add project

apps/api/src/middleware/auth.ts

@@ -0,0 +1,39 @@
+import { Request, Response, NextFunction } from 'express';
+import { verifyAccessToken, AuthContext } from '../services/jwt.service';
+
+declare global {
+  namespace Express {
+    interface Request {
+      auth?: AuthContext;
+    }
+  }
+}
+
+function extractToken(req: Request): string | null {
+  const cookie = req.cookies?.access_token;
+  if (cookie) return cookie;
+
+  const auth = req.headers.authorization;
+  if (auth) {
+    const [scheme, token] = auth.split(' ');
+    if (scheme?.toLowerCase() === 'bearer' && token) return token;
+  }
+
+  return null;
+}
+
+export async function authMiddleware(req: Request, res: Response, next: NextFunction): Promise<void> {
+  const token = extractToken(req);
+
+  if (!token) {
+    res.status(401).json({ success: false, error: 'Not authenticated' });
+    return;
+  }
+
+  try {
+    req.auth = await verifyAccessToken(token);
+    next();
+  } catch (err: any) {
+    res.status(err.status || 401).json({ success: false, error: err.message || 'Invalid token' });
+  }
+}

apps/api/src/middleware/error-handler.ts

@@ -0,0 +1,6 @@
+import { Request, Response, NextFunction } from 'express';
+
+export function errorHandler(err: Error, _req: Request, res: Response, _next: NextFunction): void {
+  console.error('[ERROR]', err.message);
+  res.status(500).json({ success: false, error: 'Internal server error' });
+}

apps/api/src/middleware/validate.ts

@@ -0,0 +1,17 @@
+import { Request, Response, NextFunction } from 'express';
+import { ZodSchema } from 'zod';
+
+export function validate(schema: ZodSchema) {
+  return (req: Request, res: Response, next: NextFunction): void => {
+    const result = schema.safeParse(req.body);
+    if (!result.success) {
+      res.status(400).json({
+        success: false,
+        error: result.error.errors.map((e) => e.message).join(', '),
+      });
+      return;
+    }
+    req.body = result.data;
+    next();
+  };
+}