feat(auth): add forgot password and reset password flow

[devprashant19]

Description

This PR introduces a comprehensive "Forgot Password" flow to prevent users who register with an email and password from being permanently locked out if they forget their credentials.

Changes

• backend/controllers/authController.js:
  • Implemented forgotPassword which generates a time-limited (15-minute) stateless JWT. The token is dynamically signed using the user's current password hash (process.env.JWT_SECRET + user.password), meaning it mathematically auto-invalidates the moment the password is changed.
  • Implemented resetPassword which decodes and validates the token before updating the user's password.
  • Integrated nodemailer to dispatch the reset links to the user's email.
• backend/routes/authRoutes.js: Exposed the /forgot-password and /reset-password POST endpoints with appropriate express-validator security rules.
• backend/package.json: Added nodemailer to dependencies.

Related Issues

• Resolves: No Password Reset Functionality #245

Type of Change

• Security fix
• Bug fix
• New feature
• Refactoring

Pre-submission Checklist

• Verified stateless JWT auto-invalidates after password mutation to prevent replay attacks.
• Verified fallback behavior gracefully logs the reset link when SMTP credentials aren't provided.

[vercel]

@devprashant19 is attempting to deploy a commit to the Aditya Sharma's projects Team on Vercel.

A member of the Team first needs to authorize it.

[Userunknown84]

auth flow is ok but in frontend can this task perform as there is no frontend changes doing here.