Add allowedAccountTypes page metadata which the authenticated middleware
uses to further restrict the types of accounts that can access the page.
If the account type is insufficent to access the page it will return an
HTTP 403 Forbidden status, which is rendered using the error page.
Parse the iso date strings into millseconds from the unix epoch and use
that through the timetable logic instead of reparsing the strings over
and over.
If a user logs out from a device the expectation should be that device
no longer having any association with the user's account. Any existing
push notifications should thefore be removed on server. For this reason
tie push notifications to a session, and remove them when the session is
deleted.
Provide a basic account system with login and server side session store
identified by a cookie. Upon successful login a signed session cookie
is set by the server with the session stored on the server identifying
which account it is logged in as. The client uses a shared useFetch on
the session endpoint to identify if it's logged in and which account it
is logged in as, and refreshes this when loggin in or out.
If a span ended on midnight the next day header would be started on the
break and the sameDay check would match the day of the next span causing
the day header to be inserted into the break column. Fix by checking
that the last day header has a non-zero span in the same day check.
