refactor: restructure

monorepo with apps/ and services/
  directories

services/mana-core-auth/src/common/decorators/current-user.decorator.ts

@@ -0,0 +1,14 @@
+import { createParamDecorator, ExecutionContext } from '@nestjs/common';
+
+export interface CurrentUserData {
+  userId: string;
+  email: string;
+  role: string;
+}
+
+export const CurrentUser = createParamDecorator(
+  (data: unknown, ctx: ExecutionContext): CurrentUserData => {
+    const request = ctx.switchToHttp().getRequest();
+    return request.user;
+  },
+);

services/mana-core-auth/src/common/filters/http-exception.filter.ts

@@ -0,0 +1,39 @@
+import { ExceptionFilter, Catch, ArgumentsHost, HttpException, HttpStatus } from '@nestjs/common';
+import { Response } from 'express';
+
+@Catch()
+export class HttpExceptionFilter implements ExceptionFilter {
+  catch(exception: unknown, host: ArgumentsHost) {
+    const ctx = host.switchToHttp();
+    const response = ctx.getResponse<Response>();
+    const request = ctx.getRequest();
+
+    let status = HttpStatus.INTERNAL_SERVER_ERROR;
+    let message = 'Internal server error';
+    let errors: any = undefined;
+
+    if (exception instanceof HttpException) {
+      status = exception.getStatus();
+      const exceptionResponse = exception.getResponse();
+
+      if (typeof exceptionResponse === 'string') {
+        message = exceptionResponse;
+      } else if (typeof exceptionResponse === 'object') {
+        message = (exceptionResponse as any).message || message;
+        errors = (exceptionResponse as any).errors;
+      }
+    } else if (exception instanceof Error) {
+      message = exception.message;
+    }
+
+    const errorResponse = {
+      statusCode: status,
+      message,
+      ...(errors && { errors }),
+      timestamp: new Date().toISOString(),
+      path: request.url,
+    };
+
+    response.status(status).json(errorResponse);
+  }
+}

services/mana-core-auth/src/common/guards/jwt-auth.guard.ts

@@ -0,0 +1,48 @@
+import { Injectable, CanActivate, ExecutionContext, UnauthorizedException } from '@nestjs/common';
+import { ConfigService } from '@nestjs/config';
+import * as jwt from 'jsonwebtoken';
+
+@Injectable()
+export class JwtAuthGuard implements CanActivate {
+  constructor(private configService: ConfigService) {}
+
+  async canActivate(context: ExecutionContext): Promise<boolean> {
+    const request = context.switchToHttp().getRequest();
+    const token = this.extractTokenFromHeader(request);
+
+    if (!token) {
+      throw new UnauthorizedException('No token provided');
+    }
+
+    try {
+      const publicKey = this.configService.get<string>('jwt.publicKey');
+      if (!publicKey) {
+        throw new UnauthorizedException('JWT configuration error');
+      }
+      const audience = this.configService.get<string>('jwt.audience');
+      const issuer = this.configService.get<string>('jwt.issuer');
+
+      const payload = jwt.verify(token, publicKey, {
+        algorithms: ['RS256'],
+        audience,
+        issuer,
+      }) as jwt.JwtPayload;
+
+      // Attach user to request
+      request.user = {
+        userId: payload.sub,
+        email: payload.email,
+        role: payload.role,
+      };
+
+      return true;
+    } catch (error) {
+      throw new UnauthorizedException('Invalid token');
+    }
+  }
+
+  private extractTokenFromHeader(request: any): string | undefined {
+    const [type, token] = request.headers.authorization?.split(' ') ?? [];
+    return type === 'Bearer' ? token : undefined;
+  }
+}