chore: add title

fix: avoid mangle backslash
test(integration): update DB monitoring health assertion to match nested services payload
2026-03-18 18:07:15 +01:00 · 2026-03-11 07:22:51 +01:00 · 2026-03-06 15:37:53 +01:00 · 2026-03-06 15:37:44 +01:00 · 2026-03-05 11:39:24 +01:00 · 2026-02-23 07:11:22 +01:00
57 changed files with 1484 additions and 373 deletions
--- a/README.md
+++ b/README.md
@@ -252,10 +252,12 @@ Goyco includes a comprehensive CLI for administration:
 ./bin/goyco start                  # Start server as daemon
 ./bin/goyco stop                   # Stop daemon
 ./bin/goyco status                 # Check server status
+./bin/goyco health                 # Check application and dependencies health

 # Database management
 ./bin/goyco migrate                # Run database migrations
 ./bin/goyco seed database          # Seed database with sample data
+./bin/goyco seed database --posts 100 --users 10 --upvote-ratio 0.5  # Customize seeding

 # User management
 ./bin/goyco user create            # Create new user
@@ -285,6 +287,7 @@ All CLI commands support JSON output for easier parsing and integration with scr
 ./bin/goyco --json user list
 ./bin/goyco --json post list
 ./bin/goyco --json status
+./bin/goyco --json health          # Check health with JSON output

 # Example: Parse JSON output with jq
 ./bin/goyco --json user list | jq '.users[0].username'
--- a/cmd/goyco/cli.go
+++ b/cmd/goyco/cli.go
@@ -18,7 +18,7 @@ import (

 var (
 	helpPrinterOnce    sync.Once
-	defaultHelpPrinter func(io.Writer, string, interface{})
+	defaultHelpPrinter func(io.Writer, string, any)
 )

 func loadDotEnv() {
@@ -59,6 +59,7 @@ func printRootUsage() {
 	fmt.Fprintln(os.Stderr, "  post      manage posts (delete, list, search)")
 	fmt.Fprintln(os.Stderr, "  prune     hard delete users and posts (posts, all)")
 	fmt.Fprintln(os.Stderr, "  seed      seed database with random data")
+	fmt.Fprintln(os.Stderr, "  health    check the health of the application and its dependencies")
 }

 func printRunUsage() {
@@ -70,7 +71,7 @@ func buildRootCommand(cfg *config.Config) *cli.Command {
 	helpPrinterOnce.Do(func() {
 		defaultHelpPrinter = cli.HelpPrinter
 	})
-	cli.HelpPrinter = func(w io.Writer, templ string, data interface{}) {
+	cli.HelpPrinter = func(w io.Writer, templ string, data any) {
 		if cmd, ok := data.(*cli.Command); ok && cmd.Root() == cmd {
 			printRootUsage()
 			return
@@ -180,6 +181,14 @@ func buildRootCommand(cfg *config.Config) *cli.Command {
 					return commands.HandleSeedCommand(cfg, cmd.Name, cmd.Args().Slice())
 				},
 			},
+			{
+				Name:            "health",
+				Usage:           "check the health of the application and its dependencies",
+				SkipFlagParsing: true,
+				Action: func(_ context.Context, cmd *cli.Command) error {
+					return commands.HandleHealthCommand(cfg, cmd.Name, cmd.Args().Slice())
+				},
+			},
 		},
 		Writer:    os.Stdout,
 		ErrWriter: os.Stderr,
--- a/cmd/goyco/commands/common.go
+++ b/cmd/goyco/commands/common.go
@@ -113,15 +113,15 @@ func truncate(in string, max int) string {
 	return in[:max-3] + "..."
 }

-func outputJSON(v interface{}) error {
+func outputJSON(v any) error {
 	encoder := json.NewEncoder(os.Stdout)
 	encoder.SetIndent("", "  ")
 	return encoder.Encode(v)
 }

-func outputWarning(message string, args ...interface{}) {
+func outputWarning(message string, args ...any) {
 	if IsJSONOutput() {
-		outputJSON(map[string]interface{}{
+		outputJSON(map[string]any{
 			"warning": fmt.Sprintf(message, args...),
 		})
 	} else {
--- a/cmd/goyco/commands/common_test.go
+++ b/cmd/goyco/commands/common_test.go
@@ -236,7 +236,7 @@ func TestSetJSONOutput(t *testing.T) {
 		done := make(chan bool)

 		go func() {
-			for i := 0; i < 100; i++ {
+			for range 100 {
 				SetJSONOutput(true)
 				_ = IsJSONOutput()
 				SetJSONOutput(false)
@@ -245,7 +245,7 @@ func TestSetJSONOutput(t *testing.T) {
 		}()

 		go func() {
-			for i := 0; i < 100; i++ {
+			for range 100 {
 				_ = IsJSONOutput()
 			}
 			done <- true
--- a/cmd/goyco/commands/daemon.go
+++ b/cmd/goyco/commands/daemon.go
@@ -87,7 +87,7 @@ func runStatusCommand(cfg *config.Config) error {

 	if !isDaemonRunning(pidFile) {
 		if IsJSONOutput() {
-			outputJSON(map[string]interface{}{
+			outputJSON(map[string]any{
 				"status": "not_running",
 			})
 		} else {
@@ -99,7 +99,7 @@ func runStatusCommand(cfg *config.Config) error {
 	data, err := os.ReadFile(pidFile)
 	if err != nil {
 		if IsJSONOutput() {
-			outputJSON(map[string]interface{}{
+			outputJSON(map[string]any{
 				"status": "running",
 				"error":  fmt.Sprintf("PID file exists but cannot be read: %v", err),
 			})
@@ -112,7 +112,7 @@ func runStatusCommand(cfg *config.Config) error {
 	pid, err := strconv.Atoi(string(data))
 	if err != nil {
 		if IsJSONOutput() {
-			outputJSON(map[string]interface{}{
+			outputJSON(map[string]any{
 				"status": "running",
 				"error":  fmt.Sprintf("PID file exists but contains invalid PID: %v", err),
 			})
@@ -123,7 +123,7 @@ func runStatusCommand(cfg *config.Config) error {
 	}

 	if IsJSONOutput() {
-		outputJSON(map[string]interface{}{
+		outputJSON(map[string]any{
 			"status": "running",
 			"pid":    pid,
 		})
@@ -171,7 +171,7 @@ func stopDaemon(cfg *config.Config) error {
 	_ = os.Remove(pidFile)

 	if IsJSONOutput() {
-		outputJSON(map[string]interface{}{
+		outputJSON(map[string]any{
 			"action": "stopped",
 			"pid":    pid,
 		})
@@ -219,7 +219,7 @@ func runDaemon(cfg *config.Config) error {
 			return fmt.Errorf("cannot write PID file: %w", err)
 		}
 		if IsJSONOutput() {
-			outputJSON(map[string]interface{}{
+			outputJSON(map[string]any{
 				"action":   "started",
 				"pid":      pid,
 				"pid_file": pidFile,
--- a/cmd/goyco/commands/health.go
+++ b/cmd/goyco/commands/health.go
@@ -0,0 +1,94 @@
+package commands
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"os"
+	"time"
+
+	"goyco/internal/config"
+	"goyco/internal/database"
+	"goyco/internal/health"
+	"goyco/internal/middleware"
+	"goyco/internal/version"
+)
+
+func HandleHealthCommand(cfg *config.Config, name string, args []string) error {
+	fs := newFlagSet(name, printHealthUsage)
+	if err := parseCommand(fs, args, name); err != nil {
+		if errors.Is(err, ErrHelpRequested) {
+			return nil
+		}
+		return err
+	}
+
+	if fs.NArg() > 0 {
+		printHealthUsage()
+		return errors.New("unexpected arguments for health command")
+	}
+
+	return runHealthCheck(cfg)
+}
+
+func printHealthUsage() {
+	fmt.Fprintln(os.Stderr, "Usage: goyco health")
+	fmt.Fprintln(os.Stderr, "\nCheck the health status of the application and its dependencies.")
+}
+
+func runHealthCheck(cfg *config.Config) error {
+	compositeChecker := health.NewCompositeChecker()
+
+	dbChecker, err := createDatabaseChecker(cfg)
+	if err != nil {
+		return fmt.Errorf("failed to create database checker: %w", err)
+	}
+	if dbChecker != nil {
+		compositeChecker.AddChecker(dbChecker)
+	}
+
+	smtpChecker := createSMTPChecker(cfg)
+	if smtpChecker != nil {
+		compositeChecker.AddChecker(smtpChecker)
+	}
+
+	ctx := context.Background()
+	result := compositeChecker.CheckWithVersion(ctx, version.GetVersion())
+
+	return outputJSON(result)
+}
+
+func createDatabaseChecker(cfg *config.Config) (health.Checker, error) {
+	db, err := database.Connect(cfg)
+	if err != nil {
+		return nil, fmt.Errorf("failed to connect to database: %w", err)
+	}
+
+	sqlDB, err := db.DB()
+	if err != nil {
+		return nil, fmt.Errorf("failed to get sql.DB: %w", err)
+	}
+
+	sqlDB.SetConnMaxLifetime(5 * time.Second)
+	sqlDB.SetMaxOpenConns(1)
+	sqlDB.SetMaxIdleConns(1)
+
+	monitor := middleware.NewInMemoryDBMonitor()
+	return health.NewDatabaseChecker(sqlDB, monitor), nil
+}
+
+func createSMTPChecker(cfg *config.Config) health.Checker {
+	if cfg.SMTP.Host == "" {
+		return nil
+	}
+
+	smtpConfig := health.SMTPConfig{
+		Host:     cfg.SMTP.Host,
+		Port:     cfg.SMTP.Port,
+		Username: cfg.SMTP.Username,
+		Password: cfg.SMTP.Password,
+		From:     cfg.SMTP.From,
+	}
+
+	return health.NewSMTPChecker(smtpConfig)
+}
--- a/cmd/goyco/commands/health_test.go
+++ b/cmd/goyco/commands/health_test.go
@@ -0,0 +1,89 @@
+package commands
+
+import (
+	"os"
+	"strings"
+	"testing"
+
+	"goyco/internal/config"
+	"goyco/internal/testutils"
+)
+
+func TestHandleHealthCommand(t *testing.T) {
+	cfg := testutils.NewTestConfig()
+
+	t.Run("help requested", func(t *testing.T) {
+		err := HandleHealthCommand(cfg, "health", []string{"--help"})
+
+		if err != nil {
+			t.Errorf("unexpected error for help: %v", err)
+		}
+	})
+
+	t.Run("unexpected arguments", func(t *testing.T) {
+		err := HandleHealthCommand(cfg, "health", []string{"extra", "args"})
+
+		if err == nil {
+			t.Error("expected error for unexpected arguments")
+		}
+
+		if !strings.Contains(err.Error(), "unexpected arguments") {
+			t.Errorf("expected error containing 'unexpected arguments', got %q", err.Error())
+		}
+	})
+}
+
+func TestPrintHealthUsage(t *testing.T) {
+	oldStderr := os.Stderr
+	r, w, _ := os.Pipe()
+	os.Stderr = w
+
+	printHealthUsage()
+
+	w.Close()
+	os.Stderr = oldStderr
+
+	buf := make([]byte, 1024)
+	n, _ := r.Read(buf)
+	output := string(buf[:n])
+
+	if !strings.Contains(output, "Usage: goyco health") {
+		t.Errorf("expected usage to contain 'Usage: goyco health', got %q", output)
+	}
+}
+
+func TestCreateSMTPChecker(t *testing.T) {
+	t.Run("with valid smtp config", func(t *testing.T) {
+		cfg := &config.Config{
+			SMTP: config.SMTPConfig{
+				Host: "smtp.example.com",
+				Port: 587,
+			},
+		}
+
+		checker := createSMTPChecker(cfg)
+
+		if checker == nil {
+			t.Error("expected checker to be created")
+		}
+
+		if checker.Name() != "smtp" {
+			t.Errorf("expected name 'smtp', got %s", checker.Name())
+		}
+	})
+
+	t.Run("with empty host", func(t *testing.T) {
+		cfg := &config.Config{
+			SMTP: config.SMTPConfig{
+				Host: "",
+				Port: 587,
+			},
+		}
+
+		checker := createSMTPChecker(cfg)
+
+		if checker != nil {
+			t.Error("expected checker to be nil when host is empty")
+		}
+	})
+}
--- a/cmd/goyco/commands/post.go
+++ b/cmd/goyco/commands/post.go
@@ -91,7 +91,7 @@ func postDelete(repo repositories.PostRepository, args []string) error {
 	}

 	if IsJSONOutput() {
-		outputJSON(map[string]interface{}{
+		outputJSON(map[string]any{
 			"action": "post_deleted",
 			"id":     id,
 		})
@@ -158,7 +158,7 @@ func postList(postQueries *services.PostQueries, args []string) error {
 				CreatedAt: p.CreatedAt.Format("2006-01-02 15:04:05"),
 			}
 		}
-		outputJSON(map[string]interface{}{
+		outputJSON(map[string]any{
 			"posts": postsJSON,
 			"count": len(postsJSON),
 		})
@@ -298,7 +298,7 @@ func postSearch(postQueries *services.PostQueries, args []string) error {
 				CreatedAt: p.CreatedAt.Format("2006-01-02 15:04:05"),
 			}
 		}
-		outputJSON(map[string]interface{}{
+		outputJSON(map[string]any{
 			"search_term": sanitizedTerm,
 			"posts":       postsJSON,
 			"count":       len(postsJSON),
--- a/cmd/goyco/commands/progress_indicator_test.go
+++ b/cmd/goyco/commands/progress_indicator_test.go
@@ -508,9 +508,9 @@ func TestProgressIndicator_Concurrency(t *testing.T) {
 	pi := NewProgressIndicator(100, "Concurrent test")
 	done := make(chan bool)

-	for i := 0; i < 10; i++ {
+	for range 10 {
 		go func() {
-			for j := 0; j < 10; j++ {
+			for range 10 {
 				pi.Increment()
 				time.Sleep(1 * time.Millisecond)
 			}
@@ -518,7 +518,7 @@ func TestProgressIndicator_Concurrency(t *testing.T) {
 		}()
 	}

-	for i := 0; i < 10; i++ {
+	for range 10 {
 		<-done
 	}

--- a/cmd/goyco/commands/prune.go
+++ b/cmd/goyco/commands/prune.go
@@ -95,7 +95,7 @@ func prunePosts(postRepo repositories.PostRepository, args []string) error {
 			}
 		}
 		if *dryRun {
-			outputJSON(map[string]interface{}{
+			outputJSON(map[string]any{
 				"action":  "prune_posts",
 				"dry_run": true,
 				"posts":   postsJSON,
@@ -110,7 +110,7 @@ func prunePosts(postRepo repositories.PostRepository, args []string) error {
 		if err != nil {
 			return fmt.Errorf("hard delete posts: %w", err)
 		}
-		outputJSON(map[string]interface{}{
+		outputJSON(map[string]any{
 			"action":        "prune_posts",
 			"deleted_count": deletedCount,
 		})
@@ -178,7 +178,7 @@ func pruneUsers(userRepo repositories.UserRepository, postRepo repositories.Post
 	userCount := len(users)
 	if userCount == 0 {
 		if IsJSONOutput() {
-			outputJSON(map[string]interface{}{
+			outputJSON(map[string]any{
 				"action": "prune_users",
 				"count":  0,
 			})
@@ -211,7 +211,7 @@ func pruneUsers(userRepo repositories.UserRepository, postRepo repositories.Post
 			}
 		}
 		if *dryRun {
-			outputJSON(map[string]interface{}{
+			outputJSON(map[string]any{
 				"action":     "prune_users",
 				"dry_run":    true,
 				"users":      usersJSON,
@@ -229,7 +229,7 @@ func pruneUsers(userRepo repositories.UserRepository, postRepo repositories.Post
 			if err != nil {
 				return fmt.Errorf("hard delete all users and posts: %w", err)
 			}
-			outputJSON(map[string]interface{}{
+			outputJSON(map[string]any{
 				"action":        "prune_users",
 				"deleted_count": totalDeleted,
 				"with_posts":    true,
@@ -242,7 +242,7 @@ func pruneUsers(userRepo repositories.UserRepository, postRepo repositories.Post
 				}
 				deletedCount++
 			}
-			outputJSON(map[string]interface{}{
+			outputJSON(map[string]any{
 				"action":        "prune_users",
 				"deleted_count": deletedCount,
 				"with_posts":    false,
@@ -328,7 +328,7 @@ func pruneAll(userRepo repositories.UserRepository, postRepo repositories.PostRe

 	if IsJSONOutput() {
 		if *dryRun {
-			outputJSON(map[string]interface{}{
+			outputJSON(map[string]any{
 				"action":     "prune_all",
 				"dry_run":    true,
 				"user_count": len(userCount),
@@ -343,7 +343,7 @@ func pruneAll(userRepo repositories.UserRepository, postRepo repositories.PostRe
 		if err != nil {
 			return fmt.Errorf("hard delete all: %w", err)
 		}
-		outputJSON(map[string]interface{}{
+		outputJSON(map[string]any{
 			"action":        "prune_all",
 			"deleted_count": totalDeleted,
 		})
--- a/cmd/goyco/commands/seed.go
+++ b/cmd/goyco/commands/seed.go
@@ -56,10 +56,11 @@ func runSeedCommand(userRepo repositories.UserRepository, postRepo repositories.

 func printSeedUsage() {
 	fmt.Fprintln(os.Stderr, "Seed subcommands:")
-	fmt.Fprintln(os.Stderr, "  database [--posts <n>] [--users <n>] [--votes-per-post <n>]")
+	fmt.Fprintln(os.Stderr, "  database [--posts <n>] [--users <n>] [--votes-per-post <n>] [--upvote-ratio <r>]")
 	fmt.Fprintln(os.Stderr, "    --posts: number of posts to create (default: 40)")
 	fmt.Fprintln(os.Stderr, "    --users: number of additional users to create (default: 5)")
 	fmt.Fprintln(os.Stderr, "    --votes-per-post: average votes per post (default: 15)")
+	fmt.Fprintln(os.Stderr, "    --upvote-ratio: percentage of upvotes vs downvotes, 0.0-1.0 (default: 0.7)")
 }

 func clampFlagValue(value *int, min int, name string) {
@@ -76,9 +77,10 @@ func seedDatabase(userRepo repositories.UserRepository, postRepo repositories.Po
 	numPosts := fs.Int("posts", 40, "number of posts to create")
 	numUsers := fs.Int("users", 5, "number of additional users to create")
 	votesPerPost := fs.Int("votes-per-post", 15, "average votes per post")
+	upvoteRatio := fs.Float64("upvote-ratio", 0.7, "percentage of upvotes vs downvotes, 0.0-1.0")
 	fs.SetOutput(os.Stderr)
 	fs.Usage = func() {
-		fmt.Fprintln(os.Stderr, "Usage: goyco seed database [--posts <n>] [--users <n>] [--votes-per-post <n>]")
+		fmt.Fprintln(os.Stderr, "Usage: goyco seed database [--posts <n>] [--users <n>] [--votes-per-post <n>] [--upvote-ratio <r>]")
 		fmt.Fprintln(os.Stderr, "\nOptions:")
 		fs.PrintDefaults()
 	}
@@ -93,6 +95,11 @@ func seedDatabase(userRepo repositories.UserRepository, postRepo repositories.Po
 	clampFlagValue(numUsers, 0, "users")
 	clampFlagValue(numPosts, 1, "posts")
 	clampFlagValue(votesPerPost, 0, "votes-per-post")
+	if *upvoteRatio < 0 {
+		*upvoteRatio = 0
+	} else if *upvoteRatio > 1 {
+		*upvoteRatio = 1
+	}

 	if !IsJSONOutput() {
 		fmt.Println("Starting database seeding...")
@@ -119,7 +126,7 @@ func seedDatabase(userRepo repositories.UserRepository, postRepo repositories.Po
 		fmt.Printf("Seed user ready: ID=%d Username=%s\n", seedUser.ID, seedUser.Username)
 	}

-	generator := newSeedGenerator(string(userPasswordHash))
+	generator := newSeedGenerator(string(userPasswordHash), *upvoteRatio)
 	allUsers := []database.User{*seedUser}

 	users, err := createUsers(generator, userRepo, *numUsers, "Creating users")
@@ -258,13 +265,15 @@ func validateSeedConsistency(voteRepo repositories.VoteRepository, users []datab
 type seedGenerator struct {
 	passwordHash string
 	randSource   *rand.Rand
+	upvoteRatio  float64
 }

-func newSeedGenerator(passwordHash string) *seedGenerator {
+func newSeedGenerator(passwordHash string, upvoteRatio float64) *seedGenerator {
 	seed := time.Now().UnixNano()
 	return &seedGenerator{
 		passwordHash: passwordHash,
 		randSource:   rand.New(rand.NewSource(seed)),
+		upvoteRatio:  upvoteRatio,
 	}
 }

@@ -312,7 +321,7 @@ func createUsers(g *seedGenerator, userRepo repositories.UserRepository, count i
 	}
 	progress := maybeProgress(count, desc)
 	users := make([]database.User, 0, count)
-	for i := 0; i < count; i++ {
+	for i := range count {
 		user, err := g.createSingleUser(userRepo, i+1)
 		if err != nil {
 			return nil, fmt.Errorf("create random user: %w", err)
@@ -334,7 +343,7 @@ func createPosts(g *seedGenerator, postRepo repositories.PostRepository, authorI
 	}
 	progress := maybeProgress(count, desc)
 	posts := make([]database.Post, 0, count)
-	for i := 0; i < count; i++ {
+	for i := range count {
 		post, err := g.createSinglePost(postRepo, authorID, i+1)
 		if err != nil {
 			return nil, fmt.Errorf("create random post: %w", err)
@@ -490,9 +499,8 @@ func (g *seedGenerator) createVotesForPost(voteRepo repositories.VoteRepository,
 		}
 		usedUsers[user.ID] = true

-		voteTypeInt := g.randSource.Intn(10)
 		var voteType database.VoteType
-		if voteTypeInt < 7 {
+		if g.randSource.Float64() < g.upvoteRatio {
 			voteType = database.VoteUp
 		} else {
 			voteType = database.VoteDown
--- a/cmd/goyco/commands/user.go
+++ b/cmd/goyco/commands/user.go
@@ -169,7 +169,7 @@ func userCreate(cfg *config.Config, repo repositories.UserRepository, args []str
 	}

 	if IsJSONOutput() {
-		outputJSON(map[string]interface{}{
+		outputJSON(map[string]any{
 			"action":   "user_created",
 			"id":       user.ID,
 			"username": user.Username,
@@ -296,7 +296,7 @@ func userUpdate(cfg *config.Config, repo repositories.UserRepository, refreshTok
 	}

 	if IsJSONOutput() {
-		outputJSON(map[string]interface{}{
+		outputJSON(map[string]any{
 			"action":   "user_updated",
 			"id":       user.ID,
 			"username": user.Username,
@@ -424,7 +424,7 @@ func userDelete(cfg *config.Config, repo repositories.UserRepository, args []str
 	}

 	if IsJSONOutput() {
-		outputJSON(map[string]interface{}{
+		outputJSON(map[string]any{
 			"action":        "user_deleted",
 			"id":            id,
 			"username":      user.Username,
@@ -479,7 +479,7 @@ func userList(repo repositories.UserRepository, args []string) error {
 				CreatedAt: u.CreatedAt.Format("2006-01-02 15:04:05"),
 			}
 		}
-		outputJSON(map[string]interface{}{
+		outputJSON(map[string]any{
 			"users": usersJSON,
 			"count": len(usersJSON),
 		})
@@ -578,7 +578,7 @@ func userLock(cfg *config.Config, repo repositories.UserRepository, args []strin

 	if user.Locked {
 		if IsJSONOutput() {
-			outputJSON(map[string]interface{}{
+			outputJSON(map[string]any{
 				"action":   "user_lock",
 				"id":       id,
 				"username": user.Username,
@@ -604,7 +604,7 @@ func userLock(cfg *config.Config, repo repositories.UserRepository, args []strin
 	}

 	if IsJSONOutput() {
-		outputJSON(map[string]interface{}{
+		outputJSON(map[string]any{
 			"action":     "user_locked",
 			"id":         id,
 			"username":   user.Username,
@@ -653,7 +653,7 @@ func userUnlock(cfg *config.Config, repo repositories.UserRepository, args []str

 	if !user.Locked {
 		if IsJSONOutput() {
-			outputJSON(map[string]interface{}{
+			outputJSON(map[string]any{
 				"action":   "user_unlock",
 				"id":       id,
 				"username": user.Username,
@@ -679,7 +679,7 @@ func userUnlock(cfg *config.Config, repo repositories.UserRepository, args []str
 	}

 	if IsJSONOutput() {
-		outputJSON(map[string]interface{}{
+		outputJSON(map[string]any{
 			"action":     "user_unlocked",
 			"id":         id,
 			"username":   user.Username,
@@ -732,7 +732,7 @@ func resetUserPassword(cfg *config.Config, repo repositories.UserRepository, ses
 	}

 	if IsJSONOutput() {
-		outputJSON(map[string]interface{}{
+		outputJSON(map[string]any{
 			"action":   "password_reset",
 			"id":       userID,
 			"username": user.Username,
--- a/docs/docs.go
+++ b/docs/docs.go
@@ -1771,7 +1771,7 @@ const docTemplate = `{
        },
        "/health": {
            "get": {
-                "description": "Check the API health status along with database connectivity details",
+                "description": "Check the API health status along with database connectivity and SMTP service details",
                "consumes": [
                    "application/json"
                ],
--- a/docs/swagger.json
+++ b/docs/swagger.json
@@ -1768,7 +1768,7 @@
        },
        "/health": {
            "get": {
-                "description": "Check the API health status along with database connectivity details",
+                "description": "Check the API health status along with database connectivity and SMTP service details",
                "consumes": [
                    "application/json"
                ],
--- a/docs/swagger.yaml
+++ b/docs/swagger.yaml
@@ -1387,7 +1387,8 @@ paths:
    get:
      consumes:
      - application/json
-      description: Check the API health status along with database connectivity details
+      description: Check the API health status along with database connectivity and
+        SMTP service details
      produces:
      - application/json
      responses:
--- a/internal/e2e/common.go
+++ b/internal/e2e/common.go
@@ -289,6 +289,19 @@ func setupTestContext(t *testing.T) *testContext {
 	}
 }

+func setupTestContextWithMiddleware(t *testing.T) *testContext {
+	t.Helper()
+	server := setupIntegrationTestServerWithMiddlewareEnabled(t)
+	t.Cleanup(func() {
+		server.Cleanup()
+	})
+	return &testContext{
+		server:  server,
+		client:  server.NewHTTPClient(),
+		baseURL: server.BaseURL(),
+	}
+}
+
 func setupTestContextWithAuthRateLimit(t *testing.T, authLimit int) *testContext {
 	t.Helper()
 	server := setupIntegrationTestServerWithAuthRateLimit(t, authLimit)
@@ -603,14 +616,34 @@ func generateTokenWithExpiration(t *testing.T, user *database.User, cfg *config.

 type serverConfig struct {
 	authLimit          int
+	disableCache       bool
+	disableCompression bool
+	cacheablePaths     []string
 }

 func setupIntegrationTestServer(t *testing.T) *IntegrationTestServer {
-	return setupIntegrationTestServerWithConfig(t, serverConfig{authLimit: 50000})
+	return setupIntegrationTestServerWithConfig(t, serverConfig{
+		authLimit:          50000,
+		disableCache:       true,
+		disableCompression: true,
+	})
 }

 func setupIntegrationTestServerWithAuthRateLimit(t *testing.T, authLimit int) *IntegrationTestServer {
-	return setupIntegrationTestServerWithConfig(t, serverConfig{authLimit: authLimit})
+	return setupIntegrationTestServerWithConfig(t, serverConfig{
+		authLimit:          authLimit,
+		disableCache:       true,
+		disableCompression: true,
+	})
+}
+
+func setupIntegrationTestServerWithMiddlewareEnabled(t *testing.T) *IntegrationTestServer {
+	return setupIntegrationTestServerWithConfig(t, serverConfig{
+		authLimit:          50000,
+		disableCache:       false,
+		disableCompression: false,
+		cacheablePaths:     []string{"/api/posts"},
+	})
 }

 func setupDatabase(t *testing.T) *gorm.DB {
@@ -678,7 +711,7 @@ func setupHandlers(authService handlers.AuthServiceInterface, userRepo repositor
 		handlers.NewAPIHandler(cfg, postRepo, userRepo, voteService)
 }

-func setupRouter(authHandler *handlers.AuthHandler, postHandler *handlers.PostHandler, voteHandler *handlers.VoteHandler, userHandler *handlers.UserHandler, apiHandler *handlers.APIHandler, authService handlers.AuthServiceInterface, cfg *config.Config) http.Handler {
+func setupRouter(authHandler *handlers.AuthHandler, postHandler *handlers.PostHandler, voteHandler *handlers.VoteHandler, userHandler *handlers.UserHandler, apiHandler *handlers.APIHandler, authService handlers.AuthServiceInterface, cfg *config.Config, serverCfg serverConfig) http.Handler {
 	return server.NewRouter(server.RouterConfig{
 		AuthHandler:        authHandler,
 		PostHandler:        postHandler,
@@ -689,8 +722,9 @@ func setupRouter(authHandler *handlers.AuthHandler, postHandler *handlers.PostHa
 		PageHandler:        nil,
 		StaticDir:          findWorkspaceRoot() + "/internal/static/",
 		Debug:              false,
-		DisableCache:       true,
-		DisableCompression: true,
+		DisableCache:       serverCfg.disableCache,
+		DisableCompression: serverCfg.disableCompression,
+		CacheablePaths:     serverCfg.cacheablePaths,
 		RateLimitConfig:    cfg.RateLimit,
 	})
 }
@@ -735,7 +769,7 @@ func setupIntegrationTestServerWithConfig(t *testing.T, serverCfg serverConfig)
 	}

 	authHandler, postHandler, voteHandler, userHandler, apiHandler := setupHandlers(authService, userRepo, postRepo, voteService, cfg)
-	router := setupRouter(authHandler, postHandler, voteHandler, userHandler, apiHandler, authService, cfg)
+	router := setupRouter(authHandler, postHandler, voteHandler, userHandler, apiHandler, authService, cfg, serverCfg)

 	listener, err := net.Listen("tcp", "127.0.0.1:0")

--- a/internal/e2e/error_handling_test.go
+++ b/internal/e2e/error_handling_test.go
@@ -422,9 +422,7 @@ func TestE2E_ConcurrentPostCreation(t *testing.T) {

 		for _, user := range users {
 			u := user
-			wg.Add(1)
-			go func() {
-				defer wg.Done()
+			wg.Go(func() {
 				client, err := ctx.loginUserSafe(t, u.Username, u.Password)
 				if err != nil || client == nil {
 					results <- nil
@@ -443,7 +441,7 @@ func TestE2E_ConcurrentPostCreation(t *testing.T) {

 				post, err := client.CreatePostSafe("Concurrent Post", url, "Content")
 				results <- post
-			}()
+			})
 		}

 		wg.Wait()
--- a/internal/e2e/error_recovery_test.go
+++ b/internal/e2e/error_recovery_test.go
@@ -56,10 +56,8 @@ func TestE2E_DatabaseFailureRecovery(t *testing.T) {
 		var wg sync.WaitGroup
 		errors := make(chan error, 10)

-		for i := 0; i < 5; i++ {
-			wg.Add(1)
-			go func() {
-				defer wg.Done()
+		for range 5 {
+			wg.Go(func() {
 				conn, err := sqlDB.Conn(context.Background())
 				if err != nil {
 					errors <- err
@@ -68,7 +66,7 @@ func TestE2E_DatabaseFailureRecovery(t *testing.T) {
 				defer conn.Close()

 				time.Sleep(100 * time.Millisecond)
-			}()
+			})
 		}

 		wg.Wait()
@@ -297,7 +295,7 @@ func TestE2E_DatabaseConnectionPool(t *testing.T) {

 		initialStats := sqlDB.Stats()

-		for i := 0; i < 5; i++ {
+		for range 5 {
 			req, err := http.NewRequest("GET", ctx.baseURL+"/api/posts", nil)
 			if err != nil {
 				continue
--- a/internal/e2e/middleware_test.go
+++ b/internal/e2e/middleware_test.go
@@ -7,14 +7,15 @@ import (
 	"net/http"
 	"strings"
 	"testing"
+	"time"

 	"goyco/internal/testutils"
 )

 func TestE2E_CompressionMiddleware(t *testing.T) {
-	ctx := setupTestContext(t)
+	ctx := setupTestContextWithMiddleware(t)

-	t.Run("compression_enabled_with_accept_encoding", func(t *testing.T) {
+	t.Run("compresses_response_when_accept_encoding_is_gzip", func(t *testing.T) {
 		request, err := http.NewRequest("GET", ctx.baseURL+"/api/posts", nil)
 		if err != nil {
 			t.Fatalf("Failed to create request: %v", err)
@@ -27,15 +28,22 @@ func TestE2E_CompressionMiddleware(t *testing.T) {
 			t.Fatalf("Request failed: %v", err)
 		}
 		defer response.Body.Close()
+		failIfRateLimited(t, response.StatusCode, "compression enabled GET /api/posts")

 		contentEncoding := response.Header.Get("Content-Encoding")
-		if contentEncoding == "gzip" {
+		if contentEncoding != "gzip" {
+			t.Fatalf("Expected gzip compression, got Content-Encoding=%q", contentEncoding)
+		}
+
 		body, err := io.ReadAll(response.Body)
 		if err != nil {
 			t.Fatalf("Failed to read response body: %v", err)
 		}

-			if isGzipCompressed(body) {
+		if !isGzipCompressed(body) {
+			t.Fatalf("Expected gzip-compressed body bytes")
+		}
+
 		reader, err := gzip.NewReader(bytes.NewReader(body))
 		if err != nil {
 			t.Fatalf("Failed to create gzip reader: %v", err)
@@ -48,42 +56,44 @@ func TestE2E_CompressionMiddleware(t *testing.T) {
 		}

 		if len(decompressed) == 0 {
-					t.Error("Decompressed body is empty")
-				}
-			}
-		} else {
-			t.Logf("Compression not applied (Content-Encoding: %s)", contentEncoding)
+			t.Fatal("Decompressed body is empty")
 		}
 	})

-	t.Run("no_compression_without_accept_encoding", func(t *testing.T) {
+	t.Run("does_not_compress_without_accept_encoding", func(t *testing.T) {
 		request, err := http.NewRequest("GET", ctx.baseURL+"/api/posts", nil)
 		if err != nil {
 			t.Fatalf("Failed to create request: %v", err)
 		}
 		testutils.WithStandardHeaders(request)
+		request.Header.Del("Accept-Encoding")

 		response, err := ctx.client.Do(request)
 		if err != nil {
 			t.Fatalf("Request failed: %v", err)
 		}
 		defer response.Body.Close()
+		failIfRateLimited(t, response.StatusCode, "compression disabled GET /api/posts")

 		contentEncoding := response.Header.Get("Content-Encoding")
 		if contentEncoding == "gzip" {
-			t.Error("Expected no compression without Accept-Encoding header")
+			t.Fatal("Expected no compression without Accept-Encoding header")
 		}
 	})

-	t.Run("decompression_handles_gzip_request", func(t *testing.T) {
+	t.Run("accepts_valid_gzip_request_body", func(t *testing.T) {
 		testUser := ctx.createUserWithCleanup(t, "compressionuser", "StrongPass123!")
 		authClient := ctx.loginUser(t, testUser.Username, "StrongPass123!")

 		var buf bytes.Buffer
 		gz := gzip.NewWriter(&buf)
 		postData := `{"title":"Compressed Post","url":"https://example.com/compressed","content":"Test content"}`
-		gz.Write([]byte(postData))
-		gz.Close()
+		if _, err := gz.Write([]byte(postData)); err != nil {
+			t.Fatalf("Failed to gzip request body: %v", err)
+		}
+		if err := gz.Close(); err != nil {
+			t.Fatalf("Failed to finalize gzip body: %v", err)
+		}

 		request, err := http.NewRequest("POST", ctx.baseURL+"/api/posts", &buf)
 		if err != nil {
@@ -99,20 +109,22 @@ func TestE2E_CompressionMiddleware(t *testing.T) {
 			t.Fatalf("Request failed: %v", err)
 		}
 		defer response.Body.Close()
+		failIfRateLimited(t, response.StatusCode, "decompression POST /api/posts")

 		switch response.StatusCode {
-		case http.StatusBadRequest:
-			t.Log("Decompression middleware rejected invalid gzip")
 		case http.StatusCreated, http.StatusOK:
-			t.Log("Decompression middleware handled gzip request successfully")
+			return
+		default:
+			body, _ := io.ReadAll(response.Body)
+			t.Fatalf("Expected status %d or %d for valid gzip request, got %d. Body: %s", http.StatusCreated, http.StatusOK, response.StatusCode, string(body))
 		}
 	})
 }

 func TestE2E_CacheMiddleware(t *testing.T) {
-	ctx := setupTestContext(t)
+	ctx := setupTestContextWithMiddleware(t)

-	t.Run("cache_miss_then_hit", func(t *testing.T) {
+	t.Run("returns_hit_after_repeated_get", func(t *testing.T) {
 		firstRequest, err := http.NewRequest("GET", ctx.baseURL+"/api/posts", nil)
 		if err != nil {
 			t.Fatalf("Failed to create request: %v", err)
@@ -124,12 +136,14 @@ func TestE2E_CacheMiddleware(t *testing.T) {
 			t.Fatalf("Request failed: %v", err)
 		}
 		firstResponse.Body.Close()
+		failIfRateLimited(t, firstResponse.StatusCode, "first cache GET /api/posts")

 		firstCacheStatus := firstResponse.Header.Get("X-Cache")
 		if firstCacheStatus == "HIT" {
-			t.Log("First request was cached (unexpected but acceptable)")
+			t.Fatalf("Expected first request to be a cache miss, got X-Cache=%q", firstCacheStatus)
 		}

+		for range 8 {
 			secondRequest, err := http.NewRequest("GET", ctx.baseURL+"/api/posts", nil)
 			if err != nil {
 				t.Fatalf("Failed to create request: %v", err)
@@ -140,18 +154,25 @@ func TestE2E_CacheMiddleware(t *testing.T) {
 			if err != nil {
 				t.Fatalf("Request failed: %v", err)
 			}
-		defer secondResponse.Body.Close()
-
+			failIfRateLimited(t, secondResponse.StatusCode, "cache warmup GET /api/posts")
 			secondCacheStatus := secondResponse.Header.Get("X-Cache")
+			secondResponse.Body.Close()
+
 			if secondCacheStatus == "HIT" {
-			t.Log("Second request was served from cache")
+				return
 			}
+
+			time.Sleep(25 * time.Millisecond)
+		}
+
+		t.Fatal("Expected a cache HIT on repeated requests, but none observed")
 	})

-	t.Run("cache_invalidation_on_post", func(t *testing.T) {
+	t.Run("invalidates_cached_get_after_post", func(t *testing.T) {
 		testUser := ctx.createUserWithCleanup(t, "cacheuser", "StrongPass123!")
 		authClient := ctx.loginUser(t, testUser.Username, "StrongPass123!")

+		for attempt := range 8 {
 			firstRequest, err := http.NewRequest("GET", ctx.baseURL+"/api/posts", nil)
 			if err != nil {
 				t.Fatalf("Failed to create request: %v", err)
@@ -163,8 +184,21 @@ func TestE2E_CacheMiddleware(t *testing.T) {
 			if err != nil {
 				t.Fatalf("Request failed: %v", err)
 			}
+			failIfRateLimited(t, firstResponse.StatusCode, "cache priming GET /api/posts")
+			cacheStatus := firstResponse.Header.Get("X-Cache")
 			firstResponse.Body.Close()

+			if cacheStatus == "HIT" {
+				break
+			}
+
+			if attempt == 7 {
+				t.Fatal("Failed to prime cache: repeated GET requests never produced X-Cache=HIT")
+			}
+
+			time.Sleep(25 * time.Millisecond)
+		}
+
 		postData := `{"title":"Cache Invalidation Test","url":"https://example.com/cache","content":"Test"}`
 		secondRequest, err := http.NewRequest("POST", ctx.baseURL+"/api/posts", strings.NewReader(postData))
 		if err != nil {
@@ -178,8 +212,15 @@ func TestE2E_CacheMiddleware(t *testing.T) {
 		if err != nil {
 			t.Fatalf("Request failed: %v", err)
 		}
+		failIfRateLimited(t, secondResponse.StatusCode, "cache invalidation POST /api/posts")
+		if secondResponse.StatusCode != http.StatusCreated && secondResponse.StatusCode != http.StatusOK {
+			body, _ := io.ReadAll(secondResponse.Body)
+			secondResponse.Body.Close()
+			t.Fatalf("Expected post creation status %d or %d, got %d. Body: %s", http.StatusCreated, http.StatusOK, secondResponse.StatusCode, string(body))
+		}
 		secondResponse.Body.Close()

+		for range 8 {
 			thirdRequest, err := http.NewRequest("GET", ctx.baseURL+"/api/posts", nil)
 			if err != nil {
 				t.Fatalf("Failed to create request: %v", err)
@@ -191,19 +232,25 @@ func TestE2E_CacheMiddleware(t *testing.T) {
 			if err != nil {
 				t.Fatalf("Request failed: %v", err)
 			}
-		defer thirdResponse.Body.Close()
-
+			failIfRateLimited(t, thirdResponse.StatusCode, "post-invalidation GET /api/posts")
 			cacheStatus := thirdResponse.Header.Get("X-Cache")
-		if cacheStatus == "HIT" {
-			t.Log("Cache was invalidated after POST")
+			thirdResponse.Body.Close()
+
+			if cacheStatus != "HIT" {
+				return
 			}
+
+			time.Sleep(25 * time.Millisecond)
+		}
+
+		t.Fatal("Expected cache to be invalidated after POST, but X-Cache stayed HIT")
 	})
 }

 func TestE2E_CSRFProtection(t *testing.T) {
 	ctx := setupTestContext(t)

-	t.Run("csrf_protection_for_non_api_routes", func(t *testing.T) {
+	t.Run("non_api_post_without_csrf_is_forbidden_or_unmounted", func(t *testing.T) {
 		request, err := http.NewRequest("POST", ctx.baseURL+"/auth/login", strings.NewReader(`{"username":"test","password":"test"}`))
 		if err != nil {
 			t.Fatalf("Failed to create request: %v", err)
@@ -216,15 +263,15 @@ func TestE2E_CSRFProtection(t *testing.T) {
 			t.Fatalf("Request failed: %v", err)
 		}
 		defer response.Body.Close()
+		failIfRateLimited(t, response.StatusCode, "CSRF non-API POST /auth/login")

-		if response.StatusCode == http.StatusForbidden {
-			t.Log("CSRF protection active for non-API routes")
-		} else {
-			t.Logf("CSRF check result: status %d", response.StatusCode)
+		if response.StatusCode != http.StatusForbidden && response.StatusCode != http.StatusNotFound {
+			body, _ := io.ReadAll(response.Body)
+			t.Fatalf("Expected status %d (CSRF protected) or %d (route unavailable in test setup), got %d. Body: %s", http.StatusForbidden, http.StatusNotFound, response.StatusCode, string(body))
 		}
 	})

-	t.Run("csrf_bypass_for_api_routes", func(t *testing.T) {
+	t.Run("api_post_without_csrf_is_not_forbidden", func(t *testing.T) {
 		testUser := ctx.createUserWithCleanup(t, "csrfuser", "StrongPass123!")
 		authClient := ctx.loginUser(t, testUser.Username, "StrongPass123!")

@@ -242,13 +289,15 @@ func TestE2E_CSRFProtection(t *testing.T) {
 			t.Fatalf("Request failed: %v", err)
 		}
 		defer response.Body.Close()
+		failIfRateLimited(t, response.StatusCode, "CSRF bypass POST /api/posts")

 		if response.StatusCode == http.StatusForbidden {
-			t.Error("API routes should bypass CSRF protection")
+			body, _ := io.ReadAll(response.Body)
+			t.Fatalf("API routes should bypass CSRF protection, got 403. Body: %s", string(body))
 		}
 	})

-	t.Run("csrf_allows_get_requests", func(t *testing.T) {
+	t.Run("get_request_without_csrf_is_not_forbidden", func(t *testing.T) {
 		request, err := http.NewRequest("GET", ctx.baseURL+"/auth/login", nil)
 		if err != nil {
 			t.Fatalf("Failed to create request: %v", err)
@@ -260,9 +309,10 @@ func TestE2E_CSRFProtection(t *testing.T) {
 			t.Fatalf("Request failed: %v", err)
 		}
 		defer response.Body.Close()
+		failIfRateLimited(t, response.StatusCode, "CSRF GET /auth/login")

 		if response.StatusCode == http.StatusForbidden {
-			t.Error("GET requests should not require CSRF token")
+			t.Fatal("GET requests should not require CSRF token")
 		}
 	})
 }
@@ -270,7 +320,7 @@ func TestE2E_CSRFProtection(t *testing.T) {
 func TestE2E_RequestSizeLimit(t *testing.T) {
 	ctx := setupTestContext(t)

-	t.Run("request_within_size_limit", func(t *testing.T) {
+	t.Run("accepts_request_within_size_limit", func(t *testing.T) {
 		testUser := ctx.createUserWithCleanup(t, "sizelimituser", "StrongPass123!")
 		authClient := ctx.loginUser(t, testUser.Username, "StrongPass123!")

@@ -289,13 +339,15 @@ func TestE2E_RequestSizeLimit(t *testing.T) {
 			t.Fatalf("Request failed: %v", err)
 		}
 		defer response.Body.Close()
+		failIfRateLimited(t, response.StatusCode, "request within size limit POST /api/posts")

 		if response.StatusCode == http.StatusRequestEntityTooLarge {
-			t.Error("Small request should not exceed size limit")
+			body, _ := io.ReadAll(response.Body)
+			t.Fatalf("Small request should not exceed size limit. Body: %s", string(body))
 		}
 	})

-	t.Run("request_exceeds_size_limit", func(t *testing.T) {
+	t.Run("rejects_or_fails_oversized_request", func(t *testing.T) {
 		testUser := ctx.createUserWithCleanup(t, "sizelimituser2", "StrongPass123!")
 		authClient := ctx.loginUser(t, testUser.Username, "StrongPass123!")

@@ -311,14 +363,14 @@ func TestE2E_RequestSizeLimit(t *testing.T) {

 		response, err := ctx.client.Do(request)
 		if err != nil {
-			return
+			t.Fatalf("Request failed: %v", err)
 		}
 		defer response.Body.Close()
+		failIfRateLimited(t, response.StatusCode, "request exceeds size limit POST /api/posts")

-		if response.StatusCode == http.StatusRequestEntityTooLarge {
-			t.Log("Request size limit enforced correctly")
-		} else {
-			t.Logf("Request size limit check result: status %d", response.StatusCode)
+		if response.StatusCode != http.StatusRequestEntityTooLarge && response.StatusCode != http.StatusBadRequest {
+			body, _ := io.ReadAll(response.Body)
+			t.Fatalf("Expected status %d or %d for oversized request, got %d. Body: %s", http.StatusRequestEntityTooLarge, http.StatusBadRequest, response.StatusCode, string(body))
 		}
 	})
 }
--- a/internal/e2e/performance_test.go
+++ b/internal/e2e/performance_test.go
@@ -59,7 +59,7 @@ func TestE2E_Performance(t *testing.T) {
 				var totalTime time.Duration
 				iterations := 10

-				for i := 0; i < iterations; i++ {
+				for range iterations {
 					req, err := endpoint.req()
 					if err != nil {
 						t.Fatalf("Failed to create request: %v", err)
@@ -98,11 +98,9 @@ func TestE2E_Performance(t *testing.T) {
 		var errorCount int64

 		var wg sync.WaitGroup
-		for i := 0; i < concurrency; i++ {
-			wg.Add(1)
-			go func() {
-				defer wg.Done()
-				for j := 0; j < requestsPerGoroutine; j++ {
+		for range concurrency {
+			wg.Go(func() {
+				for range requestsPerGoroutine {
 					req, err := http.NewRequest("GET", ctx.baseURL+"/api/posts", nil)
 					if err != nil {
 						atomic.AddInt64(&errorCount, 1)
@@ -123,7 +121,7 @@ func TestE2E_Performance(t *testing.T) {
 						atomic.AddInt64(&errorCount, 1)
 					}
 				}
-			}()
+			})
 		}

 		wg.Wait()
@@ -138,7 +136,7 @@ func TestE2E_Performance(t *testing.T) {
 		createdUser := ctx.createUserWithCleanup(t, "dbperf", "StrongPass123!")
 		authClient := ctx.loginUser(t, createdUser.Username, createdUser.Password)

-		for i := 0; i < 10; i++ {
+		for i := range 10 {
 			authClient.CreatePost(t, fmt.Sprintf("Post %d", i), fmt.Sprintf("https://example.com/%d", i), "Content")
 		}

@@ -160,7 +158,7 @@ func TestE2E_Performance(t *testing.T) {
 		authClient := ctx.loginUser(t, createdUser.Username, createdUser.Password)

 		initialPosts := 50
-		for i := 0; i < initialPosts; i++ {
+		for i := range initialPosts {
 			authClient.CreatePost(t, fmt.Sprintf("Memory Test Post %d", i), fmt.Sprintf("https://example.com/mem%d", i), "Content")
 		}

@@ -271,16 +269,14 @@ func TestE2E_ConcurrentWrites(t *testing.T) {

 		for _, user := range users {
 			u := user
-			wg.Add(1)
-			go func() {
-				defer wg.Done()
+			wg.Go(func() {
 				authClient, err := ctx.loginUserSafe(t, u.Username, u.Password)
 				if err != nil {
 					atomic.AddInt64(&errorCount, 1)
 					return
 				}

-				for i := 0; i < 5; i++ {
+				for i := range 5 {
 					post, err := authClient.CreatePostSafe(
 						fmt.Sprintf("Concurrent Post %d", i),
 						fmt.Sprintf("https://example.com/concurrent%d-%d", u.ID, i),
@@ -292,7 +288,7 @@ func TestE2E_ConcurrentWrites(t *testing.T) {
 						atomic.AddInt64(&errorCount, 1)
 					}
 				}
-			}()
+			})
 		}

 		wg.Wait()
@@ -311,7 +307,7 @@ func TestE2E_ResponseSize(t *testing.T) {
 		createdUser := ctx.createUserWithCleanup(t, "sizetest", "StrongPass123!")
 		authClient := ctx.loginUser(t, createdUser.Username, createdUser.Password)

-		for i := 0; i < 100; i++ {
+		for i := range 100 {
 			authClient.CreatePost(t, fmt.Sprintf("Post %d", i), fmt.Sprintf("https://example.com/%d", i), "Content")
 		}

--- a/internal/e2e/rate_limiting_test.go
+++ b/internal/e2e/rate_limiting_test.go
@@ -38,7 +38,7 @@ func TestE2E_RateLimitingHeaders(t *testing.T) {
 					t.Error("Expected Retry-After header when rate limited")
 				}

-				var jsonResponse map[string]interface{}
+				var jsonResponse map[string]any
 				body, _ := json.Marshal(map[string]string{})
 				_ = json.Unmarshal(body, &jsonResponse)

@@ -72,7 +72,7 @@ func TestE2E_RateLimitingHeaders(t *testing.T) {
 				if resp.StatusCode != http.StatusTooManyRequests {
 					t.Errorf("Expected status 429 on request %d, got %d", i+1, resp.StatusCode)
 				} else {
-					var errorResponse map[string]interface{}
+					var errorResponse map[string]any
 					body, _ := io.ReadAll(resp.Body)
 					if err := json.Unmarshal(body, &errorResponse); err == nil {
 						if errorResponse["error"] == nil {
--- a/internal/e2e/version_test.go
+++ b/internal/e2e/version_test.go
@@ -30,12 +30,12 @@ func TestE2E_VersionEndpoint(t *testing.T) {
 			return
 		}

-		var apiInfo map[string]interface{}
+		var apiInfo map[string]any
 		if err := json.NewDecoder(resp.Body).Decode(&apiInfo); err != nil {
 			t.Fatalf("Failed to decode API info response: %v", err)
 		}

-		data, ok := apiInfo["data"].(map[string]interface{})
+		data, ok := apiInfo["data"].(map[string]any)
 		if !ok {
 			t.Fatalf("API info data is not a map")
 		}
@@ -74,12 +74,12 @@ func TestE2E_VersionEndpoint(t *testing.T) {
 			return
 		}

-		var healthInfo map[string]interface{}
+		var healthInfo map[string]any
 		if err := json.NewDecoder(resp.Body).Decode(&healthInfo); err != nil {
 			t.Fatalf("Failed to decode health response: %v", err)
 		}

-		data, ok := healthInfo["data"].(map[string]interface{})
+		data, ok := healthInfo["data"].(map[string]any)
 		if !ok {
 			t.Fatalf("Health data is not a map")
 		}
@@ -130,18 +130,18 @@ func TestE2E_VersionEndpoint(t *testing.T) {
 			return
 		}

-		var apiInfo map[string]interface{}
+		var apiInfo map[string]any
 		if err := json.NewDecoder(apiResp.Body).Decode(&apiInfo); err != nil {
 			t.Fatalf("Failed to decode API info: %v", err)
 		}

-		var healthInfo map[string]interface{}
+		var healthInfo map[string]any
 		if err := json.NewDecoder(healthResp.Body).Decode(&healthInfo); err != nil {
 			t.Fatalf("Failed to decode health info: %v", err)
 		}

-		apiData, _ := apiInfo["data"].(map[string]interface{})
-		healthData, _ := healthInfo["data"].(map[string]interface{})
+		apiData, _ := apiInfo["data"].(map[string]any)
+		healthData, _ := healthInfo["data"].(map[string]any)

 		apiVersion, apiOk := apiData["version"].(string)
 		healthVersion, healthOk := healthData["version"].(string)
@@ -169,12 +169,12 @@ func TestE2E_VersionEndpoint(t *testing.T) {
 			return
 		}

-		var apiInfo map[string]interface{}
+		var apiInfo map[string]any
 		if err := json.NewDecoder(resp.Body).Decode(&apiInfo); err != nil {
 			t.Fatalf("Failed to decode API info: %v", err)
 		}

-		data, ok := apiInfo["data"].(map[string]interface{})
+		data, ok := apiInfo["data"].(map[string]any)
 		if !ok {
 			return
 		}
--- a/internal/e2e/workflows_realistic_test.go
+++ b/internal/e2e/workflows_realistic_test.go
@@ -455,7 +455,7 @@ func TestE2E_ConcurrentRequestsWithSameSession(t *testing.T) {
 		authClient := ctx.loginUser(t, createdUser.Username, createdUser.Password)

 		results := make(chan bool, 5)
-		for i := 0; i < 5; i++ {
+		for range 5 {
 			go func() {
 				profile := authClient.GetProfile(t)
 				results <- (profile != nil && profile.Data.Username == createdUser.Username)
@@ -463,7 +463,7 @@ func TestE2E_ConcurrentRequestsWithSameSession(t *testing.T) {
 		}

 		successCount := 0
-		for i := 0; i < 5; i++ {
+		for range 5 {
 			if <-results {
 				successCount++
 			}
@@ -562,7 +562,7 @@ func TestE2E_RapidSuccessiveActions(t *testing.T) {

 		post := authClient.CreatePost(t, "Rapid Vote Test", "https://example.com/rapid", "Content")

-		for i := 0; i < 10; i++ {
+		for i := range 10 {
 			voteType := "up"
 			if i%2 == 0 {
 				voteType = "down"
--- a/internal/e2e/workflows_test.go
+++ b/internal/e2e/workflows_test.go
@@ -134,9 +134,7 @@ func TestE2E_ConcurrentUserWorkflows(t *testing.T) {

 		for _, user := range users {
 			u := user
-			wg.Add(1)
-			go func() {
-				defer wg.Done()
+			wg.Go(func() {
 				var err error
 				authClient, loginErr := ctx.loginUserSafe(t, u.Username, u.Password)
 				if loginErr != nil || authClient == nil || authClient.Token == "" {
@@ -157,7 +155,7 @@ func TestE2E_ConcurrentUserWorkflows(t *testing.T) {
 				case results <- result{userID: u.ID, err: err}:
 				case <-done:
 				}
-			}()
+			})
 		}

 		go func() {
--- a/internal/fuzz/fuzz_test.go
+++ b/internal/fuzz/fuzz_test.go
@@ -53,13 +53,13 @@ func TestRunSanitizationFuzzTest(t *testing.T) {

 	sanitizeFunc := func(input string) string {

-		result := ""
+		var result strings.Builder
 		for _, char := range input {
 			if char != ' ' {
-				result += string(char)
+				result.WriteString(string(char))
 			}
 		}
-		return result
+		return result.String()
 	}

 	result := sanitizeFunc("hello world")
@@ -76,13 +76,13 @@ func TestRunSanitizationFuzzTestWithValidation(t *testing.T) {

 	sanitizeFunc := func(input string) string {

-		result := ""
+		var result strings.Builder
 		for _, char := range input {
 			if char != ' ' {
-				result += string(char)
+				result.WriteString(string(char))
 			}
 		}
-		return result
+		return result.String()
 	}

 	validateFunc := func(input string) bool {
@@ -1673,7 +1673,7 @@ func TestValidateHTTPRequestWithManyHeaders(t *testing.T) {
 	helper := NewFuzzTestHelper()

 	req := httptest.NewRequest("GET", "/api/test", nil)
-	for i := 0; i < 20; i++ {
+	for i := range 20 {
 		req.Header.Set(fmt.Sprintf("Header-%d", i), fmt.Sprintf("Value-%d", i))
 	}

--- a/internal/fuzz/repositories_fuzz_test.go
+++ b/internal/fuzz/repositories_fuzz_test.go
@@ -158,10 +158,3 @@ func FuzzPostRepository(f *testing.F) {
 		})
 	})
 }
-
-func min(a, b int) int {
-	if a < b {
-		return a
-	}
-	return b
-}
--- a/internal/handlers/api_handler.go
+++ b/internal/handlers/api_handler.go
@@ -6,6 +6,7 @@ import (
 	"time"

 	"goyco/internal/config"
+	"goyco/internal/health"
 	"goyco/internal/middleware"
 	"goyco/internal/repositories"
 	"goyco/internal/services"
@@ -21,7 +22,7 @@ type APIHandler struct {
 	userRepo         repositories.UserRepository
 	voteService      *services.VoteService
 	dbMonitor        middleware.DBMonitor
-	healthChecker    *middleware.DatabaseHealthChecker
+	healthChecker    *health.CompositeChecker
 	metricsCollector *middleware.MetricsCollector
 }

@@ -44,7 +45,21 @@ func NewAPIHandlerWithMonitoring(config *config.Config, postRepo repositories.Po
 		return NewAPIHandler(config, postRepo, userRepo, voteService)
 	}

-	healthChecker := middleware.NewDatabaseHealthChecker(sqlDB, dbMonitor)
+	compositeChecker := health.NewCompositeChecker()
+
+	dbChecker := health.NewDatabaseChecker(sqlDB, dbMonitor)
+	compositeChecker.AddChecker(dbChecker)
+
+	smtpConfig := health.SMTPConfig{
+		Host:     config.SMTP.Host,
+		Port:     config.SMTP.Port,
+		Username: config.SMTP.Username,
+		Password: config.SMTP.Password,
+		From:     config.SMTP.From,
+	}
+	smtpChecker := health.NewSMTPChecker(smtpConfig)
+	compositeChecker.AddChecker(smtpChecker)
+
 	metricsCollector := middleware.NewMetricsCollector(dbMonitor)

 	return &APIHandler{
@@ -53,7 +68,7 @@ func NewAPIHandlerWithMonitoring(config *config.Config, postRepo repositories.Po
 		userRepo:         userRepo,
 		voteService:      voteService,
 		dbMonitor:        dbMonitor,
-		healthChecker:    healthChecker,
+		healthChecker:    compositeChecker,
 		metricsCollector: metricsCollector,
 	}
 }
@@ -135,17 +150,17 @@ func (h *APIHandler) GetAPIInfo(w http.ResponseWriter, r *http.Request) {
 }

 // @Summary Health check
-// @Description Check the API health status along with database connectivity details
+// @Description Check the API health status along with database connectivity and SMTP service details
 // @Tags api
 // @Accept json
 // @Produce json
 // @Success 200 {object} CommonResponse "Health check successful"
 // @Router /health [get]
 func (h *APIHandler) GetHealth(w http.ResponseWriter, r *http.Request) {
+	ctx := r.Context()

 	if h.healthChecker != nil {
-		health := h.healthChecker.CheckHealth()
-		health["version"] = version.GetVersion()
+		health := h.healthChecker.CheckWithVersion(ctx, version.GetVersion())
 		SendSuccessResponse(w, "Health check successful", health)
 		return
 	}
--- a/internal/handlers/auth_handler_test.go
+++ b/internal/handlers/auth_handler_test.go
@@ -1364,7 +1364,7 @@ func TestAuthHandler_ConcurrentAccess(t *testing.T) {
 		concurrency := 10
 		done := make(chan bool, concurrency)

-		for i := 0; i < concurrency; i++ {
+		for range concurrency {
 			go func() {
 				req := createLoginRequest(`{"username":"testuser","password":"Password123!"}`)
 				w := httptest.NewRecorder()
@@ -1376,7 +1376,7 @@ func TestAuthHandler_ConcurrentAccess(t *testing.T) {
 			}()
 		}

-		for i := 0; i < concurrency; i++ {
+		for range concurrency {
 			<-done
 		}
 	})
--- a/internal/handlers/page_handler.go
+++ b/internal/handlers/page_handler.go
@@ -115,10 +115,7 @@ func NewPageHandler(templatesDir string, authService AuthServiceInterface, postR
 				if start >= len(s) {
 					return ""
 				}
-				end := start + length
-				if end > len(s) {
-					end = len(s)
-				}
+				end := min(start+length, len(s))
 				return s[start:end]
 			},
 			"upper": strings.ToUpper,
--- a/internal/health/composite.go
+++ b/internal/health/composite.go
@@ -0,0 +1,54 @@
+package health
+
+import (
+	"context"
+	"sync"
+	"time"
+)
+
+type CompositeChecker struct {
+	checkers []Checker
+}
+
+func NewCompositeChecker(checkers ...Checker) *CompositeChecker {
+	return &CompositeChecker{
+		checkers: checkers,
+	}
+}
+
+func (c *CompositeChecker) AddChecker(checker Checker) {
+	c.checkers = append(c.checkers, checker)
+}
+
+func (c *CompositeChecker) Check(ctx context.Context) OverallResult {
+	results := make(map[string]Result)
+	var mu sync.Mutex
+	var wg sync.WaitGroup
+
+	for _, checker := range c.checkers {
+		wg.Add(1)
+		go func(ch Checker) {
+			defer wg.Done()
+
+			result := ch.Check(ctx)
+
+			mu.Lock()
+			results[ch.Name()] = result
+			mu.Unlock()
+		}(checker)
+	}
+
+	wg.Wait()
+
+	return OverallResult{
+		Status:    determineOverallStatus(results),
+		Timestamp: time.Now().UTC(),
+		Services:  results,
+	}
+}
+
+func (c *CompositeChecker) CheckWithVersion(ctx context.Context, version string) OverallResult {
+	result := c.Check(ctx)
+	result.Version = version
+	return result
+}
--- a/internal/health/database.go
+++ b/internal/health/database.go
@@ -0,0 +1,61 @@
+package health
+
+import (
+	"context"
+	"database/sql"
+	"time"
+
+	"goyco/internal/middleware"
+)
+
+type DatabaseChecker struct {
+	db      *sql.DB
+	monitor middleware.DBMonitor
+}
+
+func NewDatabaseChecker(db *sql.DB, monitor middleware.DBMonitor) *DatabaseChecker {
+	return &DatabaseChecker{
+		db:      db,
+		monitor: monitor,
+	}
+}
+
+func (c *DatabaseChecker) Name() string {
+	return "database"
+}
+
+func (c *DatabaseChecker) Check(ctx context.Context) Result {
+	start := time.Now()
+
+	err := c.db.Ping()
+	latency := time.Since(start)
+
+	result := Result{
+		Status:    StatusHealthy,
+		Latency:   latency,
+		Timestamp: time.Now().UTC(),
+		Details: map[string]any{
+			"ping_time": latency.String(),
+		},
+	}
+
+	if err != nil {
+		result.Status = StatusUnhealthy
+		result.Message = err.Error()
+		return result
+	}
+
+	if c.monitor != nil {
+		stats := c.monitor.GetStats()
+		result.Details["stats"] = map[string]any{
+			"total_queries":    stats.TotalQueries,
+			"slow_queries":     stats.SlowQueries,
+			"average_duration": stats.AverageDuration.String(),
+			"max_duration":     stats.MaxDuration.String(),
+			"error_count":      stats.ErrorCount,
+			"last_query_time":  stats.LastQueryTime.Format(time.RFC3339),
+		}
+	}
+
+	return result
+}
--- a/internal/health/health.go
+++ b/internal/health/health.go
@@ -0,0 +1,61 @@
+package health
+
+import (
+	"context"
+	"time"
+)
+
+type Status string
+
+const (
+	StatusHealthy   Status = "healthy"
+	StatusDegraded  Status = "degraded"
+	StatusUnhealthy Status = "unhealthy"
+)
+
+type Result struct {
+	Status    Status         `json:"status"`
+	Message   string         `json:"message,omitempty"`
+	Latency   time.Duration  `json:"latency"`
+	Timestamp time.Time      `json:"timestamp"`
+	Details   map[string]any `json:"details,omitempty"`
+}
+
+type Checker interface {
+	Name() string
+	Check(ctx context.Context) Result
+}
+
+type OverallResult struct {
+	Status    Status            `json:"status"`
+	Timestamp time.Time         `json:"timestamp"`
+	Version   string            `json:"version"`
+	Services  map[string]Result `json:"services"`
+}
+
+func determineOverallStatus(results map[string]Result) Status {
+	hasUnhealthy := false
+	hasSMTPUnhealthy := false
+	hasDegraded := false
+
+	for name, result := range results {
+		switch result.Status {
+		case StatusUnhealthy:
+			if name == "smtp" {
+				hasSMTPUnhealthy = true
+			} else {
+				hasUnhealthy = true
+			}
+		case StatusDegraded:
+			hasDegraded = true
+		}
+	}
+
+	if hasUnhealthy {
+		return StatusUnhealthy
+	}
+	if hasDegraded || hasSMTPUnhealthy {
+		return StatusDegraded
+	}
+	return StatusHealthy
+}
--- a/internal/health/health_test.go
+++ b/internal/health/health_test.go
@@ -0,0 +1,236 @@
+package health
+
+import (
+	"context"
+	"database/sql"
+	"testing"
+	"time"
+
+	_ "github.com/mattn/go-sqlite3"
+	"goyco/internal/middleware"
+)
+
+type MockDBMonitor struct {
+	stats middleware.DBStats
+}
+
+func (m *MockDBMonitor) GetStats() middleware.DBStats {
+	return m.stats
+}
+
+func (m *MockDBMonitor) LogQuery(query string, duration time.Duration, err error) {
+}
+
+func (m *MockDBMonitor) LogSlowQuery(query string, duration time.Duration, threshold time.Duration) {
+}
+
+func TestStatusConstants(t *testing.T) {
+	if StatusHealthy != "healthy" {
+		t.Errorf("Expected StatusHealthy to be 'healthy', got %s", StatusHealthy)
+	}
+	if StatusDegraded != "degraded" {
+		t.Errorf("Expected StatusDegraded to be 'degraded', got %s", StatusDegraded)
+	}
+	if StatusUnhealthy != "unhealthy" {
+		t.Errorf("Expected StatusUnhealthy to be 'unhealthy', got %s", StatusUnhealthy)
+	}
+}
+
+func TestDetermineOverallStatus(t *testing.T) {
+	tests := []struct {
+		name     string
+		results  map[string]Result
+		expected Status
+	}{
+		{
+			name:     "all healthy",
+			results:  map[string]Result{"db": {Status: StatusHealthy}, "smtp": {Status: StatusHealthy}},
+			expected: StatusHealthy,
+		},
+		{
+			name:     "one degraded",
+			results:  map[string]Result{"db": {Status: StatusHealthy}, "smtp": {Status: StatusDegraded}},
+			expected: StatusDegraded,
+		},
+		{
+			name:     "one unhealthy",
+			results:  map[string]Result{"db": {Status: StatusUnhealthy}, "smtp": {Status: StatusHealthy}},
+			expected: StatusUnhealthy,
+		},
+		{
+			name:     "smtp unhealthy downgrades overall to degraded",
+			results:  map[string]Result{"db": {Status: StatusHealthy}, "smtp": {Status: StatusUnhealthy}},
+			expected: StatusDegraded,
+		},
+		{
+			name:     "mixed degraded and unhealthy",
+			results:  map[string]Result{"db": {Status: StatusDegraded}, "smtp": {Status: StatusUnhealthy}},
+			expected: StatusDegraded,
+		},
+		{
+			name:     "empty results",
+			results:  map[string]Result{},
+			expected: StatusHealthy,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			result := determineOverallStatus(tt.results)
+			if result != tt.expected {
+				t.Errorf("Expected %s, got %s", tt.expected, result)
+			}
+		})
+	}
+}
+
+func TestDatabaseChecker_Name(t *testing.T) {
+	checker := &DatabaseChecker{}
+	if checker.Name() != "database" {
+		t.Errorf("Expected name 'database', got %s", checker.Name())
+	}
+}
+
+func TestDatabaseChecker_Check(t *testing.T) {
+	db, err := sql.Open("sqlite", ":memory:")
+	if err != nil {
+		t.Logf("Could not open test database: %v", err)
+		t.Skip("Skipping database-dependent test")
+	}
+	defer db.Close()
+
+	monitor := &MockDBMonitor{
+		stats: middleware.DBStats{
+			TotalQueries:    10,
+			SlowQueries:     1,
+			AverageDuration: 5 * time.Millisecond,
+			MaxDuration:     20 * time.Millisecond,
+			ErrorCount:      0,
+			LastQueryTime:   time.Now(),
+		},
+	}
+
+	checker := NewDatabaseChecker(db, monitor)
+	ctx := context.Background()
+
+	result := checker.Check(ctx)
+
+	if result.Timestamp.IsZero() {
+		t.Error("Expected non-zero timestamp")
+	}
+
+	if _, ok := result.Details["ping_time"]; !ok {
+		t.Error("Expected ping_time in details")
+	}
+
+	if result.Status == StatusHealthy {
+		stats, ok := result.Details["stats"].(map[string]any)
+		if !ok {
+			t.Log("Stats not available in details (may be expected)")
+		} else {
+			if stats["total_queries"] != int64(10) {
+				t.Errorf("Expected total_queries to be 10, got %v", stats["total_queries"])
+			}
+		}
+	}
+}
+
+func TestDatabaseChecker_Check_Unhealthy(t *testing.T) {
+	checker := NewDatabaseChecker(nil, nil)
+	ctx := context.Background()
+
+	defer func() {
+		if r := recover(); r != nil {
+			t.Logf("Got expected panic with nil db: %v", r)
+		}
+	}()
+
+	result := checker.Check(ctx)
+
+	if result.Status != StatusUnhealthy {
+		t.Logf("Expected unhealthy status for nil db, got %s", result.Status)
+	}
+}
+
+func TestCompositeChecker(t *testing.T) {
+	checker1 := &mockChecker{
+		name:   "service1",
+		status: StatusHealthy,
+	}
+	checker2 := &mockChecker{
+		name:   "service2",
+		status: StatusHealthy,
+	}
+
+	composite := NewCompositeChecker(checker1, checker2)
+	ctx := context.Background()
+
+	result := composite.Check(ctx)
+
+	if result.Status != StatusHealthy {
+		t.Errorf("Expected overall healthy status, got %s", result.Status)
+	}
+
+	if len(result.Services) != 2 {
+		t.Errorf("Expected 2 service results, got %d", len(result.Services))
+	}
+
+	if _, ok := result.Services["service1"]; !ok {
+		t.Error("Expected service1 in results")
+	}
+
+	if _, ok := result.Services["service2"]; !ok {
+		t.Error("Expected service2 in results")
+	}
+}
+
+func TestCompositeChecker_AddChecker(t *testing.T) {
+	composite := NewCompositeChecker()
+
+	checker := &mockChecker{
+		name:   "test-service",
+		status: StatusHealthy,
+	}
+
+	composite.AddChecker(checker)
+
+	ctx := context.Background()
+	result := composite.Check(ctx)
+
+	if len(result.Services) != 1 {
+		t.Errorf("Expected 1 service result, got %d", len(result.Services))
+	}
+}
+
+func TestCompositeChecker_CheckWithVersion(t *testing.T) {
+	checker := &mockChecker{
+		name:   "test",
+		status: StatusHealthy,
+	}
+
+	composite := NewCompositeChecker(checker)
+	ctx := context.Background()
+
+	result := composite.CheckWithVersion(ctx, "v1.2.3")
+
+	if result.Version != "v1.2.3" {
+		t.Errorf("Expected version 'v1.2.3', got %s", result.Version)
+	}
+}
+
+type mockChecker struct {
+	name   string
+	status Status
+}
+
+func (m *mockChecker) Name() string {
+	return m.name
+}
+
+func (m *mockChecker) Check(ctx context.Context) Result {
+	return Result{
+		Status:    m.status,
+		Timestamp: time.Now().UTC(),
+		Latency:   1 * time.Millisecond,
+	}
+}
--- a/internal/health/smtp.go
+++ b/internal/health/smtp.go
@@ -0,0 +1,106 @@
+package health
+
+import (
+	"context"
+	"crypto/tls"
+	"fmt"
+	"net"
+	"net/smtp"
+	"time"
+)
+
+type SMTPConfig struct {
+	Host     string
+	Port     int
+	Username string
+	Password string
+	From     string
+}
+
+type SMTPChecker struct {
+	config SMTPConfig
+}
+
+func NewSMTPChecker(config SMTPConfig) *SMTPChecker {
+	return &SMTPChecker{
+		config: config,
+	}
+}
+
+func (c *SMTPChecker) Name() string {
+	return "smtp"
+}
+
+func (c *SMTPChecker) Check(ctx context.Context) Result {
+	start := time.Now()
+	address := net.JoinHostPort(c.config.Host, fmt.Sprintf("%d", c.config.Port))
+
+	result := Result{
+		Status:    StatusHealthy,
+		Timestamp: time.Now().UTC(),
+		Details: map[string]any{
+			"host": address,
+		},
+	}
+
+	conn, err := net.Dial("tcp", address)
+	if err != nil {
+		result.Status = StatusUnhealthy
+		result.Message = fmt.Sprintf("Failed to connect to SMTP server: %v", err)
+		result.Latency = time.Since(start)
+		return result
+	}
+	defer conn.Close()
+
+	client, err := smtp.NewClient(conn, c.config.Host)
+	if err != nil {
+		result.Status = StatusUnhealthy
+		result.Message = fmt.Sprintf("Failed to create SMTP client: %v", err)
+		result.Latency = time.Since(start)
+		return result
+	}
+	defer client.Close()
+
+	err = client.Hello("goyco-health-check")
+	if err != nil {
+		result.Status = StatusDegraded
+		result.Message = fmt.Sprintf("EHLO failed: %v", err)
+		result.Latency = time.Since(start)
+		return result
+	}
+
+	if ok, _ := client.Extension("STARTTLS"); ok {
+		tlsConfig := &tls.Config{
+			ServerName: c.config.Host,
+		}
+		err = client.StartTLS(tlsConfig)
+		if err != nil {
+			result.Details["starttls"] = "failed"
+			result.Details["starttls_error"] = err.Error()
+		} else {
+			result.Details["starttls"] = "enabled"
+		}
+	} else {
+		result.Details["starttls"] = "not supported"
+	}
+
+	if c.config.Username != "" && c.config.Password != "" {
+		auth := smtp.PlainAuth("", c.config.Username, c.config.Password, c.config.Host)
+		err = client.Auth(auth)
+		if err != nil {
+			result.Details["auth"] = "failed"
+			result.Details["auth_error"] = err.Error()
+		} else {
+			result.Details["auth"] = "success"
+		}
+	} else {
+		result.Details["auth"] = "not configured"
+	}
+
+	client.Quit()
+
+	result.Latency = time.Since(start)
+	result.Details["handshake"] = "completed"
+
+	return result
+}
--- a/internal/health/smtp_test.go
+++ b/internal/health/smtp_test.go
@@ -0,0 +1,309 @@
+package health
+
+import (
+	"context"
+	"net"
+	"strconv"
+	"strings"
+	"testing"
+	"time"
+)
+
+func TestSMTPChecker_Check_NoAuth(t *testing.T) {
+	config := SMTPConfig{
+		Host: "smtp.example.com",
+		Port: 25,
+	}
+
+	checker := NewSMTPChecker(config)
+
+	if checker.config.Username != "" {
+		t.Error("expected empty username")
+	}
+	if checker.config.Password != "" {
+		t.Error("expected empty password")
+	}
+}
+
+func TestSMTPChecker_Check_InvalidPort(t *testing.T) {
+	config := SMTPConfig{
+		Host: "localhost",
+		Port: 99999,
+	}
+
+	checker := NewSMTPChecker(config)
+	ctx := context.Background()
+
+	result := checker.Check(ctx)
+
+	if result.Status != StatusUnhealthy {
+		t.Errorf("expected unhealthy status for invalid port, got %s", result.Status)
+	}
+}
+
+func TestSMTPChecker_Check_ConnectionRefused(t *testing.T) {
+	listener, err := net.Listen("tcp", "127.0.0.1:0")
+	if err != nil {
+		t.Fatalf("failed to create listener: %v", err)
+	}
+	port := listener.Addr().(*net.TCPAddr).Port
+	listener.Close()
+
+	config := SMTPConfig{
+		Host: "127.0.0.1",
+		Port: port,
+	}
+
+	checker := NewSMTPChecker(config)
+	ctx := context.Background()
+
+	result := checker.Check(ctx)
+
+	if result.Status != StatusUnhealthy {
+		t.Errorf("expected unhealthy status for connection refused, got %s", result.Status)
+	}
+}
+
+func TestSMTPChecker_Check_WithMockServer(t *testing.T) {
+	listener, err := net.Listen("tcp", "127.0.0.1:0")
+	if err != nil {
+		t.Fatalf("failed to create listener: %v", err)
+	}
+	defer listener.Close()
+
+	port := listener.Addr().(*net.TCPAddr).Port
+
+	serverDone := make(chan bool)
+	go func() {
+		defer close(serverDone)
+		conn, err := listener.Accept()
+		if err != nil {
+			return
+		}
+		defer conn.Close()
+
+		conn.Write([]byte("220 test.example.com ESMTP ready\r\n"))
+
+		buf := make([]byte, 1024)
+		n, _ := conn.Read(buf)
+		if n > 0 {
+			conn.Write([]byte("250-test.example.com\r\n250-STARTTLS\r\n250 AUTH PLAIN\r\n"))
+		}
+
+		n, _ = conn.Read(buf)
+		if n > 0 {
+			conn.Write([]byte("220 2.0.0 Ready to start TLS\r\n"))
+		}
+
+		n, _ = conn.Read(buf)
+		if n > 0 {
+			conn.Write([]byte("235 2.7.0 Authentication successful\r\n"))
+		}
+
+		n, _ = conn.Read(buf)
+		if n > 0 {
+			conn.Write([]byte("221 2.0.0 Bye\r\n"))
+		}
+	}()
+
+	config := SMTPConfig{
+		Host:     "127.0.0.1",
+		Port:     port,
+		Username: "test@example.com",
+		Password: "password",
+	}
+
+	checker := NewSMTPChecker(config)
+	ctx := context.Background()
+
+	result := checker.Check(ctx)
+
+	select {
+	case <-serverDone:
+	case <-time.After(2 * time.Second):
+		t.Error("server timeout")
+	}
+
+	if result.Status != StatusHealthy && result.Status != StatusDegraded {
+		t.Errorf("unexpected status: %s", result.Status)
+	}
+
+	if result.Details["host"] == nil {
+		t.Errorf("expected host in details, got %v", result.Details["host"])
+	}
+}
+
+func TestSMTPChecker_Check_EHLOFailure(t *testing.T) {
+	listener, err := net.Listen("tcp", "127.0.0.1:0")
+	if err != nil {
+		t.Fatalf("failed to create listener: %v", err)
+	}
+	defer listener.Close()
+
+	port := listener.Addr().(*net.TCPAddr).Port
+
+	serverDone := make(chan bool)
+	go func() {
+		defer close(serverDone)
+		conn, err := listener.Accept()
+		if err != nil {
+			return
+		}
+		defer conn.Close()
+
+		conn.Write([]byte("220 test.example.com ESMTP ready\r\n"))
+
+		buf := make([]byte, 1024)
+		n, _ := conn.Read(buf)
+		if n > 0 {
+			conn.Write([]byte("500 Syntax error, command unrecognized\r\n"))
+		}
+	}()
+
+	config := SMTPConfig{
+		Host: "127.0.0.1",
+		Port: port,
+	}
+
+	checker := NewSMTPChecker(config)
+	ctx := context.Background()
+
+	result := checker.Check(ctx)
+
+	select {
+	case <-serverDone:
+	case <-time.After(2 * time.Second):
+		t.Error("server timeout")
+	}
+
+	if result.Status != StatusDegraded {
+		t.Errorf("expected degraded status for EHLO failure, got %s", result.Status)
+	}
+
+	if !strings.Contains(result.Message, "EHLO") {
+		t.Errorf("expected EHLO error in message, got: %s", result.Message)
+	}
+}
+
+func TestSMTPChecker_Check_STARTTLSNotSupported(t *testing.T) {
+	listener, err := net.Listen("tcp", "127.0.0.1:0")
+	if err != nil {
+		t.Fatalf("failed to create listener: %v", err)
+	}
+	defer listener.Close()
+
+	port := listener.Addr().(*net.TCPAddr).Port
+
+	serverDone := make(chan bool)
+	go func() {
+		defer close(serverDone)
+		conn, err := listener.Accept()
+		if err != nil {
+			return
+		}
+		defer conn.Close()
+
+		conn.Write([]byte("220 test.example.com ESMTP ready\r\n"))
+
+		buf := make([]byte, 1024)
+		n, _ := conn.Read(buf)
+		if n > 0 {
+			conn.Write([]byte("250-test.example.com\r\n250 AUTH PLAIN\r\n"))
+		}
+
+		n, _ = conn.Read(buf)
+		if n > 0 {
+			conn.Write([]byte("221 2.0.0 Bye\r\n"))
+		}
+	}()
+
+	config := SMTPConfig{
+		Host: "127.0.0.1",
+		Port: port,
+	}
+
+	checker := NewSMTPChecker(config)
+	ctx := context.Background()
+
+	result := checker.Check(ctx)
+
+	select {
+	case <-serverDone:
+	case <-time.After(2 * time.Second):
+		t.Error("server timeout")
+	}
+
+	if result.Details["starttls"] != "not supported" && result.Details["starttls"] != "failed" {
+		t.Errorf("expected starttls not supported or failed, got: %v", result.Details["starttls"])
+	}
+}
+
+func TestSMTPChecker_Check_AuthNotConfigured(t *testing.T) {
+	listener, err := net.Listen("tcp", "127.0.0.1:0")
+	if err != nil {
+		t.Fatalf("failed to create listener: %v", err)
+	}
+	defer listener.Close()
+
+	port := listener.Addr().(*net.TCPAddr).Port
+
+	serverDone := make(chan bool)
+	go func() {
+		defer close(serverDone)
+		conn, err := listener.Accept()
+		if err != nil {
+			return
+		}
+		defer conn.Close()
+
+		conn.Write([]byte("220 test.example.com ESMTP ready\r\n"))
+
+		buf := make([]byte, 1024)
+		n, _ := conn.Read(buf)
+		if n > 0 {
+			conn.Write([]byte("250-test.example.com\r\n250-STARTTLS\r\n250 AUTH PLAIN\r\n"))
+		}
+
+		n, _ = conn.Read(buf)
+		if n > 0 {
+			conn.Write([]byte("221 2.0.0 Bye\r\n"))
+		}
+	}()
+
+	config := SMTPConfig{
+		Host: "127.0.0.1",
+		Port: port,
+	}
+
+	checker := NewSMTPChecker(config)
+	ctx := context.Background()
+
+	result := checker.Check(ctx)
+
+	select {
+	case <-serverDone:
+	case <-time.After(2 * time.Second):
+		t.Error("server timeout")
+	}
+
+	if result.Details["auth"] != "not configured" {
+		t.Errorf("expected auth not configured, got: %v", result.Details["auth"])
+	}
+}
+
+func TestSMTPConfig_GetAddress(t *testing.T) {
+	config := SMTPConfig{
+		Host: "smtp.example.com",
+		Port: 587,
+	}
+
+	address := getSMTPAddress(config)
+	expected := "smtp.example.com:587"
+	if address != expected {
+		t.Errorf("expected address %s, got %s", expected, address)
+	}
+}
+
+func getSMTPAddress(config SMTPConfig) string {
+	return config.Host + ":" + strconv.Itoa(config.Port)
+}
--- a/internal/integration/complete_api_endpoints_integration_test.go
+++ b/internal/integration/complete_api_endpoints_integration_test.go
@@ -635,7 +635,7 @@ func TestIntegration_CompleteAPIEndpoints(t *testing.T) {
 		ctx.Suite.EmailSender.Reset()
 		paginationUser := createAuthenticatedUser(t, ctx.AuthService, ctx.Suite.UserRepo, uniqueTestUsername(t, "pagination_edge"), uniqueTestEmail(t, "pagination_edge"))

-		for i := 0; i < 5; i++ {
+		for i := range 5 {
 			testutils.CreatePostWithRepo(t, ctx.Suite.PostRepo, paginationUser.User.ID, fmt.Sprintf("Pagination Post %d", i), fmt.Sprintf("https://example.com/pag%d", i))
 		}

--- a/internal/integration/ratelimit_integration_test.go
+++ b/internal/integration/ratelimit_integration_test.go
@@ -50,7 +50,7 @@ func TestIntegration_RateLimiting(t *testing.T) {
 		rateLimitConfig.AuthLimit = 2
 		router, _ := setupRateLimitRouter(t, rateLimitConfig)

-		for i := 0; i < 2; i++ {
+		for range 2 {
 			request := httptest.NewRequest("POST", "/api/auth/login", bytes.NewBufferString(`{"username":"test","password":"test"}`))
 			request.Header.Set("Content-Type", "application/json")
 			recorder := httptest.NewRecorder()
@@ -80,7 +80,7 @@ func TestIntegration_RateLimiting(t *testing.T) {
 		rateLimitConfig.GeneralLimit = 5
 		router, _ := setupRateLimitRouter(t, rateLimitConfig)

-		for i := 0; i < 5; i++ {
+		for range 5 {
 			request := httptest.NewRequest("GET", "/api/posts", nil)
 			recorder := httptest.NewRecorder()
 			router.ServeHTTP(recorder, request)
@@ -99,7 +99,7 @@ func TestIntegration_RateLimiting(t *testing.T) {
 		rateLimitConfig.HealthLimit = 3
 		router, _ := setupRateLimitRouter(t, rateLimitConfig)

-		for i := 0; i < 3; i++ {
+		for range 3 {
 			request := httptest.NewRequest("GET", "/health", nil)
 			recorder := httptest.NewRecorder()
 			router.ServeHTTP(recorder, request)
@@ -118,7 +118,7 @@ func TestIntegration_RateLimiting(t *testing.T) {
 		rateLimitConfig.MetricsLimit = 2
 		router, _ := setupRateLimitRouter(t, rateLimitConfig)

-		for i := 0; i < 2; i++ {
+		for range 2 {
 			request := httptest.NewRequest("GET", "/metrics", nil)
 			recorder := httptest.NewRecorder()
 			router.ServeHTTP(recorder, request)
@@ -138,7 +138,7 @@ func TestIntegration_RateLimiting(t *testing.T) {
 		rateLimitConfig.GeneralLimit = 10
 		router, _ := setupRateLimitRouter(t, rateLimitConfig)

-		for i := 0; i < 2; i++ {
+		for range 2 {
 			request := httptest.NewRequest("POST", "/api/auth/login", bytes.NewBufferString(`{"username":"test","password":"test"}`))
 			request.Header.Set("Content-Type", "application/json")
 			recorder := httptest.NewRecorder()
@@ -165,7 +165,7 @@ func TestIntegration_RateLimiting(t *testing.T) {
 		suite.EmailSender.Reset()
 		user := createAuthenticatedUser(t, authService, suite.UserRepo, uniqueTestUsername(t, "ratelimit_auth"), uniqueTestEmail(t, "ratelimit_auth"))

-		for i := 0; i < 3; i++ {
+		for range 3 {
 			request := httptest.NewRequest("GET", "/api/auth/me", nil)
 			request.Header.Set("Authorization", "Bearer "+user.Token)
 			request = testutils.WithUserContext(request, middleware.UserIDKey, user.User.ID)
--- a/internal/integration/repositories_integration_test.go
+++ b/internal/integration/repositories_integration_test.go
@@ -283,7 +283,7 @@ func TestIntegration_Repositories(t *testing.T) {
 		}

 		voters := make([]*database.User, 5)
-		for i := 0; i < 5; i++ {
+		for i := range 5 {
 			voter := &database.User{
 				Username:      fmt.Sprintf("voter_%d", i),
 				Email:         fmt.Sprintf("voter%d@example.com", i),
--- a/internal/integration/router_integration_test.go
+++ b/internal/integration/router_integration_test.go
@@ -2,7 +2,6 @@ package integration

 import (
 	"bytes"
-	"encoding/json"
 	"net/http"
 	"net/http/httptest"
 	"strings"
@@ -63,13 +62,33 @@ func TestIntegration_Router_FullMiddlewareChain(t *testing.T) {
 	t.Run("DBMonitoring_Active", func(t *testing.T) {
 		request := makeGetRequest(t, router, "/health")

-		var response map[string]any
-		if err := json.NewDecoder(request.Body).Decode(&response); err == nil {
-			if data, ok := response["data"].(map[string]any); ok {
-				if _, exists := data["database_stats"]; !exists {
-					t.Error("Expected database_stats in health response")
+		response := assertJSONResponse(t, request, http.StatusOK)
+		if response == nil {
+			return
 		}
+
+		data, ok := getDataFromResponse(response)
+		if !ok {
+			t.Fatal("Expected data to be a map")
 		}
+
+		services, ok := data["services"].(map[string]any)
+		if !ok {
+			t.Fatal("Expected services in health response")
+		}
+
+		databaseService, ok := services["database"].(map[string]any)
+		if !ok {
+			t.Fatal("Expected database service in health response")
+		}
+
+		details, ok := databaseService["details"].(map[string]any)
+		if !ok {
+			t.Fatal("Expected database details in health response")
+		}
+
+		if _, exists := details["stats"]; !exists {
+			t.Error("Expected database stats in health response")
 		}
 	})

--- a/internal/middleware/cache_test.go
+++ b/internal/middleware/cache_test.go
@@ -283,16 +283,16 @@ func TestInMemoryCacheConcurrent(t *testing.T) {

 	t.Run("Concurrent writes", func(t *testing.T) {
 		done := make(chan bool, numGoroutines)
-		for i := 0; i < numGoroutines; i++ {
+		for i := range numGoroutines {
 			go func(id int) {
 				defer func() {
 					if r := recover(); r != nil {
 						t.Errorf("Goroutine %d panicked: %v", id, r)
 					}
 				}()
-				for j := 0; j < numOps; j++ {
+				for j := range numOps {
 					entry := &CacheEntry{
-						Data:      []byte(fmt.Sprintf("data-%d-%d", id, j)),
+						Data:      fmt.Appendf(nil, "data-%d-%d", id, j),
 						Headers:   make(http.Header),
 						Timestamp: time.Now(),
 						TTL:       5 * time.Minute,
@@ -306,16 +306,16 @@ func TestInMemoryCacheConcurrent(t *testing.T) {
 			}(i)
 		}

-		for i := 0; i < numGoroutines; i++ {
+		for range numGoroutines {
 			<-done
 		}
 	})

 	t.Run("Concurrent reads and writes", func(t *testing.T) {

-		for i := 0; i < 10; i++ {
+		for i := range 10 {
 			entry := &CacheEntry{
-				Data:      []byte(fmt.Sprintf("data-%d", i)),
+				Data:      fmt.Appendf(nil, "data-%d", i),
 				Headers:   make(http.Header),
 				Timestamp: time.Now(),
 				TTL:       5 * time.Minute,
@@ -325,16 +325,16 @@ func TestInMemoryCacheConcurrent(t *testing.T) {

 		done := make(chan bool, numGoroutines*2)

-		for i := 0; i < numGoroutines; i++ {
+		for i := range numGoroutines {
 			go func(id int) {
 				defer func() {
 					if r := recover(); r != nil {
 						t.Errorf("Writer goroutine %d panicked: %v", id, r)
 					}
 				}()
-				for j := 0; j < numOps; j++ {
+				for j := range numOps {
 					entry := &CacheEntry{
-						Data:      []byte(fmt.Sprintf("write-%d-%d", id, j)),
+						Data:      fmt.Appendf(nil, "write-%d-%d", id, j),
 						Headers:   make(http.Header),
 						Timestamp: time.Now(),
 						TTL:       5 * time.Minute,
@@ -346,14 +346,14 @@ func TestInMemoryCacheConcurrent(t *testing.T) {
 			}(i)
 		}

-		for i := 0; i < numGoroutines; i++ {
+		for i := range numGoroutines {
 			go func(id int) {
 				defer func() {
 					if r := recover(); r != nil {
 						t.Errorf("Reader goroutine %d panicked: %v", id, r)
 					}
 				}()
-				for j := 0; j < numOps; j++ {
+				for j := range numOps {
 					key := fmt.Sprintf("key-%d", j%10)
 					cache.Get(key)
 				}
@@ -368,9 +368,9 @@ func TestInMemoryCacheConcurrent(t *testing.T) {

 	t.Run("Concurrent deletes", func(t *testing.T) {

-		for i := 0; i < numGoroutines; i++ {
+		for i := range numGoroutines {
 			entry := &CacheEntry{
-				Data:      []byte(fmt.Sprintf("data-%d", i)),
+				Data:      fmt.Appendf(nil, "data-%d", i),
 				Headers:   make(http.Header),
 				Timestamp: time.Now(),
 				TTL:       5 * time.Minute,
@@ -379,7 +379,7 @@ func TestInMemoryCacheConcurrent(t *testing.T) {
 		}

 		done := make(chan bool, numGoroutines)
-		for i := 0; i < numGoroutines; i++ {
+		for i := range numGoroutines {
 			go func(id int) {
 				defer func() {
 					if r := recover(); r != nil {
@@ -391,7 +391,7 @@ func TestInMemoryCacheConcurrent(t *testing.T) {
 			}(i)
 		}

-		for i := 0; i < numGoroutines; i++ {
+		for range numGoroutines {
 			<-done
 		}
 	})
--- a/internal/middleware/cors.go
+++ b/internal/middleware/cors.go
@@ -26,12 +26,7 @@ func NewCORSConfig() *CORSConfig {
 	}

 	switch env {
-	case "production":
-		if origins := os.Getenv("CORS_ALLOWED_ORIGINS"); origins == "" {
-			config.AllowedOrigins = []string{}
-		}
-		config.AllowCredentials = true
-	case "staging":
+	case "production", "staging":
 		if origins := os.Getenv("CORS_ALLOWED_ORIGINS"); origins == "" {
 			config.AllowedOrigins = []string{}
 		}
@@ -53,82 +48,66 @@ func NewCORSConfig() *CORSConfig {
 	return config
 }

+func checkOrigin(origin string, allowedOrigins []string) (allowed bool, hasWildcard bool) {
+	for _, allowedOrigin := range allowedOrigins {
+		if allowedOrigin == "*" {
+			hasWildcard = true
+			allowed = true
+			break
+		}
+		if allowedOrigin == origin {
+			allowed = true
+			break
+		}
+	}
+	return
+}
+
+func setCORSHeaders(w http.ResponseWriter, origin string, hasWildcard bool, config *CORSConfig) {
+	if hasWildcard && !config.AllowCredentials {
+		w.Header().Set("Access-Control-Allow-Origin", "*")
+	} else {
+		w.Header().Set("Access-Control-Allow-Origin", origin)
+	}
+
+	if config.AllowCredentials && !hasWildcard {
+		w.Header().Set("Access-Control-Allow-Credentials", "true")
+	}
+}
+
 func CORSWithConfig(config *CORSConfig) func(http.Handler) http.Handler {
 	return func(next http.Handler) http.Handler {
 		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 			origin := r.Header.Get("Origin")

+			if origin == "" {
 				if r.Method == "OPTIONS" {
-				if origin != "" {
-					allowed := false
-					hasWildcard := false
-					for _, allowedOrigin := range config.AllowedOrigins {
-						if allowedOrigin == "*" {
-							hasWildcard = true
-							allowed = true
-							break
-						}
-						if allowedOrigin == origin {
-							allowed = true
-							break
+					w.WriteHeader(http.StatusOK)
+					return
 				}
+				next.ServeHTTP(w, r)
+				return
 			}

+			allowed, hasWildcard := checkOrigin(origin, config.AllowedOrigins)
+
 			if !allowed {
 				http.Error(w, "Origin not allowed", http.StatusForbidden)
 				return
 			}

-					if hasWildcard && !config.AllowCredentials {
-						w.Header().Set("Access-Control-Allow-Origin", "*")
-					} else {
-						w.Header().Set("Access-Control-Allow-Origin", origin)
-					}
+			if r.Method == "OPTIONS" {
+				setCORSHeaders(w, origin, hasWildcard, config)

 				w.Header().Set("Access-Control-Allow-Methods", strings.Join(config.AllowedMethods, ", "))
 				w.Header().Set("Access-Control-Allow-Headers", strings.Join(config.AllowedHeaders, ", "))
 				w.Header().Set("Access-Control-Max-Age", fmt.Sprintf("%d", config.MaxAge))

-					if config.AllowCredentials && !hasWildcard {
-						w.Header().Set("Access-Control-Allow-Credentials", "true")
-					}
-				}
-
 				w.WriteHeader(http.StatusOK)
 				return
 			}

-			if origin != "" {
-				allowed := false
-				hasWildcard := false
-				for _, allowedOrigin := range config.AllowedOrigins {
-					if allowedOrigin == "*" {
-						hasWildcard = true
-						allowed = true
-						break
-					}
-					if allowedOrigin == origin {
-						allowed = true
-						break
-					}
-				}
-
-				if !allowed {
-					http.Error(w, "Origin not allowed", http.StatusForbidden)
-					return
-				}
-
-				if hasWildcard && !config.AllowCredentials {
-					w.Header().Set("Access-Control-Allow-Origin", "*")
-				} else {
-					w.Header().Set("Access-Control-Allow-Origin", origin)
-				}
-
-				if config.AllowCredentials && !hasWildcard {
-					w.Header().Set("Access-Control-Allow-Credentials", "true")
-				}
-			}
-
+			setCORSHeaders(w, origin, hasWildcard, config)
 			next.ServeHTTP(w, r)
 		})
 	}
--- a/internal/middleware/db_monitoring_test.go
+++ b/internal/middleware/db_monitoring_test.go
@@ -318,7 +318,7 @@ func TestConcurrentAccess(t *testing.T) {
 	collector := NewMetricsCollector(monitor)

 	done := make(chan bool, 10)
-	for i := 0; i < 10; i++ {
+	for range 10 {
 		go func() {
 			monitor.LogQuery("SELECT * FROM users", 50*time.Millisecond, nil)
 			collector.RecordRequest(100*time.Millisecond, false)
@@ -326,7 +326,7 @@ func TestConcurrentAccess(t *testing.T) {
 		}()
 	}

-	for i := 0; i < 10; i++ {
+	for range 10 {
 		<-done
 	}

@@ -384,7 +384,7 @@ func TestThreadSafety(t *testing.T) {
 	numGoroutines := 100
 	done := make(chan bool, numGoroutines)

-	for i := 0; i < numGoroutines; i++ {
+	for i := range numGoroutines {
 		go func(id int) {

 			if id%2 == 0 {
@@ -398,7 +398,7 @@ func TestThreadSafety(t *testing.T) {
 		}(i)
 	}

-	for i := 0; i < numGoroutines; i++ {
+	for range numGoroutines {
 		<-done
 	}

--- a/internal/middleware/ratelimit_test.go
+++ b/internal/middleware/ratelimit_test.go
@@ -388,7 +388,7 @@ func TestRateLimiterMaxKeys(t *testing.T) {
 	limiter := NewRateLimiterWithConfig(1*time.Minute, 10, 5, 1*time.Minute, 2*time.Minute)
 	defer limiter.StopCleanup()

-	for i := 0; i < 5; i++ {
+	for i := range 5 {
 		key := fmt.Sprintf("key-%d", i)
 		if !limiter.Allow(key) {
 			t.Errorf("Key %s should be allowed", key)
@@ -435,7 +435,7 @@ func TestRateLimiterRegistry(t *testing.T) {
 	request := httptest.NewRequest("GET", "/test", nil)
 	request.RemoteAddr = "127.0.0.1:12345"

-	for i := 0; i < 50; i++ {
+	for i := range 50 {
 		recorder := httptest.NewRecorder()
 		server1.ServeHTTP(recorder, request)
 		if recorder.Code != http.StatusOK {
@@ -443,7 +443,7 @@ func TestRateLimiterRegistry(t *testing.T) {
 		}
 	}

-	for i := 0; i < 50; i++ {
+	for i := range 50 {
 		recorder2 := httptest.NewRecorder()
 		server2.ServeHTTP(recorder2, request)
 		if recorder2.Code != http.StatusOK {
@@ -463,7 +463,7 @@ func TestRateLimiterRegistry(t *testing.T) {
 		t.Error("101st request to server2 should be rejected (shared limiter reached limit)")
 	}

-	for i := 0; i < 50; i++ {
+	for i := range 50 {
 		recorder3 := httptest.NewRecorder()
 		server3.ServeHTTP(recorder3, request)
 		if recorder3.Code != http.StatusOK {
--- a/internal/middleware/security_logging_test.go
+++ b/internal/middleware/security_logging_test.go
@@ -458,13 +458,13 @@ func TestIsRapidRequest(t *testing.T) {

 	ip := "192.168.1.1"

-	for i := 0; i < 50; i++ {
+	for i := range 50 {
 		if isRapidRequest(ip) {
 			t.Errorf("Request %d should not be considered rapid", i+1)
 		}
 	}

-	for i := 0; i < 110; i++ {
+	for i := range 110 {
 		result := isRapidRequest(ip)
 		if i < 50 {
 			if result {
--- a/internal/middleware/validation_test.go
+++ b/internal/middleware/validation_test.go
@@ -39,7 +39,7 @@ func TestValidationMiddleware(t *testing.T) {
 		body, _ := json.Marshal(user)
 		request := httptest.NewRequest("POST", "/users", bytes.NewBuffer(body))
 		request.Header.Set("Content-Type", "application/json")
-		ctx := context.WithValue(request.Context(), DTOTypeKey, reflect.TypeOf(TestUser{}))
+		ctx := context.WithValue(request.Context(), DTOTypeKey, reflect.TypeFor[TestUser]())
 		request = request.WithContext(ctx)
 		recorder := httptest.NewRecorder()

@@ -70,7 +70,7 @@ func TestValidationMiddleware(t *testing.T) {
 		body, _ := json.Marshal(user)
 		request := httptest.NewRequest("POST", "/users", bytes.NewBuffer(body))
 		request.Header.Set("Content-Type", "application/json")
-		ctx := context.WithValue(request.Context(), DTOTypeKey, reflect.TypeOf(TestUser{}))
+		ctx := context.WithValue(request.Context(), DTOTypeKey, reflect.TypeFor[TestUser]())
 		request = request.WithContext(ctx)
 		recorder := httptest.NewRecorder()

@@ -117,7 +117,7 @@ func TestValidationMiddleware(t *testing.T) {
 		body, _ := json.Marshal(user)
 		request := httptest.NewRequest("POST", "/users", bytes.NewBuffer(body))
 		request.Header.Set("Content-Type", "application/json")
-		ctx := context.WithValue(request.Context(), DTOTypeKey, reflect.TypeOf(TestUser{}))
+		ctx := context.WithValue(request.Context(), DTOTypeKey, reflect.TypeFor[TestUser]())
 		request = request.WithContext(ctx)
 		recorder := httptest.NewRecorder()

@@ -144,7 +144,7 @@ func TestValidationMiddleware(t *testing.T) {
 		body, _ := json.Marshal(user)
 		request := httptest.NewRequest("POST", "/users", bytes.NewBuffer(body))
 		request.Header.Set("Content-Type", "application/json")
-		ctx := context.WithValue(request.Context(), DTOTypeKey, reflect.TypeOf(TestUser{}))
+		ctx := context.WithValue(request.Context(), DTOTypeKey, reflect.TypeFor[TestUser]())
 		request = request.WithContext(ctx)
 		recorder := httptest.NewRecorder()

--- a/internal/repositories/post_repository_test.go
+++ b/internal/repositories/post_repository_test.go
@@ -156,7 +156,7 @@ func TestPostRepository_GetAll(t *testing.T) {

 		user := suite.CreateTestUser("testuser2", "test2@example.com", "password123")

-		for i := 0; i < 5; i++ {
+		for i := range 5 {
 			suite.CreateTestPost(user.ID,
 				"Post "+strconv.Itoa(i),
 				"https://example.com/"+strconv.Itoa(i),
@@ -178,7 +178,7 @@ func TestPostRepository_GetAll(t *testing.T) {

 		user := suite.CreateTestUser("testuser3", "test3@example.com", "password123")

-		for i := 0; i < 5; i++ {
+		for i := range 5 {
 			suite.CreateTestPost(user.ID,
 				"Post "+strconv.Itoa(i),
 				"https://example.com/"+strconv.Itoa(i),
@@ -328,7 +328,7 @@ func TestPostRepository_Count(t *testing.T) {

 		user := suite.CreateTestUser("testuser", "test@example.com", "password123")

-		for i := 0; i < 5; i++ {
+		for i := range 5 {
 			suite.CreateTestPost(user.ID,
 				"Post "+strconv.Itoa(i),
 				"https://example.com/"+strconv.Itoa(i),
@@ -506,7 +506,7 @@ func TestPostRepository_Search(t *testing.T) {

 		user := suite.CreateTestUser("testuser2", "test2@example.com", "password123")

-		for i := 0; i < 5; i++ {
+		for i := range 5 {
 			suite.CreateTestPost(user.ID,
 				"Go Post "+strconv.Itoa(i),
 				"https://example.com/go"+strconv.Itoa(i),
--- a/internal/repositories/user_repository_test.go
+++ b/internal/repositories/user_repository_test.go
@@ -621,7 +621,7 @@ func TestUserRepository_GetPosts(t *testing.T) {

 		user := suite.CreateTestUser("pagination", "pagination@example.com", "password123")

-		for i := 0; i < 5; i++ {
+		for i := range 5 {
 			suite.CreateTestPost(user.ID,
 				"Post "+strconv.Itoa(i),
 				"https://example.com/"+strconv.Itoa(i),
@@ -1089,7 +1089,7 @@ func TestUserRepository_ConcurrentAccess(t *testing.T) {
 		done := make(chan bool, 10)
 		errors := make(chan error, 10)

-		for i := 0; i < 10; i++ {
+		for i := range 10 {
 			go func(id int) {
 				defer func() { done <- true }()
 				user := &database.User{
@@ -1099,7 +1099,7 @@ func TestUserRepository_ConcurrentAccess(t *testing.T) {
 					EmailVerified: true,
 				}
 				var err error
-				for retries := 0; retries < 5; retries++ {
+				for retries := range 5 {
 					err = suite.UserRepo.Create(user)
 					if err == nil {
 						break
@@ -1116,7 +1116,7 @@ func TestUserRepository_ConcurrentAccess(t *testing.T) {
 			}(i)
 		}

-		for i := 0; i < 10; i++ {
+		for range 10 {
 			<-done
 		}
 		close(errors)
@@ -1142,7 +1142,7 @@ func TestUserRepository_ConcurrentAccess(t *testing.T) {
 		user := suite.CreateTestUser("concurrent_update", "update@example.com", "password123")

 		done := make(chan bool, 5)
-		for i := 0; i < 5; i++ {
+		for i := range 5 {
 			go func(id int) {
 				defer func() { done <- true }()
 				user.Username = fmt.Sprintf("updated%d", id)
@@ -1150,7 +1150,7 @@ func TestUserRepository_ConcurrentAccess(t *testing.T) {
 			}(i)
 		}

-		for i := 0; i < 5; i++ {
+		for range 5 {
 			<-done
 		}

@@ -1172,7 +1172,7 @@ func TestUserRepository_ConcurrentAccess(t *testing.T) {
 		done := make(chan bool, 2)
 		go func() {
 			var err error
-			for retries := 0; retries < 5; retries++ {
+			for retries := range 5 {
 				err = suite.UserRepo.Delete(user1.ID)
 				if err == nil {
 					break
@@ -1187,7 +1187,7 @@ func TestUserRepository_ConcurrentAccess(t *testing.T) {
 		}()
 		go func() {
 			var err error
-			for retries := 0; retries < 5; retries++ {
+			for retries := range 5 {
 				err = suite.UserRepo.Delete(user2.ID)
 				if err == nil {
 					break
@@ -1210,7 +1210,7 @@ func TestUserRepository_ConcurrentAccess(t *testing.T) {
 		}
 		if count > 0 {
 			var err error
-			for retries := 0; retries < 5; retries++ {
+			for retries := range 5 {
 				count, err = suite.UserRepo.Count()
 				if err == nil && count == 0 {
 					break
--- a/internal/server/router.go
+++ b/internal/server/router.go
@@ -27,6 +27,7 @@ type RouterConfig struct {
 	Debug              bool
 	DisableCache       bool
 	DisableCompression bool
+	CacheablePaths     []string
 	DBMonitor          middleware.DBMonitor
 	RateLimitConfig    config.RateLimitConfig
 }
@@ -49,6 +50,9 @@ func NewRouter(cfg RouterConfig) http.Handler {
 	if !cfg.DisableCache {
 		cache := middleware.NewInMemoryCache()
 		cacheConfig := middleware.DefaultCacheConfig()
+		if len(cfg.CacheablePaths) > 0 {
+			cacheConfig.CacheablePaths = append([]string{}, cfg.CacheablePaths...)
+		}
 		router.Use(middleware.CacheMiddleware(cache, cacheConfig))
 		router.Use(middleware.CacheInvalidationMiddleware(cache))
 	}
--- a/internal/server/router_test.go
+++ b/internal/server/router_test.go
@@ -77,7 +77,8 @@ func setupTestHandlers() (*handlers.AuthHandler, *handlers.PostHandler, *handler
 	emailSender := &testutils.MockEmailSender{}

 	voteService := services.NewVoteService(voteRepo, postRepo, nil)
-	metadataService := services.NewURLMetadataService()
+	titleFetcher := &testutils.MockTitleFetcher{}
+	titleFetcher.SetTitle("Example Domain")

 	mockRefreshRepo := &mockRefreshTokenRepository{}
 	mockDeletionRepo := &mockAccountDeletionRepository{}
@@ -94,7 +95,7 @@ func setupTestHandlers() (*handlers.AuthHandler, *handlers.PostHandler, *handler
 	}

 	authHandler := handlers.NewAuthHandler(authFacade, userRepo)
-	postHandler := handlers.NewPostHandler(postRepo, metadataService, voteService)
+	postHandler := handlers.NewPostHandler(postRepo, titleFetcher, voteService)
 	voteHandler := handlers.NewVoteHandler(voteService)
 	userHandler := handlers.NewUserHandler(userRepo, authFacade)
 	apiHandler := handlers.NewAPIHandler(testutils.AppTestConfig, postRepo, userRepo, voteService)
--- a/internal/services/email_service_test.go
+++ b/internal/services/email_service_test.go
@@ -90,7 +90,7 @@ func TestEmailService_Performance(t *testing.T) {

 	start := time.Now()
 	iterations := 1000
-	for i := 0; i < iterations; i++ {
+	for range iterations {
 		service.GenerateVerificationEmailBody(user.Username, "https://example.com/confirm?token=test")
 	}
 	duration := time.Since(start)
--- a/internal/services/url_metadata_service.go
+++ b/internal/services/url_metadata_service.go
@@ -8,6 +8,7 @@ import (
 	"net"
 	"net/http"
 	"net/url"
+	"slices"
 	"strings"
 	"sync"
 	"time"
@@ -339,11 +340,9 @@ func (s *URLMetadataService) validateURLForSSRF(u *url.URL) error {
 	if err != nil {
 		return ErrSSRFBlocked
 	}
-	for _, ip := range ips {
-		if isPrivateOrReservedIP(ip) {
+	if slices.ContainsFunc(ips, isPrivateOrReservedIP) {
 		return ErrSSRFBlocked
 	}
-	}
 	return nil
 }

@@ -359,13 +358,7 @@ func isLocalhost(hostname string) bool {
 		"0:0:0:0:0:0:0:0",
 	}

-	for _, name := range localhostNames {
-		if hostname == name {
-			return true
-		}
-	}
-
-	return false
+	return slices.Contains(localhostNames, hostname)
 }

 func isPrivateOrReservedIP(ip net.IP) bool {
--- a/internal/testutils/factories.go
+++ b/internal/testutils/factories.go
@@ -285,7 +285,7 @@ func (b *VoteRequestBuilder) Build() VoteRequest {

 func (f *TestDataFactory) CreateTestUsers(count int) []*database.User {
 	users := make([]*database.User, count)
-	for i := 0; i < count; i++ {
+	for i := range count {
 		users[i] = f.NewUserBuilder().
 			WithID(uint(i + 1)).
 			WithUsername(fmt.Sprintf("user%d", i+1)).
@@ -297,7 +297,7 @@ func (f *TestDataFactory) CreateTestUsers(count int) []*database.User {

 func (f *TestDataFactory) CreateTestPosts(count int) []*database.Post {
 	posts := make([]*database.Post, count)
-	for i := 0; i < count; i++ {
+	for i := range count {
 		posts[i] = f.NewPostBuilder().
 			WithID(uint(i+1)).
 			WithTitle(fmt.Sprintf("Post %d", i+1)).
@@ -332,7 +332,7 @@ func (f *TestDataFactory) CreateTestVotes(count int) []*database.Vote {

 func (f *TestDataFactory) CreateTestAuthResults(count int) []*AuthResult {
 	results := make([]*AuthResult, count)
-	for i := 0; i < count; i++ {
+	for i := range count {
 		results[i] = f.NewAuthResultBuilder().
 			WithUser(f.NewUserBuilder().
 				WithID(uint(i + 1)).
@@ -346,7 +346,7 @@ func (f *TestDataFactory) CreateTestAuthResults(count int) []*AuthResult {

 func (f *TestDataFactory) CreateTestVoteRequests(count int) []VoteRequest {
 	requests := make([]VoteRequest, count)
-	for i := 0; i < count; i++ {
+	for i := range count {
 		voteType := database.VoteUp
 		if i%3 == 0 {
 			voteType = database.VoteDown
@@ -365,8 +365,9 @@ func (f *TestDataFactory) CreateTestVoteRequests(count int) []VoteRequest {
 	return requests
 }

+//go:fix inline
 func uintPtr(u uint) *uint {
-	return &u
+	return new(u)
 }

 type E2ETestDataFactory struct {
@@ -450,7 +451,7 @@ func (f *E2ETestDataFactory) CreateMultipleUsers(t *testing.T, count int, userna
 	var users []*TestUser
 	timestamp := time.Now().UnixNano()

-	for i := 0; i < count; i++ {
+	for i := range count {
 		uniqueID := timestamp + int64(i)
 		username := fmt.Sprintf("%s%d", usernamePrefix, uniqueID)
 		email := fmt.Sprintf("%s%d@example.com", emailPrefix, uniqueID)
--- a/internal/testutils/mocks.go
+++ b/internal/testutils/mocks.go
@@ -123,12 +123,12 @@ func defaultIfEmpty(value, fallback string) string {
 }

 func extractTokenFromBody(body string) string {
-	index := strings.Index(body, "token=")
-	if index == -1 {
+	_, after, ok := strings.Cut(body, "token=")
+	if !ok {
 		return ""
 	}

-	tokenPart := body[index+len("token="):]
+	tokenPart := after

 	if delimIdx := strings.IndexAny(tokenPart, "&\"'\\\r\n <>"); delimIdx != -1 {
 		tokenPart = tokenPart[:delimIdx]
--- a/internal/testutils/response_assertions.go
+++ b/internal/testutils/response_assertions.go
@@ -164,7 +164,7 @@ func getErrorField(resp *APIResponse) (string, bool) {
 	if resp == nil {
 		return "", false
 	}
-	if dataMap, ok := resp.Data.(map[string]interface{}); ok {
+	if dataMap, ok := resp.Data.(map[string]any); ok {
 		if errorVal, ok := dataMap["error"].(string); ok {
 			return errorVal, true
 		}
--- a/internal/validation/validation.go
+++ b/internal/validation/validation.go
@@ -202,7 +202,7 @@ func camelCaseToWords(s string) string {
 	return result.String()
 }

-func ValidateStruct(s interface{}) error {
+func ValidateStruct(s any) error {
 	if s == nil {
 		return nil
 	}
@@ -210,7 +210,7 @@ func ValidateStruct(s interface{}) error {
 	val := reflect.ValueOf(s)
 	typ := reflect.TypeOf(s)

-	if val.Kind() == reflect.Ptr {
+	if val.Kind() == reflect.Pointer {
 		if val.IsNil() {
 			return nil
 		}
@@ -252,9 +252,9 @@ func ValidateStruct(s interface{}) error {
 			}

 			var tagName, param string
-			if idx := strings.Index(tag, "="); idx != -1 {
-				tagName = tag[:idx]
-				param = tag[idx+1:]
+			if before, after, ok := strings.Cut(tag, "="); ok {
+				tagName = before
+				param = after
 			} else {
 				tagName = tag
 			}
--- a/screenshots/README.md
+++ b/screenshots/README.md
@@ -1,3 +1,5 @@
+# screenshot
+
 In this folder, you will find screenshots of the app.

 Two kinds of screenshot here:
--- a/scripts/setup-postgres.sh
+++ b/scripts/setup-postgres.sh
@@ -6,13 +6,13 @@ if [ "$EUID" -ne 0 ]; then
  exit 1
 fi

-read -s "Do you want to install PostgreSQL 18? [y/N] " INSTALL_PG
+read -rp "Do you want to install PostgreSQL 18? [y/N] " INSTALL_PG
 if [ "$INSTALL_PG" != "y" ]; then
  echo "PostgreSQL 18 will not be installed"
  exit 0
 fi

-read -s -p "Enter password for PostgreSQL user 'goyco': " GOYCO_PWD
+read -rsp "Enter password for PostgreSQL user 'goyco': " GOYCO_PWD
 echo

 apt-get update
Author	SHA1	Message	Date
Kharec	e58ba1b8d1	chore: add title	2026-03-18 18:07:15 +01:00
Kharec	4ffc601723	fix: avoid mangle backslash	2026-03-11 07:22:51 +01:00
Kharec	d6321e775a	test(integration): update DB monitoring health assertion to match nested services payload	2026-03-06 15:37:53 +01:00
Kharec	de9b544afb	refactor(cors): deduplicate origin validation and header logic without behavior change	2026-03-06 15:37:44 +01:00
Kharec	19291b7f61	feat: update swagger	2026-03-05 11:39:24 +01:00
Kharec	c31eb2f3df	test(e2e): make middleware tests assertion-driven and deterministic	2026-02-23 07:11:22 +01:00
Kharec	de08878de7	test(e2e): add middleware-enabled test context and server config toggles	2026-02-23 07:11:17 +01:00
Kharec	f0e8da51d0	feat(server): allow cacheable paths to be configured in router	2026-02-23 07:11:14 +01:00
Kharec	85882bae14	refactor: go fix ftw	2026-02-19 17:37:42 +01:00
Kharec	9185ffa6b5	test(server): mock title fetcher in router tests to remove network dependency	2026-02-19 17:37:31 +01:00
Kharec	986b4e9388	refactor: modernize code using go fix	2026-02-19 17:31:06 +01:00
Kharec	ac6e1ba80b	refactor: modern code using go fix	2026-02-19 17:30:12 +01:00
Kharec	14da02bc3f	refactor: use go fix	2026-02-19 17:29:44 +01:00
Kharec	31ef30c941	test(health): expect unhealthy for SMTP connection failures	2026-02-16 08:43:46 +01:00
Kharec	d4a89325e0	fix(health): mark SMTP connection/bootstrap failures as unhealthy	2026-02-16 08:43:33 +01:00
Kharec	4eb0a6360f	test(health): cover SMTP unhealthy aggregation behavior	2026-02-16 08:43:14 +01:00
Kharec	040b9148de	fix(health): treat SMTP unhealthy as degraded at app level	2026-02-16 08:43:01 +01:00
Kharec	6e0dfabcff	feat: health check now return json, definitely	2026-02-16 08:33:51 +01:00
Kharec	9e81ddfdfa	fix: don't reinvent the wheel	2026-02-15 12:05:25 +01:00
Kharec	b3b7c1d527	test: health check now supports smtp so we test it	2026-02-15 12:04:06 +01:00
Kharec	4c1caa44dd	refactor: smtp tests	2026-02-15 12:03:55 +01:00
Kharec	52c964abd2	docs: update readme	2026-02-15 12:00:33 +01:00
Kharec	a854138eac	feat: design a health subcommand	2026-02-15 11:59:16 +01:00
Kharec	70bfb54acf	refactor: use new health package	2026-02-15 11:56:19 +01:00
Kharec	a3ed6685de	feat: design a separate package for health check	2026-02-15 11:56:12 +01:00
Kharec	8f30fe7412	docs: update readme	2026-02-14 12:32:29 +01:00
Kharec	1a051b594c	fix: customize upvote ratio	2026-02-14 12:32:18 +01:00