# Project Optimizations TODO

## 1. Consolidate and Refine Error Handling (`src/errors.rs`)
- [ ] Split errors into two domains:
  - `StartupError`: For config parsing, database connection pooling, and server binding failures (can return `eyre` or `anyhow::Error` in `main.rs`).
  - `ApiError`: Dedicated exclusively to HTTP responses.
- [ ] Add `tracing::error!` logging in the `IntoResponse` implementation for internal server errors (like `DbConnect`) before returning generic error JSON to clients.

## 2. Reduce Boilerplate in Controllers (`src/controller/`)
- [ ] Leverage Axum's `FromRequest` and `IntoResponse` traits more heavily on models.
- [ ] Implement a custom extractor (e.g., using `validator` crate) to ensure controller signatures guarantee valid data (e.g., `ValidJson(payload)`).

## 3. State Management (`src/state.rs`)
- [ ] Audit state struct to ensure `PgPool` is not wrapped in an unnecessary `Arc` (since it is already an `Arc` internally).
- [ ] Ensure application state leverages Axum's `FromRef` trait effectively for sub-components.

## 4. Separation of Concerns in Database Repositories
- [ ] Update `user_repository.rs` and `refresh_token_repository.rs` methods to accept `&sqlx::PgPool` or `&mut sqlx::Transaction` as arguments to support multi-table atomic transactions cleanly.

## 5. Clean up Middleware (`src/controller/middleware/`)
- [ ] Ensure `auth_middleware.rs` properly passes the authenticated user downstream using `Extension` or `State`.
- [ ] Create a `CurrentUser` Extractor so route handlers can easily extract the user via `async fn get_profile(user: CurrentUser)` instead of manually extracting extensions.