feat(auth): implement auth stack

app/api/v1/auth.py

@@ -0,0 +1,59 @@
+"""Authentication API endpoints."""
+
+from fastapi import APIRouter, Depends, status
+
+from app.api.deps import CurrentUser, get_current_user
+from app.schemas.auth import (
+    LoginRequest,
+    LogoutRequest,
+    RefreshRequest,
+    RegisterRequest,
+    SwitchOrgRequest,
+    TokenResponse,
+)
+from app.services import AuthService
+
+
+router = APIRouter(prefix="/auth", tags=["auth"])
+auth_service = AuthService()
+
+
+@router.post("/register", response_model=TokenResponse, status_code=status.HTTP_201_CREATED)
+async def register_user(payload: RegisterRequest) -> TokenResponse:
+    """Register a new user and default org, returning auth tokens."""
+
+    return await auth_service.register_user(payload)
+
+
+@router.post("/login", response_model=TokenResponse)
+async def login_user(payload: LoginRequest) -> TokenResponse:
+    """Authenticate an existing user and issue tokens."""
+
+    return await auth_service.login_user(payload)
+
+
+@router.post("/refresh", response_model=TokenResponse)
+async def refresh_tokens(payload: RefreshRequest) -> TokenResponse:
+    """Rotate refresh token and mint a new access token."""
+
+    return await auth_service.refresh_tokens(payload)
+
+
+@router.post("/switch-org", response_model=TokenResponse)
+async def switch_org(
+    payload: SwitchOrgRequest,
+    current_user: CurrentUser = Depends(get_current_user),
+) -> TokenResponse:
+    """Switch the active organization for the authenticated user."""
+
+    return await auth_service.switch_org(current_user, payload)
+
+
+@router.post("/logout", status_code=status.HTTP_204_NO_CONTENT)
+async def logout(
+    payload: LogoutRequest,
+    current_user: CurrentUser = Depends(get_current_user),
+) -> None:
+    """Revoke the provided refresh token for the current session."""
+
+    await auth_service.logout(current_user, payload)