Add comprehensive backend test suite (#339)

* add test suite, mostly covers integration testing, tests are only backend side

* workflow runs the correct script

* workflow runs the correct script

* workflow runs the correct script

* unit tests incoming

* Fix multer silent rejections and error handler info leak

- Revert cb(null, false) to cb(new Error(...)) in auth.ts, collab.ts,
  and files.ts so invalid uploads return an error instead of silently
  dropping the file
- Error handler in app.ts now always returns 500 / "Internal server
  error" instead of forwarding err.message to the client

* Use statusCode consistently for multer errors and error handler

- Error handler in app.ts reads err.statusCode to forward the correct
  HTTP status while keeping the response body generic

server/src/routes/auth.ts

@@ -59,7 +59,9 @@ const avatarUpload = multer({
   fileFilter: (_req, file, cb) => {
     const ext = path.extname(file.originalname).toLowerCase();
     if (!file.mimetype.startsWith('image/') || !ALLOWED_AVATAR_EXTS.includes(ext)) {
-      return cb(new Error('Only .jpg, .jpeg, .png, .gif, .webp images are allowed'));
+      const err: Error & { statusCode?: number } = new Error('Only image files (jpg, png, gif, webp) are allowed');
+      err.statusCode = 400;
+      return cb(err);
     }
     cb(null, true);
   },
@@ -321,3 +323,6 @@ router.post('/resource-token', authenticate, (req: Request, res: Response) => {
 });
 
 export default router;
+
+// Exported for test resets only — do not use in production code
+export { loginAttempts, mfaAttempts };