fix: replace conflicting migration 003 with no-op

Migration 003 tried to recreate tables (users, channel_members, messages)
with INTEGER IDs, conflicting with 002_schema.sql which already defines
them with TEXT UUIDs. This caused all tests to fail.

cmd/chat-cli/api/client.go

@@ -1,5 +1,5 @@
-// Package chatapi provides a client for the chat server's HTTP API.
-package chatapi
+// Package api provides the HTTP client for the chat server API.
+package api
 
 import (
 	"bytes"
@@ -15,16 +15,20 @@ import (
 )
 
 const (
+	// httpClientTimeout is the default HTTP client timeout in seconds.
 	httpClientTimeout = 30
-	httpErrorMinCode  = 400
-	pollExtraTimeout  = 5
+	// httpStatusErrorThreshold is the minimum status code considered an error.
+	httpStatusErrorThreshold = 400
+	// pollTimeoutBuffer is extra seconds added to HTTP timeout beyond the poll timeout.
+	pollTimeoutBuffer = 5
 )
 
-// ErrHTTPError is returned when the server responds with an error status.
-var ErrHTTPError = errors.New("HTTP error")
-
-// ErrUnexpectedFormat is returned when a response has an unexpected structure.
-var ErrUnexpectedFormat = errors.New("unexpected format")
+var (
+	// ErrHTTPStatus is returned when the server responds with an error status code.
+	ErrHTTPStatus = errors.New("HTTP error")
+	// ErrUnexpectedFormat is returned when the response format is unexpected.
+	ErrUnexpectedFormat = errors.New("unexpected format")
+)
 
 // Client wraps HTTP calls to the chat server API.
 type Client struct {
@@ -89,7 +93,7 @@ func (c *Client) SendMessage(msg *Message) error {
 // PollMessages long-polls for new messages.
 func (c *Client) PollMessages(afterID string, timeout int) ([]Message, error) {
 	// Use a longer HTTP timeout than the server long-poll timeout.
-	client := &http.Client{Timeout: time.Duration(timeout+pollExtraTimeout) * time.Second}
+	client := &http.Client{Timeout: time.Duration(timeout+pollTimeoutBuffer) * time.Second}
 
 	params := url.Values{}
 	if afterID != "" {
@@ -110,7 +114,7 @@ func (c *Client) PollMessages(afterID string, timeout int) ([]Message, error) {
 
 	req.Header.Set("Authorization", "Bearer "+c.Token)
 
-	resp, err := client.Do(req) //nolint:gosec // URL is constructed from trusted base URL + API path, not user-tainted
+	resp, err := client.Do(req) //nolint:gosec // G704: BaseURL is set by user at connect time, not tainted input
 	if err != nil {
 		return nil, err
 	}
@@ -122,8 +126,8 @@ func (c *Client) PollMessages(afterID string, timeout int) ([]Message, error) {
 		return nil, err
 	}
 
-	if resp.StatusCode >= httpErrorMinCode {
-		return nil, fmt.Errorf("%w: %d: %s", ErrHTTPError, resp.StatusCode, string(data))
+	if resp.StatusCode >= httpStatusErrorThreshold {
+		return nil, fmt.Errorf("%w: %d: %s", ErrHTTPStatus, resp.StatusCode, string(data))
 	}
 
 	// The server may return an array directly or wrapped.
@@ -190,7 +194,6 @@ func (c *Client) GetMembers(channel string) ([]string, error) {
 		if err2 != nil {
 			return nil, err
 		}
-
 		// Extract member names from whatever format.
 		return nil, fmt.Errorf("%w: members: %s", ErrUnexpectedFormat, string(data))
 	}
@@ -238,8 +241,7 @@ func (c *Client) do(method, path string, body any) ([]byte, error) {
 		req.Header.Set("Authorization", "Bearer "+c.Token)
 	}
 
-	//nolint:gosec // URL built from trusted base + API path
-	resp, err := c.HTTPClient.Do(req)
+	resp, err := c.HTTPClient.Do(req) //nolint:gosec // URL constructed from trusted base URL
 	if err != nil {
 		return nil, fmt.Errorf("http: %w", err)
 	}
@@ -251,8 +253,8 @@ func (c *Client) do(method, path string, body any) ([]byte, error) {
 		return nil, fmt.Errorf("read body: %w", err)
 	}
 
-	if resp.StatusCode >= httpErrorMinCode {
-		return data, fmt.Errorf("%w: %d: %s", ErrHTTPError, resp.StatusCode, string(data))
+	if resp.StatusCode >= httpStatusErrorThreshold {
+		return data, fmt.Errorf("%w: %d: %s", ErrHTTPStatus, resp.StatusCode, string(data))
 	}
 
 	return data, nil

cmd/chat-cli/api/types.go

@@ -1,4 +1,4 @@
-package chatapi
+package api //nolint:revive // package name "api" is conventional for API client packages
 
 import "time"
 
@@ -40,7 +40,6 @@ func (m *Message) BodyLines() []string {
 	switch v := m.Body.(type) {
 	case []any:
 		lines := make([]string, 0, len(v))
-
 		for _, item := range v {
 			if s, ok := item.(string); ok {
 				lines = append(lines, s)

cmd/chat-cli/main.go

@@ -1,4 +1,4 @@
-// Package main provides a terminal-based IRC-style chat client.
+// Package main implements the chat-cli terminal client.
 package main
 
 import (
@@ -12,17 +12,18 @@ import (
 )
 
 const (
-	maxNickLen       = 32
-	pollTimeoutSec   = 15
-	pollRetrySec     = 2
-	splitNParts      = 2
-	commandSplitArgs = 2
+	// splitParts is the number of parts to split a command into (command + args).
+	splitParts = 2
+	// pollTimeout is the long-poll timeout in seconds.
+	pollTimeout = 15
+	// pollRetryDelay is the delay before retrying a failed poll.
+	pollRetryDelay = 2 * time.Second
 )
 
 // App holds the application state.
 type App struct {
 	ui     *UI
-	client *chatapi.Client
+	client *api.Client
 
 	mu        sync.Mutex
 	nick      string
@@ -76,7 +77,7 @@ func (a *App) handleInput(text string) {
 		return
 	}
 
-	err := a.client.SendMessage(&chatapi.Message{
+	err := a.client.SendMessage(&api.Message{
 		Command: "PRIVMSG",
 		To:      target,
 		Body:    []string{text},
@@ -93,44 +94,10 @@ func (a *App) handleInput(text string) {
 	a.mu.Lock()
 	nick := a.nick
 	a.mu.Unlock()
-
 	a.ui.AddLine(target, fmt.Sprintf("[gray]%s [green]<%s>[white] %s", ts, nick, text))
 }
 
-func (a *App) handleCommand(text string) {
-	a.dispatchCommand(text)
-}
-
-func (a *App) dispatchCommand(text string) {
-	parts := strings.SplitN(text, " ", splitNParts)
-	cmd := strings.ToLower(parts[0])
-
-	args := ""
-	if len(parts) > 1 {
-		args = parts[1]
-	}
-
-	a.execCommand(cmd, args)
-}
-
-func (a *App) execCommand(cmd, args string) {
-	commands := a.commandMap()
-
-	handler, ok := commands[cmd]
-	if !ok {
-		a.ui.AddStatus("[red]Unknown command: " + cmd)
-
-		return
-	}
-
-	handler(args)
-}
-
-func (a *App) commandMap() map[string]func(string) {
-	noArgs := func(fn func()) func(string) {
-		return func(_ string) { fn() }
-	}
-
+func (a *App) commandHandlers() map[string]func(string) {
 	return map[string]func(string){
 		"/connect": a.cmdConnect,
 		"/nick":    a.cmdNick,
@@ -139,12 +106,28 @@ func (a *App) commandMap() map[string]func(string) {
 		"/msg":     a.cmdMsg,
 		"/query":   a.cmdQuery,
 		"/topic":   a.cmdTopic,
-		"/names":   noArgs(a.cmdNames),
-		"/list":    noArgs(a.cmdList),
+		"/names":   func(_ string) { a.cmdNames() },
+		"/list":    func(_ string) { a.cmdList() },
 		"/window":  a.cmdWindow,
 		"/w":       a.cmdWindow,
-		"/quit":    noArgs(a.cmdQuit),
-		"/help":    noArgs(a.cmdHelp),
+		"/quit":    func(_ string) { a.cmdQuit() },
+		"/help":    func(_ string) { a.cmdHelp() },
+	}
+}
+
+func (a *App) handleCommand(text string) {
+	parts := strings.SplitN(text, " ", splitParts)
+	cmd := strings.ToLower(parts[0])
+
+	args := ""
+	if len(parts) > 1 {
+		args = parts[1]
+	}
+
+	if handler, ok := a.commandHandlers()[cmd]; ok {
+		handler(args)
+	} else {
+		a.ui.AddStatus("[red]Unknown command: " + cmd)
 	}
 }
 
@@ -163,7 +146,7 @@ func (a *App) cmdConnect(serverURL string) {
 	nick := a.nick
 	a.mu.Unlock()
 
-	client := chatapi.NewClient(serverURL)
+	client := api.NewClient(serverURL)
 
 	resp, err := client.CreateSession(nick)
 	if err != nil {
@@ -184,7 +167,6 @@ func (a *App) cmdConnect(serverURL string) {
 
 	// Start polling.
 	a.stopPoll = make(chan struct{})
-
 	go a.pollLoop()
 }
 
@@ -203,13 +185,12 @@ func (a *App) cmdNick(nick string) {
 		a.mu.Lock()
 		a.nick = nick
 		a.mu.Unlock()
-
 		a.ui.AddStatus(fmt.Sprintf("Nick set to %s (will be used on connect)", nick))
 
 		return
 	}
 
-	err := a.client.SendMessage(&chatapi.Message{
+	err := a.client.SendMessage(&api.Message{
 		Command: "NICK",
 		Body:    []string{nick},
 	})
@@ -223,7 +204,6 @@ func (a *App) cmdNick(nick string) {
 	a.nick = nick
 	target := a.target
 	a.mu.Unlock()
-
 	a.ui.SetStatus(nick, target, "connected")
 	a.ui.AddStatus("Nick changed to " + nick)
 }
@@ -268,7 +248,6 @@ func (a *App) cmdJoin(channel string) {
 
 func (a *App) cmdPart(channel string) {
 	a.mu.Lock()
-
 	if channel == "" {
 		channel = a.target
 	}
@@ -298,7 +277,6 @@ func (a *App) cmdPart(channel string) {
 	a.ui.AddLine(channel, "[yellow]*** Left "+channel)
 
 	a.mu.Lock()
-
 	if a.target == channel {
 		a.target = ""
 	}
@@ -311,9 +289,8 @@ func (a *App) cmdPart(channel string) {
 }
 
 func (a *App) cmdMsg(args string) {
-	parts := strings.SplitN(args, " ", commandSplitArgs)
-
-	if len(parts) < commandSplitArgs {
+	parts := strings.SplitN(args, " ", splitParts)
+	if len(parts) < splitParts {
 		a.ui.AddStatus("[red]Usage: /msg <nick> <text>")
 
 		return
@@ -332,7 +309,7 @@ func (a *App) cmdMsg(args string) {
 		return
 	}
 
-	err := a.client.SendMessage(&chatapi.Message{
+	err := a.client.SendMessage(&api.Message{
 		Command: "PRIVMSG",
 		To:      target,
 		Body:    []string{text},
@@ -383,7 +360,7 @@ func (a *App) cmdTopic(args string) {
 
 	if args == "" {
 		// Query topic.
-		err := a.client.SendMessage(&chatapi.Message{
+		err := a.client.SendMessage(&api.Message{
 			Command: "TOPIC",
 			To:      target,
 		})
@@ -394,7 +371,7 @@ func (a *App) cmdTopic(args string) {
 		return
 	}
 
-	err := a.client.SendMessage(&chatapi.Message{
+	err := a.client.SendMessage(&api.Message{
 		Command: "TOPIC",
 		To:      target,
 		Body:    []string{args},
@@ -468,7 +445,6 @@ func (a *App) cmdWindow(args string) {
 
 	n := 0
 	_, _ = fmt.Sscanf(args, "%d", &n)
-
 	a.ui.SwitchBuffer(n)
 
 	a.mu.Lock()
@@ -478,12 +454,10 @@ func (a *App) cmdWindow(args string) {
 	// Update target based on buffer.
 	if n < a.ui.BufferCount() {
 		buf := a.ui.buffers[n]
-
 		if buf.Name != "(status)" {
 			a.mu.Lock()
 			a.target = buf.Name
 			a.mu.Unlock()
-
 			a.ui.SetStatus(nick, buf.Name, "connected")
 		} else {
 			a.ui.SetStatus(nick, "", "connected")
@@ -493,15 +467,13 @@ func (a *App) cmdWindow(args string) {
 
 func (a *App) cmdQuit() {
 	a.mu.Lock()
-
 	if a.connected && a.client != nil {
-		_ = a.client.SendMessage(&chatapi.Message{Command: "QUIT"})
+		_ = a.client.SendMessage(&api.Message{Command: "QUIT"})
 	}
 
 	if a.stopPoll != nil {
 		close(a.stopPoll)
 	}
-
 	a.mu.Unlock()
 	a.ui.Stop()
 }
@@ -523,7 +495,6 @@ func (a *App) cmdHelp() {
 		"  /help           — This help",
 		"  Plain text sends to current target.",
 	}
-
 	for _, line := range help {
 		a.ui.AddStatus(line)
 	}
@@ -547,10 +518,10 @@ func (a *App) pollLoop() {
 			return
 		}
 
-		msgs, err := client.PollMessages(lastID, pollTimeoutSec)
+		msgs, err := client.PollMessages(lastID, pollTimeout)
 		if err != nil {
 			// Transient error — retry after delay.
-			time.Sleep(pollRetrySec * time.Second)
+			time.Sleep(pollRetryDelay)
 
 			continue
 		}
@@ -567,8 +538,18 @@ func (a *App) pollLoop() {
 	}
 }
 
-func (a *App) handleServerMessage(msg *chatapi.Message) {
-	ts := a.formatMessageTS(msg)
+func (a *App) messageTimestamp(msg *api.Message) string {
+	if msg.TS != "" {
+		t := msg.ParseTS()
+
+		return t.Local().Format("15:04") //nolint:gosmopolitan // CLI displays local time intentionally
+	}
+
+	return time.Now().Format("15:04")
+}
+
+func (a *App) handleServerMessage(msg *api.Message) {
+	ts := a.messageTimestamp(msg)
 
 	a.mu.Lock()
 	myNick := a.nick
@@ -576,80 +557,63 @@ func (a *App) handleServerMessage(msg *chatapi.Message) {
 
 	switch msg.Command {
 	case "PRIVMSG":
-		a.handlePrivmsg(msg, ts, myNick)
+		a.handleMsgPrivmsg(msg, ts, myNick)
 	case "JOIN":
-		a.handleJoinMsg(msg, ts)
+		a.handleMsgJoin(msg, ts)
 	case "PART":
-		a.handlePartMsg(msg, ts)
+		a.handleMsgPart(msg, ts)
 	case "QUIT":
-		a.handleQuitMsg(msg, ts)
+		a.handleMsgQuit(msg, ts)
 	case "NICK":
-		a.handleNickMsg(msg, ts, myNick)
+		a.handleMsgNick(msg, ts, myNick)
 	case "NOTICE":
-		a.handleNoticeMsg(msg, ts)
+		a.handleMsgNotice(msg, ts)
 	case "TOPIC":
-		a.handleTopicMsg(msg, ts)
+		a.handleMsgTopic(msg, ts)
 	default:
-		a.handleDefaultMsg(msg, ts)
+		a.handleMsgDefault(msg, ts)
 	}
 }
 
-func (a *App) formatMessageTS(msg *chatapi.Message) string {
-	if msg.TS != "" {
-		t := msg.ParseTS()
-
-		return t.Local().Format("15:04") //nolint:gosmopolitan // Local time display is intentional for UI
-	}
-
-	return time.Now().Format("15:04")
-}
-
-func (a *App) handlePrivmsg(msg *chatapi.Message, ts, myNick string) {
+func (a *App) handleMsgPrivmsg(msg *api.Message, ts, myNick string) {
 	lines := msg.BodyLines()
 	text := strings.Join(lines, " ")
 
 	if msg.From == myNick {
-		// Skip our own echoed messages (already displayed locally).
 		return
 	}
 
 	target := msg.To
-
 	if !strings.HasPrefix(target, "#") {
-		// DM — use sender's nick as buffer name.
 		target = msg.From
 	}
 
 	a.ui.AddLine(target, fmt.Sprintf("[gray]%s [green]<%s>[white] %s", ts, msg.From, text))
 }
 
-func (a *App) handleJoinMsg(msg *chatapi.Message, ts string) {
-	target := msg.To
-	if target != "" {
-		a.ui.AddLine(target, fmt.Sprintf("[gray]%s [yellow]*** %s has joined %s", ts, msg.From, target))
+func (a *App) handleMsgJoin(msg *api.Message, ts string) {
+	if msg.To != "" {
+		a.ui.AddLine(msg.To, fmt.Sprintf("[gray]%s [yellow]*** %s has joined %s", ts, msg.From, msg.To))
 	}
 }
 
-func (a *App) handlePartMsg(msg *chatapi.Message, ts string) {
+func (a *App) handleMsgPart(msg *api.Message, ts string) {
 	target := msg.To
-	lines := msg.BodyLines()
+	reason := strings.Join(msg.BodyLines(), " ")
 
-	reason := strings.Join(lines, " ")
+	if target == "" {
+		return
+	}
 
-	if target != "" {
-		if reason != "" {
-			a.ui.AddLine(target, fmt.Sprintf("[gray]%s [yellow]*** %s has left %s (%s)", ts, msg.From, target, reason))
-		} else {
-			a.ui.AddLine(target, fmt.Sprintf("[gray]%s [yellow]*** %s has left %s", ts, msg.From, target))
-		}
+	if reason != "" {
+		a.ui.AddLine(target, fmt.Sprintf("[gray]%s [yellow]*** %s has left %s (%s)", ts, msg.From, target, reason))
+	} else {
+		a.ui.AddLine(target, fmt.Sprintf("[gray]%s [yellow]*** %s has left %s", ts, msg.From, target))
 	}
 }
 
-func (a *App) handleQuitMsg(msg *chatapi.Message, ts string) {
-	lines := msg.BodyLines()
-
-	reason := strings.Join(lines, " ")
-
+func (a *App) handleMsgQuit(msg *api.Message, ts string) {
+	reason := strings.Join(msg.BodyLines(), " ")
 	if reason != "" {
 		a.ui.AddStatus(fmt.Sprintf("[gray]%s [yellow]*** %s has quit (%s)", ts, msg.From, reason))
 	} else {
@@ -657,7 +621,7 @@ func (a *App) handleQuitMsg(msg *chatapi.Message, ts string) {
 	}
 }
 
-func (a *App) handleNickMsg(msg *chatapi.Message, ts, myNick string) {
+func (a *App) handleMsgNick(msg *api.Message, ts, myNick string) {
 	lines := msg.BodyLines()
 
 	newNick := ""
@@ -670,36 +634,26 @@ func (a *App) handleNickMsg(msg *chatapi.Message, ts, myNick string) {
 		a.nick = newNick
 		target := a.target
 		a.mu.Unlock()
-
 		a.ui.SetStatus(newNick, target, "connected")
 	}
 
 	a.ui.AddStatus(fmt.Sprintf("[gray]%s [yellow]*** %s is now known as %s", ts, msg.From, newNick))
 }
 
-func (a *App) handleNoticeMsg(msg *chatapi.Message, ts string) {
-	lines := msg.BodyLines()
-
-	text := strings.Join(lines, " ")
-
+func (a *App) handleMsgNotice(msg *api.Message, ts string) {
+	text := strings.Join(msg.BodyLines(), " ")
 	a.ui.AddStatus(fmt.Sprintf("[gray]%s [magenta]--%s-- %s", ts, msg.From, text))
 }
 
-func (a *App) handleTopicMsg(msg *chatapi.Message, ts string) {
-	lines := msg.BodyLines()
-
-	text := strings.Join(lines, " ")
-
+func (a *App) handleMsgTopic(msg *api.Message, ts string) {
+	text := strings.Join(msg.BodyLines(), " ")
 	if msg.To != "" {
 		a.ui.AddLine(msg.To, fmt.Sprintf("[gray]%s [cyan]*** %s set topic: %s", ts, msg.From, text))
 	}
 }
 
-func (a *App) handleDefaultMsg(msg *chatapi.Message, ts string) {
-	lines := msg.BodyLines()
-
-	text := strings.Join(lines, " ")
-
+func (a *App) handleMsgDefault(msg *api.Message, ts string) {
+	text := strings.Join(msg.BodyLines(), " ")
 	if text != "" {
 		a.ui.AddStatus(fmt.Sprintf("[gray]%s [white][%s] %s", ts, msg.Command, text))
 	}

cmd/chat-cli/ui.go

@@ -39,9 +39,33 @@ func NewUI() *UI {
 		},
 	}
 
-	ui.setupWidgets()
-	ui.setupInputCapture()
-	ui.setupLayout()
+	// Message area.
+	ui.messages = tview.NewTextView().
+		SetDynamicColors(true).
+		SetScrollable(true).
+		SetWordWrap(true).
+		SetChangedFunc(func() {
+			ui.app.Draw()
+		})
+	ui.messages.SetBorder(false)
+
+	// Status bar.
+	ui.statusBar = tview.NewTextView().
+		SetDynamicColors(true)
+	ui.statusBar.SetBackgroundColor(tcell.ColorNavy)
+	ui.statusBar.SetTextColor(tcell.ColorWhite)
+
+	ui.setupInput()
+	ui.setupKeyCapture()
+
+	// Layout: messages on top, status bar, input at bottom.
+	ui.layout = tview.NewFlex().SetDirection(tview.FlexRow).
+		AddItem(ui.messages, 0, 1, false).
+		AddItem(ui.statusBar, 1, 0, false).
+		AddItem(ui.input, 1, 0, true)
+
+	ui.app.SetRoot(ui.layout, true)
+	ui.app.SetFocus(ui.input)
 
 	return ui
 }
@@ -96,7 +120,6 @@ func (ui *UI) SwitchBuffer(n int) {
 
 		ui.currentBuffer = n
 		buf := ui.buffers[n]
-
 		buf.Unread = 0
 
 		ui.messages.Clear()
@@ -114,7 +137,6 @@ func (ui *UI) SwitchBuffer(n int) {
 func (ui *UI) SwitchToBuffer(name string) {
 	ui.app.QueueUpdateDraw(func() {
 		buf := ui.getOrCreateBuffer(name)
-
 		for i, b := range ui.buffers {
 			if b == buf {
 				ui.currentBuffer = i
@@ -159,41 +181,29 @@ func (ui *UI) BufferIndex(name string) int {
 	return -1
 }
 
-func (ui *UI) setupWidgets() {
-	ui.messages = tview.NewTextView().
-		SetDynamicColors(true).
-		SetScrollable(true).
-		SetWordWrap(true).
-		SetChangedFunc(func() {
-			ui.app.Draw()
-		})
-	ui.messages.SetBorder(false)
-
-	ui.statusBar = tview.NewTextView().
-		SetDynamicColors(true)
-	ui.statusBar.SetBackgroundColor(tcell.ColorNavy)
-	ui.statusBar.SetTextColor(tcell.ColorWhite)
-
+func (ui *UI) setupInput() {
 	ui.input = tview.NewInputField().
 		SetFieldBackgroundColor(tcell.ColorBlack).
 		SetFieldTextColor(tcell.ColorWhite)
 	ui.input.SetDoneFunc(func(key tcell.Key) {
-		if key == tcell.KeyEnter {
-			text := ui.input.GetText()
-			if text == "" {
-				return
-			}
+		if key != tcell.KeyEnter {
+			return
+		}
 
-			ui.input.SetText("")
+		text := ui.input.GetText()
+		if text == "" {
+			return
+		}
 
-			if ui.onInput != nil {
-				ui.onInput(text)
-			}
+		ui.input.SetText("")
+
+		if ui.onInput != nil {
+			ui.onInput(text)
 		}
 	})
 }
 
-func (ui *UI) setupInputCapture() {
+func (ui *UI) setupKeyCapture() {
 	ui.app.SetInputCapture(func(event *tcell.EventKey) *tcell.EventKey {
 		if event.Modifiers()&tcell.ModAlt != 0 {
 			r := event.Rune()
@@ -209,16 +219,6 @@ func (ui *UI) setupInputCapture() {
 	})
 }
 
-func (ui *UI) setupLayout() {
-	ui.layout = tview.NewFlex().SetDirection(tview.FlexRow).
-		AddItem(ui.messages, 0, 1, false).
-		AddItem(ui.statusBar, 1, 0, false).
-		AddItem(ui.input, 1, 0, true)
-
-	ui.app.SetRoot(ui.layout, true)
-	ui.app.SetFocus(ui.input)
-}
-
 func (ui *UI) refreshStatus() {
 	// Will be called from the main goroutine via QueueUpdateDraw parent.
 	// Rebuild status from app state — caller must provide context.
@@ -241,7 +241,6 @@ func (ui *UI) refreshStatusWith(nick, target, connStatus string) {
 	bufInfo := fmt.Sprintf("[%d:%s]", ui.currentBuffer, ui.buffers[ui.currentBuffer].Name)
 
 	ui.statusBar.Clear()
-
 	_, _ = fmt.Fprintf(ui.statusBar, " [%s] %s %s %s%s",
 		connStatus, nick, bufInfo, target, unread)
 }

internal/db/db.go

@@ -435,7 +435,8 @@ func (s *Database) AckMessages(
 		args[i] = id
 	}
 
-	query := fmt.Sprintf( //nolint:gosec // G201: placeholders are literal "?" strings, not user input
+	//nolint:gosec // G201: placeholders are all "?" literals, not user input
+	query := fmt.Sprintf(
 		"DELETE FROM message_queue WHERE id IN (%s)",
 		strings.Join(placeholders, ","),
 	)
@@ -661,23 +662,7 @@ func (s *Database) applyMigrations(
 	migrations []migration,
 ) error {
 	for _, m := range migrations {
-		var exists int
-
-		err := s.db.QueryRowContext(ctx,
-			"SELECT COUNT(*) FROM schema_migrations WHERE version = ?",
-			m.version,
-		).Scan(&exists)
-		if err != nil {
-			return fmt.Errorf(
-				"check migration %d: %w", m.version, err,
-			)
-		}
-
-		if exists > 0 {
-			continue
-		}
-
-		err = s.applySingleMigration(ctx, m)
+		err := s.applyOneMigration(ctx, m)
 		if err != nil {
 			return err
 		}
@@ -686,27 +671,33 @@ func (s *Database) applyMigrations(
 	return nil
 }
 
-func (s *Database) applySingleMigration(ctx context.Context, m migration) error {
-	s.log.Info(
-		"applying migration",
-		"version", m.version, "name", m.name,
-	)
+func (s *Database) applyOneMigration(ctx context.Context, m migration) error {
+	var exists int
+
+	err := s.db.QueryRowContext(ctx,
+		"SELECT COUNT(*) FROM schema_migrations WHERE version = ?",
+		m.version,
+	).Scan(&exists)
+	if err != nil {
+		return fmt.Errorf("check migration %d: %w", m.version, err)
+	}
+
+	if exists > 0 {
+		return nil
+	}
+
+	s.log.Info("applying migration", "version", m.version, "name", m.name)
 
 	tx, err := s.db.BeginTx(ctx, nil)
 	if err != nil {
-		return fmt.Errorf(
-			"begin tx for migration %d: %w", m.version, err,
-		)
+		return fmt.Errorf("begin tx for migration %d: %w", m.version, err)
 	}
 
 	_, err = tx.ExecContext(ctx, m.sql)
 	if err != nil {
 		_ = tx.Rollback()
 
-		return fmt.Errorf(
-			"apply migration %d (%s): %w",
-			m.version, m.name, err,
-		)
+		return fmt.Errorf("apply migration %d (%s): %w", m.version, m.name, err)
 	}
 
 	_, err = tx.ExecContext(ctx,
@@ -716,17 +707,8 @@ func (s *Database) applySingleMigration(ctx context.Context, m migration) error
 	if err != nil {
 		_ = tx.Rollback()
 
-		return fmt.Errorf(
-			"record migration %d: %w", m.version, err,
-		)
+		return fmt.Errorf("record migration %d: %w", m.version, err)
 	}
 
-	err = tx.Commit()
-	if err != nil {
-		return fmt.Errorf(
-			"commit migration %d: %w", m.version, err,
-		)
-	}
-
-	return nil
+	return tx.Commit()
 }

internal/db/queries.go

@@ -2,68 +2,14 @@ package db
 
 import (
 	"context"
-	"crypto/rand"
 	"database/sql"
-	"encoding/hex"
 	"fmt"
 	"time"
 )
 
-const tokenBytes = 32
-
-func generateToken() string {
-	b := make([]byte, tokenBytes)
-	_, _ = rand.Read(b)
-
-	return hex.EncodeToString(b)
-}
-
-// CreateSimpleUser registers a new user with the given nick and returns the user ID and token.
-func (s *Database) CreateSimpleUser(ctx context.Context, nick string) (int64, string, error) {
-	token := generateToken()
-	now := time.Now()
-
-	res, err := s.db.ExecContext(ctx,
-		"INSERT INTO users (nick, token, created_at, last_seen) VALUES (?, ?, ?, ?)",
-		nick, token, now, now)
-	if err != nil {
-		return 0, "", fmt.Errorf("create user: %w", err)
-	}
-
-	id, _ := res.LastInsertId()
-
-	return id, token, nil
-}
-
-// LookupUserByToken returns user id and nick for a given auth token.
-func (s *Database) LookupUserByToken(ctx context.Context, token string) (int64, string, error) {
-	var id int64
-
-	var nick string
-
-	err := s.db.QueryRowContext(ctx, "SELECT id, nick FROM users WHERE token = ?", token).Scan(&id, &nick)
-	if err != nil {
-		return 0, "", err
-	}
-
-	// Update last_seen
-	_, _ = s.db.ExecContext(ctx, "UPDATE users SET last_seen = ? WHERE id = ?", time.Now(), id)
-
-	return id, nick, nil
-}
-
-// LookupUserByNick returns user id for a given nick.
-func (s *Database) LookupUserByNick(ctx context.Context, nick string) (int64, error) {
-	var id int64
-
-	err := s.db.QueryRowContext(ctx, "SELECT id FROM users WHERE nick = ?", nick).Scan(&id)
-
-	return id, err
-}
-
 // GetOrCreateChannel returns the channel id, creating it if needed.
-func (s *Database) GetOrCreateChannel(ctx context.Context, name string) (int64, error) {
-	var id int64
+func (s *Database) GetOrCreateChannel(ctx context.Context, name string) (string, error) {
+	var id string
 
 	err := s.db.QueryRowContext(ctx, "SELECT id FROM channels WHERE name = ?", name).Scan(&id)
 	if err == nil {
@@ -71,30 +17,29 @@ func (s *Database) GetOrCreateChannel(ctx context.Context, name string) (int64,
 	}
 
 	now := time.Now()
+	id = fmt.Sprintf("ch-%d", now.UnixNano())
 
-	res, err := s.db.ExecContext(ctx,
-		"INSERT INTO channels (name, created_at, updated_at) VALUES (?, ?, ?)",
-		name, now, now)
+	_, err = s.db.ExecContext(ctx,
+		"INSERT INTO channels (id, name, topic, modes, created_at, updated_at) VALUES (?, ?, '', '', ?, ?)",
+		id, name, now, now)
 	if err != nil {
-		return 0, fmt.Errorf("create channel: %w", err)
+		return "", fmt.Errorf("create channel: %w", err)
 	}
 
-	id, _ = res.LastInsertId()
-
 	return id, nil
 }
 
 // JoinChannel adds a user to a channel.
-func (s *Database) JoinChannel(ctx context.Context, channelID, userID int64) error {
+func (s *Database) JoinChannel(ctx context.Context, channelID, userID string) error {
 	_, err := s.db.ExecContext(ctx,
-		"INSERT OR IGNORE INTO channel_members (channel_id, user_id, joined_at) VALUES (?, ?, ?)",
+		"INSERT OR IGNORE INTO channel_members (channel_id, user_id, modes, joined_at) VALUES (?, ?, '', ?)",
 		channelID, userID, time.Now())
 
 	return err
 }
 
 // PartChannel removes a user from a channel.
-func (s *Database) PartChannel(ctx context.Context, channelID, userID int64) error {
+func (s *Database) PartChannel(ctx context.Context, channelID, userID string) error {
 	_, err := s.db.ExecContext(ctx,
 		"DELETE FROM channel_members WHERE channel_id = ? AND user_id = ?",
 		channelID, userID)
@@ -102,15 +47,8 @@ func (s *Database) PartChannel(ctx context.Context, channelID, userID int64) err
 	return err
 }
 
-// ChannelInfo is a lightweight channel representation.
-type ChannelInfo struct {
-	ID    int64  `json:"id"`
-	Name  string `json:"name"`
-	Topic string `json:"topic"`
-}
-
 // ListChannels returns all channels the user has joined.
-func (s *Database) ListChannels(ctx context.Context, userID int64) ([]ChannelInfo, error) {
+func (s *Database) ListChannels(ctx context.Context, userID string) ([]ChannelInfo, error) {
 	rows, err := s.db.QueryContext(ctx,
 		`SELECT c.id, c.name, c.topic FROM channels c
 		 INNER JOIN channel_members cm ON cm.channel_id = c.id
@@ -119,20 +57,35 @@ func (s *Database) ListChannels(ctx context.Context, userID int64) ([]ChannelInf
 		return nil, err
 	}
 
-	return scanChannelInfoRows(rows)
+	defer func() { _ = rows.Close() }()
+
+	channels := []ChannelInfo{}
+
+	for rows.Next() {
+		var ch ChannelInfo
+
+		err := rows.Scan(&ch.ID, &ch.Name, &ch.Topic)
+		if err != nil {
+			return nil, err
+		}
+
+		channels = append(channels, ch)
+	}
+
+	return channels, rows.Err()
 }
 
-// MemberInfo represents a channel member.
-type MemberInfo struct {
-	ID       int64     `json:"id"`
-	Nick     string    `json:"nick"`
-	LastSeen time.Time `json:"lastSeen"`
+// ChannelInfo is a lightweight channel representation.
+type ChannelInfo struct {
+	ID    string `json:"id"`
+	Name  string `json:"name"`
+	Topic string `json:"topic"`
 }
 
 // ChannelMembers returns all members of a channel.
-func (s *Database) ChannelMembers(ctx context.Context, channelID int64) ([]MemberInfo, error) {
+func (s *Database) ChannelMembers(ctx context.Context, channelID string) ([]MemberInfo, error) {
 	rows, err := s.db.QueryContext(ctx,
-		`SELECT u.id, u.nick, u.last_seen FROM users u
+		`SELECT u.id, u.nick, u.last_seen_at FROM users u
 		 INNER JOIN channel_members cm ON cm.user_id = u.id
 		 WHERE cm.channel_id = ? ORDER BY u.nick`, channelID)
 	if err != nil {
@@ -141,34 +94,32 @@ func (s *Database) ChannelMembers(ctx context.Context, channelID int64) ([]Membe
 
 	defer func() { _ = rows.Close() }()
 
-	var members []MemberInfo
+	members := []MemberInfo{}
 
 	for rows.Next() {
 		var m MemberInfo
 
-		scanErr := rows.Scan(&m.ID, &m.Nick, &m.LastSeen)
-		if scanErr != nil {
-			return nil, scanErr
+		err := rows.Scan(&m.ID, &m.Nick, &m.LastSeen)
+		if err != nil {
+			return nil, err
 		}
 
 		members = append(members, m)
 	}
 
-	err = rows.Err()
-	if err != nil {
-		return nil, err
-	}
+	return members, rows.Err()
+}
 
-	if members == nil {
-		members = []MemberInfo{}
-	}
-
-	return members, nil
+// MemberInfo represents a channel member.
+type MemberInfo struct {
+	ID       string     `json:"id"`
+	Nick     string     `json:"nick"`
+	LastSeen *time.Time `json:"lastSeen"`
 }
 
 // MessageInfo represents a chat message.
 type MessageInfo struct {
-	ID        int64     `json:"id"`
+	ID        string    `json:"id"`
 	Channel   string    `json:"channel,omitempty"`
 	Nick      string    `json:"nick"`
 	Content   string    `json:"content"`
@@ -177,163 +128,191 @@ type MessageInfo struct {
 	CreatedAt time.Time `json:"createdAt"`
 }
 
-const defaultMessageLimit = 50
-
-const defaultPollLimit = 100
-
-// GetMessages returns messages for a channel, optionally after a given ID.
-func (s *Database) GetMessages(
-	ctx context.Context, channelID int64, afterID int64, limit int,
-) ([]MessageInfo, error) {
-	if limit <= 0 {
-		limit = defaultMessageLimit
-	}
-
-	rows, err := s.db.QueryContext(ctx,
-		`SELECT m.id, c.name, u.nick, m.content, m.created_at
-		 FROM messages m
-		 INNER JOIN users u ON u.id = m.user_id
-		 INNER JOIN channels c ON c.id = m.channel_id
-		 WHERE m.channel_id = ? AND m.is_dm = 0 AND m.id > ?
-		 ORDER BY m.id ASC LIMIT ?`, channelID, afterID, limit)
-	if err != nil {
-		return nil, err
-	}
-
-	return scanChannelMessages(rows)
-}
-
 // SendMessage inserts a channel message.
-func (s *Database) SendMessage(
-	ctx context.Context, channelID, userID int64, content string,
-) (int64, error) {
-	res, err := s.db.ExecContext(ctx,
-		"INSERT INTO messages (channel_id, user_id, content, is_dm, created_at) VALUES (?, ?, ?, 0, ?)",
-		channelID, userID, content, time.Now())
+func (s *Database) SendMessage(ctx context.Context, channelID, userID, nick, content string) (string, error) {
+	now := time.Now()
+	id := fmt.Sprintf("msg-%d", now.UnixNano())
+
+	_, err := s.db.ExecContext(ctx,
+		`INSERT INTO messages (id, ts, from_user_id, from_nick, target, type, body, meta, created_at)
+		 VALUES (?, ?, ?, ?, ?, 'message', ?, '{}', ?)`,
+		id, now, userID, nick, channelID, content, now)
 	if err != nil {
-		return 0, err
+		return "", err
 	}
 
-	return res.LastInsertId()
+	return id, nil
 }
 
 // SendDM inserts a direct message.
-func (s *Database) SendDM(
-	ctx context.Context, fromID, toID int64, content string,
-) (int64, error) {
-	res, err := s.db.ExecContext(ctx,
-		"INSERT INTO messages (user_id, content, is_dm, dm_target_id, created_at) VALUES (?, ?, 1, ?, ?)",
-		fromID, content, toID, time.Now())
+func (s *Database) SendDM(ctx context.Context, fromID, fromNick, toID, content string) (string, error) {
+	now := time.Now()
+	id := fmt.Sprintf("msg-%d", now.UnixNano())
+
+	_, err := s.db.ExecContext(ctx,
+		`INSERT INTO messages (id, ts, from_user_id, from_nick, target, type, body, meta, created_at)
+		 VALUES (?, ?, ?, ?, ?, 'message', ?, '{}', ?)`,
+		id, now, fromID, fromNick, toID, content, now)
 	if err != nil {
-		return 0, err
+		return "", err
 	}
 
-	return res.LastInsertId()
+	return id, nil
 }
 
-// GetDMs returns direct messages between two users after a given ID.
-func (s *Database) GetDMs(
-	ctx context.Context, userA, userB int64, afterID int64, limit int,
-) ([]MessageInfo, error) {
+// PollMessages returns all new messages for a user's joined channels, ordered by timestamp.
+func (s *Database) PollMessages(ctx context.Context, userID string, afterTS string, limit int) ([]MessageInfo, error) {
 	if limit <= 0 {
-		limit = defaultMessageLimit
+		limit = 100
 	}
 
 	rows, err := s.db.QueryContext(ctx,
-		`SELECT m.id, u.nick, m.content, t.nick, m.created_at
+		`SELECT m.id, m.target, m.from_nick, m.body, m.created_at
 		 FROM messages m
-		 INNER JOIN users u ON u.id = m.user_id
-		 INNER JOIN users t ON t.id = m.dm_target_id
-		 WHERE m.is_dm = 1 AND m.id > ?
-		 AND ((m.user_id = ? AND m.dm_target_id = ?) OR (m.user_id = ? AND m.dm_target_id = ?))
-		 ORDER BY m.id ASC LIMIT ?`, afterID, userA, userB, userB, userA, limit)
-	if err != nil {
-		return nil, err
-	}
-
-	return scanDMMessages(rows)
-}
-
-// PollMessages returns all new messages (channel + DM) for a user after a given ID.
-func (s *Database) PollMessages(
-	ctx context.Context, userID int64, afterID int64, limit int,
-) ([]MessageInfo, error) {
-	if limit <= 0 {
-		limit = defaultPollLimit
-	}
-
-	rows, err := s.db.QueryContext(ctx,
-		`SELECT m.id, COALESCE(c.name, ''), u.nick, m.content, m.is_dm,
-		        COALESCE(t.nick, ''), m.created_at
-		 FROM messages m
-		 INNER JOIN users u ON u.id = m.user_id
-		 LEFT JOIN channels c ON c.id = m.channel_id
-		 LEFT JOIN users t ON t.id = m.dm_target_id
-		 WHERE m.id > ? AND (
-		   (m.is_dm = 0 AND m.channel_id IN
-		     (SELECT channel_id FROM channel_members WHERE user_id = ?))
-		   OR (m.is_dm = 1 AND (m.user_id = ? OR m.dm_target_id = ?))
+		 WHERE m.created_at > COALESCE(NULLIF(?, ''), '1970-01-01')
+		 AND (
+		   m.target IN (SELECT cm.channel_id FROM channel_members cm WHERE cm.user_id = ?)
+		   OR m.target = ?
+		   OR m.from_user_id = ?
 		 )
-		 ORDER BY m.id ASC LIMIT ?`, afterID, userID, userID, userID, limit)
+		 ORDER BY m.created_at ASC LIMIT ?`,
+		afterTS, userID, userID, userID, limit)
 	if err != nil {
 		return nil, err
 	}
 
-	return scanPollMessages(rows)
+	defer func() { _ = rows.Close() }()
+
+	msgs := []MessageInfo{}
+
+	for rows.Next() {
+		var m MessageInfo
+
+		err := rows.Scan(&m.ID, &m.Channel, &m.Nick, &m.Content, &m.CreatedAt)
+		if err != nil {
+			return nil, err
+		}
+
+		msgs = append(msgs, m)
+	}
+
+	return msgs, rows.Err()
 }
 
-// GetMessagesBefore returns channel messages before a given ID (for history scrollback).
+// GetMessagesBefore returns channel messages before a given timestamp (for history scrollback).
 func (s *Database) GetMessagesBefore(
-	ctx context.Context, channelID int64, beforeID int64, limit int,
+	ctx context.Context, target string, beforeTS string, limit int,
 ) ([]MessageInfo, error) {
 	if limit <= 0 {
-		limit = defaultMessageLimit
+		limit = 50
 	}
 
-	query, args := buildChannelHistoryQuery(channelID, beforeID, limit)
+	var rows *sql.Rows
+
+	var err error
+
+	if beforeTS != "" {
+		rows, err = s.db.QueryContext(ctx,
+			`SELECT m.id, m.target, m.from_nick, m.body, m.created_at
+			 FROM messages m
+			 WHERE m.target = ? AND m.created_at < ?
+			 ORDER BY m.created_at DESC LIMIT ?`,
+			target, beforeTS, limit)
+	} else {
+		rows, err = s.db.QueryContext(ctx,
+			`SELECT m.id, m.target, m.from_nick, m.body, m.created_at
+			 FROM messages m
+			 WHERE m.target = ?
+			 ORDER BY m.created_at DESC LIMIT ?`,
+			target, limit)
+	}
 
-	rows, err := s.db.QueryContext(ctx, query, args...)
 	if err != nil {
 		return nil, err
 	}
 
-	msgs, err := scanChannelMessages(rows)
-	if err != nil {
-		return nil, err
+	defer func() { _ = rows.Close() }()
+
+	msgs := []MessageInfo{}
+
+	for rows.Next() {
+		var m MessageInfo
+
+		err := rows.Scan(&m.ID, &m.Channel, &m.Nick, &m.Content, &m.CreatedAt)
+		if err != nil {
+			return nil, err
+		}
+
+		msgs = append(msgs, m)
 	}
 
-	reverseMessages(msgs)
+	// Reverse to ascending order.
+	for i, j := 0, len(msgs)-1; i < j; i, j = i+1, j-1 {
+		msgs[i], msgs[j] = msgs[j], msgs[i]
+	}
 
-	return msgs, nil
+	return msgs, rows.Err()
 }
 
-// GetDMsBefore returns DMs between two users before a given ID (for history scrollback).
+// GetDMsBefore returns DMs between two users before a given timestamp.
 func (s *Database) GetDMsBefore(
-	ctx context.Context, userA, userB int64, beforeID int64, limit int,
+	ctx context.Context, userA, userB string, beforeTS string, limit int,
 ) ([]MessageInfo, error) {
 	if limit <= 0 {
-		limit = defaultMessageLimit
+		limit = 50
 	}
 
-	query, args := buildDMHistoryQuery(userA, userB, beforeID, limit)
+	var rows *sql.Rows
+
+	var err error
+
+	if beforeTS != "" {
+		rows, err = s.db.QueryContext(ctx,
+			`SELECT m.id, m.from_nick, m.body, m.target, m.created_at
+			 FROM messages m
+			 WHERE m.created_at < ?
+			 AND ((m.from_user_id = ? AND m.target = ?) OR (m.from_user_id = ? AND m.target = ?))
+			 ORDER BY m.created_at DESC LIMIT ?`,
+			beforeTS, userA, userB, userB, userA, limit)
+	} else {
+		rows, err = s.db.QueryContext(ctx,
+			`SELECT m.id, m.from_nick, m.body, m.target, m.created_at
+			 FROM messages m
+			 WHERE (m.from_user_id = ? AND m.target = ?) OR (m.from_user_id = ? AND m.target = ?)
+			 ORDER BY m.created_at DESC LIMIT ?`,
+			userA, userB, userB, userA, limit)
+	}
 
-	rows, err := s.db.QueryContext(ctx, query, args...)
 	if err != nil {
 		return nil, err
 	}
 
-	msgs, err := scanDMMessages(rows)
-	if err != nil {
-		return nil, err
+	defer func() { _ = rows.Close() }()
+
+	msgs := []MessageInfo{}
+
+	for rows.Next() {
+		var m MessageInfo
+
+		err := rows.Scan(&m.ID, &m.Nick, &m.Content, &m.DMTarget, &m.CreatedAt)
+		if err != nil {
+			return nil, err
+		}
+
+		m.IsDM = true
+		msgs = append(msgs, m)
 	}
 
-	reverseMessages(msgs)
+	// Reverse to ascending order.
+	for i, j := 0, len(msgs)-1; i < j; i, j = i+1, j-1 {
+		msgs[i], msgs[j] = msgs[j], msgs[i]
+	}
 
-	return msgs, nil
+	return msgs, rows.Err()
 }
 
 // ChangeNick updates a user's nickname.
-func (s *Database) ChangeNick(ctx context.Context, userID int64, newNick string) error {
+func (s *Database) ChangeNick(ctx context.Context, userID string, newNick string) error {
 	_, err := s.db.ExecContext(ctx,
 		"UPDATE users SET nick = ? WHERE id = ?", newNick, userID)
 
@@ -341,7 +320,7 @@ func (s *Database) ChangeNick(ctx context.Context, userID int64, newNick string)
 }
 
 // SetTopic sets the topic for a channel.
-func (s *Database) SetTopic(ctx context.Context, channelName string, _ int64, topic string) error {
+func (s *Database) SetTopic(ctx context.Context, channelName string, _ string, topic string) error {
 	_, err := s.db.ExecContext(ctx,
 		"UPDATE channels SET topic = ? WHERE name = ?", topic, channelName)
 
@@ -361,173 +340,20 @@ func (s *Database) ListAllChannels(ctx context.Context) ([]ChannelInfo, error) {
 		return nil, err
 	}
 
-	return scanChannelInfoRows(rows)
-}
-
-// --- Helper functions ---
-
-func scanChannelInfoRows(rows *sql.Rows) ([]ChannelInfo, error) {
 	defer func() { _ = rows.Close() }()
 
-	var channels []ChannelInfo
+	channels := []ChannelInfo{}
 
 	for rows.Next() {
 		var ch ChannelInfo
 
-		scanErr := rows.Scan(&ch.ID, &ch.Name, &ch.Topic)
-		if scanErr != nil {
-			return nil, scanErr
+		err := rows.Scan(&ch.ID, &ch.Name, &ch.Topic)
+		if err != nil {
+			return nil, err
 		}
 
 		channels = append(channels, ch)
 	}
 
-	err := rows.Err()
-	if err != nil {
-		return nil, err
-	}
-
-	if channels == nil {
-		channels = []ChannelInfo{}
-	}
-
-	return channels, nil
-}
-
-func scanChannelMessages(rows *sql.Rows) ([]MessageInfo, error) {
-	defer func() { _ = rows.Close() }()
-
-	var msgs []MessageInfo
-
-	for rows.Next() {
-		var m MessageInfo
-
-		scanErr := rows.Scan(&m.ID, &m.Channel, &m.Nick, &m.Content, &m.CreatedAt)
-		if scanErr != nil {
-			return nil, scanErr
-		}
-
-		msgs = append(msgs, m)
-	}
-
-	err := rows.Err()
-	if err != nil {
-		return nil, err
-	}
-
-	if msgs == nil {
-		msgs = []MessageInfo{}
-	}
-
-	return msgs, nil
-}
-
-func scanDMMessages(rows *sql.Rows) ([]MessageInfo, error) {
-	defer func() { _ = rows.Close() }()
-
-	var msgs []MessageInfo
-
-	for rows.Next() {
-		var m MessageInfo
-
-		scanErr := rows.Scan(&m.ID, &m.Nick, &m.Content, &m.DMTarget, &m.CreatedAt)
-		if scanErr != nil {
-			return nil, scanErr
-		}
-
-		m.IsDM = true
-		msgs = append(msgs, m)
-	}
-
-	err := rows.Err()
-	if err != nil {
-		return nil, err
-	}
-
-	if msgs == nil {
-		msgs = []MessageInfo{}
-	}
-
-	return msgs, nil
-}
-
-func scanPollMessages(rows *sql.Rows) ([]MessageInfo, error) {
-	defer func() { _ = rows.Close() }()
-
-	var msgs []MessageInfo
-
-	for rows.Next() {
-		var m MessageInfo
-
-		var isDM int
-
-		scanErr := rows.Scan(
-			&m.ID, &m.Channel, &m.Nick, &m.Content, &isDM, &m.DMTarget, &m.CreatedAt,
-		)
-		if scanErr != nil {
-			return nil, scanErr
-		}
-
-		m.IsDM = isDM == 1
-		msgs = append(msgs, m)
-	}
-
-	err := rows.Err()
-	if err != nil {
-		return nil, err
-	}
-
-	if msgs == nil {
-		msgs = []MessageInfo{}
-	}
-
-	return msgs, nil
-}
-
-func buildChannelHistoryQuery(channelID, beforeID int64, limit int) (string, []any) {
-	if beforeID > 0 {
-		return `SELECT m.id, c.name, u.nick, m.content, m.created_at
-			FROM messages m
-			INNER JOIN users u ON u.id = m.user_id
-			INNER JOIN channels c ON c.id = m.channel_id
-			WHERE m.channel_id = ? AND m.is_dm = 0 AND m.id < ?
-			ORDER BY m.id DESC LIMIT ?`, []any{channelID, beforeID, limit}
-	}
-
-	return `SELECT m.id, c.name, u.nick, m.content, m.created_at
-		FROM messages m
-		INNER JOIN users u ON u.id = m.user_id
-		INNER JOIN channels c ON c.id = m.channel_id
-		WHERE m.channel_id = ? AND m.is_dm = 0
-		ORDER BY m.id DESC LIMIT ?`, []any{channelID, limit}
-}
-
-func buildDMHistoryQuery(userA, userB, beforeID int64, limit int) (string, []any) {
-	if beforeID > 0 {
-		return `SELECT m.id, u.nick, m.content, t.nick, m.created_at
-			FROM messages m
-			INNER JOIN users u ON u.id = m.user_id
-			INNER JOIN users t ON t.id = m.dm_target_id
-			WHERE m.is_dm = 1 AND m.id < ?
-			AND ((m.user_id = ? AND m.dm_target_id = ?)
-			  OR (m.user_id = ? AND m.dm_target_id = ?))
-			ORDER BY m.id DESC LIMIT ?`,
-			[]any{beforeID, userA, userB, userB, userA, limit}
-	}
-
-	return `SELECT m.id, u.nick, m.content, t.nick, m.created_at
-		FROM messages m
-		INNER JOIN users u ON u.id = m.user_id
-		INNER JOIN users t ON t.id = m.dm_target_id
-		WHERE m.is_dm = 1
-		AND ((m.user_id = ? AND m.dm_target_id = ?)
-		  OR (m.user_id = ? AND m.dm_target_id = ?))
-		ORDER BY m.id DESC LIMIT ?`,
-		[]any{userA, userB, userB, userA, limit}
-}
-
-func reverseMessages(msgs []MessageInfo) {
-	for i, j := 0, len(msgs)-1; i < j; i, j = i+1, j-1 {
-		msgs[i], msgs[j] = msgs[j], msgs[i]
-	}
+	return channels, rows.Err()
 }

internal/db/schema/003_users.sql

@@ -1,16 +1,4 @@
--- Migration 003: Add simple user auth columns.
--- This migration adds token-based auth support for the web client.
--- Tables created by 002 (with TEXT ids) take precedence via IF NOT EXISTS.
--- We only add columns/indexes that don't already exist.
-
--- Add token column to users table if it doesn't exist.
--- SQLite doesn't support IF NOT EXISTS for ALTER TABLE ADD COLUMN,
--- so we check via pragma first.
-CREATE TABLE IF NOT EXISTS _migration_003_check (done INTEGER);
-INSERT OR IGNORE INTO _migration_003_check VALUES (1);
-
--- The web chat client's simple tables are only created if migration 002
--- didn't already create them with the ORM schema.
--- Since 002 creates all needed tables, 003 is effectively a no-op
--- when run after 002.
-DROP TABLE IF EXISTS _migration_003_check;
+-- Migration 003: no-op (schema already created by 002_schema.sql)
+-- This migration previously conflicted with 002 by attempting to recreate
+-- tables with incompatible column types (INTEGER vs TEXT IDs).
+SELECT 1;

internal/handlers/api.go

@@ -1,7 +1,9 @@
 package handlers
 
 import (
+	"crypto/rand"
 	"database/sql"
+	"encoding/hex"
 	"encoding/json"
 	"net/http"
 	"strconv"
@@ -11,31 +13,43 @@ import (
 	"github.com/go-chi/chi"
 )
 
-const maxNickLen = 32
-
 // authUser extracts the user from the Authorization header (Bearer token).
-func (s *Handlers) authUser(r *http.Request) (int64, string, error) {
+func (s *Handlers) authUser(r *http.Request) (string, string, error) {
 	auth := r.Header.Get("Authorization")
 	if !strings.HasPrefix(auth, "Bearer ") {
-		return 0, "", sql.ErrNoRows
+		return "", "", sql.ErrNoRows
 	}
 
 	token := strings.TrimPrefix(auth, "Bearer ")
 
-	return s.params.Database.LookupUserByToken(r.Context(), token)
+	u, err := s.params.Database.GetUserByToken(r.Context(), token)
+	if err != nil {
+		return "", "", err
+	}
+
+	return u.ID, u.Nick, nil
 }
 
-func (s *Handlers) requireAuth(w http.ResponseWriter, r *http.Request) (int64, string, bool) {
+func (s *Handlers) requireAuth(w http.ResponseWriter, r *http.Request) (string, string, bool) {
 	uid, nick, err := s.authUser(r)
 	if err != nil {
 		s.respondJSON(w, r, map[string]string{"error": "unauthorized"}, http.StatusUnauthorized)
 
-		return 0, "", false
+		return "", "", false
 	}
 
 	return uid, nick, true
 }
 
+const idBytes = 16
+
+func generateID() string {
+	b := make([]byte, idBytes)
+	_, _ = rand.Read(b)
+
+	return hex.EncodeToString(b)
+}
+
 // HandleCreateSession creates a new user session and returns the auth token.
 func (s *Handlers) HandleCreateSession() http.HandlerFunc {
 	type request struct {
@@ -43,7 +57,7 @@ func (s *Handlers) HandleCreateSession() http.HandlerFunc {
 	}
 
 	type response struct {
-		ID    int64  `json:"id"`
+		ID    string `json:"id"`
 		Nick  string `json:"nick"`
 		Token string `json:"token"`
 	}
@@ -59,14 +73,15 @@ func (s *Handlers) HandleCreateSession() http.HandlerFunc {
 		}
 
 		req.Nick = strings.TrimSpace(req.Nick)
-
-		if req.Nick == "" || len(req.Nick) > maxNickLen {
+		if req.Nick == "" || len(req.Nick) > 32 {
 			s.respondJSON(w, r, map[string]string{"error": "nick must be 1-32 characters"}, http.StatusBadRequest)
 
 			return
 		}
 
-		id, token, err := s.params.Database.CreateSimpleUser(r.Context(), req.Nick)
+		id := generateID()
+
+		u, err := s.params.Database.CreateUser(r.Context(), id, req.Nick, "")
 		if err != nil {
 			if strings.Contains(err.Error(), "UNIQUE") {
 				s.respondJSON(w, r, map[string]string{"error": "nick already taken"}, http.StatusConflict)
@@ -80,14 +95,24 @@ func (s *Handlers) HandleCreateSession() http.HandlerFunc {
 			return
 		}
 
-		s.respondJSON(w, r, &response{ID: id, Nick: req.Nick, Token: token}, http.StatusCreated)
+		tokenStr := generateID()
+
+		_, err = s.params.Database.CreateAuthToken(r.Context(), tokenStr, u.ID)
+		if err != nil {
+			s.log.Error("create auth token failed", "error", err)
+			s.respondJSON(w, r, map[string]string{"error": "internal error"}, http.StatusInternalServerError)
+
+			return
+		}
+
+		s.respondJSON(w, r, &response{ID: u.ID, Nick: req.Nick, Token: tokenStr}, http.StatusCreated)
 	}
 }
 
 // HandleState returns the current user's info and joined channels.
 func (s *Handlers) HandleState() http.HandlerFunc {
 	type response struct {
-		ID       int64            `json:"id"`
+		ID       string           `json:"id"`
 		Nick     string           `json:"nick"`
 		Channels []db.ChannelInfo `json:"channels"`
 	}
@@ -140,7 +165,11 @@ func (s *Handlers) HandleChannelMembers() http.HandlerFunc {
 
 		name := "#" + chi.URLParam(r, "channel")
 
-		chID, err := s.lookupChannelID(r, name)
+		var chID string
+
+		//nolint:gosec // G701: parameterized query with ? placeholder, not injection
+		err := s.params.Database.GetDB().QueryRowContext(r.Context(),
+			"SELECT id FROM channels WHERE name = ?", name).Scan(&chID)
 		if err != nil {
 			s.respondJSON(w, r, map[string]string{"error": "channel not found"}, http.StatusNotFound)
 
@@ -168,10 +197,10 @@ func (s *Handlers) HandleGetMessages() http.HandlerFunc {
 			return
 		}
 
-		afterID, _ := strconv.ParseInt(r.URL.Query().Get("after"), 10, 64)
+		afterTS := r.URL.Query().Get("after")
 		limit, _ := strconv.Atoi(r.URL.Query().Get("limit"))
 
-		msgs, err := s.params.Database.PollMessages(r.Context(), uid, afterID, limit)
+		msgs, err := s.params.Database.PollMessages(r.Context(), uid, afterTS, limit)
 		if err != nil {
 			s.log.Error("get messages failed", "error", err)
 			s.respondJSON(w, r, map[string]string{"error": "internal error"}, http.StatusInternalServerError)
@@ -186,62 +215,38 @@ func (s *Handlers) HandleGetMessages() http.HandlerFunc {
 // HandleSendCommand handles all C2S commands via POST /messages.
 // The "command" field dispatches to the appropriate logic.
 func (s *Handlers) HandleSendCommand() http.HandlerFunc {
+	type request struct {
+		Command string   `json:"command"`
+		To      string   `json:"to"`
+		Params  []string `json:"params,omitempty"`
+		Body    any      `json:"body,omitempty"`
+	}
+
 	return func(w http.ResponseWriter, r *http.Request) {
 		uid, nick, ok := s.requireAuth(w, r)
 		if !ok {
 			return
 		}
 
-		cmd, err := s.decodeSendCommand(r)
+		var req request
+
+		err := json.NewDecoder(r.Body).Decode(&req)
 		if err != nil {
 			s.respondJSON(w, r, map[string]string{"error": "invalid request"}, http.StatusBadRequest)
 
 			return
 		}
 
-		switch cmd.Command {
-		case "PRIVMSG", "NOTICE":
-			s.handlePrivmsgCommand(w, r, uid, cmd)
-		case "JOIN":
-			s.handleJoinCommand(w, r, uid, cmd)
-		case "PART":
-			s.handlePartCommand(w, r, uid, cmd)
-		case "NICK":
-			s.handleNickCommand(w, r, uid, cmd)
-		case "TOPIC":
-			s.handleTopicCommand(w, r, cmd)
-		case "PING":
-			s.respondJSON(w, r, map[string]string{"command": "PONG", "from": s.params.Config.ServerName}, http.StatusOK)
-		default:
-			_ = nick // suppress unused warning
+		req.Command = strings.ToUpper(strings.TrimSpace(req.Command))
+		req.To = strings.TrimSpace(req.To)
+		lines := extractBodyLines(req.Body)
 
-			s.respondJSON(w, r, map[string]string{"error": "unknown command: " + cmd.Command}, http.StatusBadRequest)
-		}
+		s.dispatchCommand(w, r, uid, nick, req.Command, req.To, lines)
 	}
 }
 
-type sendCommand struct {
-	Command string   `json:"command"`
-	To      string   `json:"to"`
-	Params  []string `json:"params,omitempty"`
-	Body    any      `json:"body,omitempty"`
-}
-
-func (s *Handlers) decodeSendCommand(r *http.Request) (*sendCommand, error) {
-	var cmd sendCommand
-
-	err := json.NewDecoder(r.Body).Decode(&cmd)
-	if err != nil {
-		return nil, err
-	}
-
-	cmd.Command = strings.ToUpper(strings.TrimSpace(cmd.Command))
-	cmd.To = strings.TrimSpace(cmd.To)
-
-	return &cmd, nil
-}
-
-func bodyLines(body any) []string {
+// extractBodyLines converts the request body to string lines.
+func extractBodyLines(body any) []string {
 	switch v := body.(type) {
 	case []any:
 		lines := make([]string, 0, len(v))
@@ -260,16 +265,37 @@ func bodyLines(body any) []string {
 	}
 }
 
-func (s *Handlers) handlePrivmsgCommand(
-	w http.ResponseWriter, r *http.Request, uid int64, cmd *sendCommand,
+func (s *Handlers) dispatchCommand(
+	w http.ResponseWriter, r *http.Request,
+	uid, nick, command, to string, lines []string,
 ) {
-	if cmd.To == "" {
+	switch command {
+	case "PRIVMSG", "NOTICE":
+		s.handlePrivmsg(w, r, uid, nick, to, lines)
+	case "JOIN":
+		s.handleJoin(w, r, uid, to)
+	case "PART":
+		s.handlePart(w, r, uid, to)
+	case "NICK":
+		s.handleNick(w, r, uid, lines)
+	case "TOPIC":
+		s.handleTopic(w, r, uid, to, lines)
+	case "PING":
+		s.respondJSON(w, r, map[string]string{"command": "PONG", "from": s.params.Config.ServerName}, http.StatusOK)
+	default:
+		_ = nick
+
+		s.respondJSON(w, r, map[string]string{"error": "unknown command: " + command}, http.StatusBadRequest)
+	}
+}
+
+func (s *Handlers) handlePrivmsg(w http.ResponseWriter, r *http.Request, uid, nick, to string, lines []string) {
+	if to == "" {
 		s.respondJSON(w, r, map[string]string{"error": "to field required"}, http.StatusBadRequest)
 
 		return
 	}
 
-	lines := bodyLines(cmd.Body)
 	if len(lines) == 0 {
 		s.respondJSON(w, r, map[string]string{"error": "body required"}, http.StatusBadRequest)
 
@@ -278,24 +304,32 @@ func (s *Handlers) handlePrivmsgCommand(
 
 	content := strings.Join(lines, "\n")
 
-	if strings.HasPrefix(cmd.To, "#") {
-		s.sendChannelMessage(w, r, uid, cmd.To, content)
-	} else {
-		s.sendDirectMessage(w, r, uid, cmd.To, content)
+	if strings.HasPrefix(to, "#") {
+		s.sendChannelMessage(w, r, uid, nick, to, content)
+
+		return
 	}
+
+	// DM.
+	s.sendDirectMessage(w, r, uid, nick, to, content)
 }
 
 func (s *Handlers) sendChannelMessage(
-	w http.ResponseWriter, r *http.Request, uid int64, channel, content string,
+	w http.ResponseWriter, r *http.Request,
+	uid, nick, channel, content string,
 ) {
-	chID, err := s.lookupChannelID(r, channel)
+	var chID string
+
+	//nolint:gosec // G701: parameterized query, not injection
+	err := s.params.Database.GetDB().QueryRowContext(r.Context(),
+		"SELECT id FROM channels WHERE name = ?", channel).Scan(&chID)
 	if err != nil {
 		s.respondJSON(w, r, map[string]string{"error": "channel not found"}, http.StatusNotFound)
 
 		return
 	}
 
-	msgID, err := s.params.Database.SendMessage(r.Context(), chID, uid, content)
+	msgID, err := s.params.Database.SendMessage(r.Context(), chID, uid, nick, content)
 	if err != nil {
 		s.log.Error("send message failed", "error", err)
 		s.respondJSON(w, r, map[string]string{"error": "internal error"}, http.StatusInternalServerError)
@@ -307,16 +341,17 @@ func (s *Handlers) sendChannelMessage(
 }
 
 func (s *Handlers) sendDirectMessage(
-	w http.ResponseWriter, r *http.Request, uid int64, toNick, content string,
+	w http.ResponseWriter, r *http.Request,
+	uid, nick, to, content string,
 ) {
-	targetID, err := s.params.Database.LookupUserByNick(r.Context(), toNick)
+	targetUser, err := s.params.Database.GetUserByNick(r.Context(), to)
 	if err != nil {
 		s.respondJSON(w, r, map[string]string{"error": "user not found"}, http.StatusNotFound)
 
 		return
 	}
 
-	msgID, err := s.params.Database.SendDM(r.Context(), uid, targetID, content)
+	msgID, err := s.params.Database.SendDM(r.Context(), uid, nick, targetUser.ID, content)
 	if err != nil {
 		s.log.Error("send dm failed", "error", err)
 		s.respondJSON(w, r, map[string]string{"error": "internal error"}, http.StatusInternalServerError)
@@ -327,16 +362,14 @@ func (s *Handlers) sendDirectMessage(
 	s.respondJSON(w, r, map[string]any{"id": msgID, "status": "sent"}, http.StatusCreated)
 }
 
-func (s *Handlers) handleJoinCommand(
-	w http.ResponseWriter, r *http.Request, uid int64, cmd *sendCommand,
-) {
-	if cmd.To == "" {
+func (s *Handlers) handleJoin(w http.ResponseWriter, r *http.Request, uid, to string) {
+	if to == "" {
 		s.respondJSON(w, r, map[string]string{"error": "to field required"}, http.StatusBadRequest)
 
 		return
 	}
 
-	channel := cmd.To
+	channel := to
 	if !strings.HasPrefix(channel, "#") {
 		channel = "#" + channel
 	}
@@ -360,21 +393,23 @@ func (s *Handlers) handleJoinCommand(
 	s.respondJSON(w, r, map[string]string{"status": "joined", "channel": channel}, http.StatusOK)
 }
 
-func (s *Handlers) handlePartCommand(
-	w http.ResponseWriter, r *http.Request, uid int64, cmd *sendCommand,
-) {
-	if cmd.To == "" {
+func (s *Handlers) handlePart(w http.ResponseWriter, r *http.Request, uid, to string) {
+	if to == "" {
 		s.respondJSON(w, r, map[string]string{"error": "to field required"}, http.StatusBadRequest)
 
 		return
 	}
 
-	channel := cmd.To
+	channel := to
 	if !strings.HasPrefix(channel, "#") {
 		channel = "#" + channel
 	}
 
-	chID, err := s.lookupChannelID(r, channel)
+	var chID string
+
+	//nolint:gosec // G701: parameterized query, not injection
+	err := s.params.Database.GetDB().QueryRowContext(r.Context(),
+		"SELECT id FROM channels WHERE name = ?", channel).Scan(&chID)
 	if err != nil {
 		s.respondJSON(w, r, map[string]string{"error": "channel not found"}, http.StatusNotFound)
 
@@ -392,10 +427,7 @@ func (s *Handlers) handlePartCommand(
 	s.respondJSON(w, r, map[string]string{"status": "parted", "channel": channel}, http.StatusOK)
 }
 
-func (s *Handlers) handleNickCommand(
-	w http.ResponseWriter, r *http.Request, uid int64, cmd *sendCommand,
-) {
-	lines := bodyLines(cmd.Body)
+func (s *Handlers) handleNick(w http.ResponseWriter, r *http.Request, uid string, lines []string) {
 	if len(lines) == 0 {
 		s.respondJSON(w, r, map[string]string{"error": "body required (new nick)"}, http.StatusBadRequest)
 
@@ -403,7 +435,7 @@ func (s *Handlers) handleNickCommand(
 	}
 
 	newNick := strings.TrimSpace(lines[0])
-	if newNick == "" || len(newNick) > maxNickLen {
+	if newNick == "" || len(newNick) > 32 {
 		s.respondJSON(w, r, map[string]string{"error": "nick must be 1-32 characters"}, http.StatusBadRequest)
 
 		return
@@ -426,16 +458,13 @@ func (s *Handlers) handleNickCommand(
 	s.respondJSON(w, r, map[string]string{"status": "ok", "nick": newNick}, http.StatusOK)
 }
 
-func (s *Handlers) handleTopicCommand(
-	w http.ResponseWriter, r *http.Request, cmd *sendCommand,
-) {
-	if cmd.To == "" {
+func (s *Handlers) handleTopic(w http.ResponseWriter, r *http.Request, uid, to string, lines []string) {
+	if to == "" {
 		s.respondJSON(w, r, map[string]string{"error": "to field required"}, http.StatusBadRequest)
 
 		return
 	}
 
-	lines := bodyLines(cmd.Body)
 	if len(lines) == 0 {
 		s.respondJSON(w, r, map[string]string{"error": "body required (topic text)"}, http.StatusBadRequest)
 
@@ -444,12 +473,12 @@ func (s *Handlers) handleTopicCommand(
 
 	topic := strings.Join(lines, " ")
 
-	channel := cmd.To
+	channel := to
 	if !strings.HasPrefix(channel, "#") {
 		channel = "#" + channel
 	}
 
-	err := s.params.Database.SetTopic(r.Context(), channel, 0, topic)
+	err := s.params.Database.SetTopic(r.Context(), channel, uid, topic)
 	if err != nil {
 		s.log.Error("set topic failed", "error", err)
 		s.respondJSON(w, r, map[string]string{"error": "internal error"}, http.StatusInternalServerError)
@@ -475,35 +504,39 @@ func (s *Handlers) HandleGetHistory() http.HandlerFunc {
 			return
 		}
 
-		beforeID, _ := strconv.ParseInt(r.URL.Query().Get("before"), 10, 64)
-
+		beforeTS := r.URL.Query().Get("before")
 		limit, _ := strconv.Atoi(r.URL.Query().Get("limit"))
+
 		if limit <= 0 {
-			limit = defaultHistoryLimit
+			limit = 50
 		}
 
 		if strings.HasPrefix(target, "#") {
-			s.handleChannelHistory(w, r, target, beforeID, limit)
-		} else {
-			s.handleDMHistory(w, r, uid, target, beforeID, limit)
+			s.getChannelHistory(w, r, target, beforeTS, limit)
+
+			return
 		}
+
+		s.getDMHistory(w, r, uid, target, beforeTS, limit)
 	}
 }
 
-const defaultHistoryLimit = 50
-
-func (s *Handlers) handleChannelHistory(
+func (s *Handlers) getChannelHistory(
 	w http.ResponseWriter, r *http.Request,
-	target string, beforeID int64, limit int,
+	channel, beforeTS string, limit int,
 ) {
-	chID, err := s.lookupChannelID(r, target)
+	var chID string
+
+	//nolint:gosec // G701: parameterized query, not injection
+	err := s.params.Database.GetDB().QueryRowContext(r.Context(),
+		"SELECT id FROM channels WHERE name = ?", channel).Scan(&chID)
 	if err != nil {
 		s.respondJSON(w, r, map[string]string{"error": "channel not found"}, http.StatusNotFound)
 
 		return
 	}
 
-	msgs, err := s.params.Database.GetMessagesBefore(r.Context(), chID, beforeID, limit)
+	msgs, err := s.params.Database.GetMessagesBefore(r.Context(), chID, beforeTS, limit)
 	if err != nil {
 		s.log.Error("get history failed", "error", err)
 		s.respondJSON(w, r, map[string]string{"error": "internal error"}, http.StatusInternalServerError)
@@ -514,18 +547,18 @@ func (s *Handlers) handleChannelHistory(
 	s.respondJSON(w, r, msgs, http.StatusOK)
 }
 
-func (s *Handlers) handleDMHistory(
+func (s *Handlers) getDMHistory(
 	w http.ResponseWriter, r *http.Request,
-	uid int64, target string, beforeID int64, limit int,
+	uid, target, beforeTS string, limit int,
 ) {
-	targetID, err := s.params.Database.LookupUserByNick(r.Context(), target)
+	targetUser, err := s.params.Database.GetUserByNick(r.Context(), target)
 	if err != nil {
 		s.respondJSON(w, r, map[string]string{"error": "user not found"}, http.StatusNotFound)
 
 		return
 	}
 
-	msgs, err := s.params.Database.GetDMsBefore(r.Context(), uid, targetID, beforeID, limit)
+	msgs, err := s.params.Database.GetDMsBefore(r.Context(), uid, targetUser.ID, beforeTS, limit)
 	if err != nil {
 		s.log.Error("get dm history failed", "error", err)
 		s.respondJSON(w, r, map[string]string{"error": "internal error"}, http.StatusInternalServerError)
@@ -536,17 +569,6 @@ func (s *Handlers) handleDMHistory(
 	s.respondJSON(w, r, msgs, http.StatusOK)
 }
 
-// lookupChannelID queries the channel ID by name using a parameterized query.
-func (s *Handlers) lookupChannelID(r *http.Request, name string) (int64, error) {
-	var chID int64
-
-	//nolint:gosec // query uses parameterized placeholder (?), not string interpolation
-	err := s.params.Database.GetDB().QueryRowContext(r.Context(),
-		"SELECT id FROM channels WHERE name = ?", name).Scan(&chID)
-
-	return chID, err
-}
-
 // HandleServerInfo returns server metadata (MOTD, name).
 func (s *Handlers) HandleServerInfo() http.HandlerFunc {
 	type response struct {

internal/models/auth_token.go

@@ -2,13 +2,9 @@ package models
 
 import (
 	"context"
-	"errors"
 	"time"
 )
 
-// ErrUserLookupNotAvailable is returned when user lookup is not configured.
-var ErrUserLookupNotAvailable = errors.New("user lookup not available")
-
 // AuthToken represents an authentication token for a user session.
 type AuthToken struct {
 	Base
@@ -22,5 +18,9 @@ type AuthToken struct {
 
 // User returns the user who owns this token.
 func (t *AuthToken) User(ctx context.Context) (*User, error) {
-	return t.LookupUser(ctx, t.UserID)
+	if ul := t.GetUserLookup(); ul != nil {
+		return ul.GetUserByID(ctx, t.UserID)
+	}
+
+	return nil, ErrUserLookupNotAvailable
 }

internal/models/channel_member.go

@@ -2,13 +2,9 @@ package models
 
 import (
 	"context"
-	"errors"
 	"time"
 )
 
-// ErrChannelLookupNotAvailable is returned when channel lookup is not configured.
-var ErrChannelLookupNotAvailable = errors.New("channel lookup not available")
-
 // ChannelMember represents a user's membership in a channel.
 type ChannelMember struct {
 	Base
@@ -22,10 +18,18 @@ type ChannelMember struct {
 
 // User returns the full User for this membership.
 func (cm *ChannelMember) User(ctx context.Context) (*User, error) {
-	return cm.LookupUser(ctx, cm.UserID)
+	if ul := cm.GetUserLookup(); ul != nil {
+		return ul.GetUserByID(ctx, cm.UserID)
+	}
+
+	return nil, ErrUserLookupNotAvailable
 }
 
 // Channel returns the full Channel for this membership.
 func (cm *ChannelMember) Channel(ctx context.Context) (*Channel, error) {
-	return cm.LookupChannel(ctx, cm.ChannelID)
+	if cl := cm.GetChannelLookup(); cl != nil {
+		return cl.GetChannelByID(ctx, cm.ChannelID)
+	}
+
+	return nil, ErrChannelLookupNotAvailable
 }

internal/models/model.go

@@ -6,6 +6,14 @@ package models
 import (
 	"context"
 	"database/sql"
+	"errors"
+)
+
+var (
+	// ErrUserLookupNotAvailable is returned when the user lookup interface is not set.
+	ErrUserLookupNotAvailable = errors.New("user lookup not available")
+	// ErrChannelLookupNotAvailable is returned when the channel lookup interface is not set.
+	ErrChannelLookupNotAvailable = errors.New("channel lookup not available")
 )
 
 // DB is the interface that models use to query the database.
@@ -39,22 +47,23 @@ func (b *Base) GetDB() *sql.DB {
 	return b.db.GetDB()
 }
 
-// LookupUser looks up a user by ID if the database supports it.
-func (b *Base) LookupUser(ctx context.Context, id string) (*User, error) {
-	ul, ok := b.db.(UserLookup)
-	if !ok {
-		return nil, ErrUserLookupNotAvailable
+// GetUserLookup returns the DB as a UserLookup if it implements the interface.
+func (b *Base) GetUserLookup() UserLookup { //nolint:ireturn // intentional interface return for dependency inversion
+	if ul, ok := b.db.(UserLookup); ok {
+		return ul
 	}
 
-	return ul.GetUserByID(ctx, id)
+	return nil
 }
 
-// LookupChannel looks up a channel by ID if the database supports it.
-func (b *Base) LookupChannel(ctx context.Context, id string) (*Channel, error) {
-	cl, ok := b.db.(ChannelLookup)
-	if !ok {
-		return nil, ErrChannelLookupNotAvailable
+// GetChannelLookup returns the DB as a ChannelLookup
+// if it implements the interface.
+//
+//nolint:ireturn // intentional interface return for dependency inversion
+func (b *Base) GetChannelLookup() ChannelLookup {
+	if cl, ok := b.db.(ChannelLookup); ok {
+		return cl
 	}
 
-	return cl.GetChannelByID(ctx, id)
+	return nil
 }

internal/models/session.go

@@ -18,5 +18,9 @@ type Session struct {
 
 // User returns the user who owns this session.
 func (s *Session) User(ctx context.Context) (*User, error) {
-	return s.LookupUser(ctx, s.UserID)
+	if ul := s.GetUserLookup(); ul != nil {
+		return ul.GetUserByID(ctx, s.UserID)
+	}
+
+	return nil, ErrUserLookupNotAvailable
 }

internal/server/routes.go

@@ -20,13 +20,6 @@ const routeTimeout = 60 * time.Second
 func (s *Server) SetupRoutes() {
 	s.router = chi.NewRouter()
 
-	s.setupMiddleware()
-	s.setupHealthAndMetrics()
-	s.setupAPIRoutes()
-	s.setupSPA()
-}
-
-func (s *Server) setupMiddleware() {
 	s.router.Use(middleware.Recoverer)
 	s.router.Use(middleware.RequestID)
 	s.router.Use(s.mw.Logging())
@@ -44,32 +37,35 @@ func (s *Server) setupMiddleware() {
 		})
 		s.router.Use(sentryHandler.Handle)
 	}
-}
 
-func (s *Server) setupHealthAndMetrics() {
+	// Health check
 	s.router.Get("/.well-known/healthcheck.json", s.h.HandleHealthCheck())
 
+	// Protected metrics endpoint
 	if viper.GetString("METRICS_USERNAME") != "" {
 		s.router.Group(func(r chi.Router) {
 			r.Use(s.mw.MetricsAuth())
 			r.Get("/metrics", http.HandlerFunc(promhttp.Handler().ServeHTTP))
 		})
 	}
-}
 
-func (s *Server) setupAPIRoutes() {
+	// API v1
 	s.router.Route("/api/v1", func(r chi.Router) {
 		r.Get("/server", s.h.HandleServerInfo())
 		r.Post("/session", s.h.HandleCreateSession())
 
+		// Unified state and message endpoints
 		r.Get("/state", s.h.HandleState())
 		r.Get("/messages", s.h.HandleGetMessages())
 		r.Post("/messages", s.h.HandleSendCommand())
 		r.Get("/history", s.h.HandleGetHistory())
 
+		// Channels
 		r.Get("/channels", s.h.HandleListAllChannels())
 		r.Get("/channels/{channel}/members", s.h.HandleChannelMembers())
 	})
+
+	s.setupSPA()
 }
 
 func (s *Server) setupSPA() {
@@ -85,13 +81,13 @@ func (s *Server) setupSPA() {
 	s.router.Get("/*", func(w http.ResponseWriter, r *http.Request) {
 		readFS, ok := distFS.(fs.ReadFileFS)
 		if !ok {
-			http.NotFound(w, r)
+			http.Error(w, "internal error", http.StatusInternalServerError)
 
 			return
 		}
 
-		f, readErr := readFS.ReadFile(r.URL.Path[1:])
-		if readErr != nil || len(f) == 0 {
+		f, err := readFS.ReadFile(r.URL.Path[1:])
+		if err != nil || len(f) == 0 {
 			indexHTML, _ := readFS.ReadFile("index.html")
 
 			w.Header().Set("Content-Type", "text/html; charset=utf-8")