8cd792eb75
Complete authentication system with JWT, refresh tokens, and TOTP 2FA. Auto-generates license keys on registration (CORR-XXXX-XXXX-XXXX format). JwtStrategy enriches payload with license_id and permissions from roles. Multi-tenant isolation enforced at license access layer. Auth Module: - 9 REST endpoints (login, register, refresh, 2FA setup/verify, profile, password reset) - Argon2 password hashing, TOTP with QR code generation - Public endpoints: login, register, forgot-password, reset-password, validate-key - Authenticated endpoints require JWT Bearer token Users Module: - Admin CRUD for user management (requires users.view permission) - Password fields excluded from all responses Licenses Module: - License lookup with owner authorization - Public key validation endpoint for plugin verification - License key generation via random hex parts All DTOs use class-validator, all controllers documented via Swagger. Custom decorators: @Public(), @CurrentUser(), @RequirePermission(). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>