Habit Tracker backend

Same server serves the REST API (for Android/iOS/web clients) and a small web UI for development.

• Web app (login + habits) — only fetch calls; uses POST /api/auth/login or POST /api/auth/signup, then Authorization: Bearer <accessToken>.
• OpenAPI (Swagger) — auth tag for login/signup; Authorize with the returned accessToken.
• ReDoc

Auth is entirely on the backend: POST /api/auth/signup or POST /api/auth/login returns accessToken. Optional legacy POST /api/users creates an account without returning a token.