Fix jwt-token

server/middleware/auth.js

@@ -15,8 +15,24 @@ function setModels(testModels) {
 
 async function authenticateToken(req, res, next) {
   const authHeader = req.headers['authorization'];
-  const token = authHeader && authHeader.split(' ')[1];
+  
+  if (!authHeader) {
+    return res.status(401).json({
+      success: false,
+      message: 'Access token required'
+    });
+  }
 
+  // Check for proper Bearer token format
+  if (!authHeader.startsWith('Bearer ')) {
+    return res.status(401).json({
+      success: false,
+      message: 'Invalid token format'
+    });
+  }
+
+  const token = authHeader.split(' ')[1];
+  
   if (!token) {
     return res.status(401).json({
       success: false,
@@ -55,7 +71,17 @@ async function authenticateToken(req, res, next) {
       });
     }
 
-    req.user = user;
+    // Set user context with expected properties for compatibility
+    req.user = {
+      id: user.id,
+      userId: user.id, // For backward compatibility
+      username: user.username,
+      email: user.email,
+      role: user.role,
+      is_active: user.is_active,
+      tenant_id: user.tenant_id,
+      tenant: user.tenant
+    };
     
     // Set tenant context - prefer JWT tenantId, fallback to user's tenant
     if (tenantId) {
@@ -74,6 +100,15 @@ async function authenticateToken(req, res, next) {
     if (process.env.NODE_ENV !== 'test' || error.name === 'TypeError') {
       console.error('Token verification error:', error);
     }
+    
+    // Handle specific JWT errors
+    if (error.name === 'TokenExpiredError') {
+      return res.status(401).json({
+        success: false,
+        message: 'Token expired'
+      });
+    }
+    
     return res.status(401).json({
       success: false,
       message: 'Invalid token'