fase(9): auth module with casl rbac and session management

dist/api/server.js

@@ -12,6 +12,7 @@ const express_1 = __importDefault(require("express"));
 const cors_1 = __importDefault(require("cors"));
 const helmet_1 = __importDefault(require("helmet"));
 const express_rate_limit_1 = __importDefault(require("express-rate-limit"));
+const cookie_parser_1 = __importDefault(require("cookie-parser"));
 const requestId_1 = require("./middleware/requestId");
 const notFound_1 = require("./middleware/notFound");
 const errorHandler_1 = require("./middleware/errorHandler");
@@ -39,8 +40,9 @@ function createServer(deps) {
         standardHeaders: true,
         legacyHeaders: false,
     }));
-    // 5. Body parsing
+    // 5. Body parsing + cookies
     app.use(express_1.default.json({ limit: '10mb' }));
+    app.use((0, cookie_parser_1.default)());
     // 6. Health endpoints — no auth required
     app.get('/health/live', (_req, res) => {
         res.json({ status: 'ok', uptime: process.uptime() });