# Auth Module

## Overview
Provides registration, credential-based login, and authenticated profile lookup. Authentication uses JWT access tokens signed with the configured secret.

## Endpoints
- `POST /auth/register`
  - Body: `{ name, email, password?, profileImage? }`
  - Creates a customer account with an auto-increment integer `id`.
  - If `password` is omitted, a random password is generated and hashed with bcrypt.
- `POST /auth/login`
  - Body: `{ email, password }`
  - Returns `{ data: { access_token, user }, message }` on success.
  - Tokens encode `sub` as the numeric user id, plus role and status claims.
- `GET /auth/me`
  - Requires `Authorization: Bearer <token>`.
  - Returns the sanitized user payload provided by the JWT strategy.

## Internals
- `AuthService` uses TypeORM repositories for persistence and bcrypt for hashing.
- The JWT strategy (`JwtStrategy`) now parses numeric `sub` claims to query users.
- Sanitized user objects expose `id`, `name`, `email`, `profile_image`, `role`, and `status`.

## Notes
- All downstream references (e.g., in `req.user`) treat user identifiers as numbers.
- When issuing tokens from other services, ensure the `sub` claim is an integer matching `users.id`.