IndieAuth support (#1811)

* Able to authenticate user against IndieAuth. For #1273

* WIP server indieauth endpoint. For https://github.com/owncast/owncast/issues/1272

* Add migration to remove access tokens from user

* Add authenticated bool to user for display purposes

* Add indieauth modal and auth flair to display names. For #1273

* Validate URLs and display errors

* Renames, cleanups

* Handle relative auth endpoint paths. Add error handling for missing redirects.

* Disallow using display names in use by registered users. Closes #1810

* Verify code verifier via code challenge on callback

* Use relative path to authorization_endpoint

* Post-rebase fixes

* Use a timestamp instead of a bool for authenticated

* Propertly handle and display error in modal

* Use auth'ed timestamp to derive authenticated flag to display in chat

* don't redirect unless a URL is present

avoids redirecting to `undefined` if there was an error

* improve error message if owncast server URL isn't set

* fix IndieAuth PKCE implementation

use SHA256 instead of SHA1, generates a longer code verifier (must be 43-128 chars long), fixes URL-safe SHA256 encoding

* return real profile data for IndieAuth response

* check the code verifier in the IndieAuth server

* Linting

* Add new chat settings modal anad split up indieauth ui

* Remove logging error

* Update the IndieAuth modal UI. For #1273

* Add IndieAuth repsonse error checking

* Disable IndieAuth client if server URL is not set.

* Add explicit error messages for specific error types

* Fix bad logic

* Return OAuth-keyed error responses for indieauth server

* Display IndieAuth error in plain text with link to return to main page

* Remove redundant check

* Add additional detail to error

* Hide IndieAuth details behind disclosure details

* Break out migration into two steps because some people have been runing dev in production

* Add auth option to user dropdown

Co-authored-by: Aaron Parecki <aaron@parecki.com>

auth/persistence.go

@@ -0,0 +1,77 @@
+package auth
+
+import (
+	"context"
+	"strings"
+
+	"github.com/owncast/owncast/core/data"
+	"github.com/owncast/owncast/core/user"
+	log "github.com/sirupsen/logrus"
+
+	"github.com/owncast/owncast/db"
+)
+
+var _datastore *data.Datastore
+
+// Setup will initialize auth persistence.
+func Setup(db *data.Datastore) {
+	_datastore = db
+
+	createTableSQL := `CREATE TABLE IF NOT EXISTS auth (
+    "id" INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
+		"user_id" TEXT NOT NULL,
+    "token" TEXT NOT NULL,
+    "type" TEXT NOT NULL,
+		"timestamp" DATE DEFAULT CURRENT_TIMESTAMP NOT NULL,
+    FOREIGN KEY(user_id) REFERENCES users(id)
+	);CREATE INDEX auth_token ON auth (token);`
+
+	stmt, err := db.DB.Prepare(createTableSQL)
+	if err != nil {
+		log.Fatal(err)
+	}
+	defer stmt.Close()
+
+	_, err = stmt.Exec()
+	if err != nil {
+		log.Fatalln(err)
+	}
+}
+
+// AddAuth will add an external authentication token and type for a user.
+func AddAuth(userID, authToken string, authType Type) error {
+	return _datastore.GetQueries().AddAuthForUser(context.Background(), db.AddAuthForUserParams{
+		UserID: userID,
+		Token:  authToken,
+		Type:   string(authType),
+	})
+}
+
+// GetUserByAuth will return an existing user given auth details if a user
+// has previously authenticated with that method.
+func GetUserByAuth(authToken string, authType Type) *user.User {
+	u, err := _datastore.GetQueries().GetUserByAuth(context.Background(), db.GetUserByAuthParams{
+		Token: authToken,
+		Type:  string(authType),
+	})
+	if err != nil {
+		return nil
+	}
+
+	var scopes []string
+	if u.Scopes.Valid {
+		scopes = strings.Split(u.Scopes.String, ",")
+	}
+
+	return &user.User{
+		ID:              u.ID,
+		DisplayName:     u.DisplayName,
+		DisplayColor:    int(u.DisplayColor),
+		CreatedAt:       u.CreatedAt.Time,
+		DisabledAt:      &u.DisabledAt.Time,
+		PreviousNames:   strings.Split(u.PreviousNames.String, ","),
+		NameChangedAt:   &u.NamechangedAt.Time,
+		AuthenticatedAt: &u.AuthenticatedAt.Time,
+		Scopes:          scopes,
+	}
+}