Reimplement header auth

[ilyakooo0]

Currently, we abuse the servant-auth library to provide authentication for octo CLI.

The authentication is very simple: we just check the Authorization header in every request for equality.

Using servant-auth for this is overkill and the library doesn't handle the use case very well – it expects the payload to be JSON-encoded, etc.

Additionally, it has a large dependency footprint that we can avoid.

octopod/octopod-api/src/Octopod/PowerAPI.hs

Line 77 in 90fa7b8

data AuthHeaderAuth

octopod/octopod-api/src/Octopod/PowerAPI.hs

Line 49 in 90fa7b8

Auth '[AuthHeaderAuth] () :> "api" :> "v1"

octopod/octopod-backend/src/Octopod/PowerAPI/Auth/Server.hs

Lines 14 to 23 in 90fa7b8

	newtype AuthHeader = AuthHeader ByteString
	instance IsAuth AuthHeaderAuth () where
	type AuthArgs AuthHeaderAuth = '[AuthHeader]
	runAuth _ _ (AuthHeader h) = AuthCheck $ \req ->
	pure $ case lookup "Authorization" $ requestHeaders req of
	Just v | v == h -> Authenticated ()
	_ -> Indefinite
	deriving anyclass instance ToJWT ()

octopod/octo-cli/src/Octopod/PowerAPI/Auth/Client.hs

Lines 15 to 28 in 90fa7b8

	class IsAuth a where
	data AuthContext a
	applyAuth :: AuthContext a -> Request -> Request
	instance (IsAuth a, HasClient m api) => HasClient m (Auth '[a] x :> api) where
	type Client m (Auth '[a] x :> api) = AuthContext a -> Client m api
	clientWithRoute pm Proxy req val =
	clientWithRoute pm (Proxy :: Proxy api) (applyAuth val req)
	hoistClientMonad pm _ f cl = hoistClientMonad pm (Proxy :: Proxy api) f . cl
	instance IsAuth AuthHeaderAuth where
	data AuthContext AuthHeaderAuth = AuthHeaderAuthCtx String
	applyAuth (AuthHeaderAuthCtx h) req = addHeader "Authorization" h req

---

The task is to remove the servant-auth dependency while keeping the current behavior. The functionality seems simple enough that we can implement it without any additional dependencies. But, if an existing library arises that fits the task well, I am not against using it.