feat: implement user authentication with login and register

- Add login screen with email/username support
- Add register screen with email validation
- Implement AuthStore with expo-secure-store (native) / localStorage (web)
- Add X-User-Id header authentication (simple auth without JWT)
- Rename displayName to userName across codebase
- Add findByUserName() to UserRepository
- Check for existing email AND username on registration
- Add AuthButton component with shadow effect
- Add logout button to Header
- Add hash-password.js utility script for manual password resets
- Update CORS to allow X-User-Id header

apps/server/src/controllers/AuthMiddleware.ts

@@ -1,8 +1,11 @@
 import { Request, Response, NextFunction } from "express";
-import { verifyToken, TokenPayload } from "../utils/jwt";
+
+export interface AuthenticatedUser {
+  userId: string;
+}
 
 export interface AuthenticatedRequest extends Request {
-  user?: TokenPayload;
+  user?: AuthenticatedUser;
 }
 
 export function authenticate(
@@ -10,11 +13,13 @@ export function authenticate(
   res: Response,
   next: NextFunction,
 ): void {
-  // TODO: Implement real JWT verification
-  // Fake user for testing purposes
-  req.user = {
-    userId: "fake-user-id",
-    email: "test@example.com",
-  };
+  const userId = req.headers["x-user-id"];
+
+  if (!userId || typeof userId !== "string") {
+    res.status(401).json({ error: "Unauthorized" });
+    return;
+  }
+
+  req.user = { userId };
   next();
 }