Add multi-user authentication with JWT

- Users table with email/bcrypt-hashed password; register and login via /auth/ endpoints
- JWT tokens (30-day expiry) stored in localStorage; all API routes require Bearer auth
- All data (varieties, batches, settings, notification logs) scoped to the authenticated user
- Login/register screen overlays the app; sidebar shows user email and logout button
- Scheduler sends daily ntfy summaries for every configured user
- DB schema rewritten for multi-user; SECRET_KEY added to env

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

backend/routers/varieties.py

@@ -1,29 +1,31 @@
 from fastapi import APIRouter, Depends, HTTPException
 from sqlalchemy.orm import Session
 from typing import List
+
+from auth import get_current_user
 from database import get_db
-from models import Variety
-from schemas import VarietyCreate, VarietyUpdate, VarietyOut
+from models import User, Variety
+from schemas import VarietyCreate, VarietyOut, VarietyUpdate
 
 router = APIRouter(prefix="/varieties", tags=["varieties"])
 
 
 @router.get("/", response_model=List[VarietyOut])
-def list_varieties(db: Session = Depends(get_db)):
-    return db.query(Variety).order_by(Variety.category, Variety.name).all()
+def list_varieties(db: Session = Depends(get_db), current_user: User = Depends(get_current_user)):
+    return db.query(Variety).filter(Variety.user_id == current_user.id).order_by(Variety.category, Variety.name).all()
 
 
 @router.get("/{variety_id}", response_model=VarietyOut)
-def get_variety(variety_id: int, db: Session = Depends(get_db)):
-    v = db.query(Variety).filter(Variety.id == variety_id).first()
+def get_variety(variety_id: int, db: Session = Depends(get_db), current_user: User = Depends(get_current_user)):
+    v = db.query(Variety).filter(Variety.id == variety_id, Variety.user_id == current_user.id).first()
     if not v:
         raise HTTPException(status_code=404, detail="Variety not found")
     return v
 
 
 @router.post("/", response_model=VarietyOut, status_code=201)
-def create_variety(data: VarietyCreate, db: Session = Depends(get_db)):
-    v = Variety(**data.model_dump())
+def create_variety(data: VarietyCreate, db: Session = Depends(get_db), current_user: User = Depends(get_current_user)):
+    v = Variety(**data.model_dump(), user_id=current_user.id)
     db.add(v)
     db.commit()
     db.refresh(v)
@@ -31,8 +33,8 @@ def create_variety(data: VarietyCreate, db: Session = Depends(get_db)):
 
 
 @router.put("/{variety_id}", response_model=VarietyOut)
-def update_variety(variety_id: int, data: VarietyUpdate, db: Session = Depends(get_db)):
-    v = db.query(Variety).filter(Variety.id == variety_id).first()
+def update_variety(variety_id: int, data: VarietyUpdate, db: Session = Depends(get_db), current_user: User = Depends(get_current_user)):
+    v = db.query(Variety).filter(Variety.id == variety_id, Variety.user_id == current_user.id).first()
     if not v:
         raise HTTPException(status_code=404, detail="Variety not found")
     for field, value in data.model_dump().items():
@@ -43,8 +45,8 @@ def update_variety(variety_id: int, data: VarietyUpdate, db: Session = Depends(g
 
 
 @router.delete("/{variety_id}", status_code=204)
-def delete_variety(variety_id: int, db: Session = Depends(get_db)):
-    v = db.query(Variety).filter(Variety.id == variety_id).first()
+def delete_variety(variety_id: int, db: Session = Depends(get_db), current_user: User = Depends(get_current_user)):
+    v = db.query(Variety).filter(Variety.id == variety_id, Variety.user_id == current_user.id).first()
     if not v:
         raise HTTPException(status_code=404, detail="Variety not found")
     db.delete(v)