Blind authentication (#675)

* auth server

* cleaning up

* auth ledger class

* class variables -> instance variables

* annotations

* add models and api route

* custom amount and api prefix

* add auth db

* blind auth token working

* jwt working

* clean up

* JWT works

* using openid connect server

* use oauth server with password flow

* new realm

* add keycloak docker

* hopefully not garbage

* auth works

* auth kinda working

* fix cli

* auth works for send and receive

* pass auth_db to Wallet

* auth in info

* refactor

* fix supported

* cache mint info

* fix settings and endpoints

* add description to .env.example

* track changes for openid connect client

* store mint in db

* store credentials

* clean up v1_api.py

* load mint info into auth wallet

* fix first login

* authenticate if refresh token fails

* clear auth also middleware

* use regex

* add cli command

* pw works

* persist keyset amounts

* add errors.py

* do not start auth server if disabled in config

* upadte poetry

* disvoery url

* fix test

* support device code flow

* adopt latest spec changes

* fix code flow

* mint max bat dynamic

* mypy ignore

* fix test

* do not serialize amount in authproof

* all auth flows working

* fix tests

* submodule

* refactor

* test

* dont sleep

* test

* add wallet auth tests

* test differently

* test only keycloak for now

* fix creds

* daemon

* fix test

* install everything

* install jinja

* delete wallet for every test

* auth: use global rate limiter

* test auth rate limit

* keycloak hostname

* move keycloak test data

* reactivate all tests

* add readme

* load proofs

* remove unused code

* remove unused code

* implement change suggestions by ok300

* add error codes

* test errors

cashu/mint/auth/migrations.py

@@ -0,0 +1,100 @@
+from ...core.db import Connection, Database
+
+
+async def m000_create_migrations_table(conn: Connection):
+    await conn.execute(
+        f"""
+    CREATE TABLE IF NOT EXISTS {conn.table_with_schema('dbversions')} (
+        db TEXT PRIMARY KEY,
+        version INT NOT NULL
+    )
+    """
+    )
+
+
+async def m001_initial(db: Database):
+    async with db.connect() as conn:
+        await conn.execute(
+            f"""
+                CREATE TABLE IF NOT EXISTS {db.table_with_schema('users')} (
+                    id TEXT PRIMARY KEY,
+                    last_access TIMESTAMP,
+
+                    UNIQUE (id)
+                );
+            """
+        )
+        # columns: (id, seed, encrypted_seed, seed_encryption_method, derivation_path, valid_from, valid_to, first_seen, active, version, unit, input_fee_ppk)
+        await conn.execute(
+            f"""
+                    CREATE TABLE IF NOT EXISTS {db.table_with_schema('keysets')} (
+                        id TEXT NOT NULL,
+                        seed TEXT NOT NULL,
+                        encrypted_seed TEXT,
+                        seed_encryption_method TEXT,
+                        derivation_path TEXT NOT NULL,
+                        valid_from TIMESTAMP NOT NULL DEFAULT {db.timestamp_now},
+                        valid_to TIMESTAMP NOT NULL DEFAULT {db.timestamp_now},
+                        first_seen TIMESTAMP NOT NULL DEFAULT {db.timestamp_now},
+                        active BOOL DEFAULT TRUE,
+                        version TEXT,
+                        unit TEXT NOT NULL,
+                        input_fee_ppk INT,
+                        amounts TEXT,
+
+                        UNIQUE (derivation_path)
+                    );
+                """
+        )
+
+        await conn.execute(
+            f"""
+                CREATE TABLE IF NOT EXISTS {db.table_with_schema('promises')} (
+                    id TEXT NOT NULL,
+                    amount {db.big_int} NOT NULL,
+                    b_ TEXT NOT NULL,
+                    c_ TEXT NOT NULL,
+                    dleq_e TEXT,
+                    dleq_s TEXT,
+                    created TIMESTAMP,
+
+                    UNIQUE (b_)
+
+                );
+            """
+        )
+        await conn.execute(
+            f"""
+                CREATE TABLE IF NOT EXISTS {db.table_with_schema('proofs_used')} (
+                    id TEXT NOT NULL,
+                    amount {db.big_int} NOT NULL,
+                    c TEXT NOT NULL,
+                    secret TEXT NOT NULL,
+                    y TEXT NOT NULL,
+                    witness TEXT,
+                    created TIMESTAMP,
+                    melt_quote TEXT,
+
+                    UNIQUE (secret)
+
+                );
+            """
+        )
+
+        await conn.execute(
+            f"""
+                CREATE TABLE IF NOT EXISTS {db.table_with_schema('proofs_pending')} (
+                    id TEXT NOT NULL,
+                    amount {db.big_int} NOT NULL,
+                    c TEXT NOT NULL,
+                    secret TEXT NOT NULL,
+                    y TEXT NOT NULL,
+                    witness TEXT,
+                    created TIMESTAMP,
+                    melt_quote TEXT,
+
+                    UNIQUE (secret)
+
+                );
+            """
+        )