feat(bookstack-api-8ea): implement HTTP helper and request building

Implement do() method on Client with auth header, JSON marshaling,
error parsing into APIError, and context support. Add httptest-based
unit tests.

http.go

@@ -1,21 +1,77 @@
 package bookstack
 
 import (
+	"bytes"
 	"context"
+	"encoding/json"
+	"fmt"
+	"io"
 	"net/http"
 )
 
-// buildRequest creates an HTTP request with proper authentication headers.
-// TODO: Implement request building with Authorization header (Token <id>:<secret>)
-func (c *Client) buildRequest(ctx context.Context, method, path string, body interface{}) (*http.Request, error) {
-	// Placeholder for future implementation
-	return nil, nil
-}
+// do executes an authenticated API request and unmarshals the response.
+// method is the HTTP method, path is appended to BaseURL (e.g., "/api/books"),
+// body is JSON-encoded as the request body (nil for no body),
+// and result is the target for JSON unmarshaling (nil to discard response body).
+func (c *Client) do(ctx context.Context, method, path string, body, result any) error {
+	var bodyReader io.Reader
+	if body != nil {
+		data, err := json.Marshal(body)
+		if err != nil {
+			return fmt.Errorf("marshaling request body: %w", err)
+		}
+		bodyReader = bytes.NewReader(data)
+	}
+
+	req, err := http.NewRequestWithContext(ctx, method, c.baseURL+path, bodyReader)
+	if err != nil {
+		return fmt.Errorf("creating request: %w", err)
+	}
+
+	req.Header.Set("Authorization", fmt.Sprintf("Token %s:%s", c.tokenID, c.tokenSecret))
+	if body != nil {
+		req.Header.Set("Content-Type", "application/json")
+	}
+	req.Header.Set("Accept", "application/json")
+
+	resp, err := c.httpClient.Do(req)
+	if err != nil {
+		return fmt.Errorf("executing request: %w", err)
+	}
+	defer resp.Body.Close()
+
+	respBody, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return fmt.Errorf("reading response body: %w", err)
+	}
+
+	if resp.StatusCode < 200 || resp.StatusCode >= 300 {
+		apiErr := &APIError{
+			StatusCode: resp.StatusCode,
+			Body:       string(respBody),
+		}
+		// Try to parse error details from JSON response
+		var errResp struct {
+			Error struct {
+				Code    string `json:"code"`
+				Message string `json:"message"`
+			} `json:"error"`
+		}
+		if json.Unmarshal(respBody, &errResp) == nil && errResp.Error.Message != "" {
+			apiErr.Code = errResp.Error.Code
+			apiErr.Message = errResp.Error.Message
+		} else {
+			apiErr.Message = http.StatusText(resp.StatusCode)
+		}
+		return apiErr
+	}
+
+	if result != nil && len(respBody) > 0 {
+		if err := json.Unmarshal(respBody, result); err != nil {
+			return fmt.Errorf("unmarshaling response: %w", err)
+		}
+	}
 
-// doRequest executes an HTTP request and handles the response.
-// TODO: Implement response handling, error parsing, and JSON unmarshaling
-func (c *Client) doRequest(ctx context.Context, req *http.Request, v interface{}) error {
-	// Placeholder for future implementation
 	return nil
 }