v0.7.1 minor bug fixes

backend/src/routes/auth.js

@@ -1,9 +1,11 @@
 const express = require('express');
 const bcrypt = require('bcryptjs');
-const router = express.Router();
 const { getDb, getOrCreateSupportGroup } = require('../models/db');
 const { generateToken, authMiddleware, setActiveSession, clearActiveSession } = require('../middleware/auth');
 
+module.exports = function(io) {
+const router = express.Router();
+
 // Login
 router.post('/login', (req, res) => {
   const { email, password, rememberMe } = req.body;
@@ -27,6 +29,10 @@ router.post('/login', (req, res) => {
   const token = generateToken(user.id);
   const ua = req.headers['user-agent'] || '';
   const device = setActiveSession(user.id, token, ua); // displaces prior session on same device class
+  // Kick any live socket on the same device class — it now holds a stale token
+  if (io) {
+    io.to(`user:${user.id}`).emit('session:displaced', { device });
+  }
 
   const { password: _, ...userSafe } = user;
   res.json({ 
@@ -102,4 +108,5 @@ ${message.trim()}`;
   res.json({ success: true });
 });
 
-module.exports = router;
+  return router;
+};