Tests, UPDATE, DELETE — And the Refactor I Didn't Plan

In Part 3, I built authentication — JWT tokens, bcrypt hashing, middleware that wraps handlers like Russian dolls. The API had four endpoints and was fully protected. But it could only create and read entries. No updating. No deleting. And zero tests...