Add user and auth apis

[stampaaaron]

Still work in progress.. haven't tested it yet.

[changeset-bot]

🦋 Changeset detected

Latest commit: ba8c44e

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package

Name	Type
@quassel/backend	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[codecov]

Codecov Report

Attention: Patch coverage is 36.17021% with 120 lines in your changes missing coverage. Please review.

Project coverage is 46.27%. Comparing base (1e76ef5) to head (ba8c44e).
Report is 17 commits behind head on main.

Files with missing lines	Patch %	Lines
apps/backend/src/users/guards/session.guard.ts	0.00%	18 Missing and 1 partial ⚠️
apps/backend/src/users/users.service.ts	46.87%	16 Missing and 1 partial ⚠️
apps/backend/src/main.ts	0.00%	14 Missing ⚠️
apps/backend/src/users/session.service.ts	29.41%	11 Missing and 1 partial ⚠️
apps/backend/src/users/guards/roles.guard.ts	0.00%	10 Missing and 1 partial ⚠️
apps/backend/src/users/users.module.ts	0.00%	11 Missing ⚠️
apps/backend/src/config/configuration.ts	0.00%	9 Missing ⚠️
apps/backend/src/config/config.service.ts	0.00%	6 Missing ⚠️
apps/backend/src/config/config.module.ts	0.00%	5 Missing ⚠️
apps/backend/src/users/users.controller.ts	78.94%	4 Missing ⚠️
... and 9 more

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #118      +/-   ##
==========================================
+ Coverage   45.53%   46.27%   +0.73%     
==========================================
  Files          36       47      +11     
  Lines         437      577     +140     
  Branches       14       27      +13     
==========================================
+ Hits          199      267      +68     
- Misses        236      304      +68     
- Partials        2        6       +4     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[openscript]

Thank you for preparing this PR.

I've refactored a few things:

• Move migrations to db/migrations similar to Rails.
• Add seeders in db/seeds similar to Rails
• Replace Passportjs with cookie based sessions.
  • The documentation of Passportjs is very bad and hard to unterstand.
  • Having JWTs is maybe not right (https://redis.io/blog/json-web-tokens-jwt-are-dangerous-for-user-sessions/)
  • Session based authentication is easier to implement as on the client side the browser is dealing with everything.
• Replace express with fastify.
  • The session implementation of express isn't that good and doesn't offer stateless cookies. Using express session would require for another data storage like redis.
  • https://github.com/fastify/fastify-secure-session offers stateless cookies based on SKBE.
  • Fastify is supposed to be more performant.