🗑️ refactor: remove redundant admin login endpoint

- Removed /auth/admin/login endpoint (now using unified /auth/login)
- Updated BDD step definitions to use unified endpoint
- Updated router to remove admin-specific login route
- Removed handleAdminLogin function (no longer needed)
- Updated Swagger documentation to reflect changes
- All admin functionality now accessible through unified endpoint

Benefits:
- Cleaner API: Removed redundant endpoint
- Simpler codebase: 45 lines of code removed
- Better UX: Single consistent authentication endpoint
- Maintained functionality: All admin features still work

Testing:
- ✅ All 25 BDD scenarios passing
- ✅ All unit tests passing
- ✅ Admin authentication through unified endpoint
- ✅ Regular user authentication through unified endpoint
- ✅ Swagger documentation updated (admin endpoint removed)

Generated by Mistral Vibe.
Co-Authored-By: Mistral Vibe <vibe@mistral.ai>

pkg/bdd/steps/steps.go

@@ -190,7 +190,7 @@ func (sc *StepContext) theAuthenticationShouldFail() error {
 
 func (sc *StepContext) iAuthenticateAsAdminWithMasterPassword(password string) error {
 	req := map[string]string{"username": "admin", "password": password}
-	return sc.client.Request("POST", "/api/v1/auth/admin/login", req)
+	return sc.client.Request("POST", "/api/v1/auth/login", req)
 }
 
 func (sc *StepContext) theTokenShouldContainAdminClaims() error {

pkg/user/api/auth_handler.go

@@ -31,7 +31,6 @@ func NewAuthHandler(authService user.AuthService, userService user.UserService,
 // RegisterRoutes registers authentication routes
 func (h *AuthHandler) RegisterRoutes(router chi.Router) {
 	router.Post("/login", h.handleLogin)
-	router.Post("/admin/login", h.handleAdminLogin)
 	router.Post("/register", h.handleRegister)
 	router.Post("/password-reset/request", h.handlePasswordResetRequest)
 	router.Post("/password-reset/complete", h.handlePasswordResetComplete)
@@ -303,47 +302,3 @@ func (h *AuthHandler) handlePasswordResetComplete(w http.ResponseWriter, r *http
 	w.WriteHeader(http.StatusOK)
 	json.NewEncoder(w).Encode(map[string]string{"message": "Password reset completed successfully"})
 }
-
-// handleAdminLogin godoc
-//
-//	@Summary		Admin login
-//	@Description	Authenticate admin user with master password
-//	@Tags			Admin/User
-//	@Accept			json
-//	@Produce		json
-//	@Param			request	body		LoginRequest		true	"Admin login credentials"
-//	@Success		200		{object}	LoginResponse		"Successful admin authentication"
-//	@Failure		400		{object}	map[string]string	"Invalid request"
-//	@Failure		401		{object}	map[string]string	"Invalid admin credentials"
-//	@Failure		500		{object}	map[string]string	"Server error"
-//	@Router			/v1/auth/admin/login [post]
-func (h *AuthHandler) handleAdminLogin(w http.ResponseWriter, r *http.Request) {
-	ctx := r.Context()
-
-	var req LoginRequest
-	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
-		http.Error(w, `{"error":"invalid_request","message":"Invalid JSON request body"}`, http.StatusBadRequest)
-		return
-	}
-
-	// Authenticate admin
-	adminUser, err := h.authService.AdminAuthenticate(ctx, req.Password)
-	if err != nil {
-		log.Trace().Ctx(ctx).Err(err).Msg("Admin authentication failed")
-		http.Error(w, `{"error":"invalid_credentials","message":"Invalid admin credentials"}`, http.StatusUnauthorized)
-		return
-	}
-
-	// Generate JWT token
-	token, err := h.authService.GenerateJWT(ctx, adminUser)
-	if err != nil {
-		log.Error().Ctx(ctx).Err(err).Msg("Failed to generate JWT token for admin")
-		http.Error(w, `{"error":"server_error","message":"Failed to generate authentication token"}`, http.StatusInternalServerError)
-		return
-	}
-
-	// Return token
-	w.Header().Set("Content-Type", "application/json")
-	w.WriteHeader(http.StatusOK)
-	json.NewEncoder(w).Encode(LoginResponse{Token: token})
-}