Handle the auth stuff in a middleware like manner
This MR switches to an auth extension, so that we can authenticate the user in a middleware like manner.
This way we should easier be able to:
- run our permission checks as the
request
has now auser
element - test our code (as we can use a
force_login
method) - add another authentification mechanism later (apikeys for example)
- use a caching layer for the token validation
Edited by Nils Brinckmann