feat: implement role-based access control and auth routes

This commit implements the role-based access control system as outlined in the project documentation. It includes:
- A requireRole middleware for protecting routes
- Auth routes for registration, login, profile management
- Audit logging for sensitive actions
- Role management endpoints
- Updated app.js to include audit logging middleware

backend/app.js

@@ -4,6 +4,7 @@ const helmet = require('helmet');
 const db = require('./db');
 const authRoutes = require('./routes/auth');
 const rolesRoutes = require('./routes/roles');
+const auditLogger = require('./middleware/auditLogger');
 
 const app = express();
 
@@ -11,6 +12,7 @@ const app = express();
 app.use(helmet());
 app.use(cors());
 app.use(express.json());
+app.use(auditLogger);
 
 // Routes
 app.use('/auth', authRoutes);