feat: migrate to Better Auth for authentication, update environment variables, and enhance database schema with accounts and sessions

Backend/middleware/auth.ts

@@ -1,22 +1,24 @@
 import type { NextFunction, Request, Response } from 'express';
 
-import { verifyAccessToken } from '../utils/jwt';
+import { fromNodeHeaders } from 'better-auth/node';
 
-export function requireAuth(req: Request, res: Response, next: NextFunction): void {
-  const authorization = req.headers.authorization;
-
-  if (!authorization?.startsWith('Bearer ')) {
-    res.status(401).json({ message: 'Missing or invalid authorization header' });
-    return;
-  }
-
-  const token = authorization.slice(7);
+import { auth } from '../auth';
 
+export async function requireAuth(req: Request, res: Response, next: NextFunction): Promise<void> {
   try {
-    const payload = verifyAccessToken(token);
-    req.user = payload;
+    const session = await auth.api.getSession({
+      headers: fromNodeHeaders(req.headers),
+    });
+
+    if (!session) {
+      res.status(401).json({ message: 'Unauthorized' });
+      return;
+    }
+
+    req.auth = session;
     next();
-  } catch {
-    res.status(401).json({ message: 'Invalid or expired token' });
+  } catch (error) {
+    console.error('Auth session lookup failed', error);
+    res.status(401).json({ message: 'Unauthorized' });
   }
 }