Implement Authentication and Authorization

[vivjd]

Goal:
Set up secure authentication for admins and volunteers.

Tasks:

• Implement JWT or session-based auth for login and logout
• Create POST /api/auth/login and POST /api/auth/logout endpoints
• Store hashed passwords and issue access tokens
• Add middleware to validate tokens and enforce role-based access (ADMIN, VOLUNTEER)
• Optional: refresh-token mechanism for longer sessions

Acceptance Criteria:

• Users can log in and receive a valid token
• Protected routes reject unauthorized access
• Admins can reach admin endpoints; volunteers cannot