425 oauth2 provider

[jum-s]

This PR extends the data.transformap in the following manner:

• Integrates Passport strategy in '/middlewares'
• Implements an Oauth2 Gitlab strategy based on lab.allmende.io provider
• Integrates Express sessions & Cookie parser to keep users requests authenticated
• Defines 3 routes :
  • 'auth' which authenticates and redirects to original path
  • 'logout' destroy express-sessions
  • 'secretPage' as a test implementation and documentation on how to authenticate a page
• Mocks user model see #416

Questions in the air

so far only one provider is implemented (gitlab), the auth endpoint implement only one strategy. The login button is unique, so shall we chain strategies in something like passport.authenticate(['gitlab', 'discourse', 'blabla'])

[almereyda]

Additionally I have found a commit from a stale branch in this repository, which I wonder about. https://github.com/TransforMap/data.transformap.co/commit/5fb65ad7dbf3214fc75a9fb88fad24af5d031c82 From looking at the diff briefly and comparing it with what we find here, I guess it is from another attempt to experiment with the OAuth interface, which didn't succeed.

[jum-s]

about https://github.com/TransforMap/data.transformap.co/commit/5fb65ad7dbf3214fc75a9fb88fad24af5d031c82 I based my work on what auth branch could bring to 425-oauth2-provider branch. In order to signify this I intentionnaly cherry-pick some already done work. But from your commen Im not sure it brings more clarity than confusion