k8s prepwork

backend/src/app.ts

@@ -43,6 +43,28 @@ async function buildApp(): Promise<FastifyInstance> {
     });
   });
 
+  // Traefik forward-auth integration endpoint
+  app.get('/auth/verify', {
+    preHandler: [app.authenticate]
+  }, async (request, reply) => {
+    const user = request.user ?? {};
+    const userId = typeof user.sub === 'string' ? user.sub : 'unknown';
+    const rolesClaim = user['https://motovaultpro.com/roles'];
+    const roles = Array.isArray(rolesClaim) ? rolesClaim : [];
+
+    reply
+      .header('X-Auth-User', userId)
+      .header('X-Auth-Roles', roles.join(','))
+      .code(200)
+      .send({
+        status: 'verified',
+        userId,
+        roles,
+        tenantId: user['https://motovaultpro.com/tenant_id'] ?? null,
+        verifiedAt: new Date().toISOString()
+      });
+  });
+
   // Register Fastify feature routes
   await app.register(vehiclesRoutes, { prefix: '/api' });
   await app.register(fuelLogsRoutes, { prefix: '/api' });