more TS fixes + tests

server.ts

@@ -107,22 +107,22 @@ if ((process.env.JWT_SECRET || 'your_super_secret_jwt_key_change_this') === 'you
 
 // The order of route registration is critical.
 // More specific routes should be registered before more general ones.
-// 1. Public routes that require no authentication.
-app.use('/api', publicRouter);
-// 2. Authentication routes for login, registration, etc.
+// 1. Authentication routes for login, registration, etc.
 app.use('/api/auth', authRouter);
-// System routes for health checks, etc.
+// 2. System routes for health checks, etc.
 app.use('/api/system', systemRouter);
-// 3. AI routes, some of which use optional authentication.
-app.use('/api/ai', aiRouter);
-// 4. Admin routes, which are all protected by admin-level checks.
-app.use('/api/admin', adminRouter); // This seems to be missing from the original file list, but is required.
-// 5. General authenticated user routes. Mount this on a specific path to avoid ambiguity.
+// 3. General authenticated user routes.
 app.use('/api/users', userRouter);
+// 4. AI routes, some of which use optional authentication.
+app.use('/api/ai', aiRouter);
+// 5. Admin routes, which are all protected by admin-level checks.
+app.use('/api/admin', adminRouter); // This seems to be missing from the original file list, but is required.
 // 6. Budgeting and spending analysis routes.
 app.use('/api/budgets', budgetRouter);
 // 7. Gamification routes for achievements.
 app.use('/api/achievements', gamificationRouter);
+// 8. Public routes that require no authentication. This should be last among the API routes.
+app.use('/api', publicRouter);
 
 // --- Error Handling and Server Startup ---