refactor: complete refactor and better helpers use

internal/integration/caching_integration_test.go

@@ -53,25 +53,25 @@ func TestIntegration_Caching(t *testing.T) {
 	router := ctx.Router
 
 	t.Run("Cache_Hit_On_Repeated_Requests", func(t *testing.T) {
-		req1 := httptest.NewRequest("GET", "/api/posts", nil)
+		firstRequest := httptest.NewRequest("GET", "/api/posts", nil)
-		rec1 := httptest.NewRecorder()
+		firstRecorder := httptest.NewRecorder()
-		router.ServeHTTP(rec1, req1)
+		router.ServeHTTP(firstRecorder, firstRequest)
 
 		time.Sleep(10 * time.Millisecond)
 
-		req2 := httptest.NewRequest("GET", "/api/posts", nil)
+		secondRequest := httptest.NewRequest("GET", "/api/posts", nil)
-		rec2 := httptest.NewRecorder()
+		secondRecorder := httptest.NewRecorder()
-		router.ServeHTTP(rec2, req2)
+		router.ServeHTTP(secondRecorder, secondRequest)
 
-		if rec1.Code != rec2.Code {
+		if firstRecorder.Code != secondRecorder.Code {
 			t.Error("Cached responses should have same status code")
 		}
 
-		if rec1.Body.String() != rec2.Body.String() {
+		if firstRecorder.Body.String() != secondRecorder.Body.String() {
 			t.Error("Cached responses should have same body")
 		}
 
-		if rec2.Header().Get("X-Cache") != "HIT" {
+		if secondRecorder.Header().Get("X-Cache") != "HIT" {
 			t.Log("Cache may not be enabled for this path or response may not be cacheable")
 		}
 	})
@@ -80,9 +80,9 @@ func TestIntegration_Caching(t *testing.T) {
 		ctx.Suite.EmailSender.Reset()
 		user := createUserWithCleanup(t, ctx, "cache_post_user", "cache_post@example.com")
 
-		req1 := httptest.NewRequest("GET", "/api/posts", nil)
+		firstRequest := httptest.NewRequest("GET", "/api/posts", nil)
-		rec1 := httptest.NewRecorder()
+		firstRecorder := httptest.NewRecorder()
-		router.ServeHTTP(rec1, req1)
+		router.ServeHTTP(firstRecorder, firstRequest)
 
 		time.Sleep(10 * time.Millisecond)
 
@@ -92,12 +92,12 @@ func TestIntegration_Caching(t *testing.T) {
 			"content": "Test content",
 		}
 		body, _ := json.Marshal(postBody)
-		req2 := httptest.NewRequest("POST", "/api/posts", bytes.NewBuffer(body))
+		secondRequest := httptest.NewRequest("POST", "/api/posts", bytes.NewBuffer(body))
-		req2.Header.Set("Content-Type", "application/json")
+		secondRequest.Header.Set("Content-Type", "application/json")
-		req2.Header.Set("Authorization", "Bearer "+user.Token)
+		secondRequest.Header.Set("Authorization", "Bearer "+user.Token)
-		req2 = testutils.WithUserContext(req2, middleware.UserIDKey, user.User.ID)
+		secondRequest = testutils.WithUserContext(secondRequest, middleware.UserIDKey, user.User.ID)
-		rec2 := httptest.NewRecorder()
+		secondRecorder := httptest.NewRecorder()
-		router.ServeHTTP(rec2, req2)
+		router.ServeHTTP(secondRecorder, secondRequest)
 
 		time.Sleep(10 * time.Millisecond)
 
@@ -105,17 +105,17 @@ func TestIntegration_Caching(t *testing.T) {
 		rec3 := httptest.NewRecorder()
 		router.ServeHTTP(rec3, req3)
 
-		if rec1.Body.String() == rec3.Body.String() && rec1.Code == http.StatusOK && rec3.Code == http.StatusOK {
+		if firstRecorder.Body.String() == rec3.Body.String() && firstRecorder.Code == http.StatusOK && rec3.Code == http.StatusOK {
 			t.Log("Cache invalidation may not be working or cache may not be enabled")
 		}
 	})
 
 	t.Run("Cache_Headers_Present", func(t *testing.T) {
-		req := httptest.NewRequest("GET", "/api/posts", nil)
+		request := httptest.NewRequest("GET", "/api/posts", nil)
-		rec := httptest.NewRecorder()
+		recorder := httptest.NewRecorder()
-		router.ServeHTTP(rec, req)
+		router.ServeHTTP(recorder, request)
 
-		if rec.Header().Get("Cache-Control") == "" && rec.Header().Get("X-Cache") == "" {
+		if recorder.Header().Get("Cache-Control") == "" && recorder.Header().Get("X-Cache") == "" {
 			t.Log("Cache headers may not be present for all responses")
 		}
 	})
@@ -126,18 +126,18 @@ func TestIntegration_Caching(t *testing.T) {
 
 		post := testutils.CreatePostWithRepo(t, ctx.Suite.PostRepo, user.User.ID, "Cache Delete Post", "https://example.com/cache-delete")
 
-		req1 := httptest.NewRequest("GET", "/api/posts", nil)
+		firstRequest := httptest.NewRequest("GET", "/api/posts", nil)
-		rec1 := httptest.NewRecorder()
+		firstRecorder := httptest.NewRecorder()
-		router.ServeHTTP(rec1, req1)
+		router.ServeHTTP(firstRecorder, firstRequest)
 
 		time.Sleep(10 * time.Millisecond)
 
-		req2 := httptest.NewRequest("DELETE", "/api/posts/"+fmt.Sprintf("%d", post.ID), nil)
+		secondRequest := httptest.NewRequest("DELETE", "/api/posts/"+fmt.Sprintf("%d", post.ID), nil)
-		req2.Header.Set("Authorization", "Bearer "+user.Token)
+		secondRequest.Header.Set("Authorization", "Bearer "+user.Token)
-		req2 = testutils.WithUserContext(req2, middleware.UserIDKey, user.User.ID)
+		secondRequest = testutils.WithUserContext(secondRequest, middleware.UserIDKey, user.User.ID)
-		req2 = testutils.WithURLParams(req2, map[string]string{"id": fmt.Sprintf("%d", post.ID)})
+		secondRequest = testutils.WithURLParams(secondRequest, map[string]string{"id": fmt.Sprintf("%d", post.ID)})
-		rec2 := httptest.NewRecorder()
+		secondRecorder := httptest.NewRecorder()
-		router.ServeHTTP(rec2, req2)
+		router.ServeHTTP(secondRecorder, secondRequest)
 
 		time.Sleep(10 * time.Millisecond)
 
@@ -145,7 +145,7 @@ func TestIntegration_Caching(t *testing.T) {
 		rec3 := httptest.NewRecorder()
 		router.ServeHTTP(rec3, req3)
 
-		if rec1.Body.String() == rec3.Body.String() && rec1.Code == http.StatusOK && rec3.Code == http.StatusOK {
+		if firstRecorder.Body.String() == rec3.Body.String() && firstRecorder.Code == http.StatusOK && rec3.Code == http.StatusOK {
 			t.Log("Cache invalidation may not be working or cache may not be enabled")
 		}
 	})

internal/integration/complete_api_endpoints_integration_test.go

@@ -1,15 +1,14 @@
 package integration
 
 import (
-	"bytes"
-	"encoding/json"
 	"fmt"
 	"net/http"
-	"net/http/httptest"
 	"net/url"
+	"strings"
 	"testing"
+	"time"
 
-	"goyco/internal/middleware"
+	"goyco/internal/services"
 	"goyco/internal/testutils"
 )
 
@@ -20,17 +19,8 @@ func TestIntegration_CompleteAPIEndpoints(t *testing.T) {
 		ctx.Suite.EmailSender.Reset()
 		user := createAuthenticatedUser(t, ctx.AuthService, ctx.Suite.UserRepo, "logout_user", "logout@example.com")
 
-		reqBody := map[string]string{}
+		request := makePostRequest(t, ctx.Router, "/api/auth/logout", map[string]any{}, user, nil)
-		body, _ := json.Marshal(reqBody)
+		assertStatus(t, request, http.StatusOK)
-		req := httptest.NewRequest("POST", "/api/auth/logout", bytes.NewBuffer(body))
-		req.Header.Set("Content-Type", "application/json")
-		req.Header.Set("Authorization", "Bearer "+user.Token)
-		req = testutils.WithUserContext(req, middleware.UserIDKey, user.User.ID)
-		rec := httptest.NewRecorder()
-
-		ctx.Router.ServeHTTP(rec, req)
-
-		assertStatus(t, rec, http.StatusOK)
 	})
 
 	t.Run("Auth_Revoke_Token_Endpoint", func(t *testing.T) {
@@ -42,52 +32,23 @@ func TestIntegration_CompleteAPIEndpoints(t *testing.T) {
 			t.Fatalf("Failed to login: %v", err)
 		}
 
-		reqBody := map[string]string{
+		request := makePostRequest(t, ctx.Router, "/api/auth/revoke", map[string]any{"refresh_token": loginResult.RefreshToken}, user, nil)
-			"refresh_token": loginResult.RefreshToken,
+		assertStatus(t, request, http.StatusOK)
-		}
-		body, _ := json.Marshal(reqBody)
-		req := httptest.NewRequest("POST", "/api/auth/revoke", bytes.NewBuffer(body))
-		req.Header.Set("Content-Type", "application/json")
-		req.Header.Set("Authorization", "Bearer "+user.Token)
-		req = testutils.WithUserContext(req, middleware.UserIDKey, user.User.ID)
-		rec := httptest.NewRecorder()
-
-		ctx.Router.ServeHTTP(rec, req)
-
-		assertStatus(t, rec, http.StatusOK)
 	})
 
 	t.Run("Auth_Revoke_All_Tokens_Endpoint", func(t *testing.T) {
 		ctx.Suite.EmailSender.Reset()
 		user := createAuthenticatedUser(t, ctx.AuthService, ctx.Suite.UserRepo, "revoke_all_user", "revoke_all@example.com")
 
-		reqBody := map[string]string{}
+		request := makePostRequest(t, ctx.Router, "/api/auth/revoke-all", map[string]any{}, user, nil)
-		body, _ := json.Marshal(reqBody)
+		assertStatus(t, request, http.StatusOK)
-		req := httptest.NewRequest("POST", "/api/auth/revoke-all", bytes.NewBuffer(body))
-		req.Header.Set("Content-Type", "application/json")
-		req.Header.Set("Authorization", "Bearer "+user.Token)
-		req = testutils.WithUserContext(req, middleware.UserIDKey, user.User.ID)
-		rec := httptest.NewRecorder()
-
-		ctx.Router.ServeHTTP(rec, req)
-
-		assertStatus(t, rec, http.StatusOK)
 	})
 
 	t.Run("Auth_Resend_Verification_Endpoint", func(t *testing.T) {
 		ctx.Suite.EmailSender.Reset()
 
-		reqBody := map[string]string{
+		request := makePostRequestWithJSON(t, ctx.Router, "/api/auth/resend-verification", map[string]any{"email": "resend@example.com"})
-			"email": "resend@example.com",
+		assertStatusRange(t, request, http.StatusOK, http.StatusNotFound)
-		}
-		body, _ := json.Marshal(reqBody)
-		req := httptest.NewRequest("POST", "/api/auth/resend-verification", bytes.NewBuffer(body))
-		req.Header.Set("Content-Type", "application/json")
-		rec := httptest.NewRecorder()
-
-		ctx.Router.ServeHTTP(rec, req)
-
-		assertStatusRange(t, rec, http.StatusOK, http.StatusNotFound)
 	})
 
 	t.Run("Auth_Confirm_Email_Endpoint", func(t *testing.T) {
@@ -99,36 +60,20 @@ func TestIntegration_CompleteAPIEndpoints(t *testing.T) {
 			token = "test-token"
 		}
 
-		req := httptest.NewRequest("GET", "/api/auth/confirm?token="+url.QueryEscape(token), nil)
+		request := makeGetRequest(t, ctx.Router, "/api/auth/confirm?token="+url.QueryEscape(token))
-		rec := httptest.NewRecorder()
+		assertStatusRange(t, request, http.StatusOK, http.StatusBadRequest)
-
-		ctx.Router.ServeHTTP(rec, req)
-
-		assertStatusRange(t, rec, http.StatusOK, http.StatusBadRequest)
 	})
 
 	t.Run("Auth_Update_Email_Endpoint", func(t *testing.T) {
 		ctx.Suite.EmailSender.Reset()
 		user := createAuthenticatedUser(t, ctx.AuthService, ctx.Suite.UserRepo, "update_email_api_user", "update_email_api@example.com")
 
-		reqBody := map[string]string{
+		request := makePutRequest(t, ctx.Router, "/api/auth/email", map[string]any{"email": "newemail@example.com"}, user, nil)
-			"email": "newemail@example.com",
-		}
-		body, _ := json.Marshal(reqBody)
-		req := httptest.NewRequest("PUT", "/api/auth/email", bytes.NewBuffer(body))
-		req.Header.Set("Content-Type", "application/json")
-		req.Header.Set("Authorization", "Bearer "+user.Token)
-		req = testutils.WithUserContext(req, middleware.UserIDKey, user.User.ID)
-		rec := httptest.NewRecorder()
 
-		ctx.Router.ServeHTTP(rec, req)
+		response := assertJSONResponse(t, request, http.StatusOK)
-
+		if data, ok := getDataFromResponse(response); ok {
-		response := assertJSONResponse(t, rec, http.StatusOK)
+			if email, ok := data["email"].(string); ok && email != "newemail@example.com" {
-		if response != nil {
+				t.Errorf("Expected email to be updated, got %s", email)
-			if data, ok := response["data"].(map[string]any); ok {
-				if email, ok := data["email"].(string); ok && email != "newemail@example.com" {
-					t.Errorf("Expected email to be updated, got %s", email)
-				}
 			}
 		}
 	})
@@ -137,24 +82,12 @@ func TestIntegration_CompleteAPIEndpoints(t *testing.T) {
 		ctx.Suite.EmailSender.Reset()
 		user := createAuthenticatedUser(t, ctx.AuthService, ctx.Suite.UserRepo, "update_username_api_user", "update_username_api@example.com")
 
-		reqBody := map[string]string{
+		request := makePutRequest(t, ctx.Router, "/api/auth/username", map[string]any{"username": "new_username"}, user, nil)
-			"username": "new_username",
-		}
-		body, _ := json.Marshal(reqBody)
-		req := httptest.NewRequest("PUT", "/api/auth/username", bytes.NewBuffer(body))
-		req.Header.Set("Content-Type", "application/json")
-		req.Header.Set("Authorization", "Bearer "+user.Token)
-		req = testutils.WithUserContext(req, middleware.UserIDKey, user.User.ID)
-		rec := httptest.NewRecorder()
 
-		ctx.Router.ServeHTTP(rec, req)
+		response := assertJSONResponse(t, request, http.StatusOK)
-
+		if data, ok := getDataFromResponse(response); ok {
-		response := assertJSONResponse(t, rec, http.StatusOK)
+			if username, ok := data["username"].(string); ok && username != "new_username" {
-		if response != nil {
+				t.Errorf("Expected username to be updated, got %s", username)
-			if data, ok := response["data"].(map[string]any); ok {
-				if username, ok := data["username"].(string); ok && username != "new_username" {
-					t.Errorf("Expected username to be updated, got %s", username)
-				}
 			}
 		}
 	})
@@ -163,19 +96,12 @@ func TestIntegration_CompleteAPIEndpoints(t *testing.T) {
 		ctx.Suite.EmailSender.Reset()
 		user := createAuthenticatedUser(t, ctx.AuthService, ctx.Suite.UserRepo, "users_list_user", "users_list@example.com")
 
-		req := httptest.NewRequest("GET", "/api/users", nil)
+		request := makeAuthenticatedGetRequest(t, ctx.Router, "/api/users", user, nil)
-		req.Header.Set("Authorization", "Bearer "+user.Token)
-		req = testutils.WithUserContext(req, middleware.UserIDKey, user.User.ID)
-		rec := httptest.NewRecorder()
 
-		ctx.Router.ServeHTTP(rec, req)
+		response := assertJSONResponse(t, request, http.StatusOK)
-
+		if data, ok := getDataFromResponse(response); ok {
-		response := assertJSONResponse(t, rec, http.StatusOK)
+			if _, exists := data["users"]; !exists {
-		if response != nil {
+				t.Error("Expected users in response")
-			if data, ok := response["data"].(map[string]any); ok {
-				if _, exists := data["users"]; !exists {
-					t.Error("Expected users in response")
-				}
 			}
 		}
 	})
@@ -184,21 +110,13 @@ func TestIntegration_CompleteAPIEndpoints(t *testing.T) {
 		ctx.Suite.EmailSender.Reset()
 		user := createAuthenticatedUser(t, ctx.AuthService, ctx.Suite.UserRepo, "users_get_user", "users_get@example.com")
 
-		req := httptest.NewRequest("GET", fmt.Sprintf("/api/users/%d", user.User.ID), nil)
+		request := makeAuthenticatedGetRequest(t, ctx.Router, fmt.Sprintf("/api/users/%d", user.User.ID), user, map[string]string{"id": fmt.Sprintf("%d", user.User.ID)})
-		req.Header.Set("Authorization", "Bearer "+user.Token)
-		req = testutils.WithUserContext(req, middleware.UserIDKey, user.User.ID)
-		req = testutils.WithURLParams(req, map[string]string{"id": fmt.Sprintf("%d", user.User.ID)})
-		rec := httptest.NewRecorder()
 
-		ctx.Router.ServeHTTP(rec, req)
+		response := assertJSONResponse(t, request, http.StatusOK)
-
+		if data, ok := getDataFromResponse(response); ok {
-		response := assertJSONResponse(t, rec, http.StatusOK)
+			if userData, ok := data["user"].(map[string]any); ok {
-		if response != nil {
+				if id, ok := userData["id"].(float64); ok && uint(id) != user.User.ID {
-			if data, ok := response["data"].(map[string]any); ok {
+					t.Errorf("Expected user ID %d, got %.0f", user.User.ID, id)
-				if userData, ok := data["user"].(map[string]any); ok {
-					if id, ok := userData["id"].(float64); ok && uint(id) != user.User.ID {
-						t.Errorf("Expected user ID %d, got %.0f", user.User.ID, id)
-					}
 				}
 			}
 		}
@@ -210,24 +128,16 @@ func TestIntegration_CompleteAPIEndpoints(t *testing.T) {
 
 		testutils.CreatePostWithRepo(t, ctx.Suite.PostRepo, user.User.ID, "User Posts Test", "https://example.com/user-posts")
 
-		req := httptest.NewRequest("GET", fmt.Sprintf("/api/users/%d/posts", user.User.ID), nil)
+		request := makeAuthenticatedGetRequest(t, ctx.Router, fmt.Sprintf("/api/users/%d/posts", user.User.ID), user, map[string]string{"id": fmt.Sprintf("%d", user.User.ID)})
-		req.Header.Set("Authorization", "Bearer "+user.Token)
-		req = testutils.WithUserContext(req, middleware.UserIDKey, user.User.ID)
-		req = testutils.WithURLParams(req, map[string]string{"id": fmt.Sprintf("%d", user.User.ID)})
-		rec := httptest.NewRecorder()
 
-		ctx.Router.ServeHTTP(rec, req)
+		response := assertJSONResponse(t, request, http.StatusOK)
-
+		if data, ok := getDataFromResponse(response); ok {
-		response := assertJSONResponse(t, rec, http.StatusOK)
+			if posts, ok := data["posts"].([]any); ok {
-		if response != nil {
+				if len(posts) == 0 {
-			if data, ok := response["data"].(map[string]any); ok {
+					t.Error("Expected at least one post in response")
-				if posts, ok := data["posts"].([]any); ok {
-					if len(posts) == 0 {
-						t.Error("Expected at least one post in response")
-					}
-				} else {
-					t.Error("Expected posts array in response")
 				}
+			} else {
+				t.Error("Expected posts array in response")
 			}
 		}
 	})
@@ -236,26 +146,16 @@ func TestIntegration_CompleteAPIEndpoints(t *testing.T) {
 		ctx.Suite.EmailSender.Reset()
 		user := createAuthenticatedUser(t, ctx.AuthService, ctx.Suite.UserRepo, "users_create_admin", "users_create_admin@example.com")
 
-		reqBody := map[string]string{
+		request := makePostRequest(t, ctx.Router, "/api/users", map[string]any{
 			"username": "created_user",
 			"email":    "created@example.com",
 			"password": "SecurePass123!",
-		}
+		}, user, nil)
-		body, _ := json.Marshal(reqBody)
-		req := httptest.NewRequest("POST", "/api/users", bytes.NewBuffer(body))
-		req.Header.Set("Content-Type", "application/json")
-		req.Header.Set("Authorization", "Bearer "+user.Token)
-		req = testutils.WithUserContext(req, middleware.UserIDKey, user.User.ID)
-		rec := httptest.NewRecorder()
 
-		ctx.Router.ServeHTTP(rec, req)
+		response := assertJSONResponse(t, request, http.StatusCreated)
-
+		if data, ok := getDataFromResponse(response); ok {
-		response := assertJSONResponse(t, rec, http.StatusCreated)
+			if _, exists := data["user"]; !exists {
-		if response != nil {
+				t.Error("Expected user in response")
-			if data, ok := response["data"].(map[string]any); ok {
-				if _, exists := data["user"]; !exists {
-					t.Error("Expected user in response")
-				}
 			}
 		}
 	})
@@ -266,27 +166,16 @@ func TestIntegration_CompleteAPIEndpoints(t *testing.T) {
 
 		post := testutils.CreatePostWithRepo(t, ctx.Suite.PostRepo, user.User.ID, "Update Test Post", "https://example.com/update-test")
 
-		reqBody := map[string]string{
+		request := makePutRequest(t, ctx.Router, fmt.Sprintf("/api/posts/%d", post.ID), map[string]any{
 			"title":   "Updated Title",
 			"content": "Updated content",
-		}
+		}, user, map[string]string{"id": fmt.Sprintf("%d", post.ID)})
-		body, _ := json.Marshal(reqBody)
-		req := httptest.NewRequest("PUT", fmt.Sprintf("/api/posts/%d", post.ID), bytes.NewBuffer(body))
-		req.Header.Set("Content-Type", "application/json")
-		req.Header.Set("Authorization", "Bearer "+user.Token)
-		req = testutils.WithUserContext(req, middleware.UserIDKey, user.User.ID)
-		req = testutils.WithURLParams(req, map[string]string{"id": fmt.Sprintf("%d", post.ID)})
-		rec := httptest.NewRecorder()
 
-		ctx.Router.ServeHTTP(rec, req)
+		response := assertJSONResponse(t, request, http.StatusOK)
-
+		if data, ok := getDataFromResponse(response); ok {
-		response := assertJSONResponse(t, rec, http.StatusOK)
+			if postData, ok := data["post"].(map[string]any); ok {
-		if response != nil {
+				if title, ok := postData["title"].(string); ok && title != "Updated Title" {
-			if data, ok := response["data"].(map[string]any); ok {
+					t.Errorf("Expected title 'Updated Title', got '%s'", title)
-				if postData, ok := data["post"].(map[string]any); ok {
-					if title, ok := postData["title"].(string); ok && title != "Updated Title" {
-						t.Errorf("Expected title 'Updated Title', got '%s'", title)
-					}
 				}
 			}
 		}
@@ -298,20 +187,11 @@ func TestIntegration_CompleteAPIEndpoints(t *testing.T) {
 
 		post := testutils.CreatePostWithRepo(t, ctx.Suite.PostRepo, user.User.ID, "Delete Test Post", "https://example.com/delete-test")
 
-		req := httptest.NewRequest("DELETE", fmt.Sprintf("/api/posts/%d", post.ID), nil)
+		request := makeDeleteRequest(t, ctx.Router, fmt.Sprintf("/api/posts/%d", post.ID), user, map[string]string{"id": fmt.Sprintf("%d", post.ID)})
-		req.Header.Set("Authorization", "Bearer "+user.Token)
+		assertStatus(t, request, http.StatusOK)
-		req = testutils.WithUserContext(req, middleware.UserIDKey, user.User.ID)
-		req = testutils.WithURLParams(req, map[string]string{"id": fmt.Sprintf("%d", post.ID)})
-		rec := httptest.NewRecorder()
 
-		ctx.Router.ServeHTTP(rec, req)
+		getRequest := makeGetRequest(t, ctx.Router, fmt.Sprintf("/api/posts/%d", post.ID))
-
+		assertStatus(t, getRequest, http.StatusNotFound)
-		assertStatus(t, rec, http.StatusOK)
-
-		getReq := httptest.NewRequest("GET", fmt.Sprintf("/api/posts/%d", post.ID), nil)
-		getRec := httptest.NewRecorder()
-		ctx.Router.ServeHTTP(getRec, getReq)
-		assertStatus(t, getRec, http.StatusNotFound)
 	})
 
 	t.Run("Votes_Get_All_Endpoint", func(t *testing.T) {
@@ -319,35 +199,17 @@ func TestIntegration_CompleteAPIEndpoints(t *testing.T) {
 		user := createAuthenticatedUser(t, ctx.AuthService, ctx.Suite.UserRepo, "votes_get_all_user", "votes_get_all@example.com")
 
 		post := testutils.CreatePostWithRepo(t, ctx.Suite.PostRepo, user.User.ID, "Votes Test Post", "https://example.com/votes-test")
+		makePostRequest(t, ctx.Router, fmt.Sprintf("/api/posts/%d/vote", post.ID), map[string]any{"type": "up"}, user, map[string]string{"id": fmt.Sprintf("%d", post.ID)})
+		request := makeAuthenticatedGetRequest(t, ctx.Router, fmt.Sprintf("/api/posts/%d/votes", post.ID), user, map[string]string{"id": fmt.Sprintf("%d", post.ID)})
 
-		voteBody := map[string]string{"type": "up"}
+		response := assertJSONResponse(t, request, http.StatusOK)
-		voteBodyBytes, _ := json.Marshal(voteBody)
+		if data, ok := getDataFromResponse(response); ok {
-		voteReq := httptest.NewRequest("POST", fmt.Sprintf("/api/posts/%d/vote", post.ID), bytes.NewBuffer(voteBodyBytes))
+			if votes, ok := data["votes"].([]any); ok {
-		voteReq.Header.Set("Content-Type", "application/json")
+				if len(votes) == 0 {
-		voteReq.Header.Set("Authorization", "Bearer "+user.Token)
+					t.Error("Expected at least one vote in response")
-		voteReq = testutils.WithUserContext(voteReq, middleware.UserIDKey, user.User.ID)
-		voteReq = testutils.WithURLParams(voteReq, map[string]string{"id": fmt.Sprintf("%d", post.ID)})
-		voteRec := httptest.NewRecorder()
-		ctx.Router.ServeHTTP(voteRec, voteReq)
-
-		req := httptest.NewRequest("GET", fmt.Sprintf("/api/posts/%d/votes", post.ID), nil)
-		req.Header.Set("Authorization", "Bearer "+user.Token)
-		req = testutils.WithUserContext(req, middleware.UserIDKey, user.User.ID)
-		req = testutils.WithURLParams(req, map[string]string{"id": fmt.Sprintf("%d", post.ID)})
-		rec := httptest.NewRecorder()
-
-		ctx.Router.ServeHTTP(rec, req)
-
-		response := assertJSONResponse(t, rec, http.StatusOK)
-		if response != nil {
-			if data, ok := response["data"].(map[string]any); ok {
-				if votes, ok := data["votes"].([]any); ok {
-					if len(votes) == 0 {
-						t.Error("Expected at least one vote in response")
-					}
-				} else {
-					t.Error("Expected votes array in response")
 				}
+			} else {
+				t.Error("Expected votes array in response")
 			}
 		}
 	})
@@ -358,49 +220,461 @@ func TestIntegration_CompleteAPIEndpoints(t *testing.T) {
 
 		post := testutils.CreatePostWithRepo(t, ctx.Suite.PostRepo, user.User.ID, "Vote Remove Test", "https://example.com/vote-remove")
 
-		voteBody := map[string]string{"type": "up"}
+		makePostRequest(t, ctx.Router, fmt.Sprintf("/api/posts/%d/vote", post.ID), map[string]any{"type": "up"}, user, map[string]string{"id": fmt.Sprintf("%d", post.ID)})
-		voteBodyBytes, _ := json.Marshal(voteBody)
-		voteReq := httptest.NewRequest("POST", fmt.Sprintf("/api/posts/%d/vote", post.ID), bytes.NewBuffer(voteBodyBytes))
-		voteReq.Header.Set("Content-Type", "application/json")
-		voteReq.Header.Set("Authorization", "Bearer "+user.Token)
-		voteReq = testutils.WithUserContext(voteReq, middleware.UserIDKey, user.User.ID)
-		voteReq = testutils.WithURLParams(voteReq, map[string]string{"id": fmt.Sprintf("%d", post.ID)})
-		voteRec := httptest.NewRecorder()
-		ctx.Router.ServeHTTP(voteRec, voteReq)
 
-		req := httptest.NewRequest("DELETE", fmt.Sprintf("/api/posts/%d/vote", post.ID), nil)
+		request := makeDeleteRequest(t, ctx.Router, fmt.Sprintf("/api/posts/%d/vote", post.ID), user, map[string]string{"id": fmt.Sprintf("%d", post.ID)})
-		req.Header.Set("Authorization", "Bearer "+user.Token)
+		assertStatus(t, request, http.StatusOK)
-		req = testutils.WithUserContext(req, middleware.UserIDKey, user.User.ID)
-		req = testutils.WithURLParams(req, map[string]string{"id": fmt.Sprintf("%d", post.ID)})
-		rec := httptest.NewRecorder()
-
-		ctx.Router.ServeHTTP(rec, req)
-
-		assertStatus(t, rec, http.StatusOK)
 	})
 
 	t.Run("API_Info_Endpoint", func(t *testing.T) {
-		req := httptest.NewRequest("GET", "/api", nil)
+		request := makeGetRequest(t, ctx.Router, "/api")
-		rec := httptest.NewRecorder()
 
-		ctx.Router.ServeHTTP(rec, req)
+		response := assertJSONResponse(t, request, http.StatusOK)
-
+		if data, ok := getDataFromResponse(response); ok {
-		response := assertJSONResponse(t, rec, http.StatusOK)
+			if _, exists := data["endpoints"]; !exists {
-		if response != nil {
+				t.Error("Expected endpoints in API info")
-			if data, ok := response["data"].(map[string]any); ok {
-				if _, exists := data["endpoints"]; !exists {
-					t.Error("Expected endpoints in API info")
-				}
 			}
 		}
 	})
 
 	t.Run("Swagger_Documentation_Endpoint", func(t *testing.T) {
-		req := httptest.NewRequest("GET", "/swagger/index.html", nil)
+		request := makeGetRequest(t, ctx.Router, "/swagger/index.html")
-		rec := httptest.NewRecorder()
+		assertStatusRange(t, request, http.StatusOK, http.StatusNotFound)
+	})
 
-		ctx.Router.ServeHTTP(rec, req)
+	t.Run("Search_Endpoint_Edge_Cases", func(t *testing.T) {
+		ctx.Suite.EmailSender.Reset()
+		user := createAuthenticatedUser(t, ctx.AuthService, ctx.Suite.UserRepo, uniqueTestUsername(t, "search_edge"), uniqueTestEmail(t, "search_edge"))
 
-		assertStatusRange(t, rec, http.StatusOK, http.StatusNotFound)
+		testutils.CreatePostWithRepo(t, ctx.Suite.PostRepo, user.User.ID, "Searchable Post One", "https://example.com/one")
+		testutils.CreatePostWithRepo(t, ctx.Suite.PostRepo, user.User.ID, "Searchable Post Two", "https://example.com/two")
+		testutils.CreatePostWithRepo(t, ctx.Suite.PostRepo, user.User.ID, "Different Content", "https://example.com/three")
+
+		t.Run("Empty_Search_Results", func(t *testing.T) {
+			request := makeGetRequest(t, ctx.Router, "/api/posts/search?q=nonexistentterm12345")
+
+			response := assertJSONResponse(t, request, http.StatusOK)
+			if data, ok := getDataFromResponse(response); ok {
+				if posts, ok := data["posts"].([]any); ok {
+					if len(posts) != 0 {
+						t.Errorf("Expected empty search results, got %d posts", len(posts))
+					}
+				}
+				if count, ok := data["count"].(float64); ok && count != 0 {
+					t.Errorf("Expected count 0, got %.0f", count)
+				}
+			}
+		})
+
+		t.Run("Search_With_Pagination", func(t *testing.T) {
+			request := makeGetRequest(t, ctx.Router, "/api/posts/search?q=Searchable&limit=1&offset=0")
+
+			response := assertJSONResponse(t, request, http.StatusOK)
+			var firstPostID any
+			if data, ok := getDataFromResponse(response); ok {
+				if posts, ok := data["posts"].([]any); ok {
+					if len(posts) > 1 {
+						t.Errorf("Expected at most 1 post with limit=1, got %d", len(posts))
+					}
+					if len(posts) > 0 {
+						if post, ok := posts[0].(map[string]any); ok {
+							firstPostID = post["id"]
+						}
+					}
+				}
+				if limit, ok := data["limit"].(float64); ok && limit != 1 {
+					t.Errorf("Expected limit 1 in response, got %.0f", limit)
+				}
+				if offset, ok := data["offset"].(float64); ok && offset != 0 {
+					t.Errorf("Expected offset 0 in response, got %.0f", offset)
+				}
+			}
+
+			secondRequest := makeGetRequest(t, ctx.Router, "/api/posts/search?q=Searchable&limit=1&offset=1")
+
+			secondResponse := assertJSONResponse(t, secondRequest, http.StatusOK)
+			if data, ok := getDataFromResponse(secondResponse); ok {
+				if posts, ok := data["posts"].([]any); ok {
+					if len(posts) > 1 {
+						t.Errorf("Expected at most 1 post with limit=1 and offset=1, got %d", len(posts))
+					}
+					if len(posts) > 0 && firstPostID != nil {
+						if post, ok := posts[0].(map[string]any); ok {
+							if post["id"] == firstPostID {
+								t.Error("Expected different post with offset=1, got same post as offset=0")
+							}
+						}
+					}
+				}
+			}
+		})
+
+		t.Run("Search_With_Special_Characters", func(t *testing.T) {
+			specialQueries := []string{
+				"Searchable%20Post",
+				"Searchable'Post",
+				"Searchable\"Post",
+				"Searchable;Post",
+				"Searchable--Post",
+			}
+
+			for _, query := range specialQueries {
+				request := makeGetRequest(t, ctx.Router, "/api/posts/search?q="+url.QueryEscape(query))
+				assertStatusRange(t, request, http.StatusOK, http.StatusBadRequest)
+			}
+		})
+
+		t.Run("Search_Empty_Query", func(t *testing.T) {
+			request := makeGetRequest(t, ctx.Router, "/api/posts/search?q=")
+
+			response := assertJSONResponse(t, request, http.StatusOK)
+			if data, ok := getDataFromResponse(response); ok {
+				if posts, ok := data["posts"].([]any); ok {
+					if len(posts) != 0 {
+						t.Errorf("Expected empty results for empty query, got %d posts", len(posts))
+					}
+				}
+				if count, ok := data["count"].(float64); ok && count != 0 {
+					t.Errorf("Expected count 0 for empty query, got %.0f", count)
+				}
+			}
+		})
+
+		t.Run("Search_With_Very_Long_Query", func(t *testing.T) {
+			longQuery := strings.Repeat("a", 1000)
+			request := makeGetRequest(t, ctx.Router, "/api/posts/search?q="+url.QueryEscape(longQuery))
+			assertStatusRange(t, request, http.StatusOK, http.StatusBadRequest)
+		})
+
+		t.Run("Search_Case_Insensitive", func(t *testing.T) {
+			request := makeGetRequest(t, ctx.Router, "/api/posts/search?q=SEARCHABLE")
+
+			response := assertJSONResponse(t, request, http.StatusOK)
+			if data, ok := getDataFromResponse(response); ok {
+				if posts, ok := data["posts"].([]any); ok {
+					if len(posts) == 0 {
+						t.Error("Expected case-insensitive search to find posts")
+					}
+				}
+			}
+		})
+	})
+
+	t.Run("Title_Fetch_Endpoint_Edge_Cases", func(t *testing.T) {
+		ctx.Suite.EmailSender.Reset()
+
+		t.Run("Missing_URL_Parameter", func(t *testing.T) {
+			request := makeGetRequest(t, ctx.Router, "/api/posts/title")
+			assertErrorResponse(t, request, http.StatusBadRequest)
+		})
+
+		t.Run("Empty_URL_Parameter", func(t *testing.T) {
+			request := makeGetRequest(t, ctx.Router, "/api/posts/title?url=")
+			assertErrorResponse(t, request, http.StatusBadRequest)
+		})
+
+		t.Run("Invalid_URL_Format", func(t *testing.T) {
+			invalidURLs := []string{
+				"not-a-url",
+				"://invalid",
+				"http://",
+				"https://",
+			}
+
+			for _, invalidURL := range invalidURLs {
+				ctx.Suite.TitleFetcher.SetError(services.ErrUnsupportedScheme)
+				request := makeGetRequest(t, ctx.Router, "/api/posts/title?url="+url.QueryEscape(invalidURL))
+				assertErrorResponse(t, request, http.StatusBadRequest)
+			}
+		})
+
+		t.Run("Unsupported_URL_Schemes", func(t *testing.T) {
+			unsupportedSchemes := []string{
+				"ftp://example.com",
+				"file:///etc/passwd",
+				"javascript:alert(1)",
+				"data:text/html,<script>alert(1)</script>",
+			}
+
+			for _, schemeURL := range unsupportedSchemes {
+				request := makeGetRequest(t, ctx.Router, "/api/posts/title?url="+url.QueryEscape(schemeURL))
+				assertErrorResponse(t, request, http.StatusBadRequest)
+			}
+		})
+
+		t.Run("SSRF_Protection_Localhost", func(t *testing.T) {
+			ssrfURLs := []string{
+				"http://localhost",
+				"http://127.0.0.1",
+				"http://127.0.0.1:8080",
+				"http://[::1]",
+				"http://0.0.0.0",
+			}
+
+			for _, ssrfURL := range ssrfURLs {
+				ctx.Suite.TitleFetcher.SetError(services.ErrSSRFBlocked)
+				request := makeGetRequest(t, ctx.Router, "/api/posts/title?url="+url.QueryEscape(ssrfURL))
+				assertStatusRange(t, request, http.StatusBadRequest, http.StatusBadGateway)
+			}
+		})
+
+		t.Run("SSRF_Protection_Private_IPs", func(t *testing.T) {
+			privateIPs := []string{
+				"http://192.168.1.1",
+				"http://10.0.0.1",
+				"http://172.16.0.1",
+			}
+
+			for _, privateIP := range privateIPs {
+				ctx.Suite.TitleFetcher.SetError(services.ErrSSRFBlocked)
+				request := makeGetRequest(t, ctx.Router, "/api/posts/title?url="+url.QueryEscape(privateIP))
+				assertStatusRange(t, request, http.StatusBadRequest, http.StatusBadGateway)
+			}
+		})
+
+		t.Run("Title_Fetch_Error_Handling", func(t *testing.T) {
+			ctx.Suite.TitleFetcher.SetError(services.ErrTitleNotFound)
+
+			request := makeGetRequest(t, ctx.Router, "/api/posts/title?url=https://example.com/notitle")
+			assertErrorResponse(t, request, http.StatusBadRequest)
+		})
+
+		t.Run("Valid_URL_Success", func(t *testing.T) {
+			ctx.Suite.TitleFetcher.SetTitle("Valid Title")
+
+			request := makeGetRequest(t, ctx.Router, "/api/posts/title?url=https://example.com/valid")
+
+			response := assertJSONResponse(t, request, http.StatusOK)
+			if data, ok := getDataFromResponse(response); ok {
+				if title, ok := data["title"].(string); ok {
+					if title != "Valid Title" {
+						t.Errorf("Expected title 'Valid Title', got '%s'", title)
+					}
+				} else {
+					t.Error("Expected title in response data")
+				}
+			}
+		})
+	})
+
+	t.Run("Get_User_Vote_Edge_Cases", func(t *testing.T) {
+		ctx.Suite.EmailSender.Reset()
+		user := createAuthenticatedUser(t, ctx.AuthService, ctx.Suite.UserRepo, uniqueTestUsername(t, "vote_edge"), uniqueTestEmail(t, "vote_edge"))
+		secondUser := createAuthenticatedUser(t, ctx.AuthService, ctx.Suite.UserRepo, uniqueTestUsername(t, "vote_edge2"), uniqueTestEmail(t, "vote_edge2"))
+
+		post := testutils.CreatePostWithRepo(t, ctx.Suite.PostRepo, user.User.ID, "Vote Edge Test Post", "https://example.com/vote-edge")
+
+		t.Run("Get_Vote_When_User_Has_Voted", func(t *testing.T) {
+			voteRequest := makePostRequest(t, ctx.Router, fmt.Sprintf("/api/posts/%d/vote", post.ID), map[string]any{"type": "up"}, user, map[string]string{"id": fmt.Sprintf("%d", post.ID)})
+			assertStatus(t, voteRequest, http.StatusOK)
+
+			request := makeAuthenticatedGetRequest(t, ctx.Router, fmt.Sprintf("/api/posts/%d/vote", post.ID), user, map[string]string{"id": fmt.Sprintf("%d", post.ID)})
+
+			response := assertJSONResponse(t, request, http.StatusOK)
+			if data, ok := getDataFromResponse(response); ok {
+				if hasVote, ok := data["has_vote"].(bool); !ok || !hasVote {
+					t.Error("Expected has_vote to be true when user has voted")
+				}
+				if vote, ok := data["vote"]; !ok || vote == nil {
+					t.Error("Expected vote object when user has voted")
+				}
+			}
+		})
+
+		t.Run("Get_Vote_When_User_Has_Not_Voted", func(t *testing.T) {
+			request := makeAuthenticatedGetRequest(t, ctx.Router, fmt.Sprintf("/api/posts/%d/vote", post.ID), secondUser, map[string]string{"id": fmt.Sprintf("%d", post.ID)})
+
+			response := assertJSONResponse(t, request, http.StatusOK)
+			if data, ok := getDataFromResponse(response); ok {
+				if hasVote, ok := data["has_vote"].(bool); ok {
+					if hasVote {
+						t.Error("Expected has_vote to be false when user has not voted")
+					}
+				} else {
+					t.Error("Expected has_vote field in response")
+				}
+			}
+		})
+
+		t.Run("Get_Vote_Invalid_Post_ID", func(t *testing.T) {
+			request := makeAuthenticatedGetRequest(t, ctx.Router, "/api/posts/999999/vote", user, map[string]string{"id": "999999"})
+
+			if request.Code != http.StatusOK && request.Code != http.StatusNotFound {
+				t.Errorf("Expected status 200 or 404 for invalid post ID, got %d", request.Code)
+			}
+		})
+
+		t.Run("Get_Vote_Unauthenticated", func(t *testing.T) {
+			request := makeGetRequest(t, ctx.Router, fmt.Sprintf("/api/posts/%d/vote", post.ID))
+			assertErrorResponse(t, request, http.StatusUnauthorized)
+		})
+
+		t.Run("Get_Vote_Response_Structure", func(t *testing.T) {
+			request := makeAuthenticatedGetRequest(t, ctx.Router, fmt.Sprintf("/api/posts/%d/vote", post.ID), user, map[string]string{"id": fmt.Sprintf("%d", post.ID)})
+
+			response := assertJSONResponse(t, request, http.StatusOK)
+			if success, ok := response["success"].(bool); !ok || !success {
+				t.Error("Expected success field to be true")
+			}
+			if data, ok := getDataFromResponse(response); ok {
+				if _, exists := data["has_vote"]; !exists {
+					t.Error("Expected has_vote field in response data")
+				}
+				if _, exists := data["is_anonymous"]; !exists {
+					t.Error("Expected is_anonymous field in response data")
+				}
+			} else {
+				t.Error("Expected data field in response")
+			}
+		})
+	})
+
+	t.Run("Refresh_Token_Edge_Cases", func(t *testing.T) {
+		ctx.Suite.EmailSender.Reset()
+		refreshUser := createAuthenticatedUser(t, ctx.AuthService, ctx.Suite.UserRepo, uniqueTestUsername(t, "refresh_edge"), uniqueTestEmail(t, "refresh_edge"))
+
+		t.Run("Refresh_With_Expired_Token", func(t *testing.T) {
+			loginResult, err := ctx.AuthService.Login(refreshUser.User.Username, "SecurePass123!")
+			if err != nil {
+				t.Fatalf("Failed to login: %v", err)
+			}
+
+			refreshToken, err := ctx.Suite.RefreshTokenRepo.GetByTokenHash(testutils.HashVerificationToken(loginResult.RefreshToken))
+			if err != nil {
+				t.Fatalf("Failed to get refresh token: %v", err)
+			}
+
+			refreshToken.ExpiresAt = time.Now().Add(-1 * time.Hour)
+			if err := ctx.Suite.DB.Model(refreshToken).Update("expires_at", refreshToken.ExpiresAt).Error; err != nil {
+				t.Fatalf("Failed to expire refresh token: %v", err)
+			}
+
+			request := makePostRequestWithJSON(t, ctx.Router, "/api/auth/refresh", map[string]any{"refresh_token": loginResult.RefreshToken})
+			assertErrorResponse(t, request, http.StatusUnauthorized)
+		})
+
+		t.Run("Refresh_With_Revoked_Token", func(t *testing.T) {
+			loginResult, err := ctx.AuthService.Login(refreshUser.User.Username, "SecurePass123!")
+			if err != nil {
+				t.Fatalf("Failed to login: %v", err)
+			}
+
+			if err := ctx.AuthService.RevokeRefreshToken(loginResult.RefreshToken); err != nil {
+				t.Fatalf("Failed to revoke refresh token: %v", err)
+			}
+
+			request := makePostRequestWithJSON(t, ctx.Router, "/api/auth/refresh", map[string]any{"refresh_token": loginResult.RefreshToken})
+			assertErrorResponse(t, request, http.StatusUnauthorized)
+		})
+
+		t.Run("Refresh_With_Empty_Token", func(t *testing.T) {
+			request := makePostRequestWithJSON(t, ctx.Router, "/api/auth/refresh", map[string]any{"refresh_token": ""})
+			assertErrorResponse(t, request, http.StatusBadRequest)
+		})
+
+		t.Run("Refresh_With_Missing_Token_Field", func(t *testing.T) {
+			request := makePostRequestWithJSON(t, ctx.Router, "/api/auth/refresh", map[string]any{})
+			assertErrorResponse(t, request, http.StatusBadRequest)
+		})
+
+		t.Run("Refresh_Token_Rotation", func(t *testing.T) {
+			loginResult, err := ctx.AuthService.Login(refreshUser.User.Username, "SecurePass123!")
+			if err != nil {
+				t.Fatalf("Failed to login: %v", err)
+			}
+
+			originalRefreshToken := loginResult.RefreshToken
+
+			request := makePostRequestWithJSON(t, ctx.Router, "/api/auth/refresh", map[string]any{"refresh_token": originalRefreshToken})
+
+			response := assertJSONResponse(t, request, http.StatusOK)
+			if data, ok := getDataFromResponse(response); ok {
+				if newAccessToken, ok := data["access_token"].(string); ok {
+					if newAccessToken == "" {
+						t.Error("Expected new access token in refresh response")
+					}
+
+					if newRefreshToken, ok := data["refresh_token"].(string); ok {
+						if newRefreshToken != "" && newRefreshToken == originalRefreshToken {
+							t.Log("Refresh token rotation may not be implemented (same token returned)")
+						}
+					}
+				}
+			}
+		})
+
+		t.Run("Refresh_After_Account_Lock", func(t *testing.T) {
+			lockedUser := createAuthenticatedUser(t, ctx.AuthService, ctx.Suite.UserRepo, uniqueTestUsername(t, "refresh_lock"), uniqueTestEmail(t, "refresh_lock"))
+
+			loginResult, err := ctx.AuthService.Login(lockedUser.User.Username, "SecurePass123!")
+			if err != nil {
+				t.Fatalf("Failed to login: %v", err)
+			}
+
+			lockedUser.User.Locked = true
+			if err := ctx.Suite.UserRepo.Update(lockedUser.User); err != nil {
+				t.Fatalf("Failed to lock user: %v", err)
+			}
+
+			request := makePostRequestWithJSON(t, ctx.Router, "/api/auth/refresh", map[string]any{"refresh_token": loginResult.RefreshToken})
+
+			assertStatusRange(t, request, http.StatusUnauthorized, http.StatusForbidden)
+		})
+
+		t.Run("Refresh_With_Invalid_Token_Format", func(t *testing.T) {
+			request := makePostRequestWithJSON(t, ctx.Router, "/api/auth/refresh", map[string]any{"refresh_token": "invalid-token-format-12345"})
+			assertErrorResponse(t, request, http.StatusUnauthorized)
+		})
+	})
+
+	t.Run("Pagination_Edge_Cases", func(t *testing.T) {
+		ctx.Suite.EmailSender.Reset()
+		paginationUser := createAuthenticatedUser(t, ctx.AuthService, ctx.Suite.UserRepo, uniqueTestUsername(t, "pagination_edge"), uniqueTestEmail(t, "pagination_edge"))
+
+		for i := 0; i < 5; i++ {
+			testutils.CreatePostWithRepo(t, ctx.Suite.PostRepo, paginationUser.User.ID, fmt.Sprintf("Pagination Post %d", i), fmt.Sprintf("https://example.com/pag%d", i))
+		}
+
+		t.Run("Negative_Limit", func(t *testing.T) {
+			request := makeGetRequest(t, ctx.Router, "/api/posts?limit=-1")
+			assertStatusRange(t, request, http.StatusOK, http.StatusBadRequest)
+		})
+
+		t.Run("Negative_Offset", func(t *testing.T) {
+			request := makeGetRequest(t, ctx.Router, "/api/posts?offset=-1")
+			assertStatusRange(t, request, http.StatusOK, http.StatusBadRequest)
+		})
+
+		t.Run("Very_Large_Limit", func(t *testing.T) {
+			request := makeGetRequest(t, ctx.Router, "/api/posts?limit=10000")
+			assertStatusRange(t, request, http.StatusOK, http.StatusBadRequest)
+		})
+
+		t.Run("Very_Large_Offset", func(t *testing.T) {
+			request := makeGetRequest(t, ctx.Router, "/api/posts?offset=10000")
+
+			response := assertJSONResponse(t, request, http.StatusOK)
+			if data, ok := getDataFromResponse(response); ok {
+				if posts, ok := data["posts"].([]any); ok {
+					if len(posts) > 0 {
+						t.Logf("Large offset returned %d posts (may be expected)", len(posts))
+					}
+				}
+			}
+		})
+
+		t.Run("Invalid_Pagination_Parameters", func(t *testing.T) {
+			invalidParams := []string{
+				"limit=abc",
+				"offset=xyz",
+				"limit=",
+				"offset=",
+			}
+
+			for _, param := range invalidParams {
+				request := makeGetRequest(t, ctx.Router, "/api/posts?"+param)
+				assertStatus(t, request, http.StatusOK)
+			}
+		})
 	})
 }

internal/integration/compression_static_metadata_integration_test.go

@@ -1,17 +1,12 @@
 package integration
 
 import (
-	"bytes"
 	"compress/gzip"
-	"encoding/json"
 	"io"
 	"net/http"
 	"net/http/httptest"
 	"strings"
 	"testing"
-
-	"goyco/internal/middleware"
-	"goyco/internal/testutils"
 )
 
 func TestIntegration_Compression(t *testing.T) {
@@ -19,16 +14,16 @@ func TestIntegration_Compression(t *testing.T) {
 	router := ctx.Router
 
 	t.Run("Response_Compression_Gzip", func(t *testing.T) {
-		req := httptest.NewRequest("GET", "/api/posts", nil)
+		request := httptest.NewRequest("GET", "/api/posts", nil)
-		req.Header.Set("Accept-Encoding", "gzip")
+		request.Header.Set("Accept-Encoding", "gzip")
-		rec := httptest.NewRecorder()
+		recorder := httptest.NewRecorder()
 
-		router.ServeHTTP(rec, req)
+		router.ServeHTTP(recorder, request)
 
-		contentEncoding := rec.Header().Get("Content-Encoding")
+		contentEncoding := recorder.Header().Get("Content-Encoding")
 		if contentEncoding != "" && strings.Contains(contentEncoding, "gzip") {
-			assertHeaderContains(t, rec, "Content-Encoding", "gzip")
+			assertHeaderContains(t, recorder, "Content-Encoding", "gzip")
-			reader, err := gzip.NewReader(rec.Body)
+			reader, err := gzip.NewReader(recorder.Body)
 			if err != nil {
 				t.Fatalf("Failed to create gzip reader: %v", err)
 			}
@@ -48,14 +43,14 @@ func TestIntegration_Compression(t *testing.T) {
 	})
 
 	t.Run("Compression_Headers_Present", func(t *testing.T) {
-		req := httptest.NewRequest("GET", "/api/posts", nil)
+		request := httptest.NewRequest("GET", "/api/posts", nil)
-		req.Header.Set("Accept-Encoding", "gzip, deflate")
+		request.Header.Set("Accept-Encoding", "gzip, deflate")
-		rec := httptest.NewRecorder()
+		recorder := httptest.NewRecorder()
 
-		router.ServeHTTP(rec, req)
+		router.ServeHTTP(recorder, request)
 
-		if rec.Header().Get("Vary") != "" {
+		if recorder.Header().Get("Vary") != "" {
-			assertHeaderContains(t, rec, "Vary", "Accept-Encoding")
+			assertHeaderContains(t, recorder, "Vary", "Accept-Encoding")
 		} else {
 			t.Log("Vary header may not always be present")
 		}
@@ -67,25 +62,19 @@ func TestIntegration_StaticFiles(t *testing.T) {
 	router := ctx.Router
 
 	t.Run("Robots_Txt_Served", func(t *testing.T) {
-		req := httptest.NewRequest("GET", "/robots.txt", nil)
+		request := makeGetRequest(t, router, "/robots.txt")
-		rec := httptest.NewRecorder()
 
-		router.ServeHTTP(rec, req)
+		assertStatus(t, request, http.StatusOK)
 
-		assertStatus(t, rec, http.StatusOK)
+		if !strings.Contains(request.Body.String(), "User-agent") {
-
-		if !strings.Contains(rec.Body.String(), "User-agent") {
 			t.Error("Expected robots.txt content")
 		}
 	})
 
 	t.Run("Static_Files_Security_Headers", func(t *testing.T) {
-		req := httptest.NewRequest("GET", "/robots.txt", nil)
+		request := makeGetRequest(t, router, "/robots.txt")
-		rec := httptest.NewRecorder()
 
-		router.ServeHTTP(rec, req)
+		if request.Header().Get("X-Content-Type-Options") == "" {
-
-		if rec.Header().Get("X-Content-Type-Options") == "" {
 			t.Log("Security headers may not be applied to all static files")
 		}
 	})
@@ -101,32 +90,22 @@ func TestIntegration_URLMetadata(t *testing.T) {
 
 		ctx.Suite.TitleFetcher.SetTitle("Fetched Title")
 
-		postBody := map[string]string{
+		postBody := map[string]any{
 			"title":   "Test Post",
 			"url":     "https://example.com/metadata-test",
 			"content": "Test content",
 		}
-		body, _ := json.Marshal(postBody)
+		request := makePostRequest(t, router, "/api/posts", postBody, user, nil)
-		req := httptest.NewRequest("POST", "/api/posts", bytes.NewBuffer(body))
-		req.Header.Set("Content-Type", "application/json")
-		req.Header.Set("Authorization", "Bearer "+user.Token)
-		req = testutils.WithUserContext(req, middleware.UserIDKey, user.User.ID)
-		rec := httptest.NewRecorder()
 
-		router.ServeHTTP(rec, req)
+		assertStatus(t, request, http.StatusCreated)
-
-		assertStatus(t, rec, http.StatusCreated)
 	})
 
 	t.Run("URL_Metadata_Endpoint", func(t *testing.T) {
 		ctx.Suite.TitleFetcher.SetTitle("Endpoint Title")
 
-		req := httptest.NewRequest("GET", "/api/posts/title?url=https://example.com/test", nil)
+		request := makeGetRequest(t, router, "/api/posts/title?url=https://example.com/test")
-		rec := httptest.NewRecorder()
 
-		router.ServeHTTP(rec, req)
+		response := assertJSONResponse(t, request, http.StatusOK)
-
-		response := assertJSONResponse(t, rec, http.StatusOK)
 		if response != nil {
 			if data, ok := response["data"].(map[string]any); ok {
 				if _, exists := data["title"]; !exists {

internal/integration/data_consistency_integration_test.go

@@ -19,27 +19,18 @@ func TestIntegration_DataConsistency(t *testing.T) {
 		ctx.Suite.EmailSender.Reset()
 		user := createAuthenticatedUser(t, ctx.AuthService, ctx.Suite.UserRepo, "consistency_user", "consistency@example.com")
 
-		postBody := map[string]string{
+		request := makePostRequest(t, ctx.Router, "/api/posts", map[string]any{
 			"title":   "Consistency Test Post",
 			"url":     "https://example.com/consistency",
 			"content": "Test content",
-		}
+		}, user, nil)
-		body, _ := json.Marshal(postBody)
 
-		req := httptest.NewRequest("POST", "/api/posts", bytes.NewBuffer(body))
+		createResponse := assertJSONResponse(t, request, http.StatusCreated)
-		req.Header.Set("Content-Type", "application/json")
-		req.Header.Set("Authorization", "Bearer "+user.Token)
-		req = testutils.WithUserContext(req, middleware.UserIDKey, user.User.ID)
-		rec := httptest.NewRecorder()
-
-		ctx.Router.ServeHTTP(rec, req)
-
-		createResponse := assertJSONResponse(t, rec, http.StatusCreated)
 		if createResponse == nil {
 			return
 		}
 
-		postData, ok := createResponse["data"].(map[string]any)
+		postData, ok := getDataFromResponse(createResponse)
 		if !ok {
 			t.Fatal("Response missing data")
 		}
@@ -53,16 +44,14 @@ func TestIntegration_DataConsistency(t *testing.T) {
 		createdURL := postData["url"]
 		createdContent := postData["content"]
 
-		getReq := httptest.NewRequest("GET", fmt.Sprintf("/api/posts/%.0f", postID), nil)
+		getRequest := makeGetRequest(t, ctx.Router, fmt.Sprintf("/api/posts/%.0f", postID))
-		getRec := httptest.NewRecorder()
-		ctx.Router.ServeHTTP(getRec, getReq)
 
-		getResponse := assertJSONResponse(t, getRec, http.StatusOK)
+		getResponse := assertJSONResponse(t, getRequest, http.StatusOK)
 		if getResponse == nil {
 			return
 		}
 
-		getPostData, ok := getResponse["data"].(map[string]any)
+		getPostData, ok := getDataFromResponse(getResponse)
 		if !ok {
 			t.Fatal("Get response missing data")
 		}
@@ -96,32 +85,17 @@ func TestIntegration_DataConsistency(t *testing.T) {
 
 		post := testutils.CreatePostWithRepo(t, ctx.Suite.PostRepo, user.User.ID, "Vote Consistency Post", "https://example.com/vote-consistency")
 
-		voteBody := map[string]string{"type": "up"}
+		voteRequest := makePostRequest(t, ctx.Router, fmt.Sprintf("/api/posts/%d/vote", post.ID), map[string]any{"type": "up"}, user, map[string]string{"id": fmt.Sprintf("%d", post.ID)})
-		body, _ := json.Marshal(voteBody)
+		assertStatus(t, voteRequest, http.StatusOK)
 
-		voteReq := httptest.NewRequest("POST", fmt.Sprintf("/api/posts/%d/vote", post.ID), bytes.NewBuffer(body))
+		getVotesRequest := makeAuthenticatedGetRequest(t, ctx.Router, fmt.Sprintf("/api/posts/%d/votes", post.ID), user, map[string]string{"id": fmt.Sprintf("%d", post.ID)})
-		voteReq.Header.Set("Content-Type", "application/json")
-		voteReq.Header.Set("Authorization", "Bearer "+user.Token)
-		voteReq = testutils.WithUserContext(voteReq, middleware.UserIDKey, user.User.ID)
-		voteReq = testutils.WithURLParams(voteReq, map[string]string{"id": fmt.Sprintf("%d", post.ID)})
-		voteRec := httptest.NewRecorder()
-		ctx.Router.ServeHTTP(voteRec, voteReq)
 
-		assertStatus(t, voteRec, http.StatusOK)
+		votesResponse := assertJSONResponse(t, getVotesRequest, http.StatusOK)
-
-		getVotesReq := httptest.NewRequest("GET", fmt.Sprintf("/api/posts/%d/votes", post.ID), nil)
-		getVotesReq.Header.Set("Authorization", "Bearer "+user.Token)
-		getVotesReq = testutils.WithUserContext(getVotesReq, middleware.UserIDKey, user.User.ID)
-		getVotesReq = testutils.WithURLParams(getVotesReq, map[string]string{"id": fmt.Sprintf("%d", post.ID)})
-		getVotesRec := httptest.NewRecorder()
-		ctx.Router.ServeHTTP(getVotesRec, getVotesReq)
-
-		votesResponse := assertJSONResponse(t, getVotesRec, http.StatusOK)
 		if votesResponse == nil {
 			return
 		}
 
-		votesData, ok := votesResponse["data"].(map[string]any)
+		votesData, ok := getDataFromResponse(votesResponse)
 		if !ok {
 			t.Fatal("Votes response missing data")
 		}
@@ -172,32 +146,21 @@ func TestIntegration_DataConsistency(t *testing.T) {
 
 		post := testutils.CreatePostWithRepo(t, ctx.Suite.PostRepo, user.User.ID, "Original Title", "https://example.com/original")
 
-		updateBody := map[string]string{
+		updateRequest := makePutRequest(t, ctx.Router, fmt.Sprintf("/api/posts/%d", post.ID), map[string]any{
 			"title":   "Updated Title",
 			"content": "Updated content",
-		}
+		}, user, map[string]string{"id": fmt.Sprintf("%d", post.ID)})
-		body, _ := json.Marshal(updateBody)
 
-		updateReq := httptest.NewRequest("PUT", fmt.Sprintf("/api/posts/%d", post.ID), bytes.NewBuffer(body))
+		assertStatus(t, updateRequest, http.StatusOK)
-		updateReq.Header.Set("Content-Type", "application/json")
-		updateReq.Header.Set("Authorization", "Bearer "+user.Token)
-		updateReq = testutils.WithUserContext(updateReq, middleware.UserIDKey, user.User.ID)
-		updateReq = testutils.WithURLParams(updateReq, map[string]string{"id": fmt.Sprintf("%d", post.ID)})
-		updateRec := httptest.NewRecorder()
-		ctx.Router.ServeHTTP(updateRec, updateReq)
 
-		assertStatus(t, updateRec, http.StatusOK)
+		getRequest := makeGetRequest(t, ctx.Router, fmt.Sprintf("/api/posts/%d", post.ID))
 
-		getReq := httptest.NewRequest("GET", fmt.Sprintf("/api/posts/%d", post.ID), nil)
+		getResponse := assertJSONResponse(t, getRequest, http.StatusOK)
-		getRec := httptest.NewRecorder()
-		ctx.Router.ServeHTTP(getRec, getReq)
-
-		getResponse := assertJSONResponse(t, getRec, http.StatusOK)
 		if getResponse == nil {
 			return
 		}
 
-		getPostData, ok := getResponse["data"].(map[string]any)
+		getPostData, ok := getDataFromResponse(getResponse)
 		if !ok {
 			t.Fatal("Get response missing data")
 		}
@@ -215,18 +178,12 @@ func TestIntegration_DataConsistency(t *testing.T) {
 		ctx.Suite.EmailSender.Reset()
 		user := createAuthenticatedUser(t, ctx.AuthService, ctx.Suite.UserRepo, "user_posts_consistency", "user_posts_consistency@example.com")
 
-		post1 := testutils.CreatePostWithRepo(t, ctx.Suite.PostRepo, user.User.ID, "Post 1", "https://example.com/post1")
+		firstPost := testutils.CreatePostWithRepo(t, ctx.Suite.PostRepo, user.User.ID, "Post 1", "https://example.com/post1")
-		post2 := testutils.CreatePostWithRepo(t, ctx.Suite.PostRepo, user.User.ID, "Post 2", "https://example.com/post2")
+		secondPost := testutils.CreatePostWithRepo(t, ctx.Suite.PostRepo, user.User.ID, "Post 2", "https://example.com/post2")
 
-		req := httptest.NewRequest("GET", fmt.Sprintf("/api/users/%d/posts", user.User.ID), nil)
+		request := makeAuthenticatedGetRequest(t, ctx.Router, fmt.Sprintf("/api/users/%d/posts", user.User.ID), user, map[string]string{"id": fmt.Sprintf("%d", user.User.ID)})
-		req.Header.Set("Authorization", "Bearer "+user.Token)
-		req = testutils.WithUserContext(req, middleware.UserIDKey, user.User.ID)
-		req = testutils.WithURLParams(req, map[string]string{"id": fmt.Sprintf("%d", user.User.ID)})
-		rec := httptest.NewRecorder()
 
-		ctx.Router.ServeHTTP(rec, req)
+		response := assertJSONResponse(t, request, http.StatusOK)
-
-		response := assertJSONResponse(t, rec, http.StatusOK)
 		if response == nil {
 			return
 		}
@@ -245,26 +202,26 @@ func TestIntegration_DataConsistency(t *testing.T) {
 			t.Errorf("Expected at least 2 posts, got %d", len(posts))
 		}
 
-		foundPost1 := false
+		foundFirstPost := false
-		foundPost2 := false
+		foundSecondPost := false
 		for _, post := range posts {
 			if postMap, ok := post.(map[string]any); ok {
 				if postID, ok := postMap["id"].(float64); ok {
-					if uint(postID) == post1.ID {
+					if uint(postID) == firstPost.ID {
-						foundPost1 = true
+						foundFirstPost = true
 					}
-					if uint(postID) == post2.ID {
+					if uint(postID) == secondPost.ID {
-						foundPost2 = true
+						foundSecondPost = true
 					}
 				}
 			}
 		}
 
-		if !foundPost1 {
+		if !foundFirstPost {
 			t.Error("Post 1 not found in user posts")
 		}
 
-		if !foundPost2 {
+		if !foundSecondPost {
 			t.Error("Post 2 not found in user posts")
 		}
 	})
@@ -275,20 +232,20 @@ func TestIntegration_DataConsistency(t *testing.T) {
 
 		post := testutils.CreatePostWithRepo(t, ctx.Suite.PostRepo, user.User.ID, "Delete Consistency Post", "https://example.com/delete-consistency")
 
-		deleteReq := httptest.NewRequest("DELETE", fmt.Sprintf("/api/posts/%d", post.ID), nil)
+		deleteRequest := httptest.NewRequest("DELETE", fmt.Sprintf("/api/posts/%d", post.ID), nil)
-		deleteReq.Header.Set("Authorization", "Bearer "+user.Token)
+		deleteRequest.Header.Set("Authorization", "Bearer "+user.Token)
-		deleteReq = testutils.WithUserContext(deleteReq, middleware.UserIDKey, user.User.ID)
+		deleteRequest = testutils.WithUserContext(deleteRequest, middleware.UserIDKey, user.User.ID)
-		deleteReq = testutils.WithURLParams(deleteReq, map[string]string{"id": fmt.Sprintf("%d", post.ID)})
+		deleteRequest = testutils.WithURLParams(deleteRequest, map[string]string{"id": fmt.Sprintf("%d", post.ID)})
-		deleteRec := httptest.NewRecorder()
+		deleteRecorder := httptest.NewRecorder()
-		ctx.Router.ServeHTTP(deleteRec, deleteReq)
+		ctx.Router.ServeHTTP(deleteRecorder, deleteRequest)
 
-		assertStatus(t, deleteRec, http.StatusOK)
+		assertStatus(t, deleteRecorder, http.StatusOK)
 
-		getReq := httptest.NewRequest("GET", fmt.Sprintf("/api/posts/%d", post.ID), nil)
+		getRequest := httptest.NewRequest("GET", fmt.Sprintf("/api/posts/%d", post.ID), nil)
-		getRec := httptest.NewRecorder()
+		getRecorder := httptest.NewRecorder()
-		ctx.Router.ServeHTTP(getRec, getReq)
+		ctx.Router.ServeHTTP(getRecorder, getRequest)
 
-		assertStatus(t, getRec, http.StatusNotFound)
+		assertStatus(t, getRecorder, http.StatusNotFound)
 	})
 
 	t.Run("Vote_Removal_Consistency", func(t *testing.T) {
@@ -300,33 +257,33 @@ func TestIntegration_DataConsistency(t *testing.T) {
 		voteBody := map[string]string{"type": "up"}
 		body, _ := json.Marshal(voteBody)
 
-		voteReq := httptest.NewRequest("POST", fmt.Sprintf("/api/posts/%d/vote", post.ID), bytes.NewBuffer(body))
+		voteRequest := httptest.NewRequest("POST", fmt.Sprintf("/api/posts/%d/vote", post.ID), bytes.NewBuffer(body))
-		voteReq.Header.Set("Content-Type", "application/json")
+		voteRequest.Header.Set("Content-Type", "application/json")
-		voteReq.Header.Set("Authorization", "Bearer "+user.Token)
+		voteRequest.Header.Set("Authorization", "Bearer "+user.Token)
-		voteReq = testutils.WithUserContext(voteReq, middleware.UserIDKey, user.User.ID)
+		voteRequest = testutils.WithUserContext(voteRequest, middleware.UserIDKey, user.User.ID)
-		voteReq = testutils.WithURLParams(voteReq, map[string]string{"id": fmt.Sprintf("%d", post.ID)})
+		voteRequest = testutils.WithURLParams(voteRequest, map[string]string{"id": fmt.Sprintf("%d", post.ID)})
-		voteRec := httptest.NewRecorder()
+		voteRecorder := httptest.NewRecorder()
-		ctx.Router.ServeHTTP(voteRec, voteReq)
+		ctx.Router.ServeHTTP(voteRecorder, voteRequest)
 
-		assertStatus(t, voteRec, http.StatusOK)
+		assertStatus(t, voteRecorder, http.StatusOK)
 
-		removeVoteReq := httptest.NewRequest("DELETE", fmt.Sprintf("/api/posts/%d/vote", post.ID), nil)
+		removeVoteRequest := httptest.NewRequest("DELETE", fmt.Sprintf("/api/posts/%d/vote", post.ID), nil)
-		removeVoteReq.Header.Set("Authorization", "Bearer "+user.Token)
+		removeVoteRequest.Header.Set("Authorization", "Bearer "+user.Token)
-		removeVoteReq = testutils.WithUserContext(removeVoteReq, middleware.UserIDKey, user.User.ID)
+		removeVoteRequest = testutils.WithUserContext(removeVoteRequest, middleware.UserIDKey, user.User.ID)
-		removeVoteReq = testutils.WithURLParams(removeVoteReq, map[string]string{"id": fmt.Sprintf("%d", post.ID)})
+		removeVoteRequest = testutils.WithURLParams(removeVoteRequest, map[string]string{"id": fmt.Sprintf("%d", post.ID)})
-		removeVoteRec := httptest.NewRecorder()
+		removeVoteRecorder := httptest.NewRecorder()
-		ctx.Router.ServeHTTP(removeVoteRec, removeVoteReq)
+		ctx.Router.ServeHTTP(removeVoteRecorder, removeVoteRequest)
 
-		assertStatus(t, removeVoteRec, http.StatusOK)
+		assertStatus(t, removeVoteRecorder, http.StatusOK)
 
-		getVotesReq := httptest.NewRequest("GET", fmt.Sprintf("/api/posts/%d/votes", post.ID), nil)
+		getVotesRequest := httptest.NewRequest("GET", fmt.Sprintf("/api/posts/%d/votes", post.ID), nil)
-		getVotesReq.Header.Set("Authorization", "Bearer "+user.Token)
+		getVotesRequest.Header.Set("Authorization", "Bearer "+user.Token)
-		getVotesReq = testutils.WithUserContext(getVotesReq, middleware.UserIDKey, user.User.ID)
+		getVotesRequest = testutils.WithUserContext(getVotesRequest, middleware.UserIDKey, user.User.ID)
-		getVotesReq = testutils.WithURLParams(getVotesReq, map[string]string{"id": fmt.Sprintf("%d", post.ID)})
+		getVotesRequest = testutils.WithURLParams(getVotesRequest, map[string]string{"id": fmt.Sprintf("%d", post.ID)})
-		getVotesRec := httptest.NewRecorder()
+		getVotesRecorder := httptest.NewRecorder()
-		ctx.Router.ServeHTTP(getVotesRec, getVotesReq)
+		ctx.Router.ServeHTTP(getVotesRecorder, getVotesRequest)
 
-		votesResponse := assertJSONResponse(t, getVotesRec, http.StatusOK)
+		votesResponse := assertJSONResponse(t, getVotesRecorder, http.StatusOK)
 		if votesResponse == nil {
 			return
 		}

internal/integration/email_integration_test.go

@@ -1,14 +1,10 @@
 package integration
 
 import (
-	"bytes"
-	"encoding/json"
 	"net/http"
-	"net/http/httptest"
 	"testing"
 
 	"goyco/internal/database"
-	"goyco/internal/middleware"
 	"goyco/internal/testutils"
 )
 
@@ -19,19 +15,14 @@ func TestIntegration_EmailService(t *testing.T) {
 	t.Run("Registration_Email_Sent", func(t *testing.T) {
 		ctx.Suite.EmailSender.Reset()
 
-		reqBody := map[string]string{
+		reqBody := map[string]any{
 			"username": "email_reg_user",
 			"email":    "email_reg@example.com",
 			"password": "SecurePass123!",
 		}
-		body, _ := json.Marshal(reqBody)
+		request := makePostRequestWithJSON(t, router, "/api/auth/register", reqBody)
-		req := httptest.NewRequest("POST", "/api/auth/register", bytes.NewBuffer(body))
-		req.Header.Set("Content-Type", "application/json")
-		rec := httptest.NewRecorder()
 
-		router.ServeHTTP(rec, req)
+		assertStatus(t, request, http.StatusCreated)
-
-		assertStatus(t, rec, http.StatusCreated)
 
 		token := ctx.Suite.EmailSender.VerificationToken()
 		if token == "" {
@@ -52,15 +43,10 @@ func TestIntegration_EmailService(t *testing.T) {
 			t.Fatalf("Failed to create user: %v", err)
 		}
 
-		reqBody := map[string]string{
+		reqBody := map[string]any{
 			"username_or_email": "email_reset_user",
 		}
-		body, _ := json.Marshal(reqBody)
+		makePostRequestWithJSON(t, router, "/api/auth/forgot-password", reqBody)
-		req := httptest.NewRequest("POST", "/api/auth/forgot-password", bytes.NewBuffer(body))
-		req.Header.Set("Content-Type", "application/json")
-		rec := httptest.NewRecorder()
-
-		router.ServeHTTP(rec, req)
 
 		token := ctx.Suite.EmailSender.PasswordResetToken()
 		if token == "" {
@@ -72,17 +58,9 @@ func TestIntegration_EmailService(t *testing.T) {
 		ctx.Suite.EmailSender.Reset()
 		user := createAuthenticatedUser(t, ctx.AuthService, ctx.Suite.UserRepo, "email_del_user", "email_del@example.com")
 
-		reqBody := map[string]string{}
+		request := makeDeleteRequest(t, router, "/api/auth/account", user, nil)
-		body, _ := json.Marshal(reqBody)
-		req := httptest.NewRequest("DELETE", "/api/auth/account", bytes.NewBuffer(body))
-		req.Header.Set("Content-Type", "application/json")
-		req.Header.Set("Authorization", "Bearer "+user.Token)
-		req = testutils.WithUserContext(req, middleware.UserIDKey, user.User.ID)
-		rec := httptest.NewRecorder()
 
-		router.ServeHTTP(rec, req)
+		assertStatus(t, request, http.StatusOK)
-
-		assertStatus(t, rec, http.StatusOK)
 
 		token := ctx.Suite.EmailSender.DeletionToken()
 		if token == "" {
@@ -94,17 +72,10 @@ func TestIntegration_EmailService(t *testing.T) {
 		ctx.Suite.EmailSender.Reset()
 		user := createAuthenticatedUser(t, ctx.AuthService, ctx.Suite.UserRepo, "email_change_user", "email_change@example.com")
 
-		reqBody := map[string]string{
+		reqBody := map[string]any{
 			"email": "newemail@example.com",
 		}
-		body, _ := json.Marshal(reqBody)
+		makePutRequest(t, router, "/api/auth/email", reqBody, user, nil)
-		req := httptest.NewRequest("PUT", "/api/auth/email", bytes.NewBuffer(body))
-		req.Header.Set("Content-Type", "application/json")
-		req.Header.Set("Authorization", "Bearer "+user.Token)
-		req = testutils.WithUserContext(req, middleware.UserIDKey, user.User.ID)
-		rec := httptest.NewRecorder()
-
-		router.ServeHTTP(rec, req)
 
 		token := ctx.Suite.EmailSender.VerificationToken()
 		if token == "" {
@@ -115,17 +86,12 @@ func TestIntegration_EmailService(t *testing.T) {
 	t.Run("Email_Template_Content", func(t *testing.T) {
 		ctx.Suite.EmailSender.Reset()
 
-		reqBody := map[string]string{
+		reqBody := map[string]any{
 			"username": "template_user",
 			"email":    "template@example.com",
 			"password": "SecurePass123!",
 		}
-		body, _ := json.Marshal(reqBody)
+		makePostRequestWithJSON(t, router, "/api/auth/register", reqBody)
-		req := httptest.NewRequest("POST", "/api/auth/register", bytes.NewBuffer(body))
-		req.Header.Set("Content-Type", "application/json")
-		rec := httptest.NewRecorder()
-
-		router.ServeHTTP(rec, req)
 
 		token := ctx.Suite.EmailSender.VerificationToken()
 		if token == "" {

internal/integration/end_to_end_journeys_integration_test.go

@@ -152,9 +152,9 @@ func TestIntegration_EndToEndUserJourneys(t *testing.T) {
 
 		if data, ok := getDataFromResponse(votesResponse); ok {
 			if votes, ok := data["votes"].([]any); ok && len(votes) > 0 {
-				unvoteRec := makeDeleteRequest(t, ctx.Router, fmt.Sprintf("/api/posts/%d/vote", post.ID), user, map[string]string{"id": fmt.Sprintf("%d", post.ID)})
+				unvoteRequest := makeDeleteRequest(t, ctx.Router, fmt.Sprintf("/api/posts/%d/vote", post.ID), user, map[string]string{"id": fmt.Sprintf("%d", post.ID)})
 
-				assertStatus(t, unvoteRec, http.StatusOK)
+				assertStatus(t, unvoteRequest, http.StatusOK)
 			}
 		}
 	})

internal/integration/error_propagation_integration_test.go

@@ -2,7 +2,6 @@ package integration
 
 import (
 	"bytes"
-	"encoding/json"
 	"fmt"
 	"net/http"
 	"net/http/httptest"
@@ -19,58 +18,46 @@ func TestIntegration_ErrorPropagation(t *testing.T) {
 		ctx.Suite.EmailSender.Reset()
 		user := createAuthenticatedUser(t, ctx.AuthService, ctx.Suite.UserRepo, "json_error_user", "json_error@example.com")
 
-		req := httptest.NewRequest("POST", "/api/posts", bytes.NewBuffer([]byte("invalid json{")))
+		request := httptest.NewRequest("POST", "/api/posts", bytes.NewBuffer([]byte("invalid json{")))
-		req.Header.Set("Content-Type", "application/json")
+		request.Header.Set("Content-Type", "application/json")
-		req.Header.Set("Authorization", "Bearer "+user.Token)
+		request.Header.Set("Authorization", "Bearer "+user.Token)
-		req = testutils.WithUserContext(req, middleware.UserIDKey, user.User.ID)
+		request = testutils.WithUserContext(request, middleware.UserIDKey, user.User.ID)
-		rec := httptest.NewRecorder()
+		recorder := httptest.NewRecorder()
 
-		ctx.Router.ServeHTTP(rec, req)
+		ctx.Router.ServeHTTP(recorder, request)
 
-		assertErrorResponse(t, rec, http.StatusBadRequest)
+		assertErrorResponse(t, recorder, http.StatusBadRequest)
 	})
 
 	t.Run("Validation_Error_Propagation", func(t *testing.T) {
 		ctx.Suite.EmailSender.Reset()
 
-		reqBody := map[string]string{
+		reqBody := map[string]any{
 			"username": "",
 			"email":    "invalid-email",
 			"password": "weak",
 		}
-		body, _ := json.Marshal(reqBody)
+		request := makePostRequestWithJSON(t, ctx.Router, "/api/auth/register", reqBody)
-		req := httptest.NewRequest("POST", "/api/auth/register", bytes.NewBuffer(body))
-		req.Header.Set("Content-Type", "application/json")
-		rec := httptest.NewRecorder()
 
-		ctx.Router.ServeHTTP(rec, req)
+		assertErrorResponse(t, request, http.StatusBadRequest)
-
-		assertErrorResponse(t, rec, http.StatusBadRequest)
 	})
 
 	t.Run("Database_Error_Propagation", func(t *testing.T) {
 		ctx.Suite.EmailSender.Reset()
 		user := createAuthenticatedUser(t, ctx.AuthService, ctx.Suite.UserRepo, "db_error_user", "db_error@example.com")
 
-		reqBody := map[string]string{
+		reqBody := map[string]any{
 			"title":   "Test Post",
 			"url":     "https://example.com/test",
 			"content": "Test content",
 		}
-		body, _ := json.Marshal(reqBody)
 
-		req := httptest.NewRequest("POST", "/api/posts", bytes.NewBuffer(body))
+		request := makePostRequest(t, ctx.Router, "/api/posts", reqBody, user, nil)
-		req.Header.Set("Content-Type", "application/json")
-		req.Header.Set("Authorization", "Bearer "+user.Token)
-		req = testutils.WithUserContext(req, middleware.UserIDKey, user.User.ID)
-		rec := httptest.NewRecorder()
 
-		ctx.Router.ServeHTTP(rec, req)
+		if request.Code == http.StatusInternalServerError {
-
+			assertErrorResponse(t, request, http.StatusInternalServerError)
-		if rec.Code == http.StatusInternalServerError {
-			assertErrorResponse(t, rec, http.StatusInternalServerError)
 		} else {
-			assertStatus(t, rec, http.StatusCreated)
+			assertStatus(t, request, http.StatusCreated)
 		}
 	})
 
@@ -78,34 +65,23 @@ func TestIntegration_ErrorPropagation(t *testing.T) {
 		ctx.Suite.EmailSender.Reset()
 		user := createAuthenticatedUser(t, ctx.AuthService, ctx.Suite.UserRepo, "notfound_error_user", "notfound_error@example.com")
 
-		req := httptest.NewRequest("GET", "/api/posts/999999", nil)
+		request := makeAuthenticatedGetRequest(t, ctx.Router, "/api/posts/999999", user, map[string]string{"id": "999999"})
-		req.Header.Set("Authorization", "Bearer "+user.Token)
-		req = testutils.WithUserContext(req, middleware.UserIDKey, user.User.ID)
-		req = testutils.WithURLParams(req, map[string]string{"id": "999999"})
-		rec := httptest.NewRecorder()
 
-		ctx.Router.ServeHTTP(rec, req)
+		assertErrorResponse(t, request, http.StatusNotFound)
-
-		assertErrorResponse(t, rec, http.StatusNotFound)
 	})
 
 	t.Run("Unauthorized_Error_Propagation", func(t *testing.T) {
 		ctx.Suite.EmailSender.Reset()
 
-		reqBody := map[string]string{
+		reqBody := map[string]any{
 			"title":   "Test Post",
 			"url":     "https://example.com/test",
 			"content": "Test content",
 		}
-		body, _ := json.Marshal(reqBody)
 
-		req := httptest.NewRequest("POST", "/api/posts", bytes.NewBuffer(body))
+		request := makePostRequestWithJSON(t, ctx.Router, "/api/posts", reqBody)
-		req.Header.Set("Content-Type", "application/json")
-		rec := httptest.NewRecorder()
 
-		ctx.Router.ServeHTTP(rec, req)
+		assertErrorResponse(t, request, http.StatusUnauthorized)
-
-		assertErrorResponse(t, rec, http.StatusUnauthorized)
 	})
 
 	t.Run("Forbidden_Error_Propagation", func(t *testing.T) {
@@ -115,78 +91,58 @@ func TestIntegration_ErrorPropagation(t *testing.T) {
 
 		post := testutils.CreatePostWithRepo(t, ctx.Suite.PostRepo, owner.User.ID, "Forbidden Post", "https://example.com/forbidden")
 
-		updateBody := map[string]string{
+		updateBody := map[string]any{
 			"title":   "Updated Title",
 			"content": "Updated content",
 		}
-		body, _ := json.Marshal(updateBody)
 
-		req := httptest.NewRequest("PUT", fmt.Sprintf("/api/posts/%d", post.ID), bytes.NewBuffer(body))
+		request := makePutRequest(t, ctx.Router, fmt.Sprintf("/api/posts/%d", post.ID), updateBody, otherUser, map[string]string{"id": fmt.Sprintf("%d", post.ID)})
-		req.Header.Set("Content-Type", "application/json")
-		req.Header.Set("Authorization", "Bearer "+otherUser.Token)
-		req = testutils.WithUserContext(req, middleware.UserIDKey, otherUser.User.ID)
-		req = testutils.WithURLParams(req, map[string]string{"id": fmt.Sprintf("%d", post.ID)})
-		rec := httptest.NewRecorder()
 
-		ctx.Router.ServeHTTP(rec, req)
+		assertErrorResponse(t, request, http.StatusForbidden)
-
-		assertErrorResponse(t, rec, http.StatusForbidden)
 	})
 
 	t.Run("Service_Error_Propagation", func(t *testing.T) {
 		ctx.Suite.EmailSender.Reset()
 
-		reqBody := map[string]string{
+		reqBody := map[string]any{
 			"username": "existing_user",
 			"email":    "existing@example.com",
 			"password": "SecurePass123!",
 		}
-		body, _ := json.Marshal(reqBody)
 
-		req := httptest.NewRequest("POST", "/api/auth/register", bytes.NewBuffer(body))
+		request := makePostRequestWithJSON(t, ctx.Router, "/api/auth/register", reqBody)
-		req.Header.Set("Content-Type", "application/json")
-		rec := httptest.NewRecorder()
-		ctx.Router.ServeHTTP(rec, req)
 
-		assertStatus(t, rec, http.StatusCreated)
+		assertStatus(t, request, http.StatusCreated)
 
-		req = httptest.NewRequest("POST", "/api/auth/register", bytes.NewBuffer(body))
+		request = makePostRequestWithJSON(t, ctx.Router, "/api/auth/register", reqBody)
-		req.Header.Set("Content-Type", "application/json")
-		rec = httptest.NewRecorder()
-		ctx.Router.ServeHTTP(rec, req)
 
-		assertStatusRange(t, rec, http.StatusBadRequest, http.StatusConflict)
+		assertStatusRange(t, request, http.StatusBadRequest, http.StatusConflict)
-		assertErrorResponse(t, rec, rec.Code)
+		assertErrorResponse(t, request, request.Code)
 	})
 
 	t.Run("Middleware_Error_Propagation", func(t *testing.T) {
 		ctx.Suite.EmailSender.Reset()
 
-		req := httptest.NewRequest("POST", "/api/posts", bytes.NewBuffer([]byte("{}")))
+		request := httptest.NewRequest("POST", "/api/posts", bytes.NewBuffer([]byte("{}")))
-		req.Header.Set("Content-Type", "application/json")
+		request.Header.Set("Content-Type", "application/json")
-		req.Header.Set("Authorization", "Bearer expired.invalid.token")
+		request.Header.Set("Authorization", "Bearer expired.invalid.token")
-		rec := httptest.NewRecorder()
+		recorder := httptest.NewRecorder()
 
-		ctx.Router.ServeHTTP(rec, req)
+		ctx.Router.ServeHTTP(recorder, request)
 
-		assertErrorResponse(t, rec, http.StatusUnauthorized)
+		assertErrorResponse(t, recorder, http.StatusUnauthorized)
 	})
 
 	t.Run("Handler_Error_Response_Format", func(t *testing.T) {
 		ctx.Suite.EmailSender.Reset()
 
-		req := httptest.NewRequest("GET", "/api/nonexistent", nil)
+		request := makeGetRequest(t, ctx.Router, "/api/nonexistent")
-		rec := httptest.NewRecorder()
 
-		ctx.Router.ServeHTTP(rec, req)
+		if request.Code == http.StatusNotFound {
-
+			if request.Header().Get("Content-Type") == "application/json" {
-		if rec.Code == http.StatusNotFound {
+				assertErrorResponse(t, request, http.StatusNotFound)
-			if rec.Header().Get("Content-Type") == "application/json" {
+			} else if request.Body.Len() == 0 {
-				assertErrorResponse(t, rec, http.StatusNotFound)
+				t.Error("Expected error response body")
-			} else {
-				if rec.Body.Len() == 0 {
-					t.Error("Expected error response body")
-				}
 			}
 		}
 	})

internal/integration/helpers.go

@@ -377,15 +377,11 @@ func assertCookieCleared(t *testing.T, recorder *httptest.ResponseRecorder, name
 	}
 }
 
-func assertHeader(t *testing.T, recorder *httptest.ResponseRecorder, name, expectedValue string) {
+func assertHeader(t *testing.T, recorder *httptest.ResponseRecorder, name string) {
 	t.Helper()
 	actualValue := recorder.Header().Get(name)
-	if expectedValue == "" {
+	if actualValue == "" {
-		if actualValue == "" {
+		t.Errorf("Expected header %s to be present", name)
-			t.Errorf("Expected header %s to be present", name)
-		}
-	} else if actualValue != expectedValue {
-		t.Errorf("Expected header %s=%s, got %s", name, expectedValue, actualValue)
 	}
 }
 

internal/integration/password_reset_integration_test.go

@@ -1,8 +1,6 @@
 package integration
 
 import (
-	"bytes"
-	"encoding/json"
 	"net/http"
 	"net/http/httptest"
 	"net/url"
@@ -32,17 +30,12 @@ func TestIntegration_PasswordReset_CompleteFlow(t *testing.T) {
 			t.Fatalf("Failed to create user: %v", err)
 		}
 
-		reqBody := map[string]string{
+		reqBody := map[string]any{
 			"username_or_email": "reset_user",
 		}
-		body, _ := json.Marshal(reqBody)
+		request := makePostRequestWithJSON(t, router, "/api/auth/forgot-password", reqBody)
-		req := httptest.NewRequest("POST", "/api/auth/forgot-password", bytes.NewBuffer(body))
-		req.Header.Set("Content-Type", "application/json")
-		rec := httptest.NewRecorder()
 
-		router.ServeHTTP(rec, req)
+		response := assertJSONResponse(t, request, http.StatusOK)
-
-		response := assertJSONResponse(t, rec, http.StatusOK)
 		if response != nil {
 			if success, ok := response["success"].(bool); !ok || !success {
 				t.Error("Expected success=true")
@@ -77,18 +70,13 @@ func TestIntegration_PasswordReset_CompleteFlow(t *testing.T) {
 			t.Fatal("Expected password reset token")
 		}
 
-		reqBody := map[string]string{
+		reqBody := map[string]any{
 			"token":        resetToken,
 			"new_password": "NewPassword123!",
 		}
-		body, _ := json.Marshal(reqBody)
+		request := makePostRequestWithJSON(t, router, "/api/auth/reset-password", reqBody)
-		req := httptest.NewRequest("POST", "/api/auth/reset-password", bytes.NewBuffer(body))
-		req.Header.Set("Content-Type", "application/json")
-		rec := httptest.NewRecorder()
 
-		router.ServeHTTP(rec, req)
+		assertStatus(t, request, http.StatusOK)
-
-		assertStatus(t, rec, http.StatusOK)
 
 		loginResult, err := ctx.AuthService.Login("reset_complete_user", "NewPassword123!")
 		if err != nil {
@@ -120,14 +108,14 @@ func TestIntegration_PasswordReset_CompleteFlow(t *testing.T) {
 		reqBody := url.Values{}
 		reqBody.Set("username_or_email", "page_reset_user")
 		reqBody.Set("csrf_token", csrfToken)
-		req := httptest.NewRequest("POST", "/forgot-password", strings.NewReader(reqBody.Encode()))
+		request := httptest.NewRequest("POST", "/forgot-password", strings.NewReader(reqBody.Encode()))
-		req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
+		request.Header.Set("Content-Type", "application/x-www-form-urlencoded")
-		req.AddCookie(&http.Cookie{Name: "csrf_token", Value: csrfToken})
+		request.AddCookie(&http.Cookie{Name: "csrf_token", Value: csrfToken})
-		rec := httptest.NewRecorder()
+		recorder := httptest.NewRecorder()
 
-		pageRouter.ServeHTTP(rec, req)
+		pageRouter.ServeHTTP(recorder, request)
 
-		assertStatusRange(t, rec, http.StatusOK, http.StatusSeeOther)
+		assertStatusRange(t, recorder, http.StatusOK, http.StatusSeeOther)
 
 		resetToken := pageCtx.Suite.EmailSender.PasswordResetToken()
 		if resetToken == "" {
@@ -166,33 +154,23 @@ func TestIntegration_PasswordReset_CompleteFlow(t *testing.T) {
 			t.Fatalf("Failed to update user: %v", err)
 		}
 
-		reqBody := map[string]string{
+		reqBody := map[string]any{
 			"token":        resetToken,
 			"new_password": "NewPassword123!",
 		}
-		body, _ := json.Marshal(reqBody)
+		request := makePostRequestWithJSON(t, router, "/api/auth/reset-password", reqBody)
-		req := httptest.NewRequest("POST", "/api/auth/reset-password", bytes.NewBuffer(body))
-		req.Header.Set("Content-Type", "application/json")
-		rec := httptest.NewRecorder()
 
-		router.ServeHTTP(rec, req)
+		assertErrorResponse(t, request, http.StatusBadRequest)
-
-		assertErrorResponse(t, rec, http.StatusBadRequest)
 	})
 
 	t.Run("PasswordReset_InvalidToken", func(t *testing.T) {
-		reqBody := map[string]string{
+		reqBody := map[string]any{
 			"token":        "invalid-token",
 			"new_password": "NewPassword123!",
 		}
-		body, _ := json.Marshal(reqBody)
+		request := makePostRequestWithJSON(t, router, "/api/auth/reset-password", reqBody)
-		req := httptest.NewRequest("POST", "/api/auth/reset-password", bytes.NewBuffer(body))
-		req.Header.Set("Content-Type", "application/json")
-		rec := httptest.NewRecorder()
 
-		router.ServeHTTP(rec, req)
+		assertErrorResponse(t, request, http.StatusBadRequest)
-
-		assertErrorResponse(t, rec, http.StatusBadRequest)
 	})
 
 	t.Run("PasswordReset_WeakPassword", func(t *testing.T) {
@@ -214,18 +192,13 @@ func TestIntegration_PasswordReset_CompleteFlow(t *testing.T) {
 
 		resetToken := ctx.Suite.EmailSender.PasswordResetToken()
 
-		reqBody := map[string]string{
+		reqBody := map[string]any{
 			"token":        resetToken,
 			"new_password": "123",
 		}
-		body, _ := json.Marshal(reqBody)
+		request := makePostRequestWithJSON(t, router, "/api/auth/reset-password", reqBody)
-		req := httptest.NewRequest("POST", "/api/auth/reset-password", bytes.NewBuffer(body))
-		req.Header.Set("Content-Type", "application/json")
-		rec := httptest.NewRecorder()
 
-		router.ServeHTTP(rec, req)
+		assertErrorResponse(t, request, http.StatusBadRequest)
-
-		assertErrorResponse(t, rec, http.StatusBadRequest)
 	})
 
 	t.Run("PasswordReset_EmailIntegration", func(t *testing.T) {
@@ -243,17 +216,12 @@ func TestIntegration_PasswordReset_CompleteFlow(t *testing.T) {
 			t.Fatalf("Failed to create user: %v", err)
 		}
 
-		reqBody := map[string]string{
+		reqBody := map[string]any{
 			"username_or_email": "email_reset@example.com",
 		}
-		body, _ := json.Marshal(reqBody)
+		request := makePostRequestWithJSON(t, freshCtx.Router, "/api/auth/forgot-password", reqBody)
-		req := httptest.NewRequest("POST", "/api/auth/forgot-password", bytes.NewBuffer(body))
-		req.Header.Set("Content-Type", "application/json")
-		rec := httptest.NewRecorder()
 
-		freshCtx.Router.ServeHTTP(rec, req)
+		assertStatus(t, request, http.StatusOK)
-
-		assertStatus(t, rec, http.StatusOK)
 
 		resetToken := freshCtx.Suite.EmailSender.PasswordResetToken()
 		if resetToken == "" {

internal/integration/ratelimit_integration_test.go

@@ -51,24 +51,24 @@ func TestIntegration_RateLimiting(t *testing.T) {
 		router, _ := setupRateLimitRouter(t, rateLimitConfig)
 
 		for i := 0; i < 2; i++ {
-			req := httptest.NewRequest("POST", "/api/auth/login", bytes.NewBufferString(`{"username":"test","password":"test"}`))
+			request := httptest.NewRequest("POST", "/api/auth/login", bytes.NewBufferString(`{"username":"test","password":"test"}`))
-			req.Header.Set("Content-Type", "application/json")
+			request.Header.Set("Content-Type", "application/json")
-			rec := httptest.NewRecorder()
+			recorder := httptest.NewRecorder()
-			router.ServeHTTP(rec, req)
+			router.ServeHTTP(recorder, request)
 		}
 
-		req := httptest.NewRequest("POST", "/api/auth/login", bytes.NewBufferString(`{"username":"test","password":"test"}`))
+		request := httptest.NewRequest("POST", "/api/auth/login", bytes.NewBufferString(`{"username":"test","password":"test"}`))
-		req.Header.Set("Content-Type", "application/json")
+		request.Header.Set("Content-Type", "application/json")
-		rec := httptest.NewRecorder()
+		recorder := httptest.NewRecorder()
 
-		router.ServeHTTP(rec, req)
+		router.ServeHTTP(recorder, request)
 
-		assertErrorResponse(t, rec, http.StatusTooManyRequests)
+		assertErrorResponse(t, recorder, http.StatusTooManyRequests)
 
-		assertHeader(t, rec, "Retry-After", "")
+		assertHeader(t, recorder, "Retry-After")
 
 		var response map[string]any
-		if err := json.NewDecoder(rec.Body).Decode(&response); err == nil {
+		if err := json.NewDecoder(recorder.Body).Decode(&response); err == nil {
 			if _, exists := response["retry_after"]; !exists {
 				t.Error("Expected retry_after in response")
 			}
@@ -81,17 +81,17 @@ func TestIntegration_RateLimiting(t *testing.T) {
 		router, _ := setupRateLimitRouter(t, rateLimitConfig)
 
 		for i := 0; i < 5; i++ {
-			req := httptest.NewRequest("GET", "/api/posts", nil)
+			request := httptest.NewRequest("GET", "/api/posts", nil)
-			rec := httptest.NewRecorder()
+			recorder := httptest.NewRecorder()
-			router.ServeHTTP(rec, req)
+			router.ServeHTTP(recorder, request)
 		}
 
-		req := httptest.NewRequest("GET", "/api/posts", nil)
+		request := httptest.NewRequest("GET", "/api/posts", nil)
-		rec := httptest.NewRecorder()
+		recorder := httptest.NewRecorder()
 
-		router.ServeHTTP(rec, req)
+		router.ServeHTTP(recorder, request)
 
-		assertErrorResponse(t, rec, http.StatusTooManyRequests)
+		assertErrorResponse(t, recorder, http.StatusTooManyRequests)
 	})
 
 	t.Run("Health_RateLimit_Enforced", func(t *testing.T) {
@@ -100,17 +100,17 @@ func TestIntegration_RateLimiting(t *testing.T) {
 		router, _ := setupRateLimitRouter(t, rateLimitConfig)
 
 		for i := 0; i < 3; i++ {
-			req := httptest.NewRequest("GET", "/health", nil)
+			request := httptest.NewRequest("GET", "/health", nil)
-			rec := httptest.NewRecorder()
+			recorder := httptest.NewRecorder()
-			router.ServeHTTP(rec, req)
+			router.ServeHTTP(recorder, request)
 		}
 
-		req := httptest.NewRequest("GET", "/health", nil)
+		request := httptest.NewRequest("GET", "/health", nil)
-		rec := httptest.NewRecorder()
+		recorder := httptest.NewRecorder()
 
-		router.ServeHTTP(rec, req)
+		router.ServeHTTP(recorder, request)
 
-		assertErrorResponse(t, rec, http.StatusTooManyRequests)
+		assertErrorResponse(t, recorder, http.StatusTooManyRequests)
 	})
 
 	t.Run("Metrics_RateLimit_Enforced", func(t *testing.T) {
@@ -119,17 +119,17 @@ func TestIntegration_RateLimiting(t *testing.T) {
 		router, _ := setupRateLimitRouter(t, rateLimitConfig)
 
 		for i := 0; i < 2; i++ {
-			req := httptest.NewRequest("GET", "/metrics", nil)
+			request := httptest.NewRequest("GET", "/metrics", nil)
-			rec := httptest.NewRecorder()
+			recorder := httptest.NewRecorder()
-			router.ServeHTTP(rec, req)
+			router.ServeHTTP(recorder, request)
 		}
 
-		req := httptest.NewRequest("GET", "/metrics", nil)
+		request := httptest.NewRequest("GET", "/metrics", nil)
-		rec := httptest.NewRecorder()
+		recorder := httptest.NewRecorder()
 
-		router.ServeHTTP(rec, req)
+		router.ServeHTTP(recorder, request)
 
-		assertErrorResponse(t, rec, http.StatusTooManyRequests)
+		assertErrorResponse(t, recorder, http.StatusTooManyRequests)
 	})
 
 	t.Run("RateLimit_Different_Endpoints_Independent", func(t *testing.T) {
@@ -139,17 +139,17 @@ func TestIntegration_RateLimiting(t *testing.T) {
 		router, _ := setupRateLimitRouter(t, rateLimitConfig)
 
 		for i := 0; i < 2; i++ {
-			req := httptest.NewRequest("POST", "/api/auth/login", bytes.NewBufferString(`{"username":"test","password":"test"}`))
+			request := httptest.NewRequest("POST", "/api/auth/login", bytes.NewBufferString(`{"username":"test","password":"test"}`))
-			req.Header.Set("Content-Type", "application/json")
+			request.Header.Set("Content-Type", "application/json")
-			rec := httptest.NewRecorder()
+			recorder := httptest.NewRecorder()
-			router.ServeHTTP(rec, req)
+			router.ServeHTTP(recorder, request)
 		}
 
-		req := httptest.NewRequest("GET", "/api/posts", nil)
+		request := httptest.NewRequest("GET", "/api/posts", nil)
-		rec := httptest.NewRecorder()
+		recorder := httptest.NewRecorder()
-		router.ServeHTTP(rec, req)
+		router.ServeHTTP(recorder, request)
 
-		assertStatus(t, rec, http.StatusOK)
+		assertStatus(t, recorder, http.StatusOK)
 	})
 
 	t.Run("RateLimit_With_Authentication", func(t *testing.T) {
@@ -166,20 +166,20 @@ func TestIntegration_RateLimiting(t *testing.T) {
 		user := createAuthenticatedUser(t, authService, suite.UserRepo, uniqueTestUsername(t, "ratelimit_auth"), uniqueTestEmail(t, "ratelimit_auth"))
 
 		for i := 0; i < 3; i++ {
-			req := httptest.NewRequest("GET", "/api/auth/me", nil)
+			request := httptest.NewRequest("GET", "/api/auth/me", nil)
-			req.Header.Set("Authorization", "Bearer "+user.Token)
+			request.Header.Set("Authorization", "Bearer "+user.Token)
-			req = testutils.WithUserContext(req, middleware.UserIDKey, user.User.ID)
+			request = testutils.WithUserContext(request, middleware.UserIDKey, user.User.ID)
-			rec := httptest.NewRecorder()
+			recorder := httptest.NewRecorder()
-			router.ServeHTTP(rec, req)
+			router.ServeHTTP(recorder, request)
 		}
 
-		req := httptest.NewRequest("GET", "/api/auth/me", nil)
+		request := httptest.NewRequest("GET", "/api/auth/me", nil)
-		req.Header.Set("Authorization", "Bearer "+user.Token)
+		request.Header.Set("Authorization", "Bearer "+user.Token)
-		req = testutils.WithUserContext(req, middleware.UserIDKey, user.User.ID)
+		request = testutils.WithUserContext(request, middleware.UserIDKey, user.User.ID)
-		rec := httptest.NewRecorder()
+		recorder := httptest.NewRecorder()
 
-		router.ServeHTTP(rec, req)
+		router.ServeHTTP(recorder, request)
 
-		assertErrorResponse(t, rec, http.StatusTooManyRequests)
+		assertErrorResponse(t, recorder, http.StatusTooManyRequests)
 	})
 }

internal/integration/router_integration_test.go

@@ -17,16 +17,13 @@ func TestIntegration_Router_FullMiddlewareChain(t *testing.T) {
 	router := ctx.Router
 
 	t.Run("SecurityHeaders_Present", func(t *testing.T) {
-		request := httptest.NewRequest("GET", "/health", nil)
+		request := makeGetRequest(t, router, "/health")
-		recorder := httptest.NewRecorder()
 
-		router.ServeHTTP(recorder, request)
+		assertStatus(t, request, http.StatusOK)
 
-		assertStatus(t, recorder, http.StatusOK)
+		assertHeader(t, request, "X-Content-Type-Options")
-
+		assertHeader(t, request, "X-Frame-Options")
-		assertHeader(t, recorder, "X-Content-Type-Options", "")
+		assertHeader(t, request, "X-XSS-Protection")
-		assertHeader(t, recorder, "X-Frame-Options", "")
-		assertHeader(t, recorder, "X-XSS-Protection", "")
 	})
 
 	t.Run("CORS_Headers_Present", func(t *testing.T) {
@@ -36,16 +33,13 @@ func TestIntegration_Router_FullMiddlewareChain(t *testing.T) {
 
 		router.ServeHTTP(recorder, request)
 
-		assertHeader(t, recorder, "Access-Control-Allow-Origin", "")
+		assertHeader(t, recorder, "Access-Control-Allow-Origin")
 	})
 
 	t.Run("Logging_Middleware_Executes", func(t *testing.T) {
-		request := httptest.NewRequest("GET", "/health", nil)
+		request := makeGetRequest(t, router, "/health")
-		recorder := httptest.NewRecorder()
 
-		router.ServeHTTP(recorder, request)
+		if request.Code == 0 {
-
-		if recorder.Code == 0 {
 			t.Error("Expected logging middleware to execute")
 		}
 	})
@@ -67,13 +61,10 @@ func TestIntegration_Router_FullMiddlewareChain(t *testing.T) {
 	})
 
 	t.Run("DBMonitoring_Active", func(t *testing.T) {
-		request := httptest.NewRequest("GET", "/health", nil)
+		request := makeGetRequest(t, router, "/health")
-		recorder := httptest.NewRecorder()
-
-		router.ServeHTTP(recorder, request)
 
 		var response map[string]any
-		if err := json.NewDecoder(recorder.Body).Decode(&response); err == nil {
+		if err := json.NewDecoder(request.Body).Decode(&response); err == nil {
 			if data, ok := response["data"].(map[string]any); ok {
 				if _, exists := data["database_stats"]; !exists {
 					t.Error("Expected database_stats in health response")
@@ -83,12 +74,9 @@ func TestIntegration_Router_FullMiddlewareChain(t *testing.T) {
 	})
 
 	t.Run("Metrics_Middleware_Executes", func(t *testing.T) {
-		request := httptest.NewRequest("GET", "/metrics", nil)
+		request := makeGetRequest(t, router, "/metrics")
-		recorder := httptest.NewRecorder()
 
-		router.ServeHTTP(recorder, request)
+		response := assertJSONResponse(t, request, http.StatusOK)
-
-		response := assertJSONResponse(t, recorder, http.StatusOK)
 		if response != nil {
 			if data, ok := response["data"].(map[string]any); ok {
 				if _, exists := data["database"]; !exists {
@@ -99,34 +87,25 @@ func TestIntegration_Router_FullMiddlewareChain(t *testing.T) {
 	})
 
 	t.Run("StaticFiles_Served", func(t *testing.T) {
-		request := httptest.NewRequest("GET", "/robots.txt", nil)
+		request := makeGetRequest(t, router, "/robots.txt")
-		recorder := httptest.NewRecorder()
 
-		router.ServeHTTP(recorder, request)
+		assertStatus(t, request, http.StatusOK)
 
-		assertStatus(t, recorder, http.StatusOK)
+		if !strings.Contains(request.Body.String(), "User-agent") {
-
-		if !strings.Contains(recorder.Body.String(), "User-agent") {
 			t.Error("Expected robots.txt content")
 		}
 	})
 
 	t.Run("API_Routes_Accessible", func(t *testing.T) {
-		request := httptest.NewRequest("GET", "/api/posts", nil)
+		request := makeGetRequest(t, router, "/api/posts")
-		recorder := httptest.NewRecorder()
 
-		router.ServeHTTP(recorder, request)
+		assertStatus(t, request, http.StatusOK)
-
-		assertStatus(t, recorder, http.StatusOK)
 	})
 
 	t.Run("Health_Endpoint_Accessible", func(t *testing.T) {
-		request := httptest.NewRequest("GET", "/health", nil)
+		request := makeGetRequest(t, router, "/health")
-		recorder := httptest.NewRecorder()
 
-		router.ServeHTTP(recorder, request)
+		response := assertJSONResponse(t, request, http.StatusOK)
-
-		response := assertJSONResponse(t, recorder, http.StatusOK)
 		if response != nil {
 			if success, ok := response["success"].(bool); !ok || !success {
 				t.Error("Expected success=true in health response")
@@ -135,14 +114,11 @@ func TestIntegration_Router_FullMiddlewareChain(t *testing.T) {
 	})
 
 	t.Run("Middleware_Order_Correct", func(t *testing.T) {
-		request := httptest.NewRequest("GET", "/api/posts", nil)
+		request := makeGetRequest(t, router, "/api/posts")
-		recorder := httptest.NewRecorder()
 
-		router.ServeHTTP(recorder, request)
+		assertHeader(t, request, "X-Content-Type-Options")
 
-		assertHeader(t, recorder, "X-Content-Type-Options", "")
+		if request.Code == 0 {
-
-		if recorder.Code == 0 {
 			t.Error("Response should have status code")
 		}
 	})
@@ -160,15 +136,11 @@ func TestIntegration_Router_FullMiddlewareChain(t *testing.T) {
 	})
 
 	t.Run("Cache_Middleware_Active", func(t *testing.T) {
-		firstRequest := httptest.NewRequest("GET", "/api/posts", nil)
+		firstRequest := makeGetRequest(t, router, "/api/posts")
-		firstRecorder := httptest.NewRecorder()
-		router.ServeHTTP(firstRecorder, firstRequest)
 
-		secondRequest := httptest.NewRequest("GET", "/api/posts", nil)
+		secondRequest := makeGetRequest(t, router, "/api/posts")
-		secondRecorder := httptest.NewRecorder()
-		router.ServeHTTP(secondRecorder, secondRequest)
 
-		if firstRecorder.Code != secondRecorder.Code {
+		if firstRequest.Code != secondRequest.Code {
 			t.Error("Cached responses should have same status")
 		}
 	})
@@ -177,14 +149,9 @@ func TestIntegration_Router_FullMiddlewareChain(t *testing.T) {
 		ctx.Suite.EmailSender.Reset()
 		user := createUserWithCleanup(t, ctx, "auth_middleware_user", "auth_middleware@example.com")
 
-		request := httptest.NewRequest("GET", "/api/auth/me", nil)
+		request := makeAuthenticatedGetRequest(t, router, "/api/auth/me", user, nil)
-		request.Header.Set("Authorization", "Bearer "+user.Token)
-		request = testutils.WithUserContext(request, middleware.UserIDKey, user.User.ID)
-		recorder := httptest.NewRecorder()
 
-		router.ServeHTTP(recorder, request)
+		assertStatus(t, request, http.StatusOK)
-
-		assertStatus(t, recorder, http.StatusOK)
 	})
 
 	t.Run("RateLimit_Middleware_Integration", func(t *testing.T) {
@@ -192,20 +159,13 @@ func TestIntegration_Router_FullMiddlewareChain(t *testing.T) {
 		rateLimitRouter := rateLimitCtx.Router
 
 		for range 3 {
-			request := httptest.NewRequest("POST", "/api/auth/login", bytes.NewBufferString(`{"username":"test","password":"test"}`))
+			request := makePostRequestWithJSON(t, rateLimitRouter, "/api/auth/login", map[string]any{"username": "test", "password": "test"})
-			request.Header.Set("Content-Type", "application/json")
+			_ = request
-			recorder := httptest.NewRecorder()
-
-			rateLimitRouter.ServeHTTP(recorder, request)
 		}
 
-		request := httptest.NewRequest("POST", "/api/auth/login", bytes.NewBufferString(`{"username":"test","password":"test"}`))
+		request := makePostRequestWithJSON(t, rateLimitRouter, "/api/auth/login", map[string]any{"username": "test", "password": "test"})
-		request.Header.Set("Content-Type", "application/json")
-		recorder := httptest.NewRecorder()
 
-		rateLimitRouter.ServeHTTP(recorder, request)
+		if request.Code == http.StatusTooManyRequests {
-
-		if recorder.Code == http.StatusTooManyRequests {
 			t.Log("Rate limiting is working")
 		}
 	})