refactor(application): fix 4 code smells — validate username input, extract ownership guard and dedup helpers

crates/application/src/use_cases/profile.rs

@@ -10,7 +10,7 @@ pub async fn get_user(users: &dyn UserRepository, user_id: &UserId) -> Result<Us
 }
 
 pub async fn get_user_by_username(users: &dyn UserRepository, username: &str) -> Result<User, DomainError> {
-    let username = Username::from_trusted(username.to_string());
+    let username = Username::new(username).map_err(|_| DomainError::NotFound)?;
     users.find_by_username(&username).await?.ok_or(DomainError::NotFound)
 }
 

crates/application/src/use_cases/thoughts.rs

@@ -6,6 +6,13 @@ use domain::{
     value_objects::{Content, ThoughtId, UserId},
 };
 
+fn require_owner(thought: &Thought, user_id: &UserId) -> Result<(), DomainError> {
+    if thought.user_id != *user_id {
+        return Err(DomainError::NotFound);
+    }
+    Ok(())
+}
+
 pub struct CreateThoughtInput {
     pub user_id: UserId,
     pub content: String,
@@ -45,7 +52,7 @@ pub async fn delete_thought(
     user_id: &UserId,
 ) -> Result<(), DomainError> {
     let thought = thoughts.find_by_id(id).await?.ok_or(DomainError::NotFound)?;
-    if thought.user_id != *user_id { return Err(DomainError::NotFound); }
+    require_owner(&thought, user_id)?;
     thoughts.delete(id, user_id).await?;
     events.publish(&DomainEvent::ThoughtDeleted { thought_id: id.clone(), user_id: user_id.clone() }).await?;
     Ok(())
@@ -59,7 +66,7 @@ pub async fn edit_thought(
     new_content: String,
 ) -> Result<(), DomainError> {
     let thought = thoughts.find_by_id(id).await?.ok_or(DomainError::NotFound)?;
-    if thought.user_id != *user_id { return Err(DomainError::NotFound); }
+    require_owner(&thought, user_id)?;
     let content = Content::new_local(new_content)?;
     thoughts.update_content(id, &content).await?;
     events.publish(&DomainEvent::ThoughtUpdated { thought_id: id.clone(), user_id: user_id.clone() }).await?;