feat: add authentication system (login, users, auth middleware)

- server/auth.js: JWT middleware and auth routes
- src/stores/auth.js + useAuthFetch.js: client-side auth state
- src/views/LoginView.vue + UsersView.vue: login and user management UI
- router, sidebar, App.vue: guard routes behind auth
- COOLIFY.md: add real deployment IDs

server/db.js

@@ -2,6 +2,7 @@ import Database from "better-sqlite3";
 import { join, dirname } from "path";
 import { fileURLToPath } from "url";
 import { mkdirSync } from "fs";
+import bcrypt from "bcryptjs";
 
 const __dirname = dirname(fileURLToPath(import.meta.url));
 const DATA_DIR = process.env.DATA_DIR || join(__dirname, "../data");
@@ -40,6 +41,27 @@ db.exec(`
     date            TEXT,
     createdAt       TEXT DEFAULT (datetime('now'))
   );
+
+  CREATE TABLE IF NOT EXISTS users (
+    id           INTEGER PRIMARY KEY AUTOINCREMENT,
+    username     TEXT NOT NULL UNIQUE,
+    passwordHash TEXT NOT NULL,
+    role         TEXT NOT NULL DEFAULT 'admin',
+    createdAt    TEXT DEFAULT (datetime('now'))
+  );
 `);
 
+// Seed default admin (Sanae) if no users exist
+const userCount = db.prepare("SELECT COUNT(*) as n FROM users").get().n;
+if (userCount === 0) {
+  const DEFAULT_PASSWORD = process.env.ADMIN_PASSWORD || "sanae1234";
+  const hash = bcrypt.hashSync(DEFAULT_PASSWORD, 10);
+  db.prepare(
+    "INSERT INTO users (username, passwordHash, role) VALUES (?, ?, ?)",
+  ).run("sanae", hash, "admin");
+  console.log(
+    `[db] Admin user 'sanae' created (password: ${DEFAULT_PASSWORD})`,
+  );
+}
+
 export default db;