add aurweb.auth and authentication to User

+ Added aurweb.auth.AnonymousUser
    * An instance of this model is returned as the request user
      when the request is not authenticated
+ Added aurweb.auth.BasicAuthBackend
+ Add starlette's AuthenticationMiddleware to app middleware,
  which uses our BasicAuthBackend facility
+ Added User.is_authenticated()
+ Added User.authenticate(password)
+ Added User.login(request, password)
+ Added User.logout(request)
+ Added repr(User(...)) representation
+ Added aurweb.auth.auth_required decorator.

This change uses the same AURSID logic in the PHP implementation.

Additionally, introduce a few helpers for authentication,
one of which being `User.update_password(password, rounds = 12)`
where `rounds` is a configurable number of salt rounds.

Signed-off-by: Kevin Morris <kevr@0cost.org>

aurweb/asgi.py

@@ -1,12 +1,15 @@
 import http
+import os
 
 from fastapi import FastAPI, HTTPException
 from fastapi.responses import HTMLResponse
 from fastapi.staticfiles import StaticFiles
+from starlette.middleware.authentication import AuthenticationMiddleware
 from starlette.middleware.sessions import SessionMiddleware
 
 import aurweb.config
 
+from aurweb.auth import BasicAuthBackend
 from aurweb.db import get_engine
 from aurweb.routers import html, sso, errors
 
@@ -32,10 +35,15 @@ async def app_startup():
               StaticFiles(directory="web/html/images"),
               name="static_images")
 
+    # Add application middlewares.
+    app.add_middleware(AuthenticationMiddleware, backend=BasicAuthBackend())
     app.add_middleware(SessionMiddleware, secret_key=session_secret)
+
+    # Add application routes.
     app.include_router(sso.router)
     app.include_router(html.router)
 
+    # Initialize the database engine and ORM.
     get_engine()
 
 # NOTE: Always keep this dictionary updated with all routes