Refactor auth routes: explicit dependency injection

- Updated all auth route modules to use destructured dependencies
- Added JSDoc comments for factory functions
- Replaced ctx. references with direct parameter access
- Updated auth/index.js to extract and pass explicit dependencies
- sso-gate.js maintains session helper exports from session-handlers
- All files pass syntax validation

Files refactored:
- routes/auth/keys.js
- routes/auth/session-handlers.js
- routes/auth/sso-gate.js
- routes/auth/totp.js
- routes/auth/index.js (orchestrator)

dashcaddy-api/routes/auth/index.js

@@ -4,14 +4,31 @@ const initKeys = require('./keys');
 const initSessionHandlers = require('./session-handlers');
 const initSsoGate = require('./sso-gate');
 
+/**
+ * Auth routes aggregator
+ * Assembles all auth sub-routes with their dependencies
+ * @param {Object} ctx - Application context (for backward compatibility)
+ * @returns {express.Router}
+ */
 module.exports = function(ctx) {
   const router = express.Router();
 
-  const { getAppSession, appSessionCache } = initSessionHandlers(ctx);
+  // Extract dependencies from context
+  const deps = {
+    authManager: ctx.authManager,
+    credentialManager: ctx.credentialManager,
+    totpConfig: ctx.totpConfig,
+    session: ctx.session,
+    asyncHandler: ctx.asyncHandler,
+    errorResponse: ctx.errorResponse,
+    log: ctx.log
+  };
 
-  router.use(initTotp(ctx));
-  router.use(initKeys(ctx));
-  router.use(initSsoGate(ctx, getAppSession, appSessionCache));
+  const { getAppSession, appSessionCache } = initSessionHandlers(deps);
+
+  router.use(initTotp(deps));
+  router.use(initKeys(deps));
+  router.use(initSsoGate({ ...deps, getAppSession, appSessionCache }));
 
   return router;
 };