feat: new authentication mechanism (access/refresh token)

[theborakompanioni]

Resolves #663.

This PR adds handling for the new JWT auth mechanism.

From JSON-RPC-API-using-jmwalletd.md#rules-about-making-requests:

On initially creating, unlocking or recovering a wallet, a new access and refresh token will be sent in response, the former is valid for only 30 minutes and must be used for any authenticated call, the former is valid for 4 hours and can be used to request a new access token, ideally before access token expiration to avoid unauthorized response from authenticated endpoint and in any case, before refresh token expiration.

The token is refreshed every 22.5 minutes (30min * 0.75). In dev mode more often (every 60 seconds).

There is currently a problem upstream with handling wallets that contain spaces in their filename, should be fixed with JoinMarket-Org/joinmarket-clientserver#1562. Nonetheless, the code can already be reviewed and should not be affected by the changes.

How to test

Rebuild the dev docker environment npm run regtest:rebuild and verify:

• Create wallet still works
• Import wallet still works
• Lock/Unlock still works
• Token can be refreshed
• Requests to RPC api are still successful after token refresh
• Websocket communication still functioning after token refresh (e.g. start/stop a maker and watch the websocket data)

Misc

• Method Api.Helper.parseAuthProps is temporary and can be removed in refactor: Use typed responses for api calls #670.
• Changes backend version in regtest env to master again.

[theborakompanioni]

Just a heads-up: Websocket auth not addressed yet.

[theborakompanioni]

Just a heads-up: Websocket auth not addressed yet.

Worked out-of-the-box in my tests. 🙌

[theborakompanioni]

Ready for review.

[editwentyone]

worked smooth on my side in dev env

[theborakompanioni]

We definitely need more reviewers and testers. Someone also needs to audit at the code.