Implement local user account authentication

[nazrinharris]

139 was merely meant to be a record of sorts. (Honestly might even remove if this is implemented correctly.) So I'm gonna need to implement a way for local user auth.

So I'll have the same interface for when the user registers, but they'll be able to toggle a button to choose whether they want to create a local account or remote account. Then, I'll store their uid (generated by uuidv4), email, username, and password in flutter_secure_storage. For their database, I'm using drift so I'll create a new database like pecunia_db_<uid>.db. This'll contain their data of the app, but not the user data.

When storing user data / session tokens in iOS (and I presume macOS?), the data persists. See: https://dev.to/isurujn/beware-of-fluttersecurestorage-on-ios-m6e for solution

Managing secrets and api keys: https://ricardo-castellanos-herreros.medium.com/storing-your-secret-keys-in-flutter-751645623d6a#:~:text=The%20most%20recommended%20approach%20I,were%20loading%20any%20other%20asset.&text=That%20is%20the%20shortest%20way,convert%20%2C%20and%20have%20your%20keys.

A new question emerges: How would I handle if the user forgets their password? There's a couple ways to proceed:

1. Generate backup codes, of which the user must securely store it offline.
2. Security questions.
3. Email verification.

Here's the gist of it

• [x] #142
• [x] #143
• [x] #144
• [x] Create a new PecuniaCrypto class which handles the generation of salt and password hashing
• [x] Add a registerWithEmailAndPassword() and loginWithEmailAndPassword for AuthLocalDS.
  • [x] Create a new AuthSecuredStorageManager to handle storing of user data.
• [x] Add a localLoginWithEmailAndPassword() for local login for AuthRepo.

AuthLocalSessionManager

• [x] Add a method to store the "active" session, which would help in the getLoggedInUser and logout, because as of now, I am hard-assuming that there would only be one active session.

[nazrinharris]

How would I manage user sessions locally? Since I am planning to have both local/remote accounts available, I believe that I should have two different session management systems. I wanted to use JWT for local session management, (because when I introduce a new backend, I'd like to use JWT as well), but I'm unsure on how to store the secrets.

As of now, I'm using JWT for local auth. The key for JWT signing is kept in PecuniaSecrets, but I don't really think it's a big issue, since it's local. Will probably use a more secure approach in the future.

[nazrinharris]

Should be complete with 3a7a0a1 in #132