feat: initial prototype works

I can log in and create a book! Woo!

api/src/app/routes/auth/index.ts

@@ -1,32 +1,31 @@
 import { FastifyPluginAsync } from "fastify";
-import { AuthService } from "../services/auth.service";
+import { AuthService } from "../../services/auth.service";
 import { AuthResponse } from "@library/shared-types";
 
 const authRoutes: FastifyPluginAsync = async (app) => {
   const authService = new AuthService(app);
 
-  /**
-   * Initiate Discord OAuth login.
-   */
-  app.get("/login", async (request, reply) => {
-    const authUrl = app.oauth2Discord.generateAuthorizationUri({
-      scope: ["identify", "email"],
-    });
-
-    return reply.redirect(authUrl);
-  });
-
   /**
    * Discord OAuth callback.
    */
   app.get("/callback", async (request, reply) => {
     try {
-      const token = await app.oauth2Discord.getAccessTokenFromAuthorizationCodeFlow(
+      const tokenResult = await app.oauth2Discord.getAccessTokenFromAuthorizationCodeFlow(
         request
       );
 
-      // Get user data from Discord
-      const userData = await app.oauth2Discord.userinfo(token.access_token);
+      // Get user data from Discord API
+      const discordResponse = await fetch("https://discord.com/api/users/@me", {
+        headers: {
+          Authorization: `Bearer ${tokenResult.token.access_token}`,
+        },
+      });
+
+      if (!discordResponse.ok) {
+        throw new Error("Failed to fetch Discord user data");
+      }
+
+      const userData = await discordResponse.json();
 
       // Create or update user in database
       const user = await authService.createOrUpdateUserFromDiscord(userData);
@@ -43,12 +42,12 @@ const authRoutes: FastifyPluginAsync = async (app) => {
           sameSite: "lax",
           maxAge: 7 * 24 * 60 * 60, // 7 days
         })
-        .redirect(process.env.FRONTEND_URL || "http://localhost:4200");
+        .redirect("/"); // Redirect to root since API serves frontend
     } catch (error) {
-      app.log.error(error);
+      app.log.error({ err: error }, "Auth callback error");
       reply
         .code(401)
-        .send({ error: "Authentication failed" });
+        .send({ error: "Authentication failed", details: error instanceof Error ? error.message : String(error) });
     }
   });
 

api/src/app/routes/books/index.ts

@@ -0,0 +1,80 @@
+/**
+ * @copyright 2026 NHCarrigan
+ * @license Naomi's Public License
+ * @author Naomi Carrigan
+ */
+
+import { FastifyPluginAsync } from "fastify";
+import { Book, CreateBookDto, UpdateBookDto } from "@library/shared-types";
+import { BookService } from "../../services/book.service";
+import { adminGuard } from "../../middleware/admin-guard";
+
+const booksRoutes: FastifyPluginAsync = async (app) => {
+  const bookService = new BookService();
+
+  /**
+   * Get all books (public route).
+   */
+  app.get<{ Reply: Book[] }>("/", async () => {
+    return bookService.getAllBooks();
+  });
+
+  /**
+   * Get single book by ID (public route).
+   */
+  app.get<{ Params: { id: string }; Reply: Book | null }>(
+    "/:id",
+    async (request) => {
+      const { id } = request.params;
+      return bookService.getBookById(id);
+    }
+  );
+
+  /**
+   * Create new book (admin only).
+   */
+  app.post<{ Body: CreateBookDto; Reply: Book }>(
+    "/",
+    {
+      preValidation: [app.authenticate, adminGuard],
+    },
+    async (request) => {
+      return bookService.createBook(request.body);
+    }
+  );
+
+  /**
+   * Update book by ID (admin only).
+   */
+  app.put<{
+    Params: { id: string };
+    Body: UpdateBookDto;
+    Reply: Book | null;
+  }>(
+    "/:id",
+    {
+      preValidation: [app.authenticate, adminGuard],
+    },
+    async (request) => {
+      const { id } = request.params;
+      return bookService.updateBook(id, request.body);
+    }
+  );
+
+  /**
+   * Delete book by ID (admin only).
+   */
+  app.delete<{ Params: { id: string }; Reply: { success: boolean } }>(
+    "/:id",
+    {
+      preValidation: [app.authenticate, adminGuard],
+    },
+    async (request) => {
+      const { id } = request.params;
+      await bookService.deleteBook(id);
+      return { success: true };
+    }
+  );
+};
+
+export default booksRoutes;

api/src/app/routes/games/index.ts

@@ -5,22 +5,16 @@
  */
 
 import { FastifyPluginAsync } from "fastify";
-import { PrismaClient } from "../../../generated/prisma";
-import { Game, GameStatus } from "@library/shared-types";
+import { Game, CreateGameDto, UpdateGameDto } from "@library/shared-types";
+import { GameService } from "../../services/game.service";
 import { adminGuard } from "../../middleware/admin-guard";
 
 const gamesRoutes: FastifyPluginAsync = async (app) => {
-  const prisma = new PrismaClient();
+  const gameService = new GameService();
 
   // Get all games (public route)
   app.get<{ Reply: Game[] }>("/", async () => {
-    const games = await prisma.game.findMany({
-      orderBy: { updatedAt: "desc" },
-    });
-    return games.map((game) => ({
-      ...game,
-      status: game.status.toLowerCase() as GameStatus,
-    }));
+    return gameService.getAllGames();
   });
 
   // Get single game (public route)
@@ -28,64 +22,34 @@ const gamesRoutes: FastifyPluginAsync = async (app) => {
     "/:id",
     async (request) => {
       const { id } = request.params;
-      const game = await prisma.game.findUnique({
-        where: { id },
-      });
-      if (!game) return null;
-      return {
-        ...game,
-        status: game.status.toLowerCase() as GameStatus,
-      };
+      return gameService.getGameById(id);
     }
   );
 
   // Create game (protected admin route)
-  app.post<{ Body: Omit<Game, "id" | "createdAt" | "updatedAt">; Reply: Game }>(
+  app.post<{ Body: CreateGameDto; Reply: Game }>(
     "/",
     {
       preValidation: [app.authenticate, adminGuard],
     },
-    async (request, reply) => {
-
-      const game = await prisma.game.create({
-        data: {
-          ...request.body,
-          status: request.body.status.toUpperCase() as any,
-        },
-      });
-      return {
-        ...game,
-        status: game.status.toLowerCase() as GameStatus,
-      };
+    async (request) => {
+      return gameService.createGame(request.body);
     }
   );
 
   // Update game (protected admin route)
   app.put<{
     Params: { id: string };
-    Body: Partial<Omit<Game, "id" | "createdAt" | "updatedAt">>;
+    Body: UpdateGameDto;
     Reply: Game | null;
   }>(
     "/:id",
     {
       preValidation: [app.authenticate, adminGuard],
     },
-    async (request, reply) => {
-
+    async (request) => {
       const { id } = request.params;
-      const updateData = { ...request.body };
-      if (updateData.status) {
-        updateData.status = updateData.status.toUpperCase() as any;
-      }
-
-      const game = await prisma.game.update({
-        where: { id },
-        data: updateData,
-      });
-      return {
-        ...game,
-        status: game.status.toLowerCase() as GameStatus,
-      };
+      return gameService.updateGame(id, request.body);
     }
   );
 
@@ -95,12 +59,9 @@ const gamesRoutes: FastifyPluginAsync = async (app) => {
     {
       preValidation: [app.authenticate, adminGuard],
     },
-    async (request, reply) => {
-
+    async (request) => {
       const { id } = request.params;
-      await prisma.game.delete({
-        where: { id },
-      });
+      await gameService.deleteGame(id);
       return { success: true };
     }
   );

api/src/app/routes/music/index.ts

@@ -0,0 +1,80 @@
+/**
+ * @copyright 2026 NHCarrigan
+ * @license Naomi's Public License
+ * @author Naomi Carrigan
+ */
+
+import { FastifyPluginAsync } from "fastify";
+import { Music, CreateMusicDto, UpdateMusicDto } from "@library/shared-types";
+import { MusicService } from "../../services/music.service";
+import { adminGuard } from "../../middleware/admin-guard";
+
+const musicRoutes: FastifyPluginAsync = async (app) => {
+  const musicService = new MusicService();
+
+  /**
+   * Get all music (public route).
+   */
+  app.get<{ Reply: Music[] }>("/", async () => {
+    return musicService.getAllMusic();
+  });
+
+  /**
+   * Get single music item by ID (public route).
+   */
+  app.get<{ Params: { id: string }; Reply: Music | null }>(
+    "/:id",
+    async (request) => {
+      const { id } = request.params;
+      return musicService.getMusicById(id);
+    }
+  );
+
+  /**
+   * Create new music item (admin only).
+   */
+  app.post<{ Body: CreateMusicDto; Reply: Music }>(
+    "/",
+    {
+      preValidation: [app.authenticate, adminGuard],
+    },
+    async (request) => {
+      return musicService.createMusic(request.body);
+    }
+  );
+
+  /**
+   * Update music item by ID (admin only).
+   */
+  app.put<{
+    Params: { id: string };
+    Body: UpdateMusicDto;
+    Reply: Music | null;
+  }>(
+    "/:id",
+    {
+      preValidation: [app.authenticate, adminGuard],
+    },
+    async (request) => {
+      const { id } = request.params;
+      return musicService.updateMusic(id, request.body);
+    }
+  );
+
+  /**
+   * Delete music item by ID (admin only).
+   */
+  app.delete<{ Params: { id: string }; Reply: { success: boolean } }>(
+    "/:id",
+    {
+      preValidation: [app.authenticate, adminGuard],
+    },
+    async (request) => {
+      const { id } = request.params;
+      await musicService.deleteMusic(id);
+      return { success: true };
+    }
+  );
+};
+
+export default musicRoutes;