Merge remote-tracking branch 'origin/master'

svc/middlewares/auth_middleware.go

@@ -10,29 +10,49 @@ import (
 
 func AuthMiddleware(db *sql.DB, next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-
 		authHeader := r.Header.Get("Authorization")
 		if authHeader == "" {
-			http.Error(w, "Unauthorized", http.StatusUnauthorized)
+			log.Printf(
+				"AUTH_MIDDLEWARE 401 reason=missing_authorization_header method=%s path=%s",
+				r.Method,
+				r.URL.Path,
+			)
+			http.Error(w, "unauthorized: authorization header missing", http.StatusUnauthorized)
 			return
 		}
 
 		parts := strings.SplitN(authHeader, " ", 2)
 		if len(parts) != 2 || parts[0] != "Bearer" {
-			http.Error(w, "Unauthorized", http.StatusUnauthorized)
+			log.Printf(
+				"AUTH_MIDDLEWARE 401 reason=invalid_authorization_format method=%s path=%s raw=%q",
+				r.Method,
+				r.URL.Path,
+				authHeader,
+			)
+			http.Error(w, "unauthorized: invalid authorization format", http.StatusUnauthorized)
 			return
 		}
 
 		claims, err := auth.ValidateToken(parts[1])
 		if err != nil {
-			http.Error(w, "Unauthorized", http.StatusUnauthorized)
+			log.Printf(
+				"AUTH_MIDDLEWARE 401 reason=token_validation_failed method=%s path=%s err=%v",
+				r.Method,
+				r.URL.Path,
+				err,
+			)
+			http.Error(w, "unauthorized: token validation failed", http.StatusUnauthorized)
 			return
 		}
 
-		// 🔥 BU SATIR ŞART
 		ctx := auth.WithClaims(r.Context(), claims)
-
-		log.Printf("🔐 AUTH CTX SET user=%d role=%s", claims.ID, claims.RoleCode)
+		log.Printf(
+			"AUTH_MIDDLEWARE PASS user=%d role=%s method=%s path=%s",
+			claims.ID,
+			claims.RoleCode,
+			r.Method,
+			r.URL.Path,
+		)
 
 		next.ServeHTTP(w, r.WithContext(ctx))
 	})