[FEAT]: Implement Magic Link Login API

[tulbadex]

Description

Implement an API for passwordless authentication using magic links. Users should be able to request a magic link via email, which, when clicked, logs them into the system by exchanging the token for a JWT authentication token.

Acceptance Criteria

• Users should receive a magic link via email when requested.
• Clicking the magic link should log the user in and return a valid JWT token.
• The magic link should expire after a set duration.
• Rate limiting should prevent excessive requests per user or IP.

Expected Outcome

• Users can log in without a password using a magic link sent to their email.
• Expired or invalid links should return appropriate error responses.
• The system should securely store and validate magic link tokens.

Requirements

• Create a database table (magic_links) to store user_id, token, and expiration time.
• Implement an endpoint to request a magic link (POST /api/v1/auth/magic-link).
• Send an email containing the magic link with the token.
• Implement an endpoint to validate and exchange the magic link token (POST /api/v1/auth/magic-link/verify).
• Delete the token after successful login.
• Implement rate limiting to prevent abuse.

Magic Link Request [POST] /api/v1/auth/magic-link

Requesting a Magic Link

• Given a valid email, the system should generate a magic link and send it via email.
  POST /api/v1/auth/magic-link
  {
  "email": "[email protected]"
  }

Successful Response
{
"message": "Magic link sent successfully",
"status_code": 200
}

Error Response
{
"message": "User not found",
"error": "invalid_email",
"status_code": 404
}