Implement Phase 2: Refresh tokens, 2FA, password reset, and audit logging

Co-authored-by: mblanke <9078342+mblanke@users.noreply.github.com>

backend/app/core/config.py

@@ -7,7 +7,18 @@ class Settings(BaseSettings):
     database_url: str = "postgresql://postgres:postgres@db:5432/velocicompanion"
     secret_key: str = "your-secret-key-change-in-production-min-32-chars-long"
     access_token_expire_minutes: int = 30
+    refresh_token_expire_days: int = 30
     algorithm: str = "HS256"
+    
+    # Email settings (for password reset)
+    smtp_host: str = "localhost"
+    smtp_port: int = 587
+    smtp_user: str = ""
+    smtp_password: str = ""
+    from_email: str = "noreply@velocicompanion.com"
+    
+    # WebSocket settings
+    ws_enabled: bool = True
 
     class Config:
         env_file = ".env"