feat(api): session history and active-session recovery endpoints

apps/api/src/routes/sessions.ts

@@ -1,5 +1,5 @@
 import { Hono } from 'hono';
-import { and, eq } from 'drizzle-orm';
+import { and, desc, eq } from 'drizzle-orm';
 import { StartSessionInput } from '@solelog/shared';
 import type { WorkSession } from '@solelog/shared';
 import { db } from '../db/client';
@@ -28,6 +28,34 @@ function toWorkSession(row: WorkSessionRow, activityName?: string | null): WorkS
   };
 }
 
+sessionsRoutes.get('/api/sessions/active', async (c) => {
+  const sessionUser = await getSessionUser(c);
+  if (!sessionUser) return c.json({ error: 'Unauthorized' }, 401);
+
+  const rows = await db
+    .select({ session: workSessions, activityName: activities.name })
+    .from(workSessions)
+    .leftJoin(activities, eq(workSessions.activityId, activities.id))
+    .where(and(eq(workSessions.userId, sessionUser.id), eq(workSessions.status, 'active')))
+    .orderBy(desc(workSessions.startTime));
+
+  return c.json(rows.map((r) => toWorkSession(r.session, r.activityName)));
+});
+
+sessionsRoutes.get('/api/sessions', async (c) => {
+  const sessionUser = await getSessionUser(c);
+  if (!sessionUser) return c.json({ error: 'Unauthorized' }, 401);
+
+  const rows = await db
+    .select({ session: workSessions, activityName: activities.name })
+    .from(workSessions)
+    .leftJoin(activities, eq(workSessions.activityId, activities.id))
+    .where(eq(workSessions.userId, sessionUser.id))
+    .orderBy(desc(workSessions.startTime));
+
+  return c.json(rows.map((r) => toWorkSession(r.session, r.activityName)));
+});
+
 sessionsRoutes.post('/api/sessions/start', async (c) => {
   const sessionUser = await getSessionUser(c);
   if (!sessionUser) return c.json({ error: 'Unauthorized' }, 401);