implement better-auth auth with postgres and route protection

app/api/watchlist/route.ts

@@ -1,5 +1,6 @@
 import type { WatchlistItem } from '@/lib/types';
 import { asErrorMessage, jsonError } from '@/lib/server/http';
+import { requireAuthenticatedSession } from '@/lib/server/auth-session';
 import { getStoreSnapshot, withStore } from '@/lib/server/store';
 
 function nowIso() {
@@ -7,8 +8,15 @@ function nowIso() {
 }
 
 export async function GET() {
+  const { session, response } = await requireAuthenticatedSession();
+  if (response) {
+    return response;
+  }
+
+  const userId = session.user.id;
   const snapshot = await getStoreSnapshot();
   const items = snapshot.watchlist
+    .filter((item) => item.user_id === userId)
     .slice()
     .sort((a, b) => Date.parse(b.created_at) - Date.parse(a.created_at));
 
@@ -16,6 +24,13 @@ export async function GET() {
 }
 
 export async function POST(request: Request) {
+  const { session, response } = await requireAuthenticatedSession();
+  if (response) {
+    return response;
+  }
+
+  const userId = session.user.id;
+
   try {
     const payload = await request.json() as {
       ticker?: string;
@@ -35,7 +50,7 @@ export async function POST(request: Request) {
 
     await withStore((store) => {
       const ticker = payload.ticker!.trim().toUpperCase();
-      const existingIndex = store.watchlist.findIndex((entry) => entry.ticker === ticker);
+      const existingIndex = store.watchlist.findIndex((entry) => entry.user_id === userId && entry.ticker === ticker);
 
       if (existingIndex >= 0) {
         const existing = store.watchlist[existingIndex];
@@ -53,7 +68,7 @@ export async function POST(request: Request) {
       store.counters.watchlist += 1;
       const created: WatchlistItem = {
         id: store.counters.watchlist,
-        user_id: 1,
+        user_id: userId,
         ticker,
         company_name: payload.companyName!.trim(),
         sector: payload.sector?.trim() || null,