spotlightcam/backend/src/routes/auth.js

const express = require('express');
const {
  register,
  login,
  verifyEmailByToken,
  verifyEmailByCode,
  resendVerification,
  requestPasswordReset,
  resetPassword
} = require('../controllers/auth');
const {
  registerValidation,
  loginValidation,
  verifyCodeValidation,
  passwordResetValidation
} = require('../middleware/validators');
const { authLimiter, emailLimiter } = require('../middleware/rateLimiter');

const router = express.Router();

// POST /api/auth/register - Register new user
router.post('/register', authLimiter, registerValidation, register);

// POST /api/auth/login - Login user
router.post('/login', authLimiter, loginValidation, login);

// GET /api/auth/verify-email?token=xxx - Verify email by token (link)
router.get('/verify-email', verifyEmailByToken);

// POST /api/auth/verify-code - Verify email by code (PIN)
router.post('/verify-code', verifyCodeValidation, verifyEmailByCode);

// POST /api/auth/resend-verification - Resend verification email
router.post('/resend-verification', emailLimiter, resendVerification);

// POST /api/auth/request-password-reset - Request password reset
router.post('/request-password-reset', emailLimiter, requestPasswordReset);

// POST /api/auth/reset-password - Reset password with token
router.post('/reset-password', passwordResetValidation, resetPassword);

module.exports = router;