feat(backend): add local auth foundation

[amritbej]

Summary

Adds a backend-only foundation for local user authentication, including user password storage, register/login APIs, secure password hashing, validation, tests, and API documentation. This intentionally excludes frontend, QR sharing, dashboards, and public profile UI so the PR stays aligned with maintainer guidance.

Closes #117

---

Type of Change

• Bug fix
• New feature
• Refactor (no functional change)
• UI / Design change
• Tests only
• Documentation
• Infrastructure / DevOps
• Security

---

What Changed

• Added nullable password_hash support to the existing users table via Prisma schema and migration.
• Implemented POST /auth/register and POST /auth/login in the backend auth routes.
• Added salted scrypt password hashing/verification utility.
• Added validation and HTTP error handling for auth inputs, duplicate users, and invalid credentials.
• Added backend auth tests covering registration, login, validation, duplicates, bad credentials, and OAuth-only users.
• Updated backend README with API documentation for the new auth endpoints.

---

How to Test

1. Run backend typecheck:

   cd apps/backend
   npm run typecheck

2. Run the focused auth tests:

   npm run test -- src/__tests__/auth-local.test.ts

3. Optional full backend test run:

   npm run test

   Note: the new auth tests pass. The full suite currently has unrelated existing failures in analytics/event/team tests.

---

Checklist

• My code follows the project's coding style (pnpm -r run lint passes).
• TypeScript compiles without errors (pnpm -r run typecheck).
• I have added or updated tests for the changes I made.
• All tests pass locally (pnpm -r run test).
• I have updated documentation where necessary.
• No new console.log or debug statements left in the code.
• Breaking changes are documented in this PR description.

---

Screenshots / Recordings

Not applicable. This is a backend-only PR.

---

Additional Context

This PR is intentionally limited to backend authentication groundwork for future profile-sharing features. It does not include frontend pages, React components, QR code generation, profile dashboards, or public profile pages.

[vercel]

Someone is attempting to deploy a commit to the Prashantkumar Khatri's projects Team on Vercel.

A member of the Team first needs to authorize it.

[github-actions]

Hi @amritbej,

Thanks for opening this pull request.

This PR has been automatically classified based on the files modified.

Applied Labels

• gssoc:approved
• backend

Primary Review Area

• backend

Reviewer

@Harxhit has been identified as the primary reviewer for this pull request.

If you have any questions regarding the affected area or implementation details, feel free to reach out to the assigned reviewer.

Thank you for your contribution!

[github-actions]

CI — All Checks Passed

Backend — PASS

Check	Result
Lint	PASS
Test	PASS
Typecheck	PASS

Mobile — SKIP

Check	Result
Lint	-
Test	-

Web — SKIP

Check	Result
Check	-
Build	-

---

Last updated: Sat, 13 Jun 2026 10:32:59 GMT

[amritbej]

@Harxhit ,
please check the pr i have changed the backend

[Harxhit]

@amritbej Thank you for taking the time to work on this PR.

After reviewing the implementation and the current state of the project, I realized that the issue itself was outdated and no longer reflects the current codebase. Most of the functionality described in the issue has already been implemented, which means this work is unfortunately not something we can merge.

I apologize for the oversight on my side and for the time you spent working on it. I'll be closing this PR along with the related issue to avoid further confusion for contributors.

Thank you again for your contribution and understanding.