.
- This change makes the server startup process resilient to cases where
  the Dart Frog development server's execution context is not the
  project root, resolving the "file not found" error for `.env`.

  /// project root.
  static DotEnv _loadEnv() {
    final env = DotEnv(includePlatformEnvironment: true);
    try {
      // Find the project root by looking for pubspec.yaml, then find .env
      var dir = Directory.current;
      while (true) {
        final pubspecFile = File('${dir.path}/pubspec.yaml');
        if (pubspecFile.existsSync()) {
          // Found project root, now look for .env in this directory
          final envFile = File('${dir.path}/.env');
          if (envFile.existsSync()) {
            _log.info('Found .env file at: ${envFile.path}');
            env.load([envFile.path]);
            return env;
          }
          break; // Found pubspec but no .env, break and fall back
        }

        // Stop if we have reached the root of the filesystem.
        if (dir.parent.path == dir.path) {
          break;
        }
        dir = dir.parent;
      }
    } catch (e) {
      _log.warning('Error during robust .env search: $e. Falling back.');
    }

    // Fallback for when the robust search fails
    _log.warning(
      '.env file not found by searching for project root. '
      'Falling back to default load().',
    );
    env.load();
    return env;
  }

  /// Retrieves the database connection URI from the environment.

- Fixes a subtle error in the directory traversal logic within the
  `EnvironmentConfig._loadEnv` method. The previous implementation had a flaw
  in how it checked for the parent directory, which could prevent it from
  correctly locating the `pubspec.yaml` and `.env` files in certain project
  structures or when the Dart Frog development server starts from a
  subdirectory.
- The corrected logic now accurately traverses up the directory tree,
  repeatedly checking if the parent directory is the same as the current
  directory (indicating the root of the filesystem). This ensures that the
  search correctly identifies the project root and locates the `.env` file.

Corrects the `DatabaseSeedingService` to ensure the seeding process is
idempotent and correctly preserves the relationships between fixture
documents.

The previous implementation had two critical bugs:
1. It generated a new, random `ObjectId` on every run, which broke all
   predefined relationships between entities.
2. It used an empty filter `{}` in its `replaceOne` operation, causing
   it to overwrite existing documents incorrectly on subsequent runs.

This fix addresses these issues by:
- Using the predefined hex string ID from each fixture item to create a
  deterministic `ObjectId`.
- Using `updateOne` with a specific `_id` in the filter, ensuring that
  the correct document is targeted.
- Using the `$set` operator with `upsert: true` to safely insert or
  update the document, making the entire process idempotent.

Fixes a critical bug in the `AuthService.deleteAccount` method where
only the main user document was being deleted. The previous logic
incorrectly assumed a relational `CASCADE` delete behavior.

This change adds explicit calls to delete the user's associated
documents from the `user_app_settings` and `user_content_preferences`
collections, ensuring that no orphaned data is left in the database
after an account is deleted.

Replaces the `readAll()` calls in the `DashboardSummaryService` with the more efficient `count()` method from the data repository.

This avoids fetching all documents from the database just to get their count, significantly improving the performance of the dashboard summary endpoint by leveraging the native counting capabilities of the database.

Adds a specific error handler for `CheckedFromJsonException` to return a
400 Bad Request instead of a generic 500 Internal Server Error when
deserialization fails due to invalid client input.

This provides more accurate feedback to API clients when they send a
request body that is missing required fields or contains incorrect
data types.

Fixes a bug where administrators were incorrectly scoped to their own
userId when accessing user-owned resources, preventing them from
managing other users' data.

The logic in the generic data handlers (`/data` and `/data/[id]`) has
been updated to only apply the `userId` filter to repository calls if
the model is user-owned AND the authenticated user is not an admin.
This allows administrators to perform global operations as intended.