Refactor duty authentication and event type handling

- Introduced a new function `get_authenticated_username` to centralize Mini App authentication logic, improving code readability and maintainability.
- Updated the duty fetching logic to map unknown event types to "duty" for consistent API responses.
- Enhanced the `get_duties` function to include duties starting on the last day of the specified date range.
- Improved session management in the database layer to ensure rollback on exceptions.
- Added tests to validate the new authentication flow and event type handling.

db/session.py

@@ -19,10 +19,13 @@ _SessionLocal = None
 
 @contextmanager
 def session_scope(database_url: str) -> Generator[Session, None, None]:
-    """Context manager: yields a session and closes it on exit."""
+    """Context manager: yields a session, rolls back on exception, closes on exit."""
     session = get_session(database_url)
     try:
         yield session
+    except Exception:
+        session.rollback()
+        raise
     finally:
         session.close()