feat(users): use cookie for auth

[racnan]

Type of Change

• [ ] Bugfix
• [X] New feature
• [ ] Enhancement
• [ ] Refactoring
• [ ] Dependency updates
• [ ] Documentation
• [ ] CI/CD

Description

Use cookie if present otherwise use authorization header for authentication.

Additional Changes

• [ ] This PR modifies the API contract
• [ ] This PR modifies the database schema
• [ ] This PR modifies application configuration/environment variables

Motivation and Context

Use of cookie for authentication for better security.

How did you test it?

Use any JWT auth API with cookies. If cookie is present with login_token then app will use it for auth otherwise it will fallback to use Authorization header. Example curl,

curl --location '<URL>/user/permission_info?groups=true' \
--header 'Cookie: login_token=<JWT>'

Above should give 200 when valid JWT is used.

curl --location 'localhost:8080/user/permission_info?groups=true' \
--header 'Authorization: Bearer <JWT>' \

Above should also give 200 when valid JWT is used.

Checklist

• [X] I formatted the code cargo +nightly fmt --all
• [X] I addressed lints thrown by cargo clippy
• [X] I reviewed the submitted code
• [ ] I added unit tests for my changes where possible
• [ ] I added a CHANGELOG entry if applicable