feat: complete web application — FastAPI backend + Vue 3 SPA frontend

- Full FastAPI backend with JWT auth, file management, processing pipeline,
  memory CRUD, barcode mappings, config management, cloud sync
- Vue 3 + Element Plus frontend with dashboard, task history, HTTP logs,
  memory editor, barcode editor, config editor, sync page
- HTTP request logging middleware with SQLite persistence
- Task history tracking with progress and retry support
- File metadata recording for upload/download operations
- WebAuth section in config.ini for bcrypt password storage
- Bug fix: logs.py count query returns tuple not dict

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

web/backend/config.py

@@ -0,0 +1,40 @@
+"""Web-specific configuration"""
+
+import os
+import secrets
+
+# JWT
+JWT_SECRET_KEY = os.getenv("JWT_SECRET_KEY", "")
+JWT_ALGORITHM = "HS256"
+JWT_EXPIRE_HOURS = 24
+
+# File upload
+MAX_UPLOAD_SIZE = 50 * 1024 * 1024  # 50MB
+ALLOWED_IMAGE_EXTENSIONS = {'.jpg', '.jpeg', '.png', '.bmp'}
+ALLOWED_EXCEL_EXTENSIONS = {'.xlsx', '.xls'}
+ALLOWED_EXTENSIONS = ALLOWED_IMAGE_EXTENSIONS | ALLOWED_EXCEL_EXTENSIONS
+
+# CORS
+CORS_ORIGINS = os.getenv("CORS_ORIGINS", "*").split(",")
+
+# Auth rate limit
+LOGIN_RATE_LIMIT = 5  # per minute
+
+
+def get_or_generate_secret() -> str:
+    """Get JWT secret from env or auto-generate on first run"""
+    global JWT_SECRET_KEY
+    if not JWT_SECRET_KEY:
+        secret_file = os.path.join(
+            os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))),
+            'data', '.jwt_secret'
+        )
+        if os.path.exists(secret_file):
+            with open(secret_file, 'r') as f:
+                JWT_SECRET_KEY = f.read().strip()
+        if not JWT_SECRET_KEY:
+            JWT_SECRET_KEY = secrets.token_urlsafe(48)
+            os.makedirs(os.path.dirname(secret_file), exist_ok=True)
+            with open(secret_file, 'w') as f:
+                f.write(JWT_SECRET_KEY)
+    return JWT_SECRET_KEY