Roos-fs-ZIP

General
We are developing a new mobile application where the users of the mobile app are the same as those using the web version, and the login process should be consistent between both platforms. The mobile app must reuse the current authentication logic and integrate with the existing user database.

To achieve this, we require backend API endpoints to:

• Authenticate an existing user (login)
• Return a session token or JWT for use in mobile app requests
• Optionally: Refresh token endpoint for maintaining sessions

Acceptance Criteria:

• A POST endpoint is available at /api/v1/auth/login or similar
• The endpoint accepts email/username and password
• On successful authentication, it returns a JWT or secure access token
• On failure, it returns an appropriate HTTP status code and error message (e.g. 401 Unauthorized)
• Token payload must include essential user data (user_id, role, etc.)
• The authentication must reuse the existing user database and logic
• Endpoint must be accessible via HTTPS and CORS enabled for mobile
• API documentation is provided and stored in https://redmine.matecube-internal.ddns.net/projects/roos-fs/wiki