- Define userRepository, userRoleRepository, roleRepository, passwordHistoryRepository interfaces
- Update UserService struct to use interface types instead of concrete *repository types
- Update NewUserService constructor to accept interfaces
- Add UserCursorResult type (avoid conflict with login_log.go's CursorResult)
- Fix AssignRoles to use type assertion for WithTx (concrete method not in interface)
- Add GetByEmail, UpdateStatus, BatchUpdateStatus, BatchDelete to userRepository interface
- Add GetByID, GetByIDs to roleRepository interface
This enables dependency injection and mocking at the service layer.
- AssignRoles: wrap DeleteByUserID + BatchCreate in DB transaction (P1)
- GetUserRoles: use GetByIDs batch query instead of per-role GetByID loop (N+1 fix)
- ListAdmins: use GetByIDs batch query instead of per-user GetByID loop (N+1 fix)
- Add WithTx/DB methods to UserRoleRepository for transaction support
- Add GetByIDs to UserRepository (batch user lookup)
- Add .gitattributes to normalize line endings to LF (P2)
- G115 (integer overflow): Added nosec comments for safe type conversions
where values are bounded by design (e.g., rng.Intn(255) returns 0-254)
- G118 (context.Background): Added nosec for intentional async goroutines
that use WithTimeout for bounded execution after request completes
Note: G101 (hardcoded credentials) warnings are low-confidence false
positives - OAuth fields use getEnv() to read from environment.
