Phase 2.3: JWT Authentication implementation

- Implemented JWT-based authentication system with access and refresh tokens
- Added password hashing service using PBKDF2
- Created authentication handlers: register, login, refresh, logout
- Added protected routes with JWT middleware
- Created user profile handlers
- Fixed all compilation errors
- Added integration tests for authentication endpoints
- Added reqwest dependency for testing
- Created test script and environment example documentation

All changes:
- backend/src/auth/: Complete auth module (JWT, password, claims)
- backend/src/handlers/: Auth, users, and health handlers
- backend/src/middleware/: JWT authentication middleware
- backend/src/config/: Added AppState with Clone derive
- backend/src/main.rs: Fixed imports and added auth routes
- backend/src/db/mod.rs: Changed error handling to anyhow::Result
- backend/Cargo.toml: Added reqwest for testing
- backend/tests/auth_tests.rs: Integration tests
- thoughts/: Documentation updates (STATUS.md, env.example, test_auth.sh)

thoughts/STATUS.md

@@ -0,0 +1,49 @@
+# Normogen Backend Development Status
+
+## Completed Phases
+
+- [x] **Phase 2.1** - Backend Project Initialization
+- [x] **Phase 2.2** - MongoDB Connection & Models
+- [x] **Phase 2.3** - JWT Authentication (Completed 2025-02-14)
+
+## In Progress
+
+- **Phase 2.4** - User Registration & Login (Ready for testing)
+
+## Changes in Phase 2.3
+
+### Authentication System
+- JWT-based authentication with access and refresh tokens
+- Password hashing using PBKDF2
+- Protected routes with middleware
+- Token refresh and logout functionality
+
+### Files Modified
+- `backend/src/auth/mod.rs` - Fixed imports
+- `backend/src/auth/password.rs` - Fixed PBKDF2 API usage
+- `backend/src/auth/jwt.rs` - JWT token generation and validation
+- `backend/src/auth/claims.rs` - Custom JWT claims with user roles
+- `backend/src/middleware/auth.rs` - Authentication middleware
+- `backend/src/handlers/auth.rs` - Authentication handlers (register, login, refresh, logout)
+- `backend/src/handlers/users.rs` - User profile handlers
+- `backend/src/handlers/health.rs` - Health check handlers
+- `backend/src/config/mod.rs` - Added AppState with Clone derive
+- `backend/src/main.rs` - Fixed middleware imports and routing
+- `backend/Cargo.toml` - Added reqwest for testing
+- `backend/tests/auth_tests.rs` - Integration tests for authentication
+
+### Testing
+- Integration tests written for all auth endpoints
+- Test script created: `backend/test_auth.sh`
+- Environment example created: `thoughts/env.example`
+
+### Compilation Status
+✅ All compilation errors fixed
+✅ Project compiles successfully (warnings only - unused code)
+
+## Next Steps
+1. Start MongoDB server
+2. Set up environment variables
+3. Run integration tests: `cargo test --test auth_tests`
+4. Start server: `cargo run`
+5. Manual testing: `./backend/test_auth.sh`

thoughts/env.example

@@ -0,0 +1,12 @@
+# MongoDB Configuration
+MONGODB_URI=mongodb://localhost:27017
+DATABASE_NAME=normogen
+
+# JWT Configuration
+JWT_SECRET=your-secret-key-here-change-in-production
+JWT_ACCESS_TOKEN_EXPIRATION=900
+JWT_REFRESH_TOKEN_EXPIRATION=604800
+
+# Server Configuration
+HOST=127.0.0.1
+PORT=8000

thoughts/test_auth.sh

@@ -0,0 +1,82 @@
+#!/bin/bash
+# Manual test script for authentication endpoints
+
+BASE_URL="http://127.0.0.1:8000"
+
+echo "=== Testing Normogen Authentication ==="
+echo ""
+
+# Test 1: Health check
+echo "1. Testing health check..."
+curl -s "$BASE_URL/health" | jq .
+echo ""
+
+# Test 2: Ready check
+echo "2. Testing ready check..."
+curl -s "$BASE_URL/ready" | jq .
+echo ""
+
+# Test 3: Register a new user
+echo "3. Registering a new user..."
+EMAIL="test_$(uuidgen | cut -d'-' -f1)@example.com"
+REGISTER_RESPONSE=$(curl -s -X POST "$BASE_URL/api/auth/register" \
+  -H "Content-Type: application/json" \
+  -d '{"email":"'"$EMAIL"'","password_hash":"hashed_password_placeholder","encrypted_recovery_phrase":"encrypted_phrase_placeholder","recovery_phrase_iv":"iv_placeholder","recovery_phrase_auth_tag":"auth_tag_placeholder"}')
+
+echo "$REGISTER_RESPONSE" | jq .
+echo ""
+
+# Extract user_id for later use
+USER_ID=$(echo "$REGISTER_RESPONSE" | jq -r '.user_id')
+echo "Created user ID: $USER_ID"
+echo ""
+
+# Test 4: Login
+echo "4. Logging in..."
+LOGIN_RESPONSE=$(curl -s -X POST "$BASE_URL/api/auth/login" \
+  -H "Content-Type: application/json" \
+  -d '{"email":"'"$EMAIL"'","password_hash":"hashed_password_placeholder"}')
+
+echo "$LOGIN_RESPONSE" | jq .
+echo ""
+
+# Extract tokens
+ACCESS_TOKEN=$(echo "$LOGIN_RESPONSE" | jq -r '.access_token')
+REFRESH_TOKEN=$(echo "$LOGIN_RESPONSE" | jq -r '.refresh_token')
+
+echo "Access Token: ${ACCESS_TOKEN:0:50}..."
+echo "Refresh Token: ${REFRESH_TOKEN:0:50}..."
+echo ""
+
+# Test 5: Get profile without auth (should fail)
+echo "5. Testing profile endpoint WITHOUT auth (should return 401)..."
+curl -s "$BASE_URL/api/users/me" -i | head -n 1
+echo ""
+
+# Test 6: Get profile with auth (should succeed)
+echo "6. Testing profile endpoint WITH auth (should return 200)..."
+PROFILE_RESPONSE=$(curl -s "$BASE_URL/api/users/me" \
+  -H "Authorization: Bearer $ACCESS_TOKEN")
+
+echo "$PROFILE_RESPONSE" | jq .
+echo ""
+
+# Test 7: Refresh token
+echo "7. Testing refresh token..."
+REFRESH_RESPONSE=$(curl -s -X POST "$BASE_URL/api/auth/refresh" \
+  -H "Content-Type: application/json" \
+  -d '{"refresh_token":"'"$REFRESH_TOKEN"'}')
+
+echo "$REFRESH_RESPONSE" | jq .
+echo ""
+
+# Test 8: Logout
+echo "8. Testing logout..."
+LOGOUT_RESPONSE=$(curl -s -X POST "$BASE_URL/api/auth/logout" \
+  -H "Content-Type: application/json" \
+  -d '{"refresh_token":"'"$REFRESH_TOKEN"'}')
+
+echo "$LOGOUT_RESPONSE" | jq .
+echo ""
+
+echo "=== Tests Complete ==="