feat: add password recovery routes

KevinMB0220 · KevinMB0220 · commit bc7fd6f9c302 · 2025-12-26T18:21:46.000-06:00
- Add POST /api/auth/forgot-password route
- Add POST /api/auth/reset-password route
- Add routes to public routes configuration
- Apply rate limiting to password recovery endpoints
diff --git a/backend/src/config/auth.config.ts b/backend/src/config/auth.config.ts
@@ -46,6 +46,8 @@ export const authConfig = {
     "/api/auth/login",
     "/api/auth/register",
     "/api/auth/refresh",
+    "/api/auth/forgot-password",
+    "/api/auth/reset-password",
     "/api/health",
     "/api/docs",
     "/api/public",
diff --git a/backend/src/routes/auth.routes.ts b/backend/src/routes/auth.routes.ts
@@ -16,6 +16,8 @@ import {
   loginWithEmail,
   getSessions,
   deactivateSession,
+  forgotPassword,
+  resetPassword,
 } from "@/controllers/auth.controller";
 import {
   authenticateToken,
@@ -41,6 +43,10 @@ router.post("/login/email", authLimiter, loginWithEmail); // Alias for email/pas
 router.post("/refresh", validateRefreshToken, refresh);
 router.post("/logout", validateRefreshToken, logout);
 
+// Password recovery routes
+router.post("/forgot-password", authLimiter, forgotPassword);
+router.post("/reset-password", authLimiter, resetPassword);
+
 // User routes
 router.get("/me", authenticateToken(), me);
 router.get("/sessions", authenticateToken(), getSessions);
