Api/v1/accounts (#8)

* start work on accounts module

* plodding away on the accounts endpoint

* groundwork for other account routes

* add password validator

* validation utils

* require account approval flags

* comments

* comments

* go fmt

* comments

* add distributor stub

* rename api to federator

* tidy a bit

* validate new account requests

* rename r router

* comments

* add domain blocks

* add some more shortcuts

* add some more shortcuts

* check email + username availability

* email block checking for signups

* chunking away at it

* tick off a few more things

* some fiddling with tests

* add mock package

* relocate repo

* move mocks around

* set app id on new signups

* initialize oauth server properly

* rename oauth server

* proper mocking tests

* go fmt ./...

* add required fields

* change name of func

* move validation to account.go

* more tests!

* add some file utility tools

* add mediaconfig

* new shortcut

* add some more fields

* add followrequest model

* add notify

* update mastotypes

* mock out storage interface

* start building media interface

* start on update credentials

* mess about with media a bit more

* test image manipulation

* media more or less working

* account update nearly working

* rearranging my package ;) ;) ;)

* phew big stuff!!!!

* fix type checking

* *fiddles*

* Add CreateTables func

* account registration flow working

* tidy

* script to step through auth flow

* add a lil helper for generating user uris

* fiddling with federation a bit

* update progress

* Tidying and linting

5 files changed, 0 insertions, 398 deletions

diff --git a/internal/gtsmodel/README.md b/internal/gtsmodel/README.md
deleted file mode 100644
index 12a05ddec..000000000
--- a/internal/gtsmodel/README.md
+++ /dev/null
@@ -1,5 +0,0 @@
-# gtsmodel
-
-This package contains types used *internally* by GoToSocial and added/removed/selected from the database. As such, they contain sensitive fields which should **never** be serialized or reach the API level. Use the [mastotypes](../../pkg/mastotypes) package for that.
-
-The annotation used on these structs is for handling them via the go-pg ORM. See [here](https://pg.uptrace.dev/models/).
diff --git a/internal/gtsmodel/account.go b/internal/gtsmodel/account.go
deleted file mode 100644
index 6c17b90e5..000000000
--- a/internal/gtsmodel/account.go
+++ /dev/null
@@ -1,155 +0,0 @@
-/*
-   GoToSocial
-   Copyright (C) 2021 GoToSocial Authors admin@gotosocial.org
-
-   This program is free software: you can redistribute it and/or modify
-   it under the terms of the GNU Affero General Public License as published by
-   the Free Software Foundation, either version 3 of the License, or
-   (at your option) any later version.
-
-   This program is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-   GNU Affero General Public License for more details.
-
-   You should have received a copy of the GNU Affero General Public License
-   along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
-// Package gtsmodel contains types used *internally* by GoToSocial and added/removed/selected from the database.
-// These types should never be serialized and/or sent out via public APIs, as they contain sensitive information.
-// The annotation used on these structs is for handling them via the go-pg ORM. See here: https://pg.uptrace.dev/models/
-package gtsmodel
-
-import (
-	"net/url"
-	"time"
-)
-
-// Account represents either a local or a remote fediverse account, gotosocial or otherwise (mastodon, pleroma, etc)
-type Account struct {
-	/*
-		BASIC INFO
-	*/
-
-	// id of this account in the local database; the end-user will never need to know this, it's strictly internal
-	ID string `pg:"type:uuid,default:gen_random_uuid(),pk,notnull,unique"`
-	// Username of the account, should just be a string of [a-z0-9_]. Can be added to domain to create the full username in the form ``[username]@[domain]`` eg., ``user_96@example.org``
-	Username string `pg:",notnull,unique:userdomain"` // username and domain should be unique *with* each other
-	// Domain of the account, will be empty if this is a local account, otherwise something like ``example.org`` or ``mastodon.social``. Should be unique with username.
-	Domain string `pg:",unique:userdomain"` // username and domain
-
-	/*
-		ACCOUNT METADATA
-	*/
-
-	// Avatar image for this account
-	Avatar
-	// Header image for this account
-	Header
-	// DisplayName for this account. Can be empty, then just the Username will be used for display purposes.
-	DisplayName string
-	// a key/value map of fields that this account has added to their profile
-	Fields map[string]string
-	// A note that this account has on their profile (ie., the account's bio/description of themselves)
-	Note string
-	// Is this a memorial account, ie., has the user passed away?
-	Memorial bool
-	// This account has moved this account id in the database
-	MovedToAccountID int
-	// When was this account created?
-	CreatedAt time.Time `pg:"type:timestamp,notnull,default:now()"`
-	// When was this account last updated?
-	UpdatedAt time.Time `pg:"type:timestamp,notnull,default:now()"`
-	// When should this account function until
-	SubscriptionExpiresAt time.Time `pg:"type:timestamp"`
-
-	/*
-		PRIVACY SETTINGS
-	*/
-
-	// Does this account need an approval for new followers?
-	Locked bool
-	// Should this account be shown in the instance's profile directory?
-	Discoverable bool
-
-	/*
-		ACTIVITYPUB THINGS
-	*/
-
-	// What is the activitypub URI for this account discovered by webfinger?
-	URI string `pg:",unique"`
-	// At which URL can we see the user account in a web browser?
-	URL string `pg:",unique"`
-	// RemoteURL where this account is located. Will be empty if this is a local account.
-	RemoteURL string `pg:",unique"`
-	// Last time this account was located using the webfinger API.
-	LastWebfingeredAt time.Time `pg:"type:timestamp"`
-	// Address of this account's activitypub inbox, for sending activity to
-	InboxURL string `pg:",unique"`
-	// Address of this account's activitypub outbox
-	OutboxURL string `pg:",unique"`
-	// Don't support shared inbox right now so this is just a stub for a future implementation
-	SharedInboxURL string `pg:",unique"`
-	// URL for getting the followers list of this account
-	FollowersURL string `pg:",unique"`
-	// URL for getting the featured collection list of this account
-	FeaturedCollectionURL string `pg:",unique"`
-	// What type of activitypub actor is this account?
-	ActorType string
-	// This account is associated with x account id
-	AlsoKnownAs string
-
-	/*
-		CRYPTO FIELDS
-	*/
-
-	Secret string
-	// Privatekey for validating activitypub requests, will obviously only be defined for local accounts
-	PrivateKey string
-	// Publickey for encoding activitypub requests, will be defined for both local and remote accounts
-	PublicKey string
-
-	/*
-		ADMIN FIELDS
-	*/
-
-	// When was this account set to have all its media shown as sensitive?
-	SensitizedAt time.Time `pg:"type:timestamp"`
-	// When was this account silenced (eg., statuses only visible to followers, not public)?
-	SilencedAt time.Time `pg:"type:timestamp"`
-	// When was this account suspended (eg., don't allow it to log in/post, don't accept media/posts from this account)
-	SuspendedAt time.Time `pg:"type:timestamp"`
-	// How much do we trust this account 🤔
-	TrustLevel int
-	// Should we hide this account's collections?
-	HideCollections bool
-	// id of the user that suspended this account through an admin action
-	SuspensionOrigin int
-}
-
-// Avatar represents the avatar for the account for display purposes
-type Avatar struct {
-	// File name of the avatar on local storage
-	AvatarFileName string
-	// Gif? png? jpeg?
-	AvatarContentType string
-	AvatarFileSize    int
-	AvatarUpdatedAt   *time.Time `pg:"type:timestamp"`
-	// Where can we retrieve the avatar?
-	AvatarRemoteURL            *url.URL `pg:"type:text"`
-	AvatarStorageSchemaVersion int
-}
-
-// Header represents the header of the account for display purposes
-type Header struct {
-	// File name of the header on local storage
-	HeaderFileName string
-	// Gif? png? jpeg?
-	HeaderContentType string
-	HeaderFileSize    int
-	HeaderUpdatedAt   *time.Time `pg:"type:timestamp"`
-	// Where can we retrieve the header?
-	HeaderRemoteURL            *url.URL `pg:"type:text"`
-	HeaderStorageSchemaVersion int
-}
diff --git a/internal/gtsmodel/application.go b/internal/gtsmodel/application.go
deleted file mode 100644
index fd0fa6acf..000000000
--- a/internal/gtsmodel/application.go
+++ /dev/null
@@ -1,55 +0,0 @@
-/*
-   GoToSocial
-   Copyright (C) 2021 GoToSocial Authors admin@gotosocial.org
-
-   This program is free software: you can redistribute it and/or modify
-   it under the terms of the GNU Affero General Public License as published by
-   the Free Software Foundation, either version 3 of the License, or
-   (at your option) any later version.
-
-   This program is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-   GNU Affero General Public License for more details.
-
-   You should have received a copy of the GNU Affero General Public License
-   along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
-package gtsmodel
-
-import "github.com/gotosocial/gotosocial/pkg/mastotypes"
-
-// Application represents an application that can perform actions on behalf of a user.
-// It is used to authorize tokens etc, and is associated with an oauth client id in the database.
-type Application struct {
-	// id of this application in the db
-	ID string `pg:"type:uuid,default:gen_random_uuid(),pk,notnull"`
-	// name of the application given when it was created (eg., 'tusky')
-	Name string
-	// website for the application given when it was created (eg., 'https://tusky.app')
-	Website string
-	// redirect uri requested by the application for oauth2 flow
-	RedirectURI string
-	// id of the associated oauth client entity in the db
-	ClientID string
-	// secret of the associated oauth client entity in the db
-	ClientSecret string
-	// scopes requested when this app was created
-	Scopes string
-	// a vapid key generated for this app when it was created
-	VapidKey string
-}
-
-// ToMastotype returns this application as a mastodon api type, ready for serialization
-func (a *Application) ToMastotype() *mastotypes.Application {
-	return &mastotypes.Application{
-		ID:           a.ID,
-		Name:         a.Name,
-		Website:      a.Website,
-		RedirectURI:  a.RedirectURI,
-		ClientID:     a.ClientID,
-		ClientSecret: a.ClientSecret,
-		VapidKey:     a.VapidKey,
-	}
-}
diff --git a/internal/gtsmodel/status.go b/internal/gtsmodel/status.go
deleted file mode 100644
index 1c0e920e1..000000000
--- a/internal/gtsmodel/status.go
+++ /dev/null
@@ -1,63 +0,0 @@
-/*
-   GoToSocial
-   Copyright (C) 2021 GoToSocial Authors admin@gotosocial.org
-
-   This program is free software: you can redistribute it and/or modify
-   it under the terms of the GNU Affero General Public License as published by
-   the Free Software Foundation, either version 3 of the License, or
-   (at your option) any later version.
-
-   This program is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-   GNU Affero General Public License for more details.
-
-   You should have received a copy of the GNU Affero General Public License
-   along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
-package gtsmodel
-
-import "time"
-
-// Status represents a user-created 'post' or 'status' in the database, either remote or local
-type Status struct {
-	// id of the status in the database
-	ID string `pg:"type:uuid,default:gen_random_uuid(),pk,notnull"`
-	// uri at which this status is reachable
-	URI string `pg:",unique"`
-	// web url for viewing this status
-	URL string `pg:",unique"`
-	// the html-formatted content of this status
-	Content string
-	// when was this status created?
-	CreatedAt time.Time `pg:"type:timestamp,notnull,default:now()"`
-	// when was this status updated?
-	UpdatedAt time.Time `pg:"type:timestamp,notnull,default:now()"`
-	// is this status from a local account?
-	Local bool
-	// which account posted this status?
-	AccountID string
-	// id of the status this status is a reply to
-	InReplyToID string
-	// id of the status this status is a boost of
-	BoostOfID string
-	// cw string for this status
-	ContentWarning string
-	// visibility entry for this status
-	Visibility *Visibility
-}
-
-// Visibility represents the visibility granularity of a status. It is a combination of flags.
-type Visibility struct {
-	// Is this status viewable as a direct message?
-	Direct bool
-	// Is this status viewable to followers?
-	Followers bool
-	// Is this status viewable on the local timeline?
-	Local bool
-	// Is this status boostable but not shown on public timelines?
-	Unlisted bool
-	// Is this status shown on public and federated timelines?
-	Public bool
-}
diff --git a/internal/gtsmodel/user.go b/internal/gtsmodel/user.go
deleted file mode 100644
index 551cbe2a4..000000000
--- a/internal/gtsmodel/user.go
+++ /dev/null
@@ -1,120 +0,0 @@
-/*
-   GoToSocial
-   Copyright (C) 2021 GoToSocial Authors admin@gotosocial.org
-
-   This program is free software: you can redistribute it and/or modify
-   it under the terms of the GNU Affero General Public License as published by
-   the Free Software Foundation, either version 3 of the License, or
-   (at your option) any later version.
-
-   This program is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-   GNU Affero General Public License for more details.
-
-   You should have received a copy of the GNU Affero General Public License
-   along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
-package gtsmodel
-
-import (
-	"net"
-	"time"
-)
-
-// User represents an actual human user of gotosocial. Note, this is a LOCAL gotosocial user, not a remote account.
-// To cross reference this local user with their account (which can be local or remote), use the AccountID field.
-type User struct {
-	/*
-		BASIC INFO
-	*/
-
-	// id of this user in the local database; the end-user will never need to know this, it's strictly internal
-	ID string `pg:"type:uuid,default:gen_random_uuid(),pk,notnull,unique"`
-	// confirmed email address for this user, this should be unique -- only one email address registered per instance, multiple users per email are not supported
-	Email string `pg:",notnull,unique"`
-	// The id of the local gtsmodel.Account entry for this user, if it exists (unconfirmed users don't have an account yet)
-	AccountID string `pg:"default:'',notnull,unique"`
-	// The encrypted password of this user, generated using https://pkg.go.dev/golang.org/x/crypto/bcrypt#GenerateFromPassword. A salt is included so we're safe against 🌈 tables
-	EncryptedPassword string `pg:",notnull"`
-
-	/*
-		USER METADATA
-	*/
-
-	// When was this user created?
-	CreatedAt time.Time `pg:"type:timestamp,notnull,default:now()"`
-	// From what IP was this user created?
-	SignUpIP net.IP
-	// When was this user updated (eg., password changed, email address changed)?
-	UpdatedAt time.Time `pg:"type:timestamp,notnull,default:now()"`
-	// When did this user sign in for their current session?
-	CurrentSignInAt time.Time `pg:"type:timestamp"`
-	// What's the most recent IP of this user
-	CurrentSignInIP net.IP
-	// When did this user last sign in?
-	LastSignInAt time.Time `pg:"type:timestamp"`
-	// What's the previous IP of this user?
-	LastSignInIP net.IP
-	// How many times has this user signed in?
-	SignInCount int
-	// id of the user who invited this user (who let this guy in?)
-	InviteID string
-	// What languages does this user want to see?
-	ChosenLanguages []string
-	// What languages does this user not want to see?
-	FilteredLanguages []string
-	// In what timezone/locale is this user located?
-	Locale string
-	// Which application id created this user? See gtsmodel.Application
-	CreatedByApplicationID string
-	// When did we last contact this user
-	LastEmailedAt time.Time `pg:"type:timestamp"`
-
-	/*
-		USER CONFIRMATION
-	*/
-
-	// What confirmation token did we send this user/what are we expecting back?
-	ConfirmationToken string
-	// When did the user confirm their email address
-	ConfirmedAt time.Time `pg:"type:timestamp"`
-	// When did we send email confirmation to this user?
-	ConfirmationSentAt time.Time `pg:"type:timestamp"`
-	// Email address that hasn't yet been confirmed
-	UnconfirmedEmail string
-
-	/*
-		ACL FLAGS
-	*/
-
-	// Is this user a moderator?
-	Moderator bool
-	// Is this user an admin?
-	Admin bool
-	// Is this user disabled from posting?
-	Disabled bool
-	// Has this user been approved by a moderator?
-	Approved bool
-
-	/*
-		USER SECURITY
-	*/
-
-	// The generated token that the user can use to reset their password
-	ResetPasswordToken string
-	// When did we email the user their reset-password email?
-	ResetPasswordSentAt time.Time `pg:"type:timestamp"`
-
-	EncryptedOTPSecret     string
-	EncryptedOTPSecretIv   string
-	EncryptedOTPSecretSalt string
-	OTPRequiredForLogin    bool
-	OTPBackupCodes         []string
-	ConsumedTimestamp      int
-	RememberToken          string
-	SignInToken            string
-	SignInTokenSentAt      time.Time `pg:"type:timestamp"`
-	WebauthnID             string
-}