From ba698de2494b3eaf008666f871f3f30016280175 Mon Sep 17 00:00:00 2001
From: Antonio Andre <antonioandre1008@gmail.com>
Date: Tue, 14 Apr 2026 20:34:51 -0500
Subject: [PATCH] docs: atualiza README com novos endpoints auth e exemplos

---
 README.md | 51 +++++++++++++++++++++++++++++++++++++++++++++------
 1 file changed, 45 insertions(+), 6 deletions(-)

diff --git a/README.md b/README.md
index 8d1b29a..60c66aa 100644
--- a/README.md
+++ b/README.md
@@ -4,7 +4,7 @@ MVP de autenticação central para serviços distribuídos.
 
 ## O que este projeto entrega
 
-- Auth Service com `login` e `refresh`
+- Auth Service com `register`, `login`, `refresh` e recuperação de senha
 - JWT assinado em `RS256` com contrato fixo
 - Middleware de validação JWT local
 - Serviço consumidor de referência (`/profile/me`)
@@ -73,6 +73,9 @@ A tabela `User` possui apenas:
 
 - `POST /auth/login`
 - `POST /auth/refresh`
+- `POST /auth/register`
+- `POST /auth/forgot-password`
+- `POST /auth/reset-password`
 - `GET /profile/me` (protegida)
 - `GET /dashboard` (protegida, chama `/profile/me`)
 
@@ -94,29 +97,65 @@ A identidade confiável do usuário é sempre o `sub`.
 
 ## Teste rápido (curl)
 
-### 1) Login
+### 1) Cadastro
+
+```bash
+curl -X POST http://localhost:3000/auth/register \
+  -H 'Content-Type: application/json' \
+  -d '{"email":"novo.usuario@example.com","password":"senha123"}'
+```
+
+Fluxo recomendado no cliente: `register -> login`.
+
+### 2) Login
 
 ```bash
 curl -X POST http://localhost:3000/auth/login \
   -H 'Content-Type: application/json' \
-  -d '{"email":"student@example.com","password":"student123"}'
+  -d '{"email":"novo.usuario@example.com","password":"senha123"}'
 ```
 
-### 2) Rota protegida
+### 3) Forgot password (sem SMTP, modo didático)
+
+```bash
+curl -X POST http://localhost:3000/auth/forgot-password \
+  -H 'Content-Type: application/json' \
+  -d '{"email":"novo.usuario@example.com"}'
+```
+
+Observação: neste MVP didático a resposta já traz `recovery.reset_token` e `recovery.reset_url`.
+
+### 4) Reset password
+
+```bash
+curl -X POST http://localhost:3000/auth/reset-password \
+  -H 'Content-Type: application/json' \
+  -d '{"token":"<reset_token>","new_password":"novaSenha123"}'
+```
+
+### 5) Login com nova senha
+
+```bash
+curl -X POST http://localhost:3000/auth/login \
+  -H 'Content-Type: application/json' \
+  -d '{"email":"novo.usuario@example.com","password":"novaSenha123"}'
+```
+
+### 6) Rota protegida
 
 ```bash
 curl http://localhost:3000/profile/me \
   -H "Authorization: Bearer <access_token>"
 ```
 
-### 3) Chamada entre serviços (A -> B)
+### 7) Chamada entre serviços (A -> B)
 
 ```bash
 curl http://localhost:3000/dashboard \
   -H "Authorization: Bearer <access_token>"
 ```
 
-### 4) Refresh
+### 8) Refresh
 
 ```bash
 curl -X POST http://localhost:3000/auth/refresh \