Initial commit: CMS backend for Old Vine Hotel

- Complete Express.js API server
- MongoDB integration with Mongoose
- Admin authentication and authorization
- Room management (CRUD operations)
- Booking management system
- Guest management
- Payment processing (Stripe integration)
- Content management (pages, blog, gallery)
- Media upload and management
- Integration services (Booking.com, Expedia, Opera PMS, Trip.com)
- Email notifications
- Comprehensive logging and error handling

middleware/auth.js

@@ -0,0 +1,56 @@
+const jwt = require('jsonwebtoken');
+const Guest = require('../models/Guest');
+
+const auth = async (req, res, next) => {
+  try {
+    // Get token from header
+    const token = req.header('Authorization')?.replace('Bearer ', '');
+    
+    if (!token) {
+      return res.status(401).json({
+        success: false,
+        message: 'Access denied. No token provided.'
+      });
+    }
+
+    // Verify token
+    const decoded = jwt.verify(token, process.env.JWT_SECRET);
+    
+    // Get guest from database
+    const guest = await Guest.findById(decoded.id).select('-password');
+    
+    if (!guest || !guest.isActive) {
+      return res.status(401).json({
+        success: false,
+        message: 'Token is not valid or account is inactive'
+      });
+    }
+
+    // Add guest to request object
+    req.guest = guest;
+    next();
+  } catch (error) {
+    console.error('Authentication error:', error.message);
+    
+    if (error.name === 'JsonWebTokenError') {
+      return res.status(401).json({
+        success: false,
+        message: 'Invalid token'
+      });
+    }
+    
+    if (error.name === 'TokenExpiredError') {
+      return res.status(401).json({
+        success: false,
+        message: 'Token expired'
+      });
+    }
+    
+    res.status(500).json({
+      success: false,
+      message: 'Server error during authentication'
+    });
+  }
+};
+
+module.exports = auth;