Add user authentication with email verification and password reset

Implements registration, login/logout, email verification via token,
and password reset flow. Includes CSRF protection, flash messages,
MailPit for dev email testing, and security docs in README.

1 files changed, 12 insertions, 0 deletions

diff --git a/src/config/routes.php b/src/config/routes.php
index d25cfb5..e5f289c 100644
--- a/src/config/routes.php
+++ b/src/config/routes.php
@@ -5,3 +5,15 @@ declare(strict_types=1);
 
 /** @var \App\Router $router */
 $router->get('/', 'HomeController', 'index');
+
+// Auth
+$router->get('/register', 'AuthController', 'registerForm');
+$router->post('/register', 'AuthController', 'register');
+$router->get('/verify', 'AuthController', 'verify');
+$router->get('/login', 'AuthController', 'loginForm');
+$router->post('/login', 'AuthController', 'login');
+$router->get('/logout', 'AuthController', 'logout');
+$router->get('/forgot-password', 'AuthController', 'forgotPasswordForm');
+$router->post('/forgot-password', 'AuthController', 'forgotPassword');
+$router->get('/reset-password', 'AuthController', 'resetPasswordForm');
+$router->post('/reset-password', 'AuthController', 'resetPassword');