feat: add basic user banning functionality

[kangmingtay]

What kind of change does this PR introduce?

• Adds a ban_until column in auth.users to restrict specific user access until a certain time.
• GET /admin/users should allow filtering by users
• PUT /admin/users/<user_id> should allow banning an existing user
  • Update adminUserParams struct to include a BanDuration field
  • Decided to use a duration rather than a timestamp or boolean since it seems like the best DX (users don't have to worry about following go's time format) and provides greater flexibility over a bool
• fixes Ability to enable/disable users temporarily  #41

Considerations

• Decided not to go with a middleware approach in view of having to make an extra query to the database to check if a user is banned or not.
• The current implementation makes use of the existing query used to fetch the user and checks the ban_until column.
• Even though the current implementation requires more code repetition (more lines of if user.IsBanned() { ... }), the api performance won't be compromised.

Todo

• Add ban_until column in users table
• Check if user is banned in /token
• Check if user is banned in /verify
• Check if user is banned in /callback
• PUT /admin/users/<user_id> should allow banning an existing user
• GET /admin/users should allow filtering by banned users (to be fixed in another PR)

[kangmingtay]

current filtering syntax is too basic to support filtering by banned users:

• To filter by email - /admin/users?filter=email
• To filter by full name - /admin/users?filter=fullname

I'm thinking of changing this to the following but it involves making a breaking change to the API (so i'll do it in a separate PR):

/admin/users?email=email
/admin/users?fullname=fullname
/admin/users?ban_until=timestamp

# of course, the following will be possible too
/admin/users?email=email&fullname=fullname&ban_until=timestamp

[kangmingtay]

not related to this PR but this addresses #247

[darora]

Generally seems fine. Not the biggest fan of using the magic string of "0" to un-ban a user-your call on whether you want that more spec'ed out or to go ahead with this.

[kangmingtay]

Generally seems fine. Not the biggest fan of using the magic string of "0" to un-ban a user-your call on whether you want that more spec'ed out or to go ahead with this.

hmm would it be better to create an enum like unban instead of "0"? or should we make it such that if ban_duration isn't specified, we always reset the BanUntil field?

[darora]

I'd probably go the route of having a separate enum, rather than relying on the ban_duration field missing

[awalias]

needs some documentation but otherwise looks good 🥇

[awalias]

can you confirm the format for what is accepted by ban_duration and also document it in the README 👌

[awalias]

sorry this is pedantic but is there a link to the format spec - e.g. can I do 24h 32m 6s or 24h 3s or 1y3m2s (with no spaces) ?

[kangmingtay]

Yup, this is the format spec it follows
https://pkg.go.dev/time#ParseDuration

[github-actions]

🎉 This PR is included in version 2.4.0 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀