GenerateNU · adescoteaux1 · Jun 19, 2026 · Jun 16, 2026 · Jun 19, 2026
diff --git a/backend/Dockerfile b/backend/Dockerfile
@@ -1,4 +1,4 @@
-FROM golang:1.23-alpine AS builder
+FROM golang:1.25-alpine AS builder
 
 WORKDIR /src
 

diff --git a/backend/cmd/server/main.go b/backend/cmd/server/main.go
@@ -29,11 +29,7 @@ func main() {
 		slog.Error("failed to open database", "error", err)
 		os.Exit(1)
 	}
-	defer func() {
-		if err := database.Close(); err != nil {
-			slog.Error("error closing database", "error", err)
-		}
-	}()
+	defer database.Close()
 
 	server := &http.Server{
 		Addr:              ":" + cfg.Port,

diff --git a/backend/go.mod b/backend/go.mod
@@ -1,14 +1,17 @@
 module github.com/GenerateNU/apportal/backend
 
-go 1.23.0
+go 1.25.0
 
-require github.com/jackc/pgx/v5 v5.7.6
+require (
+	github.com/danielgtaylor/huma/v2 v2.38.0
+	github.com/jackc/pgx/v5 v5.7.6
+)
 
 require (
 	github.com/jackc/pgpassfile v1.0.0 // indirect
 	github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 // indirect
 	github.com/jackc/puddle/v2 v2.2.2 // indirect
-	golang.org/x/crypto v0.37.0 // indirect
-	golang.org/x/sync v0.13.0 // indirect
-	golang.org/x/text v0.24.0 // indirect
+	golang.org/x/crypto v0.50.0 // indirect
+	golang.org/x/sync v0.20.0 // indirect
+	golang.org/x/text v0.36.0 // indirect
 )
diff --git a/backend/go.sum b/backend/go.sum
@@ -1,6 +1,12 @@
+github.com/danielgtaylor/huma/v2 v2.38.0 h1:fb0WZCatnaiHLphMQDDWDjygNxfMkX/ENma3QsRl7vY=
+github.com/danielgtaylor/huma/v2 v2.38.0/go.mod h1:k9hwjlgWFt1t2jsmQGlsgXAG2FBTZa4kkjV581qAtfo=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/fxamacker/cbor/v2 v2.9.1 h1:2rWm8B193Ll4VdjsJY28jxs70IdDsHRWgQYAI80+rMQ=
+github.com/fxamacker/cbor/v2 v2.9.1/go.mod h1:vM4b+DJCtHn+zz7h3FFp/hDAI9WNWCsZj23V5ytsSxQ=
+github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
+github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/jackc/pgpassfile v1.0.0 h1:/6Hmqy13Ss2zCq62VdNG8tM1wchn8zjSGOBJ6icpsIM=
 github.com/jackc/pgpassfile v1.0.0/go.mod h1:CEx0iS5ambNFdcRtxPj5JhEz+xB6uRky5eyVu/W2HEg=
 github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 h1:iCEnooe7UlwOQYpKFhBabPMi4aNAfoODPEFNiAnClxo=
@@ -14,14 +20,16 @@ github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZN
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk=
-github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
-golang.org/x/crypto v0.37.0 h1:kJNSjF/Xp7kU0iB2Z+9viTPMW4EqqsrywMXLJOOsXSE=
-golang.org/x/crypto v0.37.0/go.mod h1:vg+k43peMZ0pUMhYmVAWysMK35e6ioLh3wB8ZCAfbVc=
-golang.org/x/sync v0.13.0 h1:AauUjRAJ9OSnvULf/ARrrVywoJDy0YS2AwQ98I37610=
-golang.org/x/sync v0.13.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
-golang.org/x/text v0.24.0 h1:dd5Bzh4yt5KYA8f9CJHCP4FB4D51c2c6JvN37xJJkJ0=
-golang.org/x/text v0.24.0/go.mod h1:L8rBsPeo2pSS+xqN0d5u2ikmjtmoJbDBT1b7nHvFCdU=
+github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U=
+github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=
+github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
+github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg=
+golang.org/x/crypto v0.50.0 h1:zO47/JPrL6vsNkINmLoo/PH1gcxpls50DNogFvB5ZGI=
+golang.org/x/crypto v0.50.0/go.mod h1:3muZ7vA7PBCE6xgPX7nkzzjiUq87kRItoJQM1Yo8S+Q=
+golang.org/x/sync v0.20.0 h1:e0PTpb7pjO8GAtTs2dQ6jYa5BWYlMuX047Dco/pItO4=
+golang.org/x/sync v0.20.0/go.mod h1:9xrNwdLfx4jkKbNva9FpL6vEN7evnE43NNNJQ2LF3+0=
+golang.org/x/text v0.36.0 h1:JfKh3XmcRPqZPKevfXVpI1wXPTqbkE5f7JA92a55Yxg=
+golang.org/x/text v0.36.0/go.mod h1:NIdBknypM8iqVmPiuco0Dh6P5Jcdk8lJL0CUebqK164=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=

diff --git a/backend/internal/db/db.go b/backend/internal/db/db.go
@@ -2,21 +2,31 @@ package db
 
 import (
 	"context"
-	"database/sql"
 	"time"
 
-	_ "github.com/jackc/pgx/v5/stdlib"
+	"github.com/jackc/pgx/v5"
+	"github.com/jackc/pgx/v5/pgxpool"
 )
 
-func Open(ctx context.Context, databaseURL string) (*sql.DB, error) {
-	database, err := sql.Open("pgx", databaseURL)
+// Open creates a native pgx connection pool. The native pgx interface (rather
+// than database/sql) is used so the store can rely on pgx helpers like
+// pgx.CollectRows.
+func Open(ctx context.Context, databaseURL string) (*pgxpool.Pool, error) {
+	config, err := pgxpool.ParseConfig(databaseURL)
 	if err != nil {
 		return nil, err
 	}
 
-	database.SetMaxOpenConns(5)
-	database.SetMaxIdleConns(5)
-	database.SetConnMaxLifetime(30 * time.Minute)
+	config.MaxConns = 5
+	config.MaxConnLifetime = 30 * time.Minute
 
-	return database, nil
+	// Supabase's connection poolers (PgBouncer/Supavisor in transaction mode,
+	// e.g. port 6543) do not support the server-side named prepared-statement
+	// cache that pgx uses by default — reused pooled connections collide with
+	// "prepared statement already exists" (42P05). QueryExecModeExec uses an
+	// unnamed prepared statement per query, which is connection-local and
+	// pooler-safe while keeping proper server-side parameter typing.
+	config.ConnConfig.DefaultQueryExecMode = pgx.QueryExecModeExec
+
+	return pgxpool.NewWithConfig(ctx, config)
 }
diff --git a/backend/internal/handlers/answers.go b/backend/internal/handlers/answers.go
@@ -0,0 +1,82 @@
+package handlers
+
+import (
+	"context"
+	"encoding/json"
+	"net/http"
+
+	"github.com/danielgtaylor/huma/v2"
+
+	"github.com/GenerateNU/apportal/backend/internal/models"
+	"github.com/GenerateNU/apportal/backend/internal/store"
+)
+
+type answerHandler struct {
+	store *store.Store
+}
+
+func (h *answerHandler) register(api huma.API) {
+	huma.Register(api, huma.Operation{
+		OperationID: "upsert-answers",
+		Method:      http.MethodPut,
+		Path:        "/applications/{id}/answers",
+		Summary:     "Submit or update written answers",
+		Description: "Bulk upsert keyed on (application, question).",
+		Tags:        []string{"Answers"},
+	}, h.upsert)
+
+	huma.Register(api, huma.Operation{
+		OperationID: "list-answers",
+		Method:      http.MethodGet,
+		Path:        "/applications/{id}/answers",
+		Summary:     "List an application's written answers",
+		Tags:        []string{"Answers"},
+	}, h.list)
+}
+
+type AnswersOutput struct {
+	Body []models.WrittenAnswer
+}
+
+type UpsertAnswersInput struct {
+	ID   string `path:"id" doc:"Application ID"`
+	Body struct {
+		Answers []struct {
+			QuestionID    string          `json:"question_id"`
+			AnswerText    *string         `json:"answer_text,omitempty"`
+			AnswerOptions json.RawMessage `json:"answer_options,omitempty"`
+		} `json:"answers" minItems:"1"`
+	}
+}
+
+func (h *answerHandler) upsert(ctx context.Context, in *UpsertAnswersInput) (*AnswersOutput, error) {
+	inputs := make([]store.AnswerInput, 0, len(in.Body.Answers))
+	for _, a := range in.Body.Answers {
+		if a.QuestionID == "" {
+			return nil, huma.Error422UnprocessableEntity("each answer requires a question_id")
+		}
+		inputs = append(inputs, store.AnswerInput{
+			QuestionID:    a.QuestionID,
+			AnswerText:    a.AnswerText,
+			AnswerOptions: a.AnswerOptions,
+		})
+	}
+
+	answers, err := h.store.UpsertAnswers(ctx, in.ID, inputs)
+	if err != nil {
+		return nil, storeErr(err)
+	}
+	return &AnswersOutput{Body: answers}, nil
+}
+
+type ListAnswersInput struct {
+	ID string `path:"id" doc:"Application ID"`
+}
+
+func (h *answerHandler) list(ctx context.Context, in *ListAnswersInput) (*AnswersOutput, error) {
+	answers, err := h.store.ListAnswers(ctx, in.ID)
+	if err != nil {
+		return nil, storeErr(err)
+	}
+	return &AnswersOutput{Body: answers}, nil
+}
diff --git a/backend/internal/handlers/api.go b/backend/internal/handlers/api.go
@@ -0,0 +1,63 @@
+package handlers
+
+import (
+	"context"
+	"encoding/json"
+	"errors"
+	"log/slog"
+	"net/http"
+
+	"github.com/danielgtaylor/huma/v2"
+
+	"github.com/GenerateNU/apportal/backend/internal/middleware"
+	"github.com/GenerateNU/apportal/backend/internal/models"
+	"github.com/GenerateNU/apportal/backend/internal/store"
+)
+
+// writeJSON / writeError back the plain net/http health & root routes that are
+// not Huma operations.
+func writeJSON(w http.ResponseWriter, status int, payload any) {
+	w.Header().Set("Content-Type", "application/json")
+	w.WriteHeader(status)
+	_ = json.NewEncoder(w).Encode(payload)
+}
+
+func writeError(w http.ResponseWriter, status int, msg string) {
+	writeJSON(w, status, map[string]string{"error": msg})
+}
+
+// storeErr maps store sentinel errors to the matching Huma HTTP error so the
+// operation returns the right status code (and it appears in the OpenAPI spec).
+func storeErr(err error) error {
+	switch {
+	case errors.Is(err, store.ErrNotFound):
+		return huma.Error404NotFound("not found")
+	case errors.Is(err, store.ErrConflict):
+		return huma.Error409Conflict("already exists")
+	default:
+		slog.Error("unexpected store error", "error", err)
+		return huma.Error500InternalServerError("internal server error")
+	}
+}
+
+// requireReviewer rejects calls lacking a valid reviewer identity. The actor is
+// populated by middleware.WithActor from request headers (auth stub).
+func requireReviewer(ctx context.Context) error {
+	actor, ok := middleware.ActorFrom(ctx)
+	if !ok || !actor.Role.Valid() {
+		return huma.Error401Unauthorized("reviewer identity required")
+	}
+	return nil
+}
+
+// requireChief rejects calls that are not made by a chief.
+func requireChief(ctx context.Context) error {
+	actor, ok := middleware.ActorFrom(ctx)
+	if !ok || actor.NUID == "" {
+		return huma.Error401Unauthorized("reviewer identity required")
+	}
+	if actor.Role != models.ReviewerRoleChief {
+		return huma.Error403Forbidden("chief role required")
+	}
+	return nil
+}
diff --git a/backend/internal/handlers/api_test.go b/backend/internal/handlers/api_test.go
@@ -0,0 +1,105 @@
+package handlers
+
+import (
+	"context"
+	"encoding/json"
+	"errors"
+	"net/http"
+	"net/http/httptest"
+	"testing"
+
+	"github.com/danielgtaylor/huma/v2"
+
+	"github.com/GenerateNU/apportal/backend/internal/middleware"
+	"github.com/GenerateNU/apportal/backend/internal/models"
+	"github.com/GenerateNU/apportal/backend/internal/store"
+)
+
+func TestWriteJSON(t *testing.T) {
+	rec := httptest.NewRecorder()
+	writeJSON(rec, http.StatusCreated, map[string]string{"hello": "world"})
+
+	if rec.Code != http.StatusCreated {
+		t.Fatalf("status = %d, want %d", rec.Code, http.StatusCreated)
+	}
+	if ct := rec.Header().Get("Content-Type"); ct != "application/json" {
+		t.Fatalf("content-type = %q, want application/json", ct)
+	}
+	var body map[string]string
+	if err := json.Unmarshal(rec.Body.Bytes(), &body); err != nil {
+		t.Fatalf("unmarshal: %v", err)
+	}
+	if body["hello"] != "world" {
+		t.Fatalf("body = %v, want hello=world", body)
+	}
+}
+
+func TestStoreErr(t *testing.T) {
+	cases := []struct {
+		name string
+		err  error
+		want int
+	}{
+		{"not found", store.ErrNotFound, http.StatusNotFound},
+		{"conflict", store.ErrConflict, http.StatusConflict},
+		{"other", errExample("boom"), http.StatusInternalServerError},
+	}
+	for _, tc := range cases {
+		t.Run(tc.name, func(t *testing.T) {
+			got := storeErr(tc.err)
+			var se huma.StatusError
+			if !errors.As(got, &se) {
+				t.Fatalf("storeErr did not return a huma.StatusError: %T", got)
+			}
+			if se.GetStatus() != tc.want {
+				t.Fatalf("status = %d, want %d", se.GetStatus(), tc.want)
+			}
+		})
+	}
+}
+
+func TestRequireChief(t *testing.T) {
+	chief := middleware.Actor{NUID: "c1", Role: models.ReviewerRoleChief}
+	tl := middleware.Actor{NUID: "t1", Role: models.ReviewerRoleTL}
+
+	cases := []struct {
+		name     string
+		ctx      context.Context
+		wantErr  bool
+		wantCode int
+	}{
+		{"no actor", context.Background(), true, http.StatusUnauthorized},
+		{"tl", withActor(tl), true, http.StatusForbidden},
+		{"chief", withActor(chief), false, 0},
+	}
+	for _, tc := range cases {
+		t.Run(tc.name, func(t *testing.T) {
+			err := requireChief(tc.ctx)
+			if tc.wantErr {
+				var se huma.StatusError
+				if !errors.As(err, &se) || se.GetStatus() != tc.wantCode {
+					t.Fatalf("got %v, want status %d", err, tc.wantCode)
+				}
+			} else if err != nil {
+				t.Fatalf("unexpected error: %v", err)
+			}
+		})
+	}
+}
+
+// withActor returns a context carrying the given actor, mirroring what
+// middleware.WithActor does from request headers.
+func withActor(a middleware.Actor) context.Context {
+	r := httptest.NewRequest(http.MethodGet, "/", nil)
+	r.Header.Set("X-NUID", a.NUID)
+	r.Header.Set("X-Role", string(a.Role))
+	captured := r.Context()
+	middleware.WithActor(http.HandlerFunc(func(_ http.ResponseWriter, req *http.Request) {
+		captured = req.Context()
+	})).ServeHTTP(httptest.NewRecorder(), r)
+	return captured
+}
+
+type errExample string
+
+func (e errExample) Error() string { return string(e) }