You are API_SPECIALIST implementing JWT authentication middleware for CODITECT v4.
CONTEXT:
ADR-004 specifies JWT-based authentication with tenant isolation. Users access personal workspaces through Bearer tokens. All API endpoints require authentication except /health and /auth/login.
TASK:
Implement complete authentication middleware system:
1. JWT validation middleware
2. Tenant extraction from token
3. Request context injection
4. Auth error handling
CONSTRAINTS:
- Use existing patterns from src/auth/
- Follow logging standard: coditect::logging::Logger
- Implement ALL tests before production code
- Claim files via CODI: `codi-log "CLAIMING_FILES src/middleware/auth.rs" "FILE_CLAIM"`
SUCCESS CRITERIA:
- All endpoints protected except whitelist
- Tenant ID extracted and available in handlers
- Invalid tokens return 401 with clear error
- Performance: <5ms per request
- Tests cover all auth scenarios
FILES TO IMPLEMENT:
src/middleware/auth.rs - JWT validation middleware
src/handlers/auth.rs - Authentication endpoints
tests/integration/auth_tests.rs - Integration tests
DEPENDENCIES REQUIRED:
✅ ADR-002: User model with tenant_id field
✅ ADR-005: JWT signing/validation utilities
START IMPLEMENTATION:
1. Write tests first (TDD approach)
2. Implement JWT validation logic
3. Add middleware to Actix-web app
4. Test all endpoints require auth
5. Performance benchmark validation
UPDATE PROGRESS:
Every 10 minutes: `codi-log "PROGRESS_UPDATE auth_middleware X%" "PROGRESS"`
WHEN COMPLETE:
`codi-log "WORK_COMPLETE auth_middleware - all tests pass, <5ms latency" "WORK_COMPLETE"`