feat: implement trustlab:magic-link command and controller for AI testing bypass

app/Http/Controllers/MagicLinkController.php

@@ -0,0 +1,48 @@
+<?php
+
+namespace App\Http\Controllers;
+
+use App\Models\User;
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Auth;
+use Illuminate\Support\Facades\Cache;
+
+class MagicLinkController extends Controller
+{
+    /**
+     * Handle Magic Link login
+     */
+    public function login(Request $request)
+    {
+        $token = $request->query('token');
+
+        if (!$token) {
+            return response()->json(['error' => 'Token missing'], 400);
+        }
+
+        $userId = Cache::get("magic_link_{$token}");
+
+        if (!$userId) {
+            return response()->json(['error' => 'Invalid or expired magic link'], 401);
+        }
+
+        $user = User::findOrFail($userId);
+
+        // Consume token to prevent replay attacks
+        Cache::forget("magic_link_{$token}");
+
+        // Log the user in to the web guard (sets trustlab_session cookie)
+        // Since SESSION_DOMAIN is .dyzulk.com, this cookie is shared with the frontend
+        Auth::guard('web')->login($user);
+
+        // Also create a Sanctum token for the frontend to use in headers
+        $authToken = $user->createToken('magic_auth_token')->plainTextToken;
+
+        // Redirect to Frontend Callback
+        // The frontend will handle the token and redirect to /dashboard
+        $frontendUrl = config('app.frontend_url') ?: 'https://trustlab.dyzulk.com';
+        $callbackUrl = "{$frontendUrl}/auth/callback?token={$authToken}";
+
+        return redirect($callbackUrl);
+    }
+}