Add user authentication with login/register

- Add users and sessions tables to database schema
- Add bcryptjs for password hashing
- Create auth API routes (login, register, logout, me)
- Add AuthProvider context for client-side auth state
- Update all API routes to require authentication and filter by userId
- Create login and register pages
- Add AppShell component for authenticated layout
- Update all pages to use AppShell and show user info
- Each user now has their own private entries and tags

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

README.md

@@ -4,6 +4,7 @@ A calm, private gratitude and mood log. No streaks, no gamification—just a sim
 
 ## Features
 
+- **User accounts**: Each user has their own private entries and tags
 - **Quick check-in**: One prompt, optional mood, optional tags. Entry capture takes 10-20 seconds.
 - **Autosave**: No save button needed. Your entry saves automatically as you type.
 - **Timeline**: View all entries in reverse chronological order with filters.
@@ -22,6 +23,10 @@ docker compose up -d
 
 The app will be available at `http://localhost:6124`.
 
+1. Navigate to the app and click "Create one" to register
+2. Enter your email, password, and optional name
+3. Start logging your gratitude!
+
 ### Manual Setup
 
 1. Install dependencies:
@@ -77,10 +82,19 @@ The database is created automatically when you run migrations. In Docker, the `.
 
 ### Schema
 
+- **users**: User accounts with email and password hash
+- **sessions**: Session tokens for authentication (30-day expiry)
 - **entries**: Main gratitude entries with date, text, optional mood (1-5), rough day flag, and timestamps
-- **tags**: Normalized tag names
+- **tags**: Normalized tag names per user
 - **entry_tags**: Junction table linking entries to tags
 
+## Authentication
+
+- Session-based authentication with HTTP-only cookies
+- Passwords are hashed with bcrypt
+- Sessions expire after 30 days
+- Each user can only see their own entries and tags
+
 ## Export
 
 Navigate to `/export` or use the Export tab to download your data:
@@ -88,7 +102,7 @@ Navigate to `/export` or use the Export tab to download your data:
 - **Markdown**: Human-readable format, grouped by date, includes mood and tags
 - **JSON**: Full data export with all fields and timestamps
 
-Exports include all entries regardless of filters.
+Exports include all entries for the logged-in user.
 
 ## Configuration
 
@@ -115,16 +129,39 @@ ports:
 - **Language**: TypeScript
 - **Styling**: Tailwind CSS 4
 - **Database**: SQLite with Drizzle ORM
+- **Authentication**: bcryptjs for password hashing
 - **Icons**: Lucide React
 
+## API Routes
+
+### Authentication
+- `POST /api/auth/register` - Create new account
+- `POST /api/auth/login` - Sign in
+- `POST /api/auth/logout` - Sign out
+- `GET /api/auth/me` - Get current user
+
+### Entries
+- `GET /api/entries` - List entries (with optional filters)
+- `POST /api/entries` - Create or update entry for a date
+- `GET /api/entries/[id]` - Get single entry
+- `PATCH /api/entries/[id]` - Update entry
+- `DELETE /api/entries/[id]` - Delete entry
+
+### Tags
+- `GET /api/tags` - Get recent/search tags
+
+### Export
+- `POST /api/export` - Export all entries (markdown or json)
+
 ## Future Extension Points
 
 These features are not implemented but the architecture supports them:
 
-- **Cloud sync**: Add authentication and a sync service to enable cross-device access
+- **Cloud sync**: Add a sync service to enable cross-device access
 - **LLM summaries**: Integrate with an LLM API to generate monthly reflections
 - **Notifications**: Add push notifications for daily reminders
 - **Import**: Add an import endpoint to restore from JSON exports
+- **OAuth**: Add social login providers
 
 ## License