Refactor duty authentication and event type handling

- Introduced a new function `get_authenticated_username` to centralize Mini App authentication logic, improving code readability and maintainability.
- Updated the duty fetching logic to map unknown event types to "duty" for consistent API responses.
- Enhanced the `get_duties` function to include duties starting on the last day of the specified date range.
- Improved session management in the database layer to ensure rollback on exceptions.
- Added tests to validate the new authentication flow and event type handling.

tests/test_repository_duty_range.py

@@ -91,3 +91,17 @@ def test_delete_duties_in_range_other_user_unchanged(session, user_a):
     remaining = get_duties(session, "2026-02-01", "2026-02-28")
     assert len(remaining) == 1
     assert remaining[0][1] == "User B"
+
+
+def test_get_duties_includes_duty_starting_on_last_day_of_range(session, user_a):
+    """Duty starting on to_date (e.g. 2026-01-31T09:00:00Z) must be included when to_date is 2026-01-31."""
+    insert_duty(
+        session,
+        user_a.id,
+        "2026-01-31T09:00:00Z",
+        "2026-02-01T09:00:00Z",
+    )
+    rows = get_duties(session, "2026-01-01", "2026-01-31")
+    assert len(rows) == 1
+    assert rows[0][0].start_at == "2026-01-31T09:00:00Z"
+    assert rows[0][1] == "User A"