New API

[TravisSpomer]

The current API used by the new site is a crappy placeholder. Let's make a real one.

Currently working on a branch: api

• Add a new Azure Functions .NET 6 C# API to /api in this repo
• Recreate / port the model classes used for accessing the database
• Build new authorization code using JWTs on the server User? user = IvoryTower.Auth.GetCurrentUser(request); that just always succeeds and returns Travis
• Make that authorization code actually check the token in the header
• Update the API-calling client code to save tokens sent from server
• Update the API-calling client code to send the appropriate tokens with requests
• Move the initial set of test APIs to the new API
  • Hello
  • Login
  • Get all user data
  • Forums listing
  • Get single forum contents
  • Upload an image
  • Post reply
  • Get single post
  • Delete a post
  • Edit a post
  • Accept terms
  • Ignore thread
  • Get single thread contents
  • Create new thread
  • Get unread threads list
• Once all of those are implemented, you can get rid of all of the API code in legacy VB IvoryTower entirely

[TravisSpomer]

WebAuthn doesn't help us here since IvoryTower accounts already exist. In the future, we could use it to link the browser to existing accounts in place of passwords (opened #84), but there's no way to link existing accounts without supporting direct password login.

[TravisSpomer]

MSAL seems mostly useful for services that don't already have an account system, but IvoryTower already has accounts. Not sure if there's much ROI there either.

[TravisSpomer]

SvelteKit Auth / Auth.js doesn't seem like it's helpful here either. It's almost entirely a server-side framework and is not appropriate for a SSG site.