[FEAT]: Send Organisation Invite Via Email

[IgweWisdomJaminel]

Issue Description: Create User Invitation System

Description: Develop a system for inviting users to organizations via email with time-limited invitation links. The system should support sending multiple invitations in a single request and ensure that only authorized users can send invitations.

Authentication and Authorization:

• API endpoint requires a valid JWT token in the Authorization header.
• Only users with the "Admin" role for the specific organization can send invitations.

Acceptance Criteria:

• Admins can send invitations to one or multiple email addresses.
• Admins can specify which organization a user can be invited to.
• The system supports sending up to 50 invitations in a single request.

Data Validation and Sanitization:

• The API should validate that the emails field is present and contains valid email addresses.
• The API should validate that the org_id is a valid UUID.
• The JWT in the Authorization header must be valid and not expired.
• The API should validate that the requesting user has admin rights for the specified organization.

Purpose: To invite users to join an organization by sending secure, time-limited invitation links via email.

Expected Outcome: A fully functional invitation system that allows organization admins to invite new members (single or multiple) to join organizations through secure, time-limited invitation links sent to their email addresses.

API Endpoints:

1. Send Invitation(s) [POST] /api/v1/organisations/send-invite

   Request Headers:

   • Authorization: Bearer <JWT_TOKEN>

   Request Body:

   {
    "emails": ["user1@example.com", "user2@example.com", "user3@example.com"],
    "org_id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890"
   }

   Success Response (201 Created):

   {
    "message": "Invitation(s) sent successfully",
    "invitations": [
      {
        "email": "user1@example.com",
        "organization": "My Organization",
        "expires_at": "2023-07-23T00:00:00Z"
      },
      {
        "email": "user2@example.com",
        "organization": "My Organization",
        "expires_at": "2023-07-23T00:00:00Z"
      },
      {
        "email": "user3@example.com",
        "organization": "My Organization",
        "expires_at": "2023-07-23T00:00:00Z"
      }
    ]
   }

   Failure Responses:

   • 400 Bad Request:

     {
     "error": "Invalid request",
     "message": "One or more email addresses are not valid"
     }

   • 403 Forbidden:

     {
     "error": "Unauthorized",
     "message": "You do not have admin rights for this organization"
     }

   • 404 Not Found: Organization not found.
   • 413 Payload Too Large: Exceeding emails limit.
   • 429 Too Many Requests: Rate limit exceeded.
   • 401 Unauthorized: Invalid or expired JWT.
   • 500 Internal Server Error: Generic error message.

Error Handling:

• Invalid Email Format: Return 400 Bad Request with appropriate error message.
• Invalid org_id (not a UUID): Return 400 Bad Request with appropriate error message.
• Organization Not Found: Return 404 Not Found with appropriate error message.
• Unauthorized Access: Return 403 Forbidden with appropriate error message.
• Exceed Emails Limit: Return 413 Payload Too Large.
• Rate Limit Exceeded: Return 429 Too Many Requests.
• Invalid or Expired JWT: Return 401 Unauthorized with appropriate error message.
• Server Errors: Return 500 Internal Server Error with a generic error message.

Requirements:

1. Create an API for sending invitations to multiple email addresses.
2. Implement JWT authentication protection for the API endpoint.
3. Implement authorization checks for admin actions.
4. Implement email sending for invitations.
5. Implement rate limiting for invitation sending to prevent abuse.
6. Write tests for the invitation system.

Testing:

• Unit tests for invitation sending.
• Integration tests for the end-to-end invitation flow.
• Test cases for all error scenarios.
• Test cases for authorization and authentication.

[Olatomiw]

I HAVE WORKED ON THIS ALREADY