feat: use createUserWithCleanup for automatic test cleanup

internal/integration/caching_integration_test.go

@@ -78,7 +78,7 @@ func TestIntegration_Caching(t *testing.T) {
 
 	t.Run("Cache_Invalidation_On_POST", func(t *testing.T) {
 		ctx.Suite.EmailSender.Reset()
-		user := createAuthenticatedUser(t, ctx.AuthService, ctx.Suite.UserRepo, "cache_post_user", "cache_post@example.com")
+		user := createUserWithCleanup(t, ctx, "cache_post_user", "cache_post@example.com")
 
 		req1 := httptest.NewRequest("GET", "/api/posts", nil)
 		rec1 := httptest.NewRecorder()
@@ -122,7 +122,7 @@ func TestIntegration_Caching(t *testing.T) {
 
 	t.Run("Cache_Invalidation_On_DELETE", func(t *testing.T) {
 		ctx.Suite.EmailSender.Reset()
-		user := createAuthenticatedUser(t, ctx.AuthService, ctx.Suite.UserRepo, "cache_delete_user", "cache_delete@example.com")
+		user := createUserWithCleanup(t, ctx, "cache_delete_user", "cache_delete@example.com")
 
 		post := testutils.CreatePostWithRepo(t, ctx.Suite.PostRepo, user.User.ID, "Cache Delete Post", "https://example.com/cache-delete")
 

internal/integration/compression_static_metadata_integration_test.go

@@ -25,7 +25,9 @@ func TestIntegration_Compression(t *testing.T) {
 
 		router.ServeHTTP(rec, req)
 
-		if rec.Header().Get("Content-Encoding") == "gzip" {
+		contentEncoding := rec.Header().Get("Content-Encoding")
+		if contentEncoding != "" && strings.Contains(contentEncoding, "gzip") {
+			assertHeaderContains(t, rec, "Content-Encoding", "gzip")
 			reader, err := gzip.NewReader(rec.Body)
 			if err != nil {
 				t.Fatalf("Failed to create gzip reader: %v", err)
@@ -52,7 +54,9 @@ func TestIntegration_Compression(t *testing.T) {
 
 		router.ServeHTTP(rec, req)
 
-		if rec.Header().Get("Vary") == "" {
+		if rec.Header().Get("Vary") != "" {
+			assertHeaderContains(t, rec, "Vary", "Accept-Encoding")
+		} else {
 			t.Log("Vary header may not always be present")
 		}
 	})

internal/integration/csrf_integration_test.go

@@ -180,7 +180,7 @@ func TestIntegration_CSRF_Protection(t *testing.T) {
 
 	t.Run("CSRF_With_PageHandler_Forms", func(t *testing.T) {
 		ctx.Suite.EmailSender.Reset()
-		user := createAuthenticatedUser(t, ctx.AuthService, ctx.Suite.UserRepo, "csrf_form_user", "csrf_form@example.com")
+		user := createUserWithCleanup(t, ctx, "csrf_form_user", "csrf_form@example.com")
 
 		getReq := httptest.NewRequest("GET", "/posts/new", nil)
 		getReq.AddCookie(&http.Cookie{Name: "auth_token", Value: user.Token})

internal/integration/helpers.go

@@ -379,7 +379,11 @@ func assertCookieCleared(t *testing.T, rec *httptest.ResponseRecorder, name stri
 func assertHeader(t *testing.T, rec *httptest.ResponseRecorder, name, expectedValue string) {
 	t.Helper()
 	actualValue := rec.Header().Get(name)
-	if actualValue != expectedValue {
+	if expectedValue == "" {
+		if actualValue == "" {
+			t.Errorf("Expected header %s to be present", name)
+		}
+	} else if actualValue != expectedValue {
 		t.Errorf("Expected header %s=%s, got %s", name, expectedValue, actualValue)
 	}
 }

internal/integration/page_handler_forms_integration_test.go

@@ -185,17 +185,7 @@ func TestIntegration_PageHandlerFormWorkflows(t *testing.T) {
 		freshCtx.Router.ServeHTTP(rec, req)
 
 		assertStatus(t, rec, http.StatusSeeOther)
-		cookies := rec.Result().Cookies()
+		assertCookie(t, rec, "auth_token", "")
-		authCookieSet := false
-		for _, cookie := range cookies {
-			if cookie.Name == "auth_token" && cookie.Value != "" {
-				authCookieSet = true
-				break
-			}
-		}
-		if !authCookieSet {
-			t.Error("Expected auth cookie to be set on login")
-		}
 	})
 
 	t.Run("Email_Confirmation_Page_Handler", func(t *testing.T) {

internal/integration/page_handler_integration_test.go

@@ -62,18 +62,7 @@ func TestIntegration_PageHandler(t *testing.T) {
 
 		router.ServeHTTP(rec, req)
 
-		cookies := rec.Result().Cookies()
+		assertCookie(t, rec, "csrf_token", "")
-		csrfFound := false
-		for _, cookie := range cookies {
-			if cookie.Name == "csrf_token" {
-				csrfFound = true
-				break
-			}
-		}
-
-		if !csrfFound {
-			t.Error("Expected CSRF token cookie to be set")
-		}
 	})
 
 	t.Run("PageHandler_Form_Submission", func(t *testing.T) {
@@ -114,7 +103,7 @@ func TestIntegration_PageHandler(t *testing.T) {
 
 	t.Run("PageHandler_Authenticated_Access", func(t *testing.T) {
 		ctx.Suite.EmailSender.Reset()
-		user := createAuthenticatedUser(t, ctx.AuthService, ctx.Suite.UserRepo, "page_auth_user", "page_auth@example.com")
+		user := createUserWithCleanup(t, ctx, "page_auth_user", "page_auth@example.com")
 
 		req := httptest.NewRequest("GET", "/settings", nil)
 		req.AddCookie(&http.Cookie{Name: "auth_token", Value: user.Token})
@@ -127,7 +116,7 @@ func TestIntegration_PageHandler(t *testing.T) {
 
 	t.Run("PageHandler_Post_Display", func(t *testing.T) {
 		ctx.Suite.EmailSender.Reset()
-		user := createAuthenticatedUser(t, ctx.AuthService, ctx.Suite.UserRepo, "page_post_user", "page_post@example.com")
+		user := createUserWithCleanup(t, ctx, "page_post_user", "page_post@example.com")
 
 		post := testutils.CreatePostWithRepo(t, ctx.Suite.PostRepo, user.User.ID, "Page Test Post", "https://example.com/page-test")
 

internal/integration/ratelimit_integration_test.go

@@ -65,9 +65,7 @@ func TestIntegration_RateLimiting(t *testing.T) {
 
 		assertErrorResponse(t, rec, http.StatusTooManyRequests)
 
-		if rec.Header().Get("Retry-After") == "" {
+		assertHeader(t, rec, "Retry-After", "")
-			t.Error("Expected Retry-After header")
-		}
 
 		var response map[string]any
 		if err := json.NewDecoder(rec.Body).Decode(&response); err == nil {

internal/integration/router_integration_test.go

@@ -24,17 +24,9 @@ func TestIntegration_Router_FullMiddlewareChain(t *testing.T) {
 
 		assertStatus(t, rec, http.StatusOK)
 
-		headers := []string{
+		assertHeader(t, rec, "X-Content-Type-Options", "")
-			"X-Content-Type-Options",
+		assertHeader(t, rec, "X-Frame-Options", "")
-			"X-Frame-Options",
+		assertHeader(t, rec, "X-XSS-Protection", "")
-			"X-XSS-Protection",
-		}
-
-		for _, header := range headers {
-			if rec.Header().Get(header) == "" {
-				t.Errorf("Expected header %s to be present", header)
-			}
-		}
 	})
 
 	t.Run("CORS_Headers_Present", func(t *testing.T) {
@@ -44,9 +36,7 @@ func TestIntegration_Router_FullMiddlewareChain(t *testing.T) {
 
 		router.ServeHTTP(rec, req)
 
-		if rec.Header().Get("Access-Control-Allow-Origin") == "" {
+		assertHeader(t, rec, "Access-Control-Allow-Origin", "")
-			t.Error("Expected CORS headers to be present")
-		}
 	})
 
 	t.Run("Logging_Middleware_Executes", func(t *testing.T) {
@@ -61,7 +51,7 @@ func TestIntegration_Router_FullMiddlewareChain(t *testing.T) {
 	})
 
 	t.Run("RequestSizeLimit_Enforced", func(t *testing.T) {
-		user := createAuthenticatedUser(t, ctx.AuthService, ctx.Suite.UserRepo, "size_limit_user", "size_limit@example.com")
+		user := createUserWithCleanup(t, ctx, "size_limit_user", "size_limit@example.com")
 		largeBody := strings.Repeat("a", 10*1024*1024)
 		req := httptest.NewRequest("POST", "/api/posts", bytes.NewBufferString(largeBody))
 		req.Header.Set("Content-Type", "application/json")
@@ -150,9 +140,7 @@ func TestIntegration_Router_FullMiddlewareChain(t *testing.T) {
 
 		router.ServeHTTP(rec, req)
 
-		if rec.Header().Get("X-Content-Type-Options") == "" {
+		assertHeader(t, rec, "X-Content-Type-Options", "")
-			t.Error("Security headers should be applied before response")
-		}
 
 		if rec.Code == 0 {
 			t.Error("Response should have status code")
@@ -187,7 +175,7 @@ func TestIntegration_Router_FullMiddlewareChain(t *testing.T) {
 
 	t.Run("Auth_Middleware_Integration", func(t *testing.T) {
 		ctx.Suite.EmailSender.Reset()
-		user := createAuthenticatedUser(t, ctx.AuthService, ctx.Suite.UserRepo, "auth_middleware_user", "auth_middleware@example.com")
+		user := createUserWithCleanup(t, ctx, "auth_middleware_user", "auth_middleware@example.com")
 
 		req := httptest.NewRequest("GET", "/api/auth/me", nil)
 		req.Header.Set("Authorization", "Bearer "+user.Token)