feat: multiple improvements to library functionality (#50)

## Summary

This PR implements several improvements to the library application:

- Added start and finish date tracking for media items
- Added "Retired" category for abandoned media
- Implemented avatar-based user menu with dropdown navigation
- Added automatic background token refresh to prevent session expiry
- Created centralised logging system with frontend-to-API log forwarding
- Added toast notifications for error handling

## Changes

### Media Tracking (#41)
- Added `dateStarted` and `dateFinished` fields to Books, Games, Manga, Music, and Shows
- Updated TypeScript types, Prisma schema, and API services
- Added manual date input fields to frontend forms
- Properly converts HTML date strings to Date objects before API submission

### Retired Category (#43)
- Added `RETIRED` status to all media type enums
- Updated Prisma schema, frontend dropdowns, and filter buttons
- Added status label handling for retired items

### User Menu (#46)
- Replaced username text with avatar image in header
- Created dropdown menu with navigation items (Users, Audit, Suggestions)
- Added logout button to menu
- Implemented keyboard accessibility (tabindex, role, keyup handlers)

### Token Refresh (#44)
- Implemented automatic token refresh every 13 minutes in background
- Added proactive refresh to prevent token expiry during form filling
- Prevents users from losing form data due to expired sessions

### Centralised Logging (#1)
- Created `/log` endpoint on API to receive frontend logs
- Replaced API console.log calls with @nhcarrigan/logger
- Created ConsoleLoggerService to intercept all console methods on frontend
- Added global error handlers (window.error, unhandledrejection) on frontend
- Added process error handlers (uncaughtException, unhandledRejection, SIGTERM, SIGINT) on API
- All frontend console activity now forwarded to centralised logging

### Error Handling
- Created ToastService and ToastComponent for displaying errors
- Integrated with GlobalErrorHandler and HTTP interceptor
- Added accessibility features (keyboard navigation, ARIA attributes)
- Set toast opacity to 40% for optimal readability

### Testing & Build
- Fixed pre-existing test failure for GET / route (now returns version info)
- Added ESM module mocking (jsdom, marked, dompurify, @nhcarrigan/logger)
- Configured Jest with isolatedModules to handle TypeScript errors
- Excluded test-setup.ts from production build
- All tests passing (123 total)
- Build passing with no errors

## Test Plan

- [x] All tests pass (123 tests)
- [x] Build passes without errors
- [x] Lint passes (only pre-existing warnings)
- [x] Date fields work correctly on all media types
- [x] Retired status displays and filters properly
- [x] Avatar menu opens/closes correctly with keyboard and mouse
- [x] Token refresh prevents session expiry
- [x] Toast notifications appear for errors
- [x] Frontend logs forward to API successfully
- [x] Root route returns version information

Closes #41
Closes #43
Closes #44
Closes #46
Closes #1

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: Hikari <hikari@nhcarrigan.com>
Reviewed-on: #50
Co-authored-by: Naomi Carrigan <commits@nhcarrigan.com>
Co-committed-by: Naomi Carrigan <commits@nhcarrigan.com>

shared-types/test/auth.types.spec.ts

@@ -0,0 +1,118 @@
+/**
+ * @copyright NHCarrigan
+ * @license Naomi's Public License
+ * @author Naomi Carrigan
+ */
+
+import type { AuthResponse, JwtPayload, User } from "../src/lib/auth.types";
+
+describe("auth Types", () => {
+  describe("user interface", () => {
+    it("should accept valid user objects", () => {
+      const userWithAvatar: User = {
+        avatar:    "https://example.com/avatar.png",
+        discordId: "discord123",
+        email:     "test@example.com",
+        id:        "user123",
+        inDiscord: true,
+        isAdmin:   true,
+        isBanned:  false,
+        isMod:     true,
+        isStaff:   true,
+        isVip:     false,
+        username:  "testuser",
+      };
+
+      const userWithoutAvatar: User = {
+        discordId: "discord456",
+        email:     "another@example.com",
+        id:        "user456",
+        inDiscord: false,
+        isAdmin:   false,
+        isBanned:  false,
+        isMod:     false,
+        isStaff:   false,
+        isVip:     true,
+        username:  "anotheruser",
+      };
+
+      expect(userWithAvatar.avatar).toBe("https://example.com/avatar.png");
+      expect(userWithoutAvatar.avatar).toBeUndefined();
+      expect(userWithAvatar.isAdmin).toBeTruthy();
+      expect(userWithoutAvatar.isVip).toBeTruthy();
+    });
+
+    it("should handle all boolean flags correctly", () => {
+      const bannedUser: User = {
+        discordId: "discord789",
+        email:     "banned@example.com",
+        id:        "banned123",
+        inDiscord: false,
+        isAdmin:   false,
+        isBanned:  true,
+        isMod:     false,
+        isStaff:   false,
+        isVip:     false,
+        username:  "banneduser",
+      };
+
+      expect(bannedUser.isBanned).toBeTruthy();
+      expect(bannedUser.isAdmin).toBeFalsy();
+      expect(bannedUser.inDiscord).toBeFalsy();
+    });
+  });
+
+  describe("jwtPayload interface", () => {
+    it("should accept JWT payload with required fields", () => {
+      const payload: JwtPayload = {
+        email:    "test@example.com",
+        isAdmin:  false,
+        sub:      "user123",
+        username: "testuser",
+      };
+
+      expect(payload.sub).toBe("user123");
+      expect(payload.iat).toBeUndefined();
+      expect(payload.exp).toBeUndefined();
+    });
+
+    it("should accept JWT payload with timestamps", () => {
+      const now = Math.floor(Date.now() / 1000);
+      const payloadWithTimestamps: JwtPayload = {
+        email:    "another@example.com",
+        exp:      now + 3600,
+        iat:      now,
+        isAdmin:  true,
+        sub:      "user456",
+        username: "anotheruser", // 1 hour
+      };
+
+      expect(payloadWithTimestamps.iat).toBe(now);
+      expect(payloadWithTimestamps.exp).toBe(now + 3600);
+    });
+  });
+
+  describe("authResponse interface", () => {
+    it("should accept valid auth response", () => {
+      const authResponse: AuthResponse = {
+        accessToken: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
+        user:        {
+          avatar:    "https://example.com/avatar.png",
+          discordId: "discord123",
+          email:     "test@example.com",
+          id:        "user123",
+          inDiscord: true,
+          isAdmin:   false,
+          isBanned:  false,
+          isMod:     false,
+          isStaff:   false,
+          isVip:     false,
+          username:  "testuser",
+        },
+      };
+
+      expect(authResponse.accessToken).toContain("eyJ");
+      expect(authResponse.user.username).toBe("testuser");
+    });
+  });
+});