changes authentication to no longer use a refresh token & access token
for accessing protected endpoints. Instead only an auth token is used.
Before the login flow was:
Login -> get refresh (stored as HttpOnly cookie) + access token (stored in memory) ->
protected endpoint request (attach access token as Authorization header) -> access token expires in
15 minutes, so use refresh token to obtain new one when that happens
now it looks like this:
Login -> get auth token (stored as HttpOnly cookie) -> make protected endpont
request (token sent)
the reasoning for using the refresh + access token was to reduce DB
calls, but in the end I don't think its worth the hassle.
redesigned the project sharing popup to be a multi select dropdown
that populates the options by using the input as a fuzzy search filter
on the current users & invited users.
users can now also be directly invited by email from the project share
window. if invited this way, then the user will receive an email
that sends them to a registration page, then a confirmation page.
the initial registration was always redone so that it uses a similar
system to the above in that it now will accept the first registered
user if there are no other accounts (besides 'system').
the secret key for signing JWT tokens is now read from server.secret.
if that does not exist, then a random UUID v4 is generated and used
instead. a log warning is also shown.
allows for config settings to be easily set through ENV variables,
config files, or CLI flags
adds flag to run migration on web server start (fixes#29)