bugfix: wrap manga + chapter uploads in a DB transaction

Previously a storage failure mid-chapter-upload left a partial chapter
row pointing at a `page_count` that didn't match what was on disk, plus
any successfully-inserted page rows. Same shape for a manga create
where the cover put or cover_image_path UPDATE failed after the manga
row was already inserted.

Fix at the DB layer: open `pool.begin()` at the start of the create,
do all DB writes against `&mut *tx`, commit only after the full
sequence succeeds. If anything before commit fails, the transaction is
rolled back on drop and the DB stays consistent. Bytes already written
to storage on a rolled-back transaction become orphans on disk; a
future reaper can sweep them, and we prioritise DB consistency over
storage tidiness in this branch.

- repo::manga::create / set_cover_image_path: signature changed to
  `impl PgExecutor<'_>` so handlers can pass either `&PgPool` or
  `&mut *tx`. set_cover_image_path is new — replaces the inline
  `UPDATE` in the manga upload handler so the call site stays
  consistent.
- repo::chapter::create / set_page_count: same shape.
- repo::page::create: same.
- api::mangas::create and api::chapters::create both open a
  transaction around their DB writes; storage puts happen inside the
  transaction window (since they must precede the page-row insert), so
  a failed put aborts before commit.

New integration test (api_uploads::chapter_upload_rolls_back_when_
storage_fails_mid_loop) uses a `FailingStorage` helper that errors on
the N-th `put`. With N=1 (page 2 fails), the handler returns 500 and
the chapter + page tables stay empty.

`harness_with_failing_storage` is exposed alongside the existing
`harness` so future tests can reuse it for other fault-injection
cases.

Lockstep version bump to 0.9.3.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

backend/src/repo/chapter.rs

@@ -1,10 +1,10 @@
 //! Chapter persistence.
 
-use sqlx::PgPool;
+use sqlx::{PgExecutor, PgPool};
 use uuid::Uuid;
 
 use crate::domain::Chapter;
-use crate::error::AppResult;
+use crate::error::{AppError, AppResult};
 
 pub async fn list_for_manga(
     pool: &PgPool,
@@ -48,11 +48,12 @@ pub async fn find_by_manga_and_number(
     Ok(row)
 }
 
-/// Inserts a chapter. Used by tests today and by the upload handler in
-/// feat/uploads. Returns `AppError::Conflict` on the (manga_id, number)
-/// unique violation so handlers can surface a clean 409.
-pub async fn create(
-    pool: &PgPool,
+/// Accepts any `PgExecutor` so the upload handler can run this inside a
+/// transaction with the per-page inserts. Returns `AppError::Conflict`
+/// on the (manga_id, number) unique violation so handlers can surface a
+/// clean 409.
+pub async fn create<'e, E: PgExecutor<'e>>(
+    executor: E,
     manga_id: Uuid,
     number: i32,
     title: Option<&str>,
@@ -67,18 +68,31 @@ pub async fn create(
     .bind(manga_id)
     .bind(number)
     .bind(title)
-    .fetch_one(pool)
+    .fetch_one(executor)
     .await;
 
     match result {
         Ok(c) => Ok(c),
-        Err(e) if is_unique_violation(&e) => Err(crate::error::AppError::Conflict(format!(
+        Err(e) if is_unique_violation(&e) => Err(AppError::Conflict(format!(
             "chapter {number} already exists for this manga"
         ))),
-        Err(e) => Err(crate::error::AppError::Database(e)),
+        Err(e) => Err(AppError::Database(e)),
     }
 }
 
+pub async fn set_page_count<'e, E: PgExecutor<'e>>(
+    executor: E,
+    id: Uuid,
+    page_count: i32,
+) -> AppResult<()> {
+    sqlx::query("UPDATE chapters SET page_count = $1 WHERE id = $2")
+        .bind(page_count)
+        .bind(id)
+        .execute(executor)
+        .await?;
+    Ok(())
+}
+
 fn is_unique_violation(err: &sqlx::Error) -> bool {
     if let sqlx::Error::Database(db_err) = err {
         db_err.code().as_deref() == Some("23505")

backend/src/repo/manga.rs

@@ -6,7 +6,7 @@
 //! a trait + impl if a second backend ever becomes necessary.
 
 use serde::Deserialize;
-use sqlx::PgPool;
+use sqlx::{PgExecutor, PgPool};
 use uuid::Uuid;
 
 use crate::domain::manga::{Manga, NewManga};
@@ -105,7 +105,13 @@ pub async fn get(pool: &PgPool, id: Uuid) -> AppResult<Manga> {
     .ok_or(AppError::NotFound)
 }
 
-pub async fn create(pool: &PgPool, input: NewManga) -> AppResult<Manga> {
+/// Accepts any `PgExecutor` so callers can pass `&PgPool` for simple
+/// inserts or `&mut *tx` to run inside a transaction. Same applies to
+/// `set_cover_image_path` below.
+pub async fn create<'e, E: PgExecutor<'e>>(
+    executor: E,
+    input: NewManga,
+) -> AppResult<Manga> {
     let row = sqlx::query_as::<_, Manga>(
         r#"
         INSERT INTO mangas (title, author, description)
@@ -116,7 +122,20 @@ pub async fn create(pool: &PgPool, input: NewManga) -> AppResult<Manga> {
     .bind(&input.title)
     .bind(&input.author)
     .bind(&input.description)
-    .fetch_one(pool)
+    .fetch_one(executor)
     .await?;
     Ok(row)
 }
+
+pub async fn set_cover_image_path<'e, E: PgExecutor<'e>>(
+    executor: E,
+    id: Uuid,
+    key: &str,
+) -> AppResult<()> {
+    sqlx::query("UPDATE mangas SET cover_image_path = $1, updated_at = now() WHERE id = $2")
+        .bind(key)
+        .bind(id)
+        .execute(executor)
+        .await?;
+    Ok(())
+}

backend/src/repo/page.rs

@@ -1,13 +1,13 @@
 //! Per-page persistence. Mirrors the rows that `pages` holds.
 
-use sqlx::PgPool;
+use sqlx::{PgExecutor, PgPool};
 use uuid::Uuid;
 
 use crate::domain::Page;
 use crate::error::AppResult;
 
-pub async fn create(
-    pool: &PgPool,
+pub async fn create<'e, E: PgExecutor<'e>>(
+    executor: E,
     chapter_id: Uuid,
     page_number: i32,
     storage_key: &str,
@@ -24,7 +24,7 @@ pub async fn create(
     .bind(page_number)
     .bind(storage_key)
     .bind(content_type)
-    .fetch_one(pool)
+    .fetch_one(executor)
     .await?;
     Ok(row)
 }