feat(auth): add public GET /api/auth/config endpoint

Expose auth feature flags (sign.in, sign.up) so the Vue frontend can
display a warning when signin/signup is disabled server-side.
Only boolean flags are returned — no secrets exposed.

Author: PierreBrisorgueil

modules/auth/controllers/auth.controller.js

@@ -207,11 +207,27 @@ const oauthCallback = async (req, res, next) => {
   })(req, res, next);
 };
 
+/**
+ * @desc Endpoint to expose public auth feature flags
+ * @param {Object} req - Express request object
+ * @param {Object} res - Express response object
+ * @returns {Object} Public auth configuration (sign and oAuth flags only)
+ */
+const getConfig = (_req, res) => {
+  responses.success(res, 'Auth config')({
+    sign: {
+      in: !!config.sign.in,
+      up: !!config.sign.up,
+    },
+  });
+};
+
 export default {
   signup,
   signin,
   token,
   oauthCall,
   oauthCallback,
   checkOAuthUserProfile,
+  getConfig,
 };

modules/auth/routes/auth.routes.js

@@ -13,6 +13,9 @@ import authPassword from '../controllers/auth.password.controller.js';
 export default (app) => {
   const authLimiter = rateLimit(config.rateLimit.auth);
 
+  // Public auth config (no authentication required, rate-limited)
+  app.route('/api/auth/config').get(authLimiter, auth.getConfig);
+
   // Setting up the users password api
   app.route('/api/auth/forgot').post(authLimiter, authPassword.forgot);
   app.route('/api/auth/reset/:token').get(authLimiter, authPassword.validateResetToken);