Multi authentication & authorization for routes

[icebob]

This PR adds feature to define custom authentication and authorization methods for every routes. In this case you should set the method name instead of true value.

Example

module.exports = {
    mixins: ApiGatewayService,

    settings: {

        routes: [
            {
                path: "/aaa",
                authentication: "aaaAuthn",
                authorization: "aaaAuthz",
                aliases: {
                    "GET hello": "test.hello"
                }
            },
            {
                path: "/bbb",
                authentication: "bbbAuthn",
                authorization: "bbbAuthz",
                aliases: {
                    "GET hello": "test.hello"
                }
            },
            {
                path: "/ccc",
                authentication: true,
                authorization: true,
                aliases: {
                    "GET hello": "test.hello"
                }
            }
        ]
    },

    methods: {
        aaaAuthn() {
            this.logger.info("Called 'aaaAuthn' method.");
        },
        aaaAuthz() {
            this.logger.info("Called 'aaaAuthz' method.");
        },

        bbbAuthn() {
            this.logger.info("Called 'bbbAuthn' method.");
        },
        bbbAuthz() {
            this.logger.info("Called 'bbbAuthz' method.");
        },

        authenticate() {
            this.logger.info("Called original 'authenticate' method.");
        },
        authorize() {
            this.logger.info("Called original 'authorize' method.");
        }
    }
}

[intech]

@icebob I propose to add the ability not only to the name of the method, but also to specify the service.action.

[icebob]

I don't feel it's a common use-case, because for authentication you should access to the req which is not serializable, so you can't send it to a remote action. It's most common, if you get the info from req and make an action call in a method.

[intech]

You're right.