[Glense] Security & auth improvements with some features overhaul

[bogdans55]

Summary

• Security hardening: Added [Authorize] to Wallet, Donation,
  InternalController, and PlaylistVideos endpoints. Added ownership
  checks on comment delete and playlist video add/remove. Configured
  JWT authentication for the Donation service.
• Video categories: Added category field to the Video model, upload
  flow, and video detail page. Sidebar categories now filter the feed.
  Video owners can edit their video's category. Seed data includes
  categories.
• Like/dislike system: Fixed video likes dropping to 0 by switching
  from recount to increment/decrement. Added full comment like/dislike
  with new CommentLike model, backend endpoint, and frontend UI.
• Comment system: Added comment input form (was display-only). Wired
  up postComment API. Comments now support like/dislike buttons.
• Playlist overhaul: Rewrote Playlists and PlaylistDetail pages with
  proper dark theme CSS. Added sidebar navigation link, back button,
  Snackbar feedback, and video thumbnail grid. Add-to-playlist dropdown
  on video page styled for dark theme.
• Chat fixes: Fixed 401 by adding auth token to chatService.js. Fixed
  message ownership (isMe) using actual username from AuthContext
  instead of hardcoded 'Alice'. Added user search to create chats with
  real users. Chat list filtered to only show your conversations. Chat
  header shows the other person's name, not the topic string.
• Auth improvements: Token validation on app load — verifies with
  server, auto-logs out on stale token (e.g. after DB reset). Logout
  now redirects to home page.
• UI polish: Fixed dark theme on playlists, playlist detail, upload
  category select, chat search. Fixed video timestamp format (Mar 21,
  2026 instead of ISO string). "Show more" on description expands full
  section on click, "Show less" collapses. Sidebar playlist link color
  fix.
• Dev tooling: Added ./dev.sh nuke (kill everything) and ./dev.sh
  reset (nuke + rebuild + seed). Guarded Swagger UI behind
  IsDevelopment() in VideoCatalogue and DonationService. Added JWT env
  vars for Donation service in docker-compose.

[Brankonymous]

Just fix donationApi.js please:

/**
 * Generic fetch wrapper with error handling
 */
function authHeaders() {
    const token = localStorage.getItem('glense_auth_token');
    return token ? { 'Authorization': `Bearer ${token}` } : {};
}

async function apiFetch(endpoint, options = {}) {
    const url = `${DONATION_API_BASE}${endpoint}`;

    const defaultHeaders = {
        'Content-Type': 'application/json',
        ...authHeaders(),
    };

    const config = {
        ...options,
        headers: {
            ...defaultHeaders,
            ...options.headers,
        },
    };

    try {
        const response = await fetch(url, config);
        
        if (!response.ok) {
            const errorData = await response.json().catch(() => ({}));
            throw new Error(errorData.message || `API error: ${response.status}`);
        }

        // Handle 204 No Content
        if (response.status === 204) {
            return null;
        }

        return await response.json();
    } catch (error) {
        console.error(`API Error [${endpoint}]:`, error);
        throw error;
    }
}