[Feature]: Implement stub authentication endpoints in GatewayAuthController

[matthewhou19]

Problem

GatewayAuthController has 5 stub endpoints that currently return placeholder strings. These need to be properly implemented to provide complete user management functionality.

Proposed solution

1. POST /auth/change-username

Current: Returns "changeUsername"
Needed:

• Validate new username (unique, format)
• Update user record
• Require current password or JWT authentication
• Return updated user details

2. POST /auth/change-email

Current: Returns "changeEmail"
Needed:

• Validate new email (unique, format)
• Send verification email to new address
• Require email verification before updating
• Return confirmation message

3. POST /auth/change-password

Current: Returns "changePassword"
Needed:

• Require current password
• Validate new password strength
• Hash and update password
• Invalidate all refresh tokens (force re-login)

4. POST /auth/reset-password

Current: Returns "resetPassword" (partially implemented - already in publicUrls)
Needed:

• Generate password reset token
• Send reset email
• Implement token verification endpoint
• Allow password update with valid token

5. POST /auth/verify-email

Current: Returns "verifyEmail"
Needed:

• Accept email verification token
• Mark email as verified in database
• Send welcome email
• Return success confirmation

Acceptance criteria

Acceptance Criteria

• All 5 endpoints fully implemented
• Request/response DTOs created
• Database schema updated
• Service layer methods implemented
• Proper error handling
• Integration tests for all endpoints
• README updated with new endpoint documentation
• Email templates created (even if console-logged)

[matthewhou19]

Hi! 👋 I saw those 5 stub endpoints and thought it'd be cool to flesh them out! Put together a plan with password stuff first (most critical), then account updates, then email verification. Included all the DTOs and DB changes too. What do you think about the approach? Happy to adjust! 🚀 @DenizAltunkapan

[DenizAltunkapan]

Hey @matthewhou19 ,
Since this is the API Gateway, I’d like to hold off on implementing these endpoints for now. I’m currently rethinking parts of the architecture and responsibility split between the gateway and the downstream services (especially around auth, user data, and email flows). I want to make sure we’re aligned there before any concrete work starts, so we don’t risk doing work that later needs to be redone.

Once the architecture decisions are clearer, I’ll definitely give you a heads-up and we can kick this off properly. Your plan will be very helpful at that point 👍