feat: upgrade next-auth to v5.0.0-beta.29 and refactor authentication middleware

- Updated next-auth dependency in package.json to version 5.0.0-beta.29.
- Refactored create-admin script to use a valid email format.
- Implemented authentication middleware for various API routes to enforce access control.
- Refactored API route handlers to improve readability and maintainability.
- Enhanced error handling in authentication error page.
- Added detailed tests for authentication flow, including protected routes and NextAuth endpoints.

test-auth-pages.mjs

@@ -0,0 +1,127 @@
+// Test authenticated access to pages and API endpoints
+const BASE_URL = 'http://localhost:3000';
+
+// Helper to extract cookies from response headers
+function extractCookies(response) {
+  const cookies = [];
+  const setCookieHeaders = response.headers.get('set-cookie');
+  if (setCookieHeaders) {
+    cookies.push(setCookieHeaders);
+  }
+  return cookies.join('; ');
+}
+
+// Test authenticated access
+async function testAuthenticatedAccess() {
+  console.log('🔐 Testing Authenticated Access\n');
+  
+  // Step 1: Get the sign-in page to check if it loads
+  console.log('1️⃣ Testing sign-in page access...');
+  try {
+    const signInResponse = await fetch(`${BASE_URL}/auth/signin`);
+    console.log(`✅ Sign-in page: ${signInResponse.status} ${signInResponse.statusText}`);
+    
+    if (signInResponse.status === 200) {
+      const pageContent = await signInResponse.text();
+      const hasForm = pageContent.includes('Sign in to your account');
+      console.log(`   Form present: ${hasForm ? '✅ Yes' : '❌ No'}`);
+    }
+  } catch (error) {
+    console.log(`❌ Sign-in page error: ${error.message}`);
+  }
+  
+  console.log('\n2️⃣ Testing authentication endpoint...');
+  
+  // Step 2: Test the authentication API endpoint
+  try {
+    const sessionResponse = await fetch(`${BASE_URL}/api/auth/session`);
+    console.log(`✅ Session endpoint: ${sessionResponse.status} ${sessionResponse.statusText}`);
+    
+    if (sessionResponse.status === 200) {
+      const sessionData = await sessionResponse.json();
+      console.log(`   Session data: ${JSON.stringify(sessionData)}`);
+    }
+  } catch (error) {
+    console.log(`❌ Session endpoint error: ${error.message}`);
+  }
+  
+  console.log('\n3️⃣ Testing CSRF token endpoint...');
+  
+  // Step 3: Get CSRF token
+  try {
+    const csrfResponse = await fetch(`${BASE_URL}/api/auth/csrf`);
+    console.log(`✅ CSRF endpoint: ${csrfResponse.status} ${csrfResponse.statusText}`);
+    
+    if (csrfResponse.status === 200) {
+      const csrfData = await csrfResponse.json();
+      console.log(`   CSRF token: ${csrfData.csrfToken ? '✅ Present' : '❌ Missing'}`);
+    }
+  } catch (error) {
+    console.log(`❌ CSRF endpoint error: ${error.message}`);
+  }
+  
+  console.log('\n4️⃣ Testing main dashboard page (unauthenticated)...');
+  
+  // Step 4: Test main page redirect
+  try {
+    const mainPageResponse = await fetch(`${BASE_URL}/`, { 
+      redirect: 'manual' // Don't follow redirects automatically
+    });
+    console.log(`✅ Main page: ${mainPageResponse.status} ${mainPageResponse.statusText}`);
+    
+    if (mainPageResponse.status === 307 || mainPageResponse.status === 302) {
+      const location = mainPageResponse.headers.get('location');
+      console.log(`   Redirects to: ${location}`);
+      console.log(`   Correct redirect: ${location && location.includes('/auth/signin') ? '✅ Yes' : '❌ No'}`);
+    }
+  } catch (error) {
+    console.log(`❌ Main page error: ${error.message}`);
+  }
+  
+  console.log('\n5️⃣ Testing projects page (unauthenticated)...');
+  
+  // Step 5: Test projects page redirect
+  try {
+    const projectsPageResponse = await fetch(`${BASE_URL}/projects`, { 
+      redirect: 'manual' 
+    });
+    console.log(`✅ Projects page: ${projectsPageResponse.status} ${projectsPageResponse.statusText}`);
+    
+    if (projectsPageResponse.status === 307 || projectsPageResponse.status === 302) {
+      const location = projectsPageResponse.headers.get('location');
+      console.log(`   Redirects to: ${location}`);
+      console.log(`   Correct redirect: ${location && location.includes('/auth/signin') ? '✅ Yes' : '❌ No'}`);
+    }
+  } catch (error) {
+    console.log(`❌ Projects page error: ${error.message}`);
+  }
+  
+  console.log('\n6️⃣ Testing API endpoints (unauthenticated)...');
+  
+  // Step 6: Test API endpoints
+  const apiEndpoints = ['/api/projects', '/api/contracts', '/api/tasks/templates'];
+  
+  for (const endpoint of apiEndpoints) {
+    try {
+      const response = await fetch(`${BASE_URL}${endpoint}`);
+      const data = await response.json();
+      
+      if (response.status === 401) {
+        console.log(`✅ ${endpoint}: Protected (401) - ${data.error}`);
+      } else {
+        console.log(`❌ ${endpoint}: Not protected (${response.status})`);
+      }
+    } catch (error) {
+      console.log(`❌ ${endpoint}: Error - ${error.message}`);
+    }
+  }
+  
+  console.log('\n📋 Summary:');
+  console.log('- Sign-in page should be accessible');
+  console.log('- Protected pages should redirect to /auth/signin');  
+  console.log('- Protected API endpoints should return 401 with JSON error');
+  console.log('- Auth endpoints (/api/auth/*) should be accessible');
+}
+
+// Run the test
+testAuthenticatedAccess().catch(console.error);