feat: implement internal and user security middlewares and refactor route structures to support view and API separation

auth/src/middlewares/user.security.js

@@ -0,0 +1,22 @@
+const jwt = require('../tools/jwt');
+
+const userAuth = (req, res, next) => {
+    const token = (req.cookies && req.cookies.auth_token) || jwt.getToken(req.headers['authorization']);
+
+    if (!token) {
+        return res.status(401).json({ error: 'Accesso negato: Token utente mancante' });
+    }
+
+    const verified = jwt.verifyToken(token);
+    if (!verified.valid) {
+        return res.status(401).json({ 
+            error: 'Sessione non valida o scaduta', 
+            reason: verified.reason 
+        });
+    }
+
+    req.user = verified.payload;
+    next();
+};
+
+module.exports = userAuth;