Non Admin User API Implementation

[csoni111]

New Additions:

1. A new authentication api:
   • POST /auth expects JSON type data with pin key in request body.
2. User authentication and authorization check before serving on /shares and /files api.
   • GET /shares -> checks if Authorization header is present and returns a list of only those shares that are accessible to that user with an extra key isWritable (bool value) in the json response for each share.
   • GET /files -> checks for read access of that user on that share
   • DELETE and POST /files -> checks for write access of that user on that share.
   • If Authorization header is not preset then returns 401 Unauthorized
   • If read/write access is false then returns 403 Forbidden

TODO

• Recheck from db and invalidate user session if last_modified has changed after a certain time interval.
• Fetch value for isWritable key from db.

[cpg]

I think we are using underscore_names for fields.

[csoni111]

I will update the field and function names soon.

[cpg]

great going. next we need a PR for the docs, then we can deploy with one client.

We'd like to ask for help in prototyping this first version of non-admin users from @octacode (and/or @ARIHANTJAIN456 and @megabitdragon), and perhaps @codedentwickler. Depending on their schedule, we can do one or the other.

We need a separate "PIN login" page in the client to allow access to NAUs. We can provide a custom-built AA servers to test with.

[cpg]

I did not realize that other PR would cause a conflict here.