feat(api): attach session to request in requireAuth

- Add Express Request type augmentation for req.session
- requireAuth now sets req.session after session validation,
  so protected handlers can read the user without calling
  getSession again
- Add ConflictError (409) alongside existing AppError subclasses

apps/api/src/errors/AppError.ts

@@ -19,3 +19,9 @@ export class NotFoundError extends AppError {
     super(message, 404);
   }
 }
+
+export class ConflictError extends AppError {
+  constructor(message: string) {
+    super(message, 409);
+  }
+}

apps/api/src/middleware/authMiddleware.ts

@@ -16,5 +16,7 @@ export const requireAuth = async (
     return;
   }
 
+  req.session = session;
+
   next();
 };

apps/api/src/types/express.d.ts

@@ -0,0 +1,11 @@
+import type { Session, User } from "better-auth";
+
+declare global {
+  namespace Express {
+    interface Request {
+      session?: { session: Session; user: User };
+    }
+  }
+}
+
+export {};