Implement OAuth Authentication + Role Based Access Control (RBAC) for Root.

[hrideshmg]

Refer to docs/auth.md for more details.

[Copilot]

Pull Request Overview

This PR implements a comprehensive OAuth-based authentication system with role-based access control (RBAC) for the Root backend. The implementation adds GitHub OAuth for user authentication, session management for maintaining logged-in state, API key authentication for bot accounts, and role-based guards to protect GraphQL mutations.

Key Changes:

• Added GitHub OAuth flow for user registration and login with organization membership verification
• Implemented session-based authentication with 30-day expiration and daily cleanup task
• Created API key system for bot authentication with bcrypt-hashed keys
• Added role-based access control with Admin, Member, and Bot roles enforced via GraphQL guards

Reviewed Changes

Copilot reviewed 23 out of 24 changed files in this pull request and generated 22 comments.

Show a summary per file

File	Description
src/auth/*	New authentication module with OAuth, session, API key services, middleware, and guards
src/routes.rs	Added OAuth endpoints and custom GraphQL handler with auth context injection
src/graphql/mutations/auth_mutations.rs	New authentication mutations for OAuth callback, logout, and bot management
src/graphql/mutations/*.rs	Applied role-based guards to existing mutations (attendance, member, status)
src/models/auth.rs	New authentication models for roles, sessions, API keys, and responses
src/models/member.rs	Updated Member model to support nullable fields and role column
migrations/20251114165724_create_auth_system.sql	Database schema changes for auth tables and Member modifications
docs/auth.md	Comprehensive authentication system documentation
Cargo.toml	Added dependencies for OAuth2, bcrypt, and rand
.env.sample	Added GitHub OAuth configuration variables

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.