feat: add remember me on login, server-side admin checks on member management

Signed-off-by: kjuulh <contact@kjuulh.io>

crates/forage-server/src/tests/auth_tests.rs

@@ -386,6 +386,58 @@ async fn expired_session_with_failed_refresh_redirects_to_login() {
     assert_eq!(sessions.session_count(), 0);
 }
 
+#[tokio::test]
+async fn login_with_remember_me_sets_persistent_cookie() {
+    let response = test_app()
+        .oneshot(
+            Request::builder()
+                .method("POST")
+                .uri("/login")
+                .header("content-type", "application/x-www-form-urlencoded")
+                .body(Body::from(
+                    "identifier=testuser&password=CorrectPass123&remember_me=on",
+                ))
+                .unwrap(),
+        )
+        .await
+        .unwrap();
+    assert_eq!(response.status(), StatusCode::SEE_OTHER);
+    let cookie_str = response
+        .headers()
+        .get("set-cookie")
+        .unwrap()
+        .to_str()
+        .unwrap();
+    assert!(cookie_str.contains("forage_session="));
+    assert!(cookie_str.contains("Max-Age="));
+}
+
+#[tokio::test]
+async fn login_without_remember_me_sets_session_cookie() {
+    let response = test_app()
+        .oneshot(
+            Request::builder()
+                .method("POST")
+                .uri("/login")
+                .header("content-type", "application/x-www-form-urlencoded")
+                .body(Body::from(
+                    "identifier=testuser&password=CorrectPass123",
+                ))
+                .unwrap(),
+        )
+        .await
+        .unwrap();
+    assert_eq!(response.status(), StatusCode::SEE_OTHER);
+    let cookie_str = response
+        .headers()
+        .get("set-cookie")
+        .unwrap()
+        .to_str()
+        .unwrap();
+    assert!(cookie_str.contains("forage_session="));
+    assert!(!cookie_str.contains("Max-Age="));
+}
+
 // ─── Logout ─────────────────────────────────────────────────────────
 
 #[tokio::test]