Migrate from Gin to Echo framework and add comprehensive integration tests

Major changes:
- Migrate all handlers from Gin to Echo framework
- Add new apperrors, echohelpers, and validator packages
- Update middleware for Echo compatibility
- Add ArchivedHandler to task categorization chain (archived tasks go to cancelled_tasks column)
- Add 6 new integration tests:
  - RecurringTaskLifecycle: NextDueDate advancement for weekly/monthly tasks
  - MultiUserSharing: Complex sharing with user removal
  - TaskStateTransitions: All state transitions and kanban column changes
  - DateBoundaryEdgeCases: Threshold boundary testing
  - CascadeOperations: Residence deletion cascade effects
  - MultiUserOperations: Shared residence collaboration
- Add single-purpose repository functions for kanban columns (GetOverdueTasks, GetDueSoonTasks, etc.)
- Fix RemoveUser route param mismatch (userId -> user_id)
- Fix determineExpectedColumn helper to correctly prioritize in_progress over overdue

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

internal/middleware/admin_auth.go

@@ -6,7 +6,7 @@ import (
 	"strings"
 	"time"
 
-	"github.com/gin-gonic/gin"
+	"github.com/labstack/echo/v4"
 	"github.com/golang-jwt/jwt/v5"
 
 	"github.com/treytartt/casera-api/internal/config"
@@ -30,68 +30,65 @@ type AdminClaims struct {
 }
 
 // AdminAuthMiddleware creates a middleware that validates admin JWT tokens
-func AdminAuthMiddleware(cfg *config.Config, adminRepo *repositories.AdminRepository) gin.HandlerFunc {
-	return func(c *gin.Context) {
-		var tokenString string
+func AdminAuthMiddleware(cfg *config.Config, adminRepo *repositories.AdminRepository) echo.MiddlewareFunc {
+	return func(next echo.HandlerFunc) echo.HandlerFunc {
+		return func(c echo.Context) error {
+			var tokenString string
 
-		// Get token from Authorization header
-		authHeader := c.GetHeader("Authorization")
-		if authHeader != "" {
-			// Check Bearer prefix
-			parts := strings.SplitN(authHeader, " ", 2)
-			if len(parts) == 2 && strings.ToLower(parts[0]) == "bearer" {
-				tokenString = parts[1]
+			// Get token from Authorization header
+			authHeader := c.Request().Header.Get("Authorization")
+			if authHeader != "" {
+				// Check Bearer prefix
+				parts := strings.SplitN(authHeader, " ", 2)
+				if len(parts) == 2 && strings.ToLower(parts[0]) == "bearer" {
+					tokenString = parts[1]
+				}
 			}
-		}
 
-		// If no header token, check query parameter (for WebSocket connections)
-		if tokenString == "" {
-			tokenString = c.Query("token")
-		}
-
-		if tokenString == "" {
-			c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "Authorization required"})
-			return
-		}
-
-		// Parse and validate token
-		claims := &AdminClaims{}
-		token, err := jwt.ParseWithClaims(tokenString, claims, func(token *jwt.Token) (interface{}, error) {
-			// Validate signing method
-			if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
-				return nil, errors.New("invalid signing method")
+			// If no header token, check query parameter (for WebSocket connections)
+			if tokenString == "" {
+				tokenString = c.QueryParam("token")
 			}
-			return []byte(cfg.Security.SecretKey), nil
-		})
 
-		if err != nil {
-			c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "Invalid token"})
-			return
+			if tokenString == "" {
+				return c.JSON(http.StatusUnauthorized, map[string]interface{}{"error": "Authorization required"})
+			}
+
+			// Parse and validate token
+			claims := &AdminClaims{}
+			token, err := jwt.ParseWithClaims(tokenString, claims, func(token *jwt.Token) (interface{}, error) {
+				// Validate signing method
+				if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
+					return nil, errors.New("invalid signing method")
+				}
+				return []byte(cfg.Security.SecretKey), nil
+			})
+
+			if err != nil {
+				return c.JSON(http.StatusUnauthorized, map[string]interface{}{"error": "Invalid token"})
+			}
+
+			if !token.Valid {
+				return c.JSON(http.StatusUnauthorized, map[string]interface{}{"error": "Token is not valid"})
+			}
+
+			// Get admin user from database
+			admin, err := adminRepo.FindByID(claims.AdminID)
+			if err != nil {
+				return c.JSON(http.StatusUnauthorized, map[string]interface{}{"error": "Admin user not found"})
+			}
+
+			// Check if admin is active
+			if !admin.IsActive {
+				return c.JSON(http.StatusUnauthorized, map[string]interface{}{"error": "Admin account is disabled"})
+			}
+
+			// Store admin and claims in context
+			c.Set(AdminUserKey, admin)
+			c.Set(AdminClaimsKey, claims)
+
+			return next(c)
 		}
-
-		if !token.Valid {
-			c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "Token is not valid"})
-			return
-		}
-
-		// Get admin user from database
-		admin, err := adminRepo.FindByID(claims.AdminID)
-		if err != nil {
-			c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "Admin user not found"})
-			return
-		}
-
-		// Check if admin is active
-		if !admin.IsActive {
-			c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "Admin account is disabled"})
-			return
-		}
-
-		// Store admin and claims in context
-		c.Set(AdminUserKey, admin)
-		c.Set(AdminClaimsKey, claims)
-
-		c.Next()
 	}
 }
 
@@ -116,20 +113,20 @@ func GenerateAdminToken(admin *models.AdminUser, cfg *config.Config) (string, er
 }
 
 // RequireSuperAdmin middleware requires the admin to have super_admin role
-func RequireSuperAdmin() gin.HandlerFunc {
-	return func(c *gin.Context) {
-		admin, exists := c.Get(AdminUserKey)
-		if !exists {
-			c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "Admin authentication required"})
-			return
-		}
+func RequireSuperAdmin() echo.MiddlewareFunc {
+	return func(next echo.HandlerFunc) echo.HandlerFunc {
+		return func(c echo.Context) error {
+			admin := c.Get(AdminUserKey)
+			if admin == nil {
+				return c.JSON(http.StatusUnauthorized, map[string]interface{}{"error": "Admin authentication required"})
+			}
 
-		adminUser := admin.(*models.AdminUser)
-		if !adminUser.IsSuperAdmin() {
-			c.AbortWithStatusJSON(http.StatusForbidden, gin.H{"error": "Super admin privileges required"})
-			return
-		}
+			adminUser := admin.(*models.AdminUser)
+			if !adminUser.IsSuperAdmin() {
+				return c.JSON(http.StatusForbidden, map[string]interface{}{"error": "Super admin privileges required"})
+			}
 
-		c.Next()
+			return next(c)
+		}
 	}
 }