feat: upgrade next-auth to v5.0.0-beta.29 and refactor authentication middleware

- Updated next-auth dependency in package.json to version 5.0.0-beta.29.
- Refactored create-admin script to use a valid email format.
- Implemented authentication middleware for various API routes to enforce access control.
- Refactored API route handlers to improve readability and maintainability.
- Enhanced error handling in authentication error page.
- Added detailed tests for authentication flow, including protected routes and NextAuth endpoints.

src/app/api/notes/route.js

@@ -1,7 +1,8 @@
 import db from "@/lib/db";
 import { NextResponse } from "next/server";
+import { withUserAuth } from "@/lib/middleware/auth";
 
-export async function POST(req) {
+async function createNoteHandler(req) {
 	const { project_id, task_id, note } = await req.json();
 
 	if (!note || (!project_id && !task_id)) {
@@ -18,7 +19,7 @@ export async function POST(req) {
 	return NextResponse.json({ success: true });
 }
 
-export async function DELETE(_, { params }) {
+async function deleteNoteHandler(_, { params }) {
 	const { id } = params;
 
 	db.prepare("DELETE FROM notes WHERE note_id = ?").run(id);
@@ -26,7 +27,7 @@ export async function DELETE(_, { params }) {
 	return NextResponse.json({ success: true });
 }
 
-export async function PUT(req, { params }) {
+async function updateNoteHandler(req, { params }) {
 	const noteId = params.id;
 	const { note } = await req.json();
 
@@ -42,3 +43,8 @@ export async function PUT(req, { params }) {
 
 	return NextResponse.json({ success: true });
 }
+
+// Protected routes - require authentication
+export const POST = withUserAuth(createNoteHandler);
+export const DELETE = withUserAuth(deleteNoteHandler);
+export const PUT = withUserAuth(updateNoteHandler);