Initial scaffold: full-stack mRemotify monorepo

Sets up the complete mRemotify project — a browser-based remote
connection manager — with a working pnpm workspace monorepo:

Frontend (React + TypeScript + Vite + Ant Design 5):
- Login page with JWT auth
- Resizable sidebar with drag-and-drop connection tree (folders + connections)
- Tabbed session area (SSH via xterm.js, RDP via guacamole-common-js)
- Connection CRUD modal with SSH/RDP-specific fields
- Zustand store for auth, tree data, and open sessions

Backend (Fastify + TypeScript + Prisma + PostgreSQL):
- JWT authentication (login + /me endpoint)
- Full CRUD REST API for folders (self-referencing) and connections
- AES-256-CBC password encryption at rest
- WebSocket proxy for SSH sessions (ssh2 <-> xterm.js)
- WebSocket proxy for RDP sessions (guacd TCP handshake + bidirectional relay)
- Admin user seeding on first start

Infrastructure:
- Docker Compose: postgres (healthcheck) + guacd + backend + frontend/nginx
- nginx: serves SPA, proxies /api and /ws (with WebSocket upgrade) to backend
- .env.example with all required variables documented

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

backend/src/routes/auth.ts

@@ -0,0 +1,58 @@
+import { FastifyInstance, FastifyRequest, FastifyReply } from 'fastify';
+import bcrypt from 'bcryptjs';
+
+interface LoginBody {
+  username: string;
+  password: string;
+}
+
+export async function authRoutes(fastify: FastifyInstance) {
+  // POST /api/auth/login
+  fastify.post<{ Body: LoginBody }>(
+    '/login',
+    {
+      schema: {
+        body: {
+          type: 'object',
+          required: ['username', 'password'],
+          properties: {
+            username: { type: 'string' },
+            password: { type: 'string' },
+          },
+        },
+      },
+    },
+    async (request: FastifyRequest<{ Body: LoginBody }>, reply: FastifyReply) => {
+      const { username, password } = request.body;
+
+      const user = await fastify.prisma.user.findUnique({ where: { username } });
+      if (!user) {
+        return reply.status(401).send({ error: 'Invalid credentials' });
+      }
+
+      const valid = await bcrypt.compare(password, user.passwordHash);
+      if (!valid) {
+        return reply.status(401).send({ error: 'Invalid credentials' });
+      }
+
+      const token = fastify.jwt.sign(
+        { id: user.id, username: user.username },
+        { expiresIn: '12h' }
+      );
+
+      return reply.send({ token, user: { id: user.id, username: user.username } });
+    }
+  );
+
+  // GET /api/auth/me — verify token and return current user
+  fastify.get(
+    '/me',
+    { preHandler: [fastify.authenticate] },
+    async (request: FastifyRequest, reply: FastifyReply) => {
+      const payload = request.user as { id: string; username: string };
+      const user = await fastify.prisma.user.findUnique({ where: { id: payload.id } });
+      if (!user) return reply.status(404).send({ error: 'User not found' });
+      return reply.send({ id: user.id, username: user.username });
+    }
+  );
+}