split auth.js into focused modules (Task 3)

- auth-session.js: GET /api/me, GET /api/me/auth-methods
- auth-password.js: POST /api/me/password, POST /api/me/change-password
- auth-oauth.js: DELETE /api/me/oauth/:provider
- auth.js: kept only /api/auth/* routes + /api/me/profile
- api.js: registers new auth route modules
- tests split to separate files per module

server/src/routes/auth-session.js

@@ -0,0 +1,29 @@
+import { prisma } from '../lib/prisma.js'
+import { mapUserForClient } from './auth.js'
+
+export async function registerAuthSessionRoutes(fastify) {
+  fastify.get('/api/me', { preHandler: [fastify.authenticate] }, async (request) => {
+    const userId = request.user.sub
+    const user = await prisma.user.findUnique({ where: { id: userId } })
+    if (!user) return { user: null }
+    return { user: mapUserForClient(user) }
+  })
+
+  fastify.get('/api/me/auth-methods', { preHandler: [fastify.authenticate] }, async (request) => {
+    const userId = request.user.sub
+    const user = await prisma.user.findUnique({
+      where: { id: userId },
+      include: { oauthAccounts: { select: { provider: true } } },
+    })
+    if (!user) return { methods: [] }
+
+    const providers = user.oauthAccounts.map((a) => a.provider)
+    return {
+      methods: [
+        { type: 'password', active: Boolean(user.passwordHash) },
+        { type: 'vk', active: providers.includes('vk') },
+        { type: 'yandex', active: providers.includes('yandex') },
+      ],
+    }
+  })
+}