feat: Implement email/password and X OAuth authentication, replacing the dev-login mechanism.

test/server.test.js

@@ -16,7 +16,8 @@ function createRuntimeConfig() {
     appBaseUrl: "http://localhost:3000",
     betterAuthSecret: "test-better-auth-secret",
     betterAuthBasePath: "/api/auth",
-    betterAuthDevPassword: "xartaudio-dev-password",
+    xOAuthClientId: "",
+    xOAuthClientSecret: "",
     internalApiToken: "",
     convexDeploymentUrl: "",
     convexAuthToken: "",
@@ -132,10 +133,19 @@ test("createRuntime falls back to in-memory state when initial load fails", asyn
   assert.equal(warnings.length, 1);
   assert.match(String(warnings[0].message), /falling back to in-memory state/);
 
+  const signUp = await runtime.app.handleRequest({
+    method: "POST",
+    path: "/auth/email/sign-up",
+    headers: {},
+    rawBody: "name=User+One&email=u1%40example.com&password=password123&returnTo=%2Fapp",
+    query: {},
+  });
+  assert.equal(signUp.status, 303);
+
   const response = await runtime.app.handleRequest({
     method: "POST",
     path: "/app/actions/topup",
-    headers: { "x-user-id": "u1" },
+    headers: { cookie: signUp.headers["set-cookie"] },
     rawBody: "amount=3",
     query: {},
   });