Initial commit: TicketingSystem

Internal ticketing app with CTI routing, severity levels, and n8n integration.

Stack: Express + TypeScript + Prisma + PostgreSQL / React + Vite + Tailwind
- JWT auth for users, API key auth for service accounts (Goddard/n8n)
- CTI hierarchy (Category > Type > Item) for ticket routing
- Severity 1-5, auto-close resolved tickets after 14 days
- Gitea Actions CI/CD building separate server/client images
- Production docker-compose.yml with Traefik integration

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

server/src/middleware/auth.ts

@@ -0,0 +1,57 @@
+import { Request, Response, NextFunction } from 'express'
+import jwt from 'jsonwebtoken'
+import prisma from '../lib/prisma'
+
+export interface AuthRequest extends Request {
+  user?: {
+    id: string
+    role: string
+    username: string
+  }
+}
+
+export const authenticate = async (
+  req: AuthRequest,
+  res: Response,
+  next: NextFunction
+) => {
+  const apiKey = req.headers['x-api-key'] as string | undefined
+
+  if (apiKey) {
+    const user = await prisma.user.findUnique({ where: { apiKey } })
+    if (!user || user.role !== 'SERVICE') {
+      return res.status(401).json({ error: 'Invalid API key' })
+    }
+    req.user = { id: user.id, role: user.role, username: user.username }
+    return next()
+  }
+
+  const authHeader = req.headers.authorization
+  if (!authHeader?.startsWith('Bearer ')) {
+    return res.status(401).json({ error: 'Unauthorized' })
+  }
+
+  const token = authHeader.split(' ')[1]
+  try {
+    const payload = jwt.verify(token, process.env.JWT_SECRET!) as {
+      id: string
+      role: string
+      username: string
+    }
+    req.user = payload
+    next()
+  } catch {
+    return res.status(401).json({ error: 'Invalid or expired token' })
+  }
+}
+
+export const requireAdmin = (
+  req: AuthRequest,
+  res: Response,
+  next: NextFunction
+) => {
+  if (req.user?.role !== 'ADMIN') {
+    return res.status(403).json({ error: 'Admin access required' })
+  }
+  next()
+}