feat: Implement custom authorization filter and enhance JWT authentication responses

docs/ARCHITECTURE_OVERVIEW.md

@@ -71,7 +71,7 @@ UserCreatedEventHandler → gửi email welcome
 - Validation, Logging, Authorization, etc.
 
 ```csharp
-Request → ValidationBehavior → AuthorizationBehavior → Handler → Response
+Request → ValidationBehavior → Handler → Response
 ```
 
 ## 📂 **FOLDERS QUAN TRỌNG NHẤT**

docs/BEHAVIORS_GUIDE.md

@@ -6,7 +6,7 @@
 
 ### **Behaviors = Middleware cho Commands/Queries**
 ```
-Request → ValidationBehavior → AuthorizationBehavior → LoggingBehavior → Handler → Response
+Request → ValidationBehavior → LoggingBehavior → Handler → Response
 ```
 
 **Mỗi behavior là 1 layer xử lý cross-cutting concerns trước/sau khi handler chạy.**
@@ -35,32 +35,7 @@ public class CreateUserCommandValidator : AbstractValidator<CreateUserCommand>
 // Nếu fail → throw ValidationException
 ```
 
-### **2. 🔐 AuthorizationBehavior**
-- **Mục đích**: Kiểm tra quyền truy cập
-- **Khi nào chạy**: Sau validation, trước handler
-- **Input**: IAuthorizedRequest interface
-- **Output**: Throw UnauthorizedException/ForbiddenException
-
-```csharp
-// Command yêu cầu authorization
-public record CreateUserCommand : ICommand<Result<CreateUserResponse>>, 
-    IAuthorizedRequest
-{
-    public AuthorizationRequirement AuthorizationRequirement => new()
-    {
-        Roles = ["Admin"],           // Cần role Admin
-        Permissions = ["users.create"], // Cần permission users.create
-        RequireAuthentication = true
-    };
-}
-
-// AuthorizationBehavior sẽ check:
-// - User có authenticated không?
-// - User có role Admin không?
-// - User có permission users.create không?
-```
-
-### **3. 📊 LoggingBehavior**
+### **2. 📊 LoggingBehavior**
 - **Mục đích**: Log tất cả requests/responses
 - **Khi nào chạy**: Bao quanh handler (before + after)
 - **Input**: Request name
@@ -92,7 +67,7 @@ public record CreateUserCommand : ICommand<Result<CreateUserResponse>>,
 
 ```csharp
 // Query với caching
-public record GetUserByIdQuery(Guid UserId) : IQuery<UserResponse>, 
+public record GetUserByIdQuery(Guid UserId) : IQuery<UserResponse>,
     ICacheableQuery
 {
     public string CacheKey => $"user-{UserId}";
@@ -104,7 +79,7 @@ public record GetUserByIdQuery(Guid UserId) : IQuery<UserResponse>,
 // 2. Nếu không → execute handler → cache result → return
 ```
 
-### **6. 🔄 TransactionBehavior**
+### **6. 💳 TransactionBehavior**
 - **Mục đích**: Wrap commands trong database transaction
 - **Khi nào chạy**: Chỉ cho commands implement ITransactionalCommand
 - **Rollback**: Automatic nếu có exception

docs/EXCEPTION_GUIDELINES.md

@@ -28,7 +28,6 @@ Exception
     ├── NotFoundException
     ├── UnauthorizedException
     ├── BusinessRuleViolationException
-    ├── RequestProcessingException
     └── DomainEventDispatchException
 ```
 
@@ -203,28 +202,6 @@ if (!user.HasRole("Admin"))
     throw new UnauthorizedException("Access denied", "Admin");
 ```
 
-#### **RequestProcessingException**
-```csharp
-namespace Application.Common.Exceptions;
-
-public sealed class RequestProcessingException : Exception
-{
-    public RequestProcessingException(string message) : base(message)
-    {
-    }
-
-    public RequestProcessingException(string message, Exception innerException) 
-        : base(message, innerException)
-    {
-    }
-}
-
-// Usage in MediatR behaviors
-catch (Exception ex)
-{
-    throw new RequestProcessingException($"Request {requestName} failed after {duration}ms", ex);
-}
-```
 
 ### **Infrastructure Layer Exceptions**
 
@@ -307,8 +284,6 @@ throw new UnauthorizedException("Insufficient permissions");
 // ✅ Use for not found
 throw new NotFoundException("User", userId);
 
-// ✅ Use for request processing
-throw new RequestProcessingException("Command processing failed", ex);
 
 // ❌ Don't use low-level exceptions
 // throw new SqlException(...); // TOO LOW LEVEL
@@ -472,7 +447,7 @@ public async Task<User> CreateUserAsync(CreateUserCommand command)
     }
     catch (Exception ex)
     {
-        throw new RequestProcessingException("Failed to create user", ex);
+        throw; // Re-throw or handle appropriately
     }
 }
 
@@ -515,11 +490,6 @@ public async Task<IActionResult> CreateUser(CreateUserCommand command)
     {
         return BadRequest(new { rule = ex.RuleName, message = ex.Message });
     }
-    catch (RequestProcessingException ex)
-    {
-        logger.LogError(ex, "Failed to process create user request");
-        return StatusCode(500, new { message = "Internal server error" });
-    }
 }
 ```
 
@@ -565,11 +535,6 @@ public class GlobalExceptionMiddleware
                 Message = businessEx.Message,
                 Details = new { Rule = businessEx.RuleName }
             },
-            RequestProcessingException requestEx => new ApiResponse
-            {
-                StatusCode = 500,
-                Message = "Request processing failed"
-            },
             _ => new ApiResponse
             {
                 StatusCode = 500,
@@ -607,8 +572,6 @@ Exception occurred?
 │   ├── Database → DataPersistenceException
 │   ├── Event dispatch → DomainEventDispatchException
 │   └── External service → ExternalServiceException
-└── Is it request processing failure?
-    └── Pipeline error → RequestProcessingException
 ```
 
 ---
@@ -626,7 +589,6 @@ Exception occurred?
 | Entity not found | `NotFoundException` | Application |
 | Database operation failure | `DataPersistenceException` | Infrastructure |
 | Event dispatch failure | `DomainEventDispatchException` | Infrastructure |
-| Request processing failure | `RequestProcessingException` | Application |
 
 ---