feat: add sqlite-backed auth and library services

Bootstrap SQLite on server startup with embedded migrations and development seed data. Replace placeholder auth and library responses with database-backed services, bearer sessions, and repository-driven API handlers.

apps/web/src/lib/api.ts

@@ -1,3 +1,5 @@
+import { useSessionStore } from '@/stores/session-store'
+
 export type User = {
   id: string
   username: string
@@ -34,9 +36,11 @@ export type Track = {
 const API_BASE = import.meta.env.VITE_API_BASE ?? 'http://localhost:4040'
 
 async function request<T>(path: string, init?: RequestInit): Promise<T> {
+  const token = useSessionStore.getState().token
   const response = await fetch(`${API_BASE}${path}`, {
     headers: {
       'Content-Type': 'application/json',
+      ...(token ? { Authorization: `Bearer ${token}` } : {}),
       ...(init?.headers ?? {}),
     },
     ...init,
@@ -63,4 +67,3 @@ export async function fetchHome() {
 export async function fetchTracks() {
   return request<{ items: Track[] }>('/api/tracks')
 }
-

apps/web/src/stores/session-store.ts

@@ -1,4 +1,5 @@
 import { create } from 'zustand'
+import { persist } from 'zustand/middleware'
 
 type SessionState = {
   token: string | null
@@ -7,10 +8,16 @@ type SessionState = {
   clearSession: () => void
 }
 
-export const useSessionStore = create<SessionState>((set) => ({
-  token: null,
-  username: null,
-  setSession: (token, username) => set({ token, username }),
-  clearSession: () => set({ token: null, username: null }),
-}))
-
+export const useSessionStore = create<SessionState>()(
+  persist(
+    (set) => ({
+      token: null,
+      username: null,
+      setSession: (token, username) => set({ token, username }),
+      clearSession: () => set({ token: null, username: null }),
+    }),
+    {
+      name: 'temporserv-session',
+    },
+  ),
+)