fase(9): auth module with casl rbac and session management

src/api/server.ts

@@ -6,6 +6,7 @@ import express, { Express, Request, Response } from 'express';
 import cors from 'cors';
 import helmet from 'helmet';
 import rateLimit from 'express-rate-limit';
+import cookieParser from 'cookie-parser';
 import { Kysely } from 'kysely';
 import { AppConfig } from '../shared/infrastructure/Config';
 import { Logger } from '../shared/infrastructure/Logger';
@@ -17,6 +18,7 @@ import { createRouter } from './router';
 import { CrawlingControllerDeps } from '../modules/crawling/infrastructure/http/CrawlingController';
 import { FindingsControllerDeps } from '../modules/findings/infrastructure/http/FindingsController';
 import { FuzzingControllerDeps } from '../modules/fuzzing/infrastructure/http/FuzzingController';
+import { AuthControllerDeps } from './router';
 
 export interface ServerDependencies {
   config: AppConfig;
@@ -25,6 +27,7 @@ export interface ServerDependencies {
   crawlingDeps: CrawlingControllerDeps;
   findingsDeps: FindingsControllerDeps;
   fuzzingDeps: FuzzingControllerDeps;
+  authDeps: AuthControllerDeps;
 }
 
 export function createServer(deps: ServerDependencies): Express {
@@ -59,8 +62,9 @@ export function createServer(deps: ServerDependencies): Express {
     }),
   );
 
-  // 5. Body parsing
+  // 5. Body parsing + cookies
   app.use(express.json({ limit: '10mb' }));
+  app.use(cookieParser());
 
   // 6. Health endpoints — no auth required
   app.get('/health/live', (_req: Request, res: Response) => {