implement auth & sessions

[janethuangg]

guidelines

• You are forbidden from using HTTP Basic Authentication or session-based authentication for any account registration or log in functionality your app requires.
• Any account registration or log in functionality required by an app must use JSON Web Tokens (JWT) to validate authorization.

to-dos - only show signup/login modal when user is not logged in - only render deck edit/delete button for deck owner - disable deck add card button for someone who has already added a card - show logout/account buttons instead of login/signup when user is logged in - redirect not logged in users to log in page if they attempt to directly access account page

[kdduan]

The BE will need to return a JWT when the user logs in or signs up. For the FE, we can store the userId in local storage rather than cookies.