Feat/model

[iqbalpa]

feat: Implement multi-tenancy for task management

This pull request introduces multi-tenancy to the task management feature. Previously, all tasks were global and could be accessed or modified by any authenticated user. With these changes, tasks are now associated with the user who created them, and users can only view, update, or delete their own tasks.

Key Changes

• Data Model:

  • The Task model now includes a UserUsername field to link tasks to users.
  • The User model has been updated with a has-many relationship to Task.

• Authorization:

  • The authentication middleware (internal/middleware/auth.go) now injects user information into the request context instead of using fiber.Locals.
  • The task service layer (internal/service/task.go) now performs ownership checks for GetTaskByID, UpdateTask, and DeleteTask operations, ensuring users can only operate on their own tasks.

• API Layer:

  • The task handlers (internal/handler/task.go) have been updated to pass the request context to the service layer.
  • The GetAllTasks endpoint now returns only the tasks belonging to the authenticated user.

• Context Keys:

  • A new internal/utils/constant.go file has been added to define strongly-typed keys for values stored in the context, improving code clarity and safety.

How to Test

1. Run the application.
2. Create two different users.
3. Log in as User A and create a few tasks.
4. Verify that GET /api/task returns only the tasks created by User A.
5. Try to GET, PATCH, or DELETE a task created by User A using the credentials of User B. The request should be denied with an authorization error.
6. Log in as User B and create a task.
7. Verify that GET /api/task for User B returns only the task created by User B.

I actually ask gemini-cli to test the updated code and it worked as expected. It tested it using curl