feat: upgrade next-auth to v5.0.0-beta.29 and refactor authentication middleware

- Updated next-auth dependency in package.json to version 5.0.0-beta.29.
- Refactored create-admin script to use a valid email format.
- Implemented authentication middleware for various API routes to enforce access control.
- Refactored API route handlers to improve readability and maintainability.
- Enhanced error handling in authentication error page.
- Added detailed tests for authentication flow, including protected routes and NextAuth endpoints.

src/app/api/tasks/[id]/route.js

@@ -1,8 +1,9 @@
 import db from "@/lib/db";
 import { NextResponse } from "next/server";
+import { withReadAuth, withUserAuth } from "@/lib/middleware/auth";
 
 // GET: Get a specific task template
-export async function GET(req, { params }) {
+async function getTaskHandler(req, { params }) {
 	try {
 		const template = db
 			.prepare("SELECT * FROM tasks WHERE task_id = ? AND is_standard = 1")
@@ -25,7 +26,7 @@ export async function GET(req, { params }) {
 }
 
 // PUT: Update a task template
-export async function PUT(req, { params }) {
+async function updateTaskHandler(req, { params }) {
 	try {
 		const { name, max_wait_days, description } = await req.json();
 
@@ -58,7 +59,7 @@ export async function PUT(req, { params }) {
 }
 
 // DELETE: Delete a task template
-export async function DELETE(req, { params }) {
+async function deleteTaskHandler(req, { params }) {
 	try {
 		const result = db
 			.prepare("DELETE FROM tasks WHERE task_id = ? AND is_standard = 1")
@@ -79,3 +80,8 @@ export async function DELETE(req, { params }) {
 		);
 	}
 }
+
+// Protected routes - require authentication
+export const GET = withReadAuth(getTaskHandler);
+export const PUT = withUserAuth(updateTaskHandler);
+export const DELETE = withUserAuth(deleteTaskHandler);