breaking: Monorepo Architecture and Authentication System Implementation

[JacksonMeade]

This PR represents a major architectural refactor that transforms the codebase from a single-service application into a comprehensive monorepo with integrated authentication and role-based access control.

Before you get sticker shock at the files changed/lines changed: this is significant, but many former drizzle migrations have been deleted. This massively increases the number of lines changed.

Major Changes

Monorepo Structure Implementation

• Converted single-service architecture to npm workspaces-based monorepo
• Created dedicated apps/ directory containing separate auth and backend services
• Established packages/ directory for shared libraries (database, auth-middleware, shared utilities)
• Implemented comprehensive Docker Compose setup with Traefik reverse proxy for local development

Authentication Service Integration

• Added standalone auth service using Better Auth framework with JWT-based authentication
• Implemented PostgreSQL-backed user management with proper schema migrations
• Created auth middleware package for request authentication across services
• Added role-based access control system with admin, dj, and member roles
• Integrated CORS handling and trusted origins configuration

Database Schema Modernization

• Migrated from legacy DJ-centric schema to user-centric design
• Consolidated multiple migration files into clean, normalized schema
• Replaced DJ ID references with user ID throughout the application
• Added Better Auth required tables (users, sessions, accounts, verifications, jwks)
• Implemented proper foreign key relationships and constraints

Development Experience Improvements

• Added comprehensive npm scripts for development, building, testing, and database management
• Implemented Traefik reverse proxy for unified local development URLs
• Maintained the isolated CI testing environment with separate database
• Maintained and replaced automatic database initialization with migrations and seeding

Service Architecture

• Split monolithic application into auth service (port 8787) and backend service (port 8080)
• Implemented service-to-service communication for authentication verification
• Added health checks and proper service dependencies in Docker Compose
• Created build and deployment configurations for both services

Test Results

Tests are still intact and functional, with default users available for a CI environment. CI now cleans up after itself automatically, including removing orphan processes.

Results:

Technical Details

File Structure Changes

• Moved src/ contents to apps/backend/
• Created new apps/auth/ service with Better Auth implementation
• Established shared packages in packages/database/, packages/auth-middleware/, and packages/shared/
• Updated all import paths and dependencies to reflect new structure

Authentication Flow

• Users authenticate through /api/auth endpoints
• JWT tokens are verified by auth middleware in backend service
• Role-based permissions control access to different endpoints
• Support for both production authentication and development bypass mode

Database Changes

• Eliminated legacy DJ table in favor of unified users table
• Added role enum (station management, music direction, dj, guest*) for access control
• Normalized all foreign key relationships to reference user IDs
• Implemented proper Better Auth schema integration

*Note: guest access has been added in anticipation of anonymous authentication with better-auth,
which will permit DJs to ban abusive listeners/requestors from the app who have an anonymous session.

Testing and CI

• Updated test suite to work with new monorepo structure
• Added CI environment with isolated database for testing
• Maintained existing test coverage while adapting to new architecture, allowing auth to be tested one day