feat: support webauthn login (#4945)

* feat: support webauthn login

* manually merge

* fix: clear user cache after updating authn

* decrease db size of Authn

* change authn type to text

* simplify code structure

---------

Co-authored-by: Andy Hsu <i@nn.ci>

server/middlewares/auth.go

@@ -67,6 +67,54 @@ func Auth(c *gin.Context) {
 	c.Next()
 }
 
+func Authn(c *gin.Context) {
+	token := c.GetHeader("Authorization")
+	if subtle.ConstantTimeCompare([]byte(token), []byte(setting.GetStr(conf.Token))) == 1 {
+		admin, err := op.GetAdmin()
+		if err != nil {
+			common.ErrorResp(c, err, 500)
+			c.Abort()
+			return
+		}
+		c.Set("user", admin)
+		log.Debugf("use admin token: %+v", admin)
+		c.Next()
+		return
+	}
+	if token == "" {
+		guest, err := op.GetGuest()
+		if err != nil {
+			common.ErrorResp(c, err, 500)
+			c.Abort()
+			return
+		}
+		c.Set("user", guest)
+		log.Debugf("use empty token: %+v", guest)
+		c.Next()
+		return
+	}
+	userClaims, err := common.ParseToken(token)
+	if err != nil {
+		common.ErrorResp(c, err, 401)
+		c.Abort()
+		return
+	}
+	user, err := op.GetUserByName(userClaims.Username)
+	if err != nil {
+		common.ErrorResp(c, err, 401)
+		c.Abort()
+		return
+	}
+	if user.Disabled {
+		common.ErrorStrResp(c, "Current user is disabled, replace please", 401)
+		c.Abort()
+		return
+	}
+	c.Set("user", user)
+	log.Debugf("use login token: %+v", user)
+	c.Next()
+}
+
 func AuthAdmin(c *gin.Context) {
 	user := c.MustGet("user").(*model.User)
 	if !user.IsAdmin() {