implement auth login and register with MongoDB

- Add AuthController login/register endpoints with error handling
- Implement AuthService with password validation and user creation
- Add MongoUserRepository with findByEmail and create methods
- Implement password hashing with bcrypt
- Add dotenv for environment variable support
- Add Docker Compose setup for MongoDB + Mongo Express
- Stub AuthMiddleware with fake user for testing
- Update CLAUDE.md with implementation status

apps/server/src/app.ts

@@ -1,5 +1,6 @@
 import express from 'express';
 import mongoose from 'mongoose';
+import 'dotenv/config'
 
 import { createRoutes } from './routes';
 import { AuthController, ChatController, EventController } from './controllers';

apps/server/src/controllers/AuthController.ts

@@ -5,11 +5,21 @@ export class AuthController {
   constructor(private authService: AuthService) {}
 
   async login(req: Request, res: Response): Promise<void> {
-    throw new Error('Not implemented');
+    try {
+      const result = await this.authService.login(req.body);
+      res.json(result);
+    } catch (error) {
+      res.status(401).json({ error: (error as Error).message });
+    }
   }
 
   async register(req: Request, res: Response): Promise<void> {
-    throw new Error('Not implemented');
+    try {
+      const result = await this.authService.register(req.body);
+      res.status(201).json(result);
+    } catch (error) {
+      res.status(400).json({ error: (error as Error).message });
+    }
   }
 
   async refresh(req: Request, res: Response): Promise<void> {

apps/server/src/middleware/AuthMiddleware.ts

@@ -6,5 +6,11 @@ export interface AuthenticatedRequest extends Request {
 }
 
 export function authenticate(req: AuthenticatedRequest, res: Response, next: NextFunction): void {
-  throw new Error('Not implemented');
+  // TODO: Implement real JWT verification
+  // Fake user for testing purposes
+  req.user = {
+    userId: 'fake-user-id',
+    email: 'test@example.com',
+  };
+  next();
 }

apps/server/src/repositories/mongo/MongoUserRepository.ts

@@ -8,10 +8,12 @@ export class MongoUserRepository implements UserRepository {
   }
 
   async findByEmail(email: string): Promise<User | null> {
-    throw new Error('Not implemented');
+    const user = await UserModel.findOne({ email: email.toLowerCase() });
+    return user ? user.toJSON() as User : null;
   }
 
   async create(data: CreateUserData): Promise<User> {
-    throw new Error('Not implemented');
+    const user = await UserModel.create(data);
+    return user.toJSON() as User;
   }
 }

apps/server/src/services/AuthService.ts

@@ -7,11 +7,33 @@ export class AuthService {
   constructor(private userRepo: UserRepository) {}
 
   async login(data: LoginDTO): Promise<AuthResponse> {
-    throw new Error('Not implemented');
+    const user = await this.userRepo.findByEmail(data.email);
+    if (!user || !user.passwordHash) {
+      throw new Error('Invalid credentials');
+    }
+
+    const isValid = await password.compare(data.password, user.passwordHash);
+    if (!isValid) {
+      throw new Error('Invalid credentials');
+    }
+
+    return { user, accessToken: '' };
   }
 
   async register(data: CreateUserDTO): Promise<AuthResponse> {
-    throw new Error('Not implemented');
+    const existingUser = await this.userRepo.findByEmail(data.email);
+    if (existingUser) {
+      throw new Error('Email already exists');
+    }
+
+    const passwordHash = await password.hash(data.password);
+    const user = await this.userRepo.create({
+      email: data.email,
+      displayName: data.displayName,
+      passwordHash,
+    });
+
+    return { user, accessToken: '' };
   }
 
   async refreshToken(refreshToken: string): Promise<AuthResponse> {

apps/server/src/utils/password.ts

@@ -3,9 +3,9 @@ import bcrypt from 'bcrypt';
 const SALT_ROUNDS = 10;
 
 export async function hash(password: string): Promise<string> {
-  throw new Error('Not implemented');
+  return bcrypt.hash(password, SALT_ROUNDS);
 }
 
 export async function compare(password: string, hash: string): Promise<boolean> {
-  throw new Error('Not implemented');
+  return bcrypt.compare(password, hash);
 }