Add username/pwd auth support

[ZIMkaRU]

This PR adds BFX auth token support to framework mode

---

The flow is the following:

• leaves the ability to use api keys
• adds a new way to log in with BFX token (only the token is stored in DB and in memory) and only for simple users (not for sub-users). The UI part should process username/pwd and 2FA and get auth token to send the one to the backend signUp/signIn endpoints.
• as auth token can be used with simple users (not for sub-users), getUsers endpoint shows that the account may not be used for sub-account when uses auth token
  • Request:

  {
    "method": "getUsers"
  }

  • Response:

  {
    "jsonrpc": "2.0",
    "result": [
      {
        "email": "[email protected]",
        "isSubAccount": false,
        "isNotProtected": true,
        "subUsers": [],
        "isRestrictedToBeAddedToSubAccount": false // the corresponding flag
      }
    ],
    "id": null
  }

• to signUp need to use authToken instead of apiKey/apiSecret, the rest params are the same
  • Request:

  {
    "method": "signUp",
    "auth": {
      "authToken": "pub:api:88888888-4444-3333-2222-121212121212-caps:s:o:f:w:wd:a-write",
      "isNotProtected": true
    }
  }

  • Response

  {
    "jsonrpc": "2.0",
    "result": {
      "email": "[email protected]",
      "isSubAccount": false,
      "token": "160f22c1-8c01-48b2-8a3b-42a8e734ffeb"
    },
    "id": null
  }

• after signUp, auth token will be regenerated with 24h TTL (to provide users the ability to sign in without pwd/2FA during one day) and then the token will be re-generated each 10min, the old one will be invalidated via the bfx api
• if the token can not be refreshed, WebSocket event will be emitted
  • WS event:

  {
    "jsonrpc": "2.0",
    "result": {
      "isAuthTokenGenError": true
    },
    "id": null,
    "action": "emitBfxUnamePwdAuthRequired"
  }

• in this case, the UI should log out and ask the user to set username/pwd again for getting a new auth token
• then call signIn endpoint with the new auth token
  • Request:

  {
    "method": "signIn",
    "auth": {
      "authToken": "pub:api:NEW88888-4444-3333-2222-121212121212-caps:s:o:f:w:wd:a-write",
      "email": "[email protected]",
      "isNotProtected": true
    }
  }

  • Response:

  {
    "jsonrpc": "2.0",
    "result": {
      "email": "[email protected]",
      "isSubAccount": false,
      "token": "60ca9999-0d29-46ed-a048-0d45be7b2aa0"
    },
    "id": null
  }

• after signUp/signIn, it's possible to take a token from the response, it's a local token (that we use with apiKeys flow), and it can be used in the same way as before on the UI side without any changes
• also recoverPassword endpoint is available for auth token
  • Request:

  {
    "method": "recoverPassword",
    "auth": {
      "authToken": "pub:api:NEW88888-4444-3333-2222-121212121212-caps:s:o:f:w:wd:a-write",
      "newPassword": "1234567890qwerty"
    }
  }

  • Response:

  {
    "jsonrpc": "2.0",
    "result": {
      "email": "[email protected]",
      "isSubAccount": false,
      "token": "60ca9999-0d29-46ed-a048-0d45be7b2aa0"
    },
    "id": null
  }

• the authToken is stored in the DB in encrypted form as it's done for API keys, and we can also use the user password for this purpose as we do for API keys

---

Basic changes:

• Adds BFX auth token support to framework mode
• Adds auto refresh flow of the auth tokens
• Adds SQL triggers to check API keys are not null when authToken is null for ensuring data consistency
• Adds v32 DB migration
• Adds corresponding test coverage

---

Depends on this PR:

• Add username/pwd auth support bfx-report#281

[ezewer]

looks good to me!