📝 Implement user registration and login

[AmirAgassi]

Develop the complete user registration and login functionality for admin users, interviewers, and candidates.

📋 Tasks

• Implement admin registration flow
• Create login endpoint with JWT token generation
• Add email verification for new accounts
• Implement validation for user registration data
• Create session management for logged-in users

🔧 Technical Details

• Extend the authentication system created in Sprint 1
• Implement these endpoints:
  • POST /api/auth/register - For admin registration
  • POST /api/auth/login - For user login (all roles)
  • POST /api/auth/verify-email - For email verification
  • POST /api/auth/refresh-token - For refreshing expired tokens
  • POST /api/auth/logout - For logging out and invalidating tokens
• Store JWT in HTTP-only cookies for better security
• Add appropriate validation using a library like express-validator
• Implement rate limiting for login attempts to prevent brute force attacks
• Consider implementing account locking after multiple failed login attempts

✅ Acceptance Criteria

• Admins can register with email and password
• Users of all roles can log in securely
• JWT tokens are generated and stored securely
• Email verification is working correctly
• Input validation prevents invalid data
• Rate limiting prevents brute force attacks
• All auth endpoints follow security best practices