feat: Add GET /me endpoint for current user profile

[hackmajoris]

Summary

Adds a new GET /me API endpoint that returns the authenticated user's profile information based on the username extracted from the JWT token.

Changes

API Handler

• New Handler: GetCurrentUser in cmd/app/internal/handler/handler.go
  • Extracts username from JWT claims in request context
  • Retrieves user data via service layer
  • Returns user profile with ISO 8601 formatted timestamps

DTO

• New Response DTO: CurrentUserResponse in cmd/app/internal/dto/dto.go
  • Fields: username, name, created_at, updated_at
  • Timestamps formatted as ISO 8601/RFC3339
  • Password hash is never exposed

Routing

• Route Registration: Added in cmd/app/main.go
  • Path: GET /me
  • Requires JWT authentication via middleware

Infrastructure

• CDK Stack: Updated deployments/app/cdk.go
  • Added /me API Gateway resource
  • Configured Lambda integration
  • Applied CORS settings

Testing

Created comprehensive test suite in cmd/app/internal/handler/handler_test.go:

Test Coverage

1. TestHandler_GetCurrentUser

   • ✅ Successful user retrieval with valid token
   • ✅ Invalid token claims (401 error)
   • ✅ User not found (404 error)

2. TestHandler_GetCurrentUser_TimestampFormat

   • ✅ Validates ISO 8601/RFC3339 timestamp format
   • ✅ Verifies timezone preservation

3. TestHandler_GetCurrentUser_DoesNotExposePassword

   • ✅ Ensures password hash is never in response
   • ✅ Validates only safe fields are returned

Test Results

=== RUN   TestHandler_GetCurrentUser
--- PASS: TestHandler_GetCurrentUser (0.06s)
=== RUN   TestHandler_GetCurrentUser_TimestampFormat
--- PASS: TestHandler_GetCurrentUser_TimestampFormat (0.05s)
=== RUN   TestHandler_GetCurrentUser_DoesNotExposePassword
--- PASS: TestHandler_GetCurrentUser_DoesNotExposePassword (0.05s)
PASS
ok      github.com/hackmajoris/glad/cmd/app/internal/handler    1.007s

All existing tests continue to pass ✅

API Usage

Request

GET /me
Authorization: Bearer <jwt-token>

Response (200 OK)

{
  "username": "john_doe",
  "name": "John Doe",
  "created_at": "2025-12-07T10:30:00Z",
  "updated_at": "2025-12-07T10:30:00Z"
}

Error Responses

• 401 Unauthorized: Invalid or missing JWT token
• 404 Not Found: User not found in database

Security

• ✅ JWT authentication required
• ✅ Username extracted from verified token claims
• ✅ Password hash never exposed in response
• ✅ Only returns safe, non-sensitive fields

Breaking Changes

None. This is a purely additive change.

Checklist

• Code follows project architecture patterns
• Handler delegates to service layer
• DTO properly defined with security in mind
• Route registered with authentication middleware
• CDK infrastructure updated
• Comprehensive tests added
• All tests passing
• No breaking changes
• Security verified (no password exposure)

---

🤖 Generated with Claude Code