WIP: JWT Auth

[kenpaicat]

Closes #1 , closes #9 .

• UserDTO
• LoginDTO
• Register
  • Email verify
  • DB insert
• Login
• Refresh token and refresh mechanism (taken care by actix-jwt-auth-middleware and jwt-compact)
• Axes token (taken care by actix-jwt-auth-middleware and jwt-compact)
• Test if its actually secure (HS256 is generally used for JWT but you can never be too sure).
• Tests around login and register API
• How can we respond with JSON when Auth fails? actix-jwt-auth-middleware doesn't expose such functionality, it seems.
• CORS (https://github.com/actix/actix-extras/blob/master/actix-cors/examples/cors.rs)
• JWT
  • Access
  • Refresh

Resources:

• https://github.com/wpcodevo/rust-postgres-crud-sqlx/tree/master
• https://docs.rs/jwt-compact/latest/jwt_compact/
• https://github.com/michaelvanstraten/actix-jwt-auth-middleware/blob/master/examples/simple.rs
• [Proposal] Implement serde::Serialize for sqlx::Row launchbadge/sqlx#182
• Alternative to HS256: https://docs.rs/ed25519-dalek/latest/ed25519_dalek/ (available as feature to jwt-compact)
• For testing generated UUIDs: https://docs.rs/uuid/latest/uuid/
• https://stackoverflow.com/questions/39239051/rs256-vs-hs256-whats-the-difference
• Interesting shit: https://github.com/launchbadge/sqlx/tree/main/examples/postgres/listen (for keys)