Implement Authentication & User Management

.gitignore

@@ -121,7 +121,9 @@ dist/
 downloads/
 eggs/
 .eggs/
+# Python lib directories, but not src/lib
 lib/
+!**/src/lib/
 lib64/
 parts/
 sdist/

services/auth-service/.env.example

@@ -0,0 +1,20 @@
+# Auth Service Environment Variables
+
+# Server Configuration
+AUTH_SERVICE_PORT=3002
+NODE_ENV=development
+
+# JWT Configuration
+# Generate a secure secret with: openssl rand -base64 32
+JWT_SECRET="REPLACE_WITH_RANDOM_32_CHAR_STRING"
+JWT_EXPIRES_IN=7d
+REFRESH_TOKEN_EXPIRES_IN=30d
+
+# CORS Configuration (comma-separated list of allowed origins)
+ALLOWED_ORIGINS=http://localhost:3001,http://localhost:3000
+
+# Database (for production)
+# DATABASE_URL=postgresql://user:password@localhost:5432/auth_db
+
+# App URL (for email links)
+APP_URL=http://localhost:3001

services/auth-service/Dockerfile

@@ -0,0 +1,21 @@
+FROM node:18-alpine
+
+WORKDIR /app
+
+# Copy package files
+COPY package*.json ./
+
+# Install dependencies
+RUN npm ci --only=production
+
+# Copy source
+COPY . .
+
+# Build TypeScript
+RUN npm run build
+
+# Expose port
+EXPOSE 3002
+
+# Start server
+CMD ["npm", "start"]

services/auth-service/README.md

@@ -0,0 +1,92 @@
+# Auth Service
+
+A standalone authentication service for AJOB4AGENT APIs providing JWT-based authentication and authorization.
+
+## Features
+
+- User registration and login
+- JWT access and refresh tokens
+- Role-based access control (USER, PREMIUM, ADMIN)
+- Password hashing with bcrypt
+- Request validation with Zod
+
+## API Endpoints
+
+### Authentication
+
+| Method | Endpoint | Description |
+|--------|----------|-------------|
+| POST | `/api/auth/register` | Register a new user |
+| POST | `/api/auth/login` | Login and get tokens |
+| POST | `/api/auth/refresh` | Refresh access token |
+| POST | `/api/auth/logout` | Logout (client-side) |
+
+### Users
+
+| Method | Endpoint | Description |
+|--------|----------|-------------|
+| GET | `/api/users/me` | Get current user |
+| PATCH | `/api/users/me` | Update current user |
+| DELETE | `/api/users/me` | Delete current user |
+| GET | `/api/users` | List all users (admin) |
+| PATCH | `/api/users/:id/role` | Update user role (admin) |
+
+## Setup
+
+1. Install dependencies:
+   ```bash
+   npm install
+   ```
+
+2. Create `.env` file:
+   ```bash
+   cp .env.example .env
+   ```
+
+3. Start development server:
+   ```bash
+   npm run dev
+   ```
+
+4. Build for production:
+   ```bash
+   npm run build
+   npm start
+   ```
+
+## Environment Variables
+
+| Variable | Description | Default |
+|----------|-------------|---------|
+| `AUTH_SERVICE_PORT` | Server port | 3002 |
+| `JWT_SECRET` | JWT signing secret | - |
+| `JWT_EXPIRES_IN` | Access token expiry | 7d |
+| `REFRESH_TOKEN_EXPIRES_IN` | Refresh token expiry | 30d |
+| `APP_URL` | Frontend URL for emails | http://localhost:3001 |
+
+## Using with Other Services
+
+To protect API routes in other services, use the provided middleware:
+
+```typescript
+import { authenticate, authorize } from 'auth-service/middleware';
+
+// Require authentication
+app.get('/protected', authenticate, (req, res) => {
+  res.json({ user: req.user });
+});
+
+// Require specific roles
+app.get('/admin', authenticate, authorize('ADMIN'), (req, res) => {
+  res.json({ message: 'Admin only' });
+});
+```
+
+## Docker
+
+Build and run with Docker:
+
+```bash
+docker build -t auth-service .
+docker run -p 3002:3002 --env-file .env auth-service
+```

services/auth-service/jest.config.js

@@ -0,0 +1,15 @@
+/** @type {import('jest').Config} */
+module.exports = {
+  preset: 'ts-jest',
+  testEnvironment: 'node',
+  roots: ['<rootDir>/src'],
+  testMatch: ['**/__tests__/**/*.test.ts'],
+  moduleFileExtensions: ['ts', 'js', 'json'],
+  collectCoverageFrom: [
+    'src/**/*.ts',
+    '!src/**/*.d.ts',
+    '!src/__tests__/**',
+  ],
+  coverageDirectory: 'coverage',
+  verbose: true,
+};