feat: base64 uploads, reusable forms, Discord roles, and UX improvements (#66)

## Summary

This PR includes multiple feature additions and fixes to improve the library application:

### 🎨 Base64 Image Upload Support
- Fixed Fastify body limit (1MB → 10MB) to accommodate base64-encoded images
- Corrected base64 size calculation and validation logic
- Improved error handling with proper 400 status codes and helpful messages
- Removed duplicate validation that was blocking uploads
- Users can now upload cover images up to 5MB (decoded size)

### 📝 Reusable Form Components
- Created 6 form components: `GameForm`, `BookForm`, `MusicForm`, `ShowForm`, `MangaForm`, `ArtForm`
- All forms support both 'add' and 'edit' modes with pre-population
- Integrated inline editing into all detail views (edit/delete buttons)
- Enhanced admin suggestions workflow with full forms instead of basic modals
- Added scroll-to-top when clicking edit in list views for better UX

### 🖼️ Default Cover Image
- Added beautiful library reading image as default cover for all media types
- Fixed static asset serving to use correct MIME types
- Updated all 12 components (6 list views + 6 detail views) to always show images

### 🔒 Tiered Rate Limiting
- Unauthenticated users: 100 requests/minute
- Authenticated users: 500 requests/minute (5x more lenient)
- Admin users: No rate limits (complete bypass via allowList)

### 🎮 Discord Integration
- Auto-assign library member role to users in NHCarrigan Discord server
- Checks server membership on every login
- Only assigns role if user is in server and doesn't have it yet
- Graceful error handling without blocking login
- Similar pattern to badge refresh flow

### 📚 Documentation
- Added comprehensive CLAUDE.md with:
  - Project structure and tech stack
  - Development workflow and commands
  - Database schema documentation
  - Authentication flow details
  - Security features
  - Code style conventions
  - Common gotchas and solutions

## Test Plan

- [x] Base64 image uploads work for cover images up to 5MB
- [x] Helpful error messages appear for validation failures
- [x] Edit/delete buttons appear on all detail views for admin users
- [x] Inline edit forms display and save correctly
- [x] Admin suggestions workflow uses full forms for all media types
- [x] Scroll-to-top works when editing from list views
- [x] Default cover image displays when no cover is provided
- [x] Static assets serve with correct MIME types
- [x] Rate limiting works correctly for different user types
- [x] Discord role assignment works on login
- [x] All builds pass without errors
- [x] No TypeScript errors

## Related Issues

Closes #65 - Base64 image upload issue

✨ This pull request was created with help from Hikari~ 🌸

Reviewed-on: #66
Co-authored-by: Hikari <hikari@nhcarrigan.com>
Co-committed-by: Hikari <hikari@nhcarrigan.com>

api/src/app/routes/auth/index.ts

@@ -102,6 +102,53 @@ const authRoutes: FastifyPluginAsync = async (app) => {
         request
       );
 
+      // Assign library member role if user is in Discord server but doesn't have it
+      const libraryRoleId = process.env.LIBRARY_ROLE_ID;
+      if (inDiscord && guildId && libraryRoleId) {
+        try {
+          const memberResponse = await fetch(
+            `https://discord.com/api/users/@me/guilds/${guildId}/member`,
+            {
+              headers: {
+                Authorization: `Bearer ${tokenResult.token.access_token}`,
+              },
+            }
+          );
+
+          if (memberResponse.ok) {
+            const memberData = await memberResponse.json() as { roles: string[] };
+            const hasLibraryRole = memberData.roles.includes(libraryRoleId);
+
+            if (!hasLibraryRole) {
+              const botToken = process.env.DISCORD_BOT_TOKEN;
+              if (botToken) {
+                const assignRoleResponse = await fetch(
+                  `https://discord.com/api/v10/guilds/${guildId}/members/${userData.id}/roles/${libraryRoleId}`,
+                  {
+                    method: "PUT",
+                    headers: {
+                      Authorization: `Bot ${botToken}`,
+                      "Content-Type": "application/json",
+                    },
+                  }
+                );
+
+                if (assignRoleResponse.ok || assignRoleResponse.status === 204) {
+                  app.log.info(`Assigned library role to user ${user.username} (${user.id})`);
+                } else {
+                  app.log.error(
+                    `Failed to assign library role to user ${user.username}: ${assignRoleResponse.status}`
+                  );
+                }
+              }
+            }
+          }
+        } catch (error) {
+          // Don't fail the login if role assignment fails
+          app.log.error({ err: error }, "Error assigning library role");
+        }
+      }
+
       // Set signed cookies and redirect to frontend
       reply
         .setCookie("auth-token", accessToken, {

api/src/app/routes/games/index.ts

@@ -41,22 +41,29 @@ const gamesRoutes: FastifyPluginAsync = async (app) => {
   );
 
   // Create game (protected admin route)
-  app.post<{ Body: CreateGameDto; Reply: Game }>(
+  app.post<{ Body: CreateGameDto; Reply: Game | { error: string } }>(
     "/",
     {
       preValidation: [app.authenticate, adminGuard],
       preHandler: [app.csrfProtection],
     },
-    async (request) => {
-      const game = await gameService.createGame(request.body);
-      await AuditService.logFromRequest(request, {
-        action: AuditAction.entryCreate,
-        category: AuditCategory.content,
-        resourceType: "game",
-        resourceId: game.id,
-        details: `Created game: ${game.title}`,
-      });
-      return game;
+    async (request, reply) => {
+      try {
+        const game = await gameService.createGame(request.body);
+        await AuditService.logFromRequest(request, {
+          action: AuditAction.entryCreate,
+          category: AuditCategory.content,
+          resourceType: "game",
+          resourceId: game.id,
+          details: `Created game: ${game.title}`,
+        });
+        return game;
+      } catch (error) {
+        if (error instanceof Error) {
+          return reply.code(400).send({ error: error.message });
+        }
+        throw error;
+      }
     }
   );
 
@@ -64,26 +71,33 @@ const gamesRoutes: FastifyPluginAsync = async (app) => {
   app.put<{
     Params: { id: string };
     Body: UpdateGameDto;
-    Reply: Game | null;
+    Reply: Game | null | { error: string };
   }>(
     "/:id",
     {
       preValidation: [app.authenticate, adminGuard],
       preHandler: [app.csrfProtection],
     },
-    async (request) => {
-      const { id } = request.params;
-      const game = await gameService.updateGame(id, request.body);
-      if (game) {
-        await AuditService.logFromRequest(request, {
-          action: AuditAction.entryUpdate,
-          category: AuditCategory.content,
-          resourceType: "game",
-          resourceId: id,
-          details: `Updated game: ${game.title}`,
-        });
+    async (request, reply) => {
+      try {
+        const { id } = request.params;
+        const game = await gameService.updateGame(id, request.body);
+        if (game) {
+          await AuditService.logFromRequest(request, {
+            action: AuditAction.entryUpdate,
+            category: AuditCategory.content,
+            resourceType: "game",
+            resourceId: id,
+            details: `Updated game: ${game.title}`,
+          });
+        }
+        return game;
+      } catch (error) {
+        if (error instanceof Error) {
+          return reply.code(400).send({ error: error.message });
+        }
+        throw error;
       }
-      return game;
     }
   );