feat: auth service + security audit fixes + cleanup legacy services

Major changes:
- Add auth-svc: JWT auth, register/login/refresh, password reset
- Add auth UI: modals, pages (/login, /register, /forgot-password)
- Add usage tracking (usage_metrics table, daily limits)
- Add tiered rate limiting (free/pro/business)
- Add LLM usage limits per tier

Security fixes:
- All repos now require userID for Update/Delete operations
- JWT middleware in chat-svc, llm-svc, agent-svc, discover-svc
- ErrNotFound/ErrForbidden errors for proper access control

Cleanup:
- Remove legacy TypeScript services/ directory
- Remove computer-svc (to be reimplemented)
- Remove old deploy/docker configs

New files:
- backend/cmd/auth-svc/main.go
- backend/internal/auth/{types,repository}.go
- backend/internal/usage/{types,repository}.go
- backend/pkg/middleware/{llm_limits,ratelimit_tiered}.go
- backend/webui/src/components/auth/*
- backend/webui/src/app/(auth)/*

Made-with: Cursor

backend/internal/db/page_repo.go

@@ -182,27 +182,41 @@ func (r *PageRepository) GetByUserID(ctx context.Context, userID string, limit,
 	return pagesList, nil
 }
 
-func (r *PageRepository) Update(ctx context.Context, p *pages.Page) error {
+func (r *PageRepository) Update(ctx context.Context, p *pages.Page, userID string) error {
 	sectionsJSON, _ := json.Marshal(p.Sections)
 	sourcesJSON, _ := json.Marshal(p.Sources)
 
 	query := `
 		UPDATE pages 
 		SET title = $2, subtitle = $3, sections = $4, sources = $5, thumbnail = $6, is_public = $7, updated_at = NOW()
-		WHERE id = $1
+		WHERE id = $1 AND user_id = $8
 	`
-	_, err := r.db.db.ExecContext(ctx, query,
-		p.ID, p.Title, p.Subtitle, sectionsJSON, sourcesJSON, p.Thumbnail, p.IsPublic,
+	result, err := r.db.db.ExecContext(ctx, query,
+		p.ID, p.Title, p.Subtitle, sectionsJSON, sourcesJSON, p.Thumbnail, p.IsPublic, userID,
 	)
-	return err
+	if err != nil {
+		return err
+	}
+	rows, _ := result.RowsAffected()
+	if rows == 0 {
+		return ErrNotFound
+	}
+	return nil
 }
 
-func (r *PageRepository) SetShareID(ctx context.Context, pageID, shareID string) error {
-	_, err := r.db.db.ExecContext(ctx,
-		"UPDATE pages SET share_id = $2, is_public = true WHERE id = $1",
-		pageID, shareID,
+func (r *PageRepository) SetShareID(ctx context.Context, pageID, shareID, userID string) error {
+	result, err := r.db.db.ExecContext(ctx,
+		"UPDATE pages SET share_id = $2, is_public = true WHERE id = $1 AND user_id = $3",
+		pageID, shareID, userID,
 	)
-	return err
+	if err != nil {
+		return err
+	}
+	rows, _ := result.RowsAffected()
+	if rows == 0 {
+		return ErrNotFound
+	}
+	return nil
 }
 
 func (r *PageRepository) IncrementViewCount(ctx context.Context, id string) error {
@@ -213,7 +227,14 @@ func (r *PageRepository) IncrementViewCount(ctx context.Context, id string) erro
 	return err
 }
 
-func (r *PageRepository) Delete(ctx context.Context, id string) error {
-	_, err := r.db.db.ExecContext(ctx, "DELETE FROM pages WHERE id = $1", id)
-	return err
+func (r *PageRepository) Delete(ctx context.Context, id, userID string) error {
+	result, err := r.db.db.ExecContext(ctx, "DELETE FROM pages WHERE id = $1 AND user_id = $2", id, userID)
+	if err != nil {
+		return err
+	}
+	rows, _ := result.RowsAffected()
+	if rows == 0 {
+		return ErrNotFound
+	}
+	return nil
 }