Implement password reset functionality

[volcodes]

Add a secure password reset functionality to the application. This feature will allow users to reset their passwords in case they forget them. It will include a database migration for existing passwords, secure salt generation, and necessary workflow integration for resetting and storing new passwords.

Acceptance Criteria:

Password Reset Workflow:

• Implement an endpoint to initiate the password reset process, generating a reset token and sending it to the user’s email.
• Create an endpoint to verify the token and allow users to set a new password.

Database Migration:

• Update the database schema to store a salt value for each user.
• Migrate existing passwords to include the newly generated salt.

Salt Generation:

• Generate a unique cryptographic salt for each password reset.
• Use the salt during password hashing to enhance security.

Password Storage:

• Ensure all new passwords are hashed with bcrypt using the salt before storing them.

Security Considerations:

Implement token expiration to limit the time frame for password reset.
Validate password strength for new passwords (minimum 8 characters, 1 uppercase letter, 1 number).

Testing:

• Write unit tests for the password reset endpoints and workflow.
• Test the migration script to ensure it works seamlessly with existing data.

Technical Notes:

• Use golang.org/x/crypto/bcrypt for hashing.
• Consider crypto/rand for secure salt generation.
• Use environment variables to configure token expiration time and other sensitive settings.
• Follow project standards for error handling, logging, and code structure.

Priority: High
Labels: Security, Authentication, Backend, Go