feat(auth): add comprehensive authentication system with 2FA support

- Add new auth module with captcha, login, logout, register, and email verification endpoints
- Implement two-factor authentication with TOTP enable, disable, verify, and backup codes regeneration
- Create RSA public key endpoint for secure password encryption
- Add user profile management with get current user and email retrieval
- Integrate OpenAPI documentation for all authentication endpoints
- Implement password reset functionality with email verification flow
- Add comprehensive API response structures with proper error handling
- Configure all auth routes under /api/v1/auth scope with proper tagging

api/auth/logout.rs

@@ -0,0 +1,26 @@
+use actix_web::{HttpResponse, web};
+
+use crate::api::response::{ApiEmptyResponse, ApiErrorResponse};
+use crate::error::AppError;
+use crate::service::AppService;
+use crate::session::Session;
+
+#[utoipa::path(
+    post,
+    path = "/api/v1/auth/logout",
+    tag = "Auth",
+    operation_id = "authLogout",
+    summary = "Log out",
+    description = "Clear the user identity and all temporary authentication data from the current session, including captcha, temporary RSA keys, and pending 2FA state. This endpoint is idempotent: unauthenticated users also receive a success response.",
+    responses(
+        (status = 200, description = "Logged out successfully, or the session was already unauthenticated.", body = ApiEmptyResponse),
+        (status = 500, description = "Session persistence failed.", body = ApiErrorResponse)
+    )
+)]
+pub async fn handle(
+    service: web::Data<AppService>,
+    session: Session,
+) -> Result<HttpResponse, AppError> {
+    service.auth.auth_logout(&session).await?;
+    Ok(HttpResponse::Ok().json(ApiEmptyResponse::ok("logout successful")))
+}