The Cumulonimbus Security Overhaul

[AlekEagle]

This pull request adds several much needed features to the Cumulonimbus platform, those being:

• Multi-factor Authentication for login and account changes.
  • Support for TOTP based second factor (6 digit rolling codes).
  • Support for WebAuthn based second factor (Hardware key support like Yubikey and secure platforms like Touch and Face ID, Windows Hello, etc.)
• Limited scope API keys (limited permission scopes like read only access on files, upload permission, etc.)
  • Staff can generate API keys that don't have permission to access staff-only endpoints)

[WaviestBalloon]

YIPPE

[AlekEagle]

I'd like to also potentially address password reset emails as requested in #9, and potentially user data requests as requested in #12, while I can't guarantee these will be addressed in this update, they are 100% planned to be implemented in the future.

[AlekEagle]

As described by the commit message on commit e54a945, sessions are getting stored in a few table separate from the users table, and old sessions will not get migrated. so you will have to log back in everywhere. This was done intentionally so that old sessions can get migrated to the new scoped permission system.

[AlekEagle]

In the interest of not going absolutely overboard with how many changes this will bring, I've decided to hold off on adding password reset emails and user data package requests for a future update, the scope of this update is already quite broad and I'd like to release this update with as few bumps as possible.

[danii]

(these comments were made in good faith i haven't slept in 24 hours)

[WaviestBalloon]

Finally :)