rm jti check

[markmnl]

No description provided.

[Copilot]

Pull request overview

This PR removes JWT jti-based replay prevention and introduces an optional short_text preview field for text message bodies, along with additional request validation and documentation updates.

Changes:

• Removed in-process JWT replay detection (jti cache) and updated tests/docs to reflect token reuse being allowed.
• Added short_text support for messages (configurable preview size; included in list and single-message responses when applicable).
• Strengthened handler validations (address shape checks, pid/topic/add_to relationship rules) and refactored path traversal protection.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
src/models/models.go	Adds ShortText field to the message model JSON shape.
src/middleware/jwt.go	Removes jti replay tracking; exports IsValidAddr.
src/middleware/jwt_test.go	Updates tests to use IsValidAddr and to allow token reuse.
src/middleware/jti_cache.go	Deletes the in-process jti replay cache implementation.
src/main.go	Wires new FMSG_API_SHORT_TEXT_SIZE into MessageHandler.
src/handlers/messages.go	Implements short_text extraction, adds validation helpers, updates queries to load filepath, and refactors path checks.
src/handlers/messages_test.go	Adds unit tests for MIME detection, safe path handling, and short-text extraction behavior.
src/handlers/attachments.go	Updates route comments to /fmsg paths.
README.md	Documents short_text behavior/config and makes jti optional in JWT docs.

Comments suppressed due to low confidence (1)

src/middleware/jwt_test.go:37

• In this test the failure message still refers to isValidAddr(...), but the function under test is now IsValidAddr. Updating the format string will make failures easier to interpret.

			if got := IsValidAddr(tt.addr); got != tt.want {
				t.Errorf("isValidAddr(%q) = %v, want %v", tt.addr, got, tt.want)