Initial Phoenix Sankofa Cloud setup

- Complete project structure with Next.js frontend
- GraphQL API backend with Apollo Server
- Portal application with NextAuth
- Crossplane Proxmox provider
- GitOps configurations
- CI/CD pipelines
- Testing infrastructure (Vitest, Jest, Go tests)
- Error handling and monitoring
- Security hardening
- UI component library
- Documentation

api/src/middleware/auth.ts

@@ -0,0 +1,39 @@
+import { FastifyRequest, FastifyReply } from 'fastify'
+import jwt from 'jsonwebtoken'
+import { User } from '../types/context'
+
+const JWT_SECRET = process.env.JWT_SECRET || 'your-secret-key-change-in-production'
+
+export async function authMiddleware(
+  request: FastifyRequest,
+  _reply: FastifyReply
+) {
+  // Skip auth for health check and GraphQL introspection
+  if (request.url === '/health' || request.method === 'OPTIONS') {
+    return
+  }
+
+  // Get token from Authorization header
+  const authHeader = request.headers.authorization
+  if (!authHeader || !authHeader.startsWith('Bearer ')) {
+    // Allow unauthenticated requests - GraphQL will handle auth per query/mutation
+    return
+  }
+
+  const token = authHeader.substring(7)
+
+  try {
+    const decoded = jwt.verify(token, JWT_SECRET) as any
+    // Attach user to request
+    ;(request as any).user = {
+      id: decoded.id,
+      email: decoded.email,
+      name: decoded.name,
+      role: decoded.role,
+    } as User
+  } catch (error) {
+    // Invalid token - let GraphQL resolvers handle it
+    return
+  }
+}
+