Add url token based auth section for api-server

[zet809]

For task: https://github.ibm.com/xcat2/task_management/issues/135 A draft to do login, auth refresh

• To login:

  [root@briggs01 allien]# curl -X POST -H "Content-Type: application/json" -d '{"username":"zet809", "password":"xxx"}' http://127.0.0.1:5001/api/v2/auth/login
  {
  "token": {
  "expire": "2019-05-15 07:22:21",
  "id": "2e07c7a0-76e2-11e9-874a-0242ac110002"
  }
  }

• To use the token:

  [root@briggs01 allien]# curl -X GET -H "Authorization: token 2e07c7a0-76e2-11e9-874a-0242ac110002" http://127.0.0.1:5001/api/v2/auth/refresh
  Token verification done, succeed

• To refresh the token:

  # tabdump -w "tokenid==2e07c7a0-76e2-11e9-874a-0242ac110002" token
  #tokenid,username,expire,created,access,comments,disable
  "2e07c7a0-76e2-11e9-874a-0242ac110002","zet809","1557904941.85",,,,
  [root@briggs01 allien]# curl -X POST -H "Authorization: token 2e07c7a0-76e2-11e9-874a-0242ac110002" http://127.0.0.1:5001/api/v2/auth/refresh
  null
  [root@briggs01 allien]# tabdump -w "tokenid==2e07c7a0-76e2-11e9-874a-0242ac110002" token
  #tokenid,username,expire,created,access,comments,disable
  "2e07c7a0-76e2-11e9-874a-0242ac110002","zet809","1557905311.51",,,,

• Refresh token if expired:

  
  [root@briggs01 tmp]# time curl -X GET -H "Authorization: token 1a7385d0-76e2-11e9-874a-0242ac110002" "http://10.6.27.1:5001/api/v2/system/nodes" -H  "accept: application/json"
  {
  "message": {
      "message": "Token expired, pleased refresh or Login again"
  }
  }

real 0m0.008s user 0m0.000s sys 0m0.003s [root@briggs01 tmp]# time curl -X POST -H "Content-Type: application/json" -d '{"username":"zet809", "password":"passw0rd"}' -H "Authorization: token 1a7385d0-76e2-11e9-874a-0242ac110002" "http://10.6.27.1:5001/api/v2/auth/refresh" "Token refreshed"

real 0m0.018s user 0m0.003s sys 0m0.000s

* To list nodes without token

[root@briggs01 allien]# curl -X GET "http://10.6.27.1:5001/api/v2/system/nodes" -H "accept: application/json" { "message": "The server could not verify that you are authorized to access the URL requested. You either supplied the wrong credentials (e.g. a bad password), or your browser doesn't understand how to supply the credentials required." }

* To list nodes with token
```[root@briggs01 tmp]# time curl -X GET -H "Authorization: token 1a7385d0-76e2-11e9-874a-0242ac110002" "http://10.6.27.1:5001/api/v2/system/nodes" -H  "accept: application/json"
[
    "abcd",
    "mid05tor12cn02",
    "mid05tor12cn01",
    "mid05tor12cn06",
    "mid05tor12cn07",
    "mid05tor12cn04",
    "mid05tor12cn03",
    "mid05tor12cn08",
    "mid05tor12cn09",
    "mid05tor25",
    "mid05",
    "mid05tor12cn14",
    "c910f05c01bc07",
    "c461c026",
    "c461c022",
    "mid05tor12cn05",
    "testnode",
    "mid05tor12cn11",
    "mid05tor12cn10",
    "mid05tor12cn13",
    "mid05tor12cn12",
    "mid05tor12cn15",
    "ipminode",
    "mid05tor12cn17",
    "mid05tor12cn16",
    "mid05tor12cn18",
    "core01",
    "node0001",
    "node0002",
    "mid05tor12",
    "mgmtsw01",
    "mid05tor12cn02k02",
    "mid05tor12cn16-ipmi",
    "testnodes",
    "node-8335-gth-1318c4a",
    "mid05tor12cn05-bmc",
    "mid05tor12cn05-bmc-test"
]

real    0m0.009s
user    0m0.003s
sys 0m0.000s

• To logout and remove the given token:

  [root@briggs01 tmp]# curl -X GET -H "Authorization: token 1a7385d0-76e2-11e9-874a-0242ac110002" "http://10.6.27.1:5001/api/v2/system/nodes" -H  "accept: application/json"
  {
  "message": {
      "message": "Token expired, pleased refresh or Login again"
  }
  }
  [root@briggs01 tmp]# curl -X POST -H "Authorization: token 1a7385d0-76e2-11e9-874a-0242ac110002" "http://10.6.27.1:5001/api/v2/auth/logout" -H  "accept: application/json"
  "Logged out"