Add AUTH-TOKEN logging to middleware for debugging token extraction

go_cloud/internal/middleware/middleware.go

@@ -2,6 +2,7 @@ package middleware
 
 import (
 	"context"
+	"fmt"
 	"net/http"
 	"regexp"
 	"strings"
@@ -160,24 +161,33 @@ func Auth(jwtManager *jwt.Manager, db *database.DB) func(http.Handler) http.Hand
 		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 			authHeader := r.Header.Get("Authorization")
 			var tokenString string
+			var tokenSource string
 			if strings.HasPrefix(authHeader, "Bearer ") {
 				tokenString = strings.TrimPrefix(authHeader, "Bearer ")
+				tokenSource = "header"
 			} else {
 				// Fallback to query parameter token (for viewers that cannot set headers)
 				qToken := r.URL.Query().Get("token")
 				if qToken == "" {
+					fmt.Printf("[AUTH-TOKEN] source=none, path=%s, statusCode=401\n", r.RequestURI)
 					http.Error(w, "Unauthorized", http.StatusUnauthorized)
 					return
 				}
 				tokenString = qToken
+				tokenSource = "query"
 			}
 
+			fmt.Printf("[AUTH-TOKEN] source=%s, path=%s\n", tokenSource, r.RequestURI)
+
 			claims, session, err := jwtManager.ValidateWithSession(r.Context(), tokenString, db)
 			if err != nil {
+				fmt.Printf("[AUTH-TOKEN] validation_failed, source=%s, path=%s, error=%v\n", tokenSource, r.RequestURI, err)
 				http.Error(w, "Unauthorized", http.StatusUnauthorized)
 				return
 			}
 
+			fmt.Printf("[AUTH-TOKEN] valid, source=%s, userId=%s\n", tokenSource, claims.UserID)
+
 			ctx := context.WithValue(r.Context(), UserKey, claims.UserID)
 			ctx = context.WithValue(ctx, SessionKey, session)
 			ctx = context.WithValue(ctx, TokenKey, tokenString)