This checks that the private key used to encode the passwords has not
changed since last successful startup, leading to a corruption of all
the passwords. Lots of common scenario are covered, with various
combinations of key in a file or from a seed, set in the config file or
in an env variable or through CLI, and so on.
The entire internals of the server now work using only NaiveDateTime,
since we know they are all UTC. At the fringes (LDAP, GraphQL, JWT
tokens) we convert back into UTC to make sure we have a clear API.
This allows us to be compatible with Postgres (which doesn't support
DateTime<UTC>, only NaiveDateTime).
This change is backwards compatible since in SQlite with
Sea-query/Sea-ORM, the UTC datetimes are stored without a timezone, as
simple strings. It's the same format as NaiveDateTime.
Fixes#87.
This is the smallest integer compatible with all of MySQL, Postgres and
SQlite.
This is a backwards-compatible change for SQlite since both are
represented as "integer", and all u8 values can be represented as i16.
Note that if there was a non-lowercase user already in the DB, it cannot
be found again. To fix this, run in the DB:
sqlite> UPDATE users SET user_id = LOWER(user_id);
They can always be empty. This simplifies mutation, since graphql_client
doesn't have an easy way to conditionally leave out fields (we could do
that with `@include`, but that's one bool per field in addition to the
field, a bit ugly).
