Feat: Implement Two-Factor Authentication (2FA) Endpoints

[urizennnn]

Description

This PR introduces two new endpoints for enabling and verifying two-factor authentication (2FA) using TOTP:

1. POST /auth/2fa/enable: Generates and returns a QR code and secret for 2FA setup.
2. POST /auth/2fa/verify: Verifies the provided TOTP key.

Related Issue (Link to Github issue)

Fixes https://github.com/hngprojects/hng_boilerplate_golang_web/issues/296

How Has This Been Tested?

• Local Environment: Tested the endpoints locally using Postman.

Testing Scenarios:

1. Enable 2FA:

   • Request:

     POST: /auth/2fa/enable

   • Success Response:

     {
     "status": "success",
     "status_code": 201,
     "message": "Key created successfully",
     "data": {
      "qr_code": "iVBORw0KGgoAAAANSUhEUgAAAQAAAAEAAQMAAABmvDolAAAABlBMVEX///8AAABVwtN+AAADXElEQVR42uyYMY7rOBBEi1DAkDcwL2JI13JgQAIc+Fo0dBHqBgwZCKpFtezxzEYbrDUMhsGHvucJoNjd1cXG3/pb//caSM4sXB15n7dQr45At5DcmgF6wCdXAJeLX2OpIxnuXIr96SAg8p4cOQEYE1DhMqdhKVzbAuYcyAfLBQhcB4Z6docDGzA+MkkWT2YAjQGAn5eCkTnweaQ62x/58GHA0n4p9drHcP/28LMufhnQ6jJq98hWILwxk+mniHwY6KFKZB0fKkmyokcZ10hOfTPAkAvOrugrKN3QVxQ/Z9SX0n4ecDlwdUV7C0ynwAnRXvG3rSGgYMjwKyLGeaGKtHiF+4qjgB7WcTxT1APRpcg6qFq3ZoCBBcPC2m0RlzNChaN6E037jwFcNv2qXYphEnB1DPc1Fr+iGWAgp25TuMGKSGtJU5fxUvsDAMs0nZ3+e4706yARi/S31AzQx1BxCnooF23+RvVuBD5r8wBAHm+NJqSscJb/YTrHr47TAtAryrbnWC7nk7kt1m5hfQvIpwElOTP8LUVpl+V/GWelXDtAHwsQZd3ViXa3A59O+OqbBwCg2bvrIFvK4idH+Jn8yskGAJclF0FysbtB4RezPekowKydfk5qPcq0HsXTXF9DgCktOqoJyQ2qSIe3yTkCwDOIUlQ93B4sezRTO4B1Q1ViVAMP9Sq1Zw6v3n0IYE1Y8ZTs76+Yde/aARxDHTbUq74Cp52U/r/uFwcAlva6kG4wEfOTPGq3fcvJ3wcQcZEjtPHLGfo9clJ/fJuczwO8ryfYhd0zY9cHxbchQJvXP9fBDjDoaibJtdM8CDBrJ8pJxJ6OtMqjsh1AbrDLdu0qI7ewU1L78TgAlvbSLvgUC7oH7UjrmJoBBkIm0N+2GLieAvlQ7n0f1Hwc0D1rztpSNNdXr320I20KoNwgq03VZou7HCn5NV74PDDwFcRcPEkBQVf4OrYD2FRtKbCBnkwOHzQ3+LLuBwA2XbQ7sva2T8+KXvkxfvxlwCb/p+Apf6WvmEQq97rjgEi5YuuGWgri/tAYkFQXKeLSbUE3sjB9n2gdBKjbMIeq0CqIl/N7YNUEsIdbX8E7SU8V6erec5jPA8+099NAoMvBjMSYEP5VF78K/K2/9d/XPwEAAP//t6O0tRaI1+kAAAAASUVORK5CYII=",
      "secret": "CLRFZILMEJ7UC74ELOEG4R6W5AMLTHXM"
     }
     }

   • Unsuccessful Response:

     {
     "status": "error",
     "status_code": 400,
     "message": "User not found",
     "error": {}
     }

2. Verify 2FA:

   • Request:

     POST: /auth/2fa/verify

     {
     "user_id": "01910de5-3f5a-7e8e-a82b-d671ccc89df6",
     "key": "583104"
     }

   • Success Response:

     {
     "status": "success",
     "status_code": 200,
     "message": "Key verified successfully",
     "data": {
     "message": "Key verified successfully"
     }
     }

   • Unsuccessful Response:

     {
     "status": "error",
     "status_code": 400,
     "message": "Invalid key",
     "error": {}
     }

Screenshots (if appropriate - Postman, etc):

Types of changes

• [x] New feature (non-breaking change which adds functionality)

Checklist:

• [x] My code follows the code style of this project.
• [x] I have updated the documentation accordingly.
• [x] I have added tests to cover my changes.
• [x] All new and existing tests passed.

Frontend Integration:

Frontend engineers can use the following HTML to render the QR code for enabling 2FA:

<!DOCTYPE html>
<html lang="en">

<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>QR Code Viewer</title>
</head>

<body>
    <h1>QR Code</h1>
    <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAQAAAAEAAQMAAABmvDolAAAABlBMVEX///8AAABVwtN+AAADXElEQVR42uyYMY7rOBBEi1DAkDcwL2JI13JgQAIc+Fo0dBHqBgwZCKpFtezxzEYbrDUMhsGHvucJoNjd1cXG3/pb//caSM4sXB15n7dQr45At5DcmgF6wCdXAJeLX2OpIxnuXIr96SAg8p4cOQEYE1DhMqdhKVzbAuYcyAfLBQhcB4Z6docDGzA+MkkWT2YAjQGAn5eCkTnweaQ62x/58GHA0n4p9drHcP/28LMufhnQ6jJq98hWILwxk+mniHwY6KFKZB0fKkmyokcZ10hOfTPAkAvOrugrKN3QVxQ/Z9SX0n4ecDlwdUV7C0ynwAnRXvG3rSGgYMjwKyLGeaGKtHiF+4qjgB7WcTxT1APRpcg6qFq3ZoCBBcPC2m0RlzNChaN6E037jwFcNv2qXYphEnB1DPc1Fr+iGWAgp25TuMGKSGtJU5fxUvsDAMs0nZ3+e4706yARi/S31AzQx1BxCnooF23+RvVuBD5r8wBAHm+NJqSscJb/YTrHr47TAtAryrbnWC7nk7kt1m5hfQvIpwElOTP8LUVpl+V/GWelXDtAHwsQZd3ViXa3A59O+OqbBwCg2bvrIFvK4idH+Jn8yskGAJclF0FysbtB4RezPekowKydfk5qPcq0HsXTXF9DgCktOqoJyQ2qSIe3yTkCwDOIUlQ93B4sezRTO4B1Q1ViVAMP9Sq1Zw6v3n0IYE1Y8ZTs76+Yde/aARxDHTbUq74Cp52U/r/uFwcAlva6kG4wEfOTPGq3fcvJ3wcQcZEjtPHLGfo9clJ/fJuczwO8ryfYhd0zY9cHxbchQJvXP9fBDjDoaibJtdM8CDBrJ8pJxJ6OtMqjsh1AbrDLdu0qI7ewU1L78TgAlvbSLvgUC7oH7UjrmJoBBkIm0N+2GLieAvlQ7n0f1Hwc0D1rztpSNNdXr320I20KoNwgq03VZou7HCn5NV74PDDwFcRcPEkBQVf4OrYD2FRtKbCBnkwOHzQ3+LLuBwA2XbQ7sva2T8+KXvkxfvxlwCb/p+Apf6WvmEQq97rjgEi5YuuGWgri/tAYkFQXKeLSbUE3sjB9n2gdBKjbMIeq0CqIl/N7YNUEsIdbX8E7SU8V6erec5jPA8+099NAoMvBjMSYEP5VF78K/K2/9d/XPwEAAP//t6O0tRaI1+kAAAAASUVORK5CYII="
        alt="QR Code">
</body>

</html>