Add multi-user authentication with JWT

- Users table with email/bcrypt-hashed password; register and login via /auth/ endpoints
- JWT tokens (30-day expiry) stored in localStorage; all API routes require Bearer auth
- All data (varieties, batches, settings, notification logs) scoped to the authenticated user
- Login/register screen overlays the app; sidebar shows user email and logout button
- Scheduler sends daily ntfy summaries for every configured user
- DB schema rewritten for multi-user; SECRET_KEY added to env

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

backend/routers/batches.py

@@ -1,36 +1,39 @@
 from fastapi import APIRouter, Depends, HTTPException
 from sqlalchemy.orm import Session, joinedload
 from typing import List
+
+from auth import get_current_user
 from database import get_db
-from models import Batch, Variety
-from schemas import BatchCreate, BatchUpdate, BatchOut
+from models import Batch, User, Variety
+from schemas import BatchCreate, BatchOut, BatchUpdate
 
 router = APIRouter(prefix="/batches", tags=["batches"])
 
 
 @router.get("/", response_model=List[BatchOut])
-def list_batches(db: Session = Depends(get_db)):
+def list_batches(db: Session = Depends(get_db), current_user: User = Depends(get_current_user)):
     return (
         db.query(Batch)
         .options(joinedload(Batch.variety))
+        .filter(Batch.user_id == current_user.id)
         .order_by(Batch.sow_date.desc().nullslast(), Batch.created_at.desc())
         .all()
     )
 
 
 @router.get("/{batch_id}", response_model=BatchOut)
-def get_batch(batch_id: int, db: Session = Depends(get_db)):
-    b = db.query(Batch).options(joinedload(Batch.variety)).filter(Batch.id == batch_id).first()
+def get_batch(batch_id: int, db: Session = Depends(get_db), current_user: User = Depends(get_current_user)):
+    b = db.query(Batch).options(joinedload(Batch.variety)).filter(Batch.id == batch_id, Batch.user_id == current_user.id).first()
     if not b:
         raise HTTPException(status_code=404, detail="Batch not found")
     return b
 
 
 @router.post("/", response_model=BatchOut, status_code=201)
-def create_batch(data: BatchCreate, db: Session = Depends(get_db)):
-    if not db.query(Variety).filter(Variety.id == data.variety_id).first():
+def create_batch(data: BatchCreate, db: Session = Depends(get_db), current_user: User = Depends(get_current_user)):
+    if not db.query(Variety).filter(Variety.id == data.variety_id, Variety.user_id == current_user.id).first():
         raise HTTPException(status_code=404, detail="Variety not found")
-    b = Batch(**data.model_dump())
+    b = Batch(**data.model_dump(), user_id=current_user.id)
     db.add(b)
     db.commit()
     db.refresh(b)
@@ -38,8 +41,8 @@ def create_batch(data: BatchCreate, db: Session = Depends(get_db)):
 
 
 @router.put("/{batch_id}", response_model=BatchOut)
-def update_batch(batch_id: int, data: BatchUpdate, db: Session = Depends(get_db)):
-    b = db.query(Batch).filter(Batch.id == batch_id).first()
+def update_batch(batch_id: int, data: BatchUpdate, db: Session = Depends(get_db), current_user: User = Depends(get_current_user)):
+    b = db.query(Batch).filter(Batch.id == batch_id, Batch.user_id == current_user.id).first()
     if not b:
         raise HTTPException(status_code=404, detail="Batch not found")
     for field, value in data.model_dump().items():
@@ -50,8 +53,8 @@ def update_batch(batch_id: int, data: BatchUpdate, db: Session = Depends(get_db)
 
 
 @router.delete("/{batch_id}", status_code=204)
-def delete_batch(batch_id: int, db: Session = Depends(get_db)):
-    b = db.query(Batch).filter(Batch.id == batch_id).first()
+def delete_batch(batch_id: int, db: Session = Depends(get_db), current_user: User = Depends(get_current_user)):
+    b = db.query(Batch).filter(Batch.id == batch_id, Batch.user_id == current_user.id).first()
     if not b:
         raise HTTPException(status_code=404, detail="Batch not found")
     db.delete(b)