05.1 ปรบปรง backend ทงหมด และ frontend/login

backend/src/middleware/authJwt.js

@@ -10,19 +10,24 @@
 // - ไม่ได้เติม roles/permissions (ถ้าต้องการให้ใช้ auth.js แทนหรือร่วมกัน)
 
 import jwt from "jsonwebtoken";
-const { JWT_SECRET = "dev-secret" } = process.env;
 
 export function authJwt() {
+  const { JWT_SECRET = "dev-secret" } = process.env;
   return (req, res, next) => {
     const h = req.headers.authorization || "";
-    const token = h.startsWith("Bearer ") ? h.slice(7) : null;
-    if (!token) return res.status(401).json({ error: "Unauthenticated" });
+    // const token = h.startsWith("Bearer ") ? h.slice(7) : null;
+    const m = /^Bearer\s+(.+)$/i.exec(h || "");
+    //if (!token) return res.status(401).json({ error: "Unauthenticated" });
+    if (!m) return res.status(401).json({ error: "Unauthenticated" });
     try {
-      const payload = jwt.verify(token, JWT_SECRET);
-      req.user = { user_id: payload.user_id, username: payload.username };
+      //const payload = jwt.verify(token, JWT_SECRET);
+      const payload = jwt.verify(m[1], JWT_SECRET, { issuer: "dms-backend" });
+      // แนบข้อมูลขั้นต่ำให้ middleware ถัดไป
+      req.auth = { user_id: payload.user_id, username: payload.username };
+      //req.user = { user_id: payload.user_id, username: payload.username };
       next();
     } catch (e) {
-      return res.status(401).json({ error: "Invalid token" });
+      return res.status(401).json({ error: "Unauthenticated" });
     }
   };
 }