refactor: remove all JWT-related code and references

JWT was never used - auth uses X-User-Id header. Removes jwt.ts utility,
jsonwebtoken dependency, stubbed refresh/logout endpoints, and updates
all docs (PUML diagrams, api-routes, tex, CLAUDE.md) accordingly.

apps/server/package.json

@@ -14,7 +14,6 @@
     "dotenv": "^16.4.7",
     "express": "^5.2.1",
     "ical.js": "^2.2.1",
-    "jsonwebtoken": "^9.0.3",
     "mongoose": "^9.1.1",
     "openai": "^6.15.0",
     "pino": "^10.1.1",
@@ -27,7 +26,6 @@
     "@types/express": "^5.0.6",
     "@types/ical": "^0.8.3",
     "@types/jest": "^30.0.0",
-    "@types/jsonwebtoken": "^9.0.10",
     "@types/node": "^24.10.1",
     "jest": "^30.2.0",
     "pino-pretty": "^13.1.3",

apps/server/src/controllers/AuthController.ts

@@ -22,11 +22,4 @@ export class AuthController {
     }
   }
 
-  async refresh(req: Request, res: Response): Promise<void> {
-    throw new Error("Not implemented");
-  }
-
-  async logout(req: Request, res: Response): Promise<void> {
-    throw new Error("Not implemented");
-  }
 }

apps/server/src/routes/auth.routes.ts

@@ -6,8 +6,6 @@ export function createAuthRoutes(authController: AuthController): Router {
 
   router.post("/login", (req, res) => authController.login(req, res));
   router.post("/register", (req, res) => authController.register(req, res));
-  router.post("/refresh", (req, res) => authController.refresh(req, res));
-  router.post("/logout", (req, res) => authController.logout(req, res));
 
   return router;
 }

apps/server/src/services/AuthService.ts

@@ -1,6 +1,5 @@
-import { User, CreateUserDTO, LoginDTO, AuthResponse } from "@calchat/shared";
+import { CreateUserDTO, LoginDTO, AuthResponse } from "@calchat/shared";
 import { UserRepository } from "./interfaces";
-import * as jwt from "../utils/jwt";
 import * as password from "../utils/password";
 
 export class AuthService {
@@ -46,11 +45,4 @@ export class AuthService {
     return { user, accessToken: "" };
   }
 
-  async refreshToken(refreshToken: string): Promise<AuthResponse> {
-    throw new Error("Not implemented");
-  }
-
-  async logout(userId: string): Promise<void> {
-    throw new Error("Not implemented");
-  }
 }

apps/server/src/utils/index.ts

@@ -1,2 +1 @@
-export * from "./jwt";
 export * from "./password";

apps/server/src/utils/jwt.ts

@@ -1,26 +0,0 @@
-import jwt from "jsonwebtoken";
-
-export interface TokenPayload {
-  userId: string;
-  email: string;
-}
-
-export interface JWTConfig {
-  secret: string;
-  expiresIn: string;
-}
-
-const JWT_SECRET = process.env.JWT_SECRET || "your-secret-key";
-const JWT_EXPIRES_IN = process.env.JWT_EXPIRES_IN || "1h";
-
-export function signToken(payload: TokenPayload): string {
-  throw new Error("Not implemented");
-}
-
-export function verifyToken(token: string): TokenPayload {
-  throw new Error("Not implemented");
-}
-
-export function decodeToken(token: string): TokenPayload | null {
-  throw new Error("Not implemented");
-}