Harden auth and security controls with session auth and docs

backend/app/api/router.py

@@ -2,7 +2,8 @@
 
 from fastapi import APIRouter, Depends
 
-from app.api.auth import require_admin, require_user_or_admin
+from app.api.auth import require_admin
+from app.api.routes_auth import router as auth_router
 from app.api.routes_documents import router as documents_router
 from app.api.routes_health import router as health_router
 from app.api.routes_processing_logs import router as processing_logs_router
@@ -12,11 +13,11 @@ from app.api.routes_settings import router as settings_router
 
 api_router = APIRouter()
 api_router.include_router(health_router)
+api_router.include_router(auth_router)
 api_router.include_router(
     documents_router,
     prefix="/documents",
     tags=["documents"],
-    dependencies=[Depends(require_user_or_admin)],
 )
 api_router.include_router(
     processing_logs_router,
@@ -28,7 +29,6 @@ api_router.include_router(
     search_router,
     prefix="/search",
     tags=["search"],
-    dependencies=[Depends(require_user_or_admin)],
 )
 api_router.include_router(
     settings_router,