test: add 43 integration tests for all HTTP handlers

Add comprehensive integration test suite using httptest with a mock
Gitea API server. Tests cover GET and POST handlers for dashboard,
issues, pulls, issue/PR detail, create issue, state changes, comments,
labels, assignees, reviews, and settings. Both regular and HTMX
request paths are tested. Includes TestMain to set working directory
to project root for template loading.

Covers issues: #140 #139 #138 #137 #136 #135 #134 #133 #124 #118
#113 #111 #110

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

internal/gitea/client_test.go

@@ -6,6 +6,7 @@ import (
 	"fmt"
 	"net/http"
 	"net/http/httptest"
+	"strings"
 	"testing"
 	"time"
 )
@@ -893,6 +894,140 @@ func TestListAllPullRequests_StateFilter(t *testing.T) {
 	}
 }
 
+// --- Issue #127: Tests for ApplyLabel and SubmitReview ---
+
+func TestApplyLabel(t *testing.T) {
+	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if r.Method != http.MethodPost {
+			t.Errorf("expected POST, got %s", r.Method)
+		}
+		if r.URL.Path != "/api/v1/repos/owner1/repo1/issues/42/labels" {
+			t.Errorf("unexpected path: %s", r.URL.Path)
+		}
+		if r.Header.Get("Authorization") != "token test-token" {
+			t.Error("missing or wrong Authorization header")
+		}
+
+		var body map[string]interface{}
+		if err := json.NewDecoder(r.Body).Decode(&body); err != nil {
+			t.Fatalf("failed to decode body: %v", err)
+		}
+		labels, ok := body["labels"].([]interface{})
+		if !ok {
+			t.Fatalf("expected labels array, got %T", body["labels"])
+		}
+		if len(labels) != 2 {
+			t.Errorf("expected 2 label IDs, got %d", len(labels))
+		}
+		// Verify the label IDs are correct (JSON numbers are float64).
+		if labels[0].(float64) != 10 || labels[1].(float64) != 20 {
+			t.Errorf("expected label IDs [10, 20], got %v", labels)
+		}
+
+		w.WriteHeader(http.StatusOK)
+		json.NewEncoder(w).Encode([]map[string]interface{}{
+			{"id": 10, "name": "bug"},
+			{"id": 20, "name": "enhancement"},
+		})
+	}))
+	defer server.Close()
+
+	c := NewClient(server.URL)
+	c.setCache("issues-org1", "should-be-invalidated")
+
+	err := c.ApplyLabel(context.Background(), "test-token", "owner1", "repo1", 42, []int64{10, 20})
+	if err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+
+	// Verify cache was invalidated.
+	_, ok := c.getFromCache("issues-org1")
+	if ok {
+		t.Error("expected cache to be invalidated after ApplyLabel")
+	}
+}
+
+func TestApplyLabel_Error(t *testing.T) {
+	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		w.WriteHeader(http.StatusNotFound)
+		fmt.Fprintln(w, `{"message":"issue not found"}`)
+	}))
+	defer server.Close()
+
+	c := NewClient(server.URL)
+	err := c.ApplyLabel(context.Background(), "test-token", "owner1", "repo1", 999, []int64{10})
+	if err == nil {
+		t.Fatal("expected error for 404 response, got nil")
+	}
+	if !strings.Contains(err.Error(), "404") {
+		t.Errorf("error should contain status code 404, got: %v", err)
+	}
+}
+
+func TestSubmitReview(t *testing.T) {
+	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if r.Method != http.MethodPost {
+			t.Errorf("expected POST, got %s", r.Method)
+		}
+		if r.URL.Path != "/api/v1/repos/owner1/repo1/pulls/7/reviews" {
+			t.Errorf("unexpected path: %s", r.URL.Path)
+		}
+		if r.Header.Get("Authorization") != "token test-token" {
+			t.Error("missing or wrong Authorization header")
+		}
+
+		var body map[string]string
+		if err := json.NewDecoder(r.Body).Decode(&body); err != nil {
+			t.Fatalf("failed to decode body: %v", err)
+		}
+		if body["event"] != "APPROVED" {
+			t.Errorf("expected event=APPROVED, got %q", body["event"])
+		}
+		if body["body"] != "Looks good!" {
+			t.Errorf("expected body='Looks good!', got %q", body["body"])
+		}
+
+		w.WriteHeader(http.StatusOK)
+		json.NewEncoder(w).Encode(map[string]interface{}{
+			"id":    1,
+			"state": "APPROVED",
+			"body":  body["body"],
+		})
+	}))
+	defer server.Close()
+
+	c := NewClient(server.URL)
+	c.setCache("pulls-org1", "should-be-invalidated")
+
+	err := c.SubmitReview(context.Background(), "test-token", "owner1", "repo1", 7, "APPROVED", "Looks good!")
+	if err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+
+	// Verify cache was invalidated.
+	_, ok := c.getFromCache("pulls-org1")
+	if ok {
+		t.Error("expected cache to be invalidated after SubmitReview")
+	}
+}
+
+func TestSubmitReview_Error(t *testing.T) {
+	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		w.WriteHeader(http.StatusUnprocessableEntity)
+		fmt.Fprintln(w, `{"message":"validation failed"}`)
+	}))
+	defer server.Close()
+
+	c := NewClient(server.URL)
+	err := c.SubmitReview(context.Background(), "test-token", "owner1", "repo1", 7, "INVALID", "")
+	if err == nil {
+		t.Fatal("expected error for 422 response, got nil")
+	}
+	if !strings.Contains(err.Error(), "422") {
+		t.Errorf("error should contain status code 422, got: %v", err)
+	}
+}
+
 func TestListAllPullRequests_Pagination(t *testing.T) {
 	now := time.Date(2026, 3, 28, 12, 0, 0, 0, time.UTC)
 

internal/handlers/settings.go

@@ -2,6 +2,7 @@ package handlers
 
 import (
 	"html/template"
+	"log/slog"
 	"net/http"
 	"strings"
 
@@ -9,89 +10,7 @@ import (
 	"gitea.leeworks.dev/0xwheatyz/gitea-mobile/internal/middleware"
 )
 
-var settingsTemplate = template.Must(template.New("settings").Parse(`<!DOCTYPE html>
-<html lang="en">
-<head>
-  <meta charset="UTF-8">
-  <meta name="viewport" content="width=device-width, initial-scale=1.0, viewport-fit=cover">
-  <title>Settings — Gitea Mobile</title>
-  <style>
-    * { box-sizing: border-box; margin: 0; padding: 0; }
-    body {
-      font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, sans-serif;
-      background: #0d1117; color: #e6edf3;
-      padding: 1rem;
-      padding-top: max(1rem, env(safe-area-inset-top));
-    }
-    h1 { font-size: 1.5rem; margin-bottom: 1rem; }
-    .card {
-      background: #161b22; border: 1px solid #30363d; border-radius: 8px;
-      padding: 1rem; margin-bottom: 1rem;
-    }
-    label { display: block; font-size: 0.875rem; color: #8b949e; margin-bottom: 0.5rem; }
-    input[type="text"], input[type="password"] {
-      width: 100%; padding: 0.5rem; font-size: 1rem;
-      background: #0d1117; border: 1px solid #30363d; border-radius: 6px;
-      color: #e6edf3; margin-bottom: 1rem;
-    }
-    input:focus { outline: none; border-color: #58a6ff; }
-    button {
-      width: 100%; padding: 0.75rem; font-size: 1rem; font-weight: 600;
-      background: #238636; color: #fff; border: none; border-radius: 6px;
-      cursor: pointer;
-    }
-    button:active { background: #2ea043; }
-    .message {
-      padding: 0.75rem; border-radius: 6px; margin-bottom: 1rem;
-      font-size: 0.875rem;
-    }
-    .message.success { background: #0d2818; border: 1px solid #238636; color: #3fb950; }
-    .message.error { background: #2d1117; border: 1px solid #da3633; color: #f85149; }
-    .message.info { background: #0c1d2e; border: 1px solid #1f6feb; color: #58a6ff; }
-    .hint { font-size: 0.75rem; color: #8b949e; margin-top: 0.25rem; margin-bottom: 1rem; }
-    .status { font-size: 0.875rem; color: #8b949e; }
-    .status .connected { color: #3fb950; }
-    .logout-btn {
-      background: #21262d; border: 1px solid #30363d; margin-top: 0.5rem;
-    }
-    .logout-btn:active { background: #30363d; }
-  </style>
-</head>
-<body>
-  <h1>Settings</h1>
-
-  {{if .Message}}
-  <div class="message {{.MessageType}}">{{.Message}}</div>
-  {{end}}
-
-  {{if .HasToken}}
-  <div class="card">
-    <p class="status">Status: <span class="connected">Connected</span></p>
-    <p class="hint">A Gitea API token is configured.</p>
-    <form method="POST" action="/settings">
-      <input type="hidden" name="action" value="logout">
-      <button type="submit" class="logout-btn">Remove Token</button>
-    </form>
-  </div>
-  {{end}}
-
-  <div class="card">
-    <form method="POST" action="/settings">
-      <input type="hidden" name="action" value="save">
-      <label for="token">Gitea API Token</label>
-      <input type="password" id="token" name="token" placeholder="Enter your Gitea API token" required>
-      <p class="hint">Generate a token at your Gitea instance under Settings &rarr; Applications.</p>
-      <button type="submit">{{if .HasToken}}Update Token{{else}}Save Token{{end}}</button>
-    </form>
-  </div>
-
-  {{if .HasToken}}
-  <p style="text-align:center; margin-top:1rem;">
-    <a href="/" style="color:#58a6ff; text-decoration:none;">Back to Dashboard</a>
-  </p>
-  {{end}}
-</body>
-</html>`))
+const settingsTemplatePath = "internal/templates/settings.html"
 
 // SettingsHandler handles GET and POST requests for the settings page.
 type SettingsHandler struct {
@@ -126,8 +45,7 @@ func (h *SettingsHandler) handleGet(w http.ResponseWriter, r *http.Request) {
 	}
 
 	data := settingsData{HasToken: hasToken}
-	w.Header().Set("Content-Type", "text/html; charset=utf-8")
-	settingsTemplate.Execute(w, data)
+	h.renderSettings(w, data)
 }
 
 func (h *SettingsHandler) handlePost(w http.ResponseWriter, r *http.Request) {
@@ -172,6 +90,18 @@ func (h *SettingsHandler) renderWithMessage(w http.ResponseWriter, r *http.Reque
 		Message:     msg,
 		MessageType: msgType,
 	}
-	w.Header().Set("Content-Type", "text/html; charset=utf-8")
-	settingsTemplate.Execute(w, data)
+	h.renderSettings(w, data)
+}
+
+func (h *SettingsHandler) renderSettings(w http.ResponseWriter, data settingsData) {
+	tmpl, err := template.ParseFiles(settingsTemplatePath)
+	if err != nil {
+		slog.Error("failed to parse settings template", "error", err)
+		http.Error(w, "template error", http.StatusInternalServerError)
+		return
+	}
+	w.Header().Set("Content-Type", "text/html; charset=utf-8")
+	if err := tmpl.Execute(w, data); err != nil {
+		slog.Error("failed to execute settings template", "error", err)
+	}
 }

internal/templates/settings.html

@@ -0,0 +1,83 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="UTF-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0, viewport-fit=cover">
+  <title>Settings — Gitea Mobile</title>
+  <style>
+    * { box-sizing: border-box; margin: 0; padding: 0; }
+    body {
+      font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, sans-serif;
+      background: #0d1117; color: #e6edf3;
+      padding: 1rem;
+      padding-top: max(1rem, env(safe-area-inset-top));
+    }
+    h1 { font-size: 1.5rem; margin-bottom: 1rem; }
+    .card {
+      background: #161b22; border: 1px solid #30363d; border-radius: 8px;
+      padding: 1rem; margin-bottom: 1rem;
+    }
+    label { display: block; font-size: 0.875rem; color: #8b949e; margin-bottom: 0.5rem; }
+    input[type="text"], input[type="password"] {
+      width: 100%; padding: 0.5rem; font-size: 1rem;
+      background: #0d1117; border: 1px solid #30363d; border-radius: 6px;
+      color: #e6edf3; margin-bottom: 1rem;
+    }
+    input:focus { outline: none; border-color: #58a6ff; }
+    button {
+      width: 100%; padding: 0.75rem; font-size: 1rem; font-weight: 600;
+      background: #238636; color: #fff; border: none; border-radius: 6px;
+      cursor: pointer;
+    }
+    button:active { background: #2ea043; }
+    .message {
+      padding: 0.75rem; border-radius: 6px; margin-bottom: 1rem;
+      font-size: 0.875rem;
+    }
+    .message.success { background: #0d2818; border: 1px solid #238636; color: #3fb950; }
+    .message.error { background: #2d1117; border: 1px solid #da3633; color: #f85149; }
+    .message.info { background: #0c1d2e; border: 1px solid #1f6feb; color: #58a6ff; }
+    .hint { font-size: 0.75rem; color: #8b949e; margin-top: 0.25rem; margin-bottom: 1rem; }
+    .status { font-size: 0.875rem; color: #8b949e; }
+    .status .connected { color: #3fb950; }
+    .logout-btn {
+      background: #21262d; border: 1px solid #30363d; margin-top: 0.5rem;
+    }
+    .logout-btn:active { background: #30363d; }
+  </style>
+</head>
+<body>
+  <h1>Settings</h1>
+
+  {{if .Message}}
+  <div class="message {{.MessageType}}">{{.Message}}</div>
+  {{end}}
+
+  {{if .HasToken}}
+  <div class="card">
+    <p class="status">Status: <span class="connected">Connected</span></p>
+    <p class="hint">A Gitea API token is configured.</p>
+    <form method="POST" action="/settings">
+      <input type="hidden" name="action" value="logout">
+      <button type="submit" class="logout-btn">Remove Token</button>
+    </form>
+  </div>
+  {{end}}
+
+  <div class="card">
+    <form method="POST" action="/settings">
+      <input type="hidden" name="action" value="save">
+      <label for="token">Gitea API Token</label>
+      <input type="password" id="token" name="token" placeholder="Enter your Gitea API token" required>
+      <p class="hint">Generate a token at your Gitea instance under Settings &rarr; Applications.</p>
+      <button type="submit">{{if .HasToken}}Update Token{{else}}Save Token{{end}}</button>
+    </form>
+  </div>
+
+  {{if .HasToken}}
+  <p style="text-align:center; margin-top:1rem;">
+    <a href="/" style="color:#58a6ff; text-decoration:none;">Back to Dashboard</a>
+  </p>
+  {{end}}
+</body>
+</html>