refactor(extensions)!: refactor the extensions URLs and errors (#1636)

BREAKING CHANGE: The functionality provided by the mgmt endpoint has beed redesigned - see details below
BREAKING CHANGE: The API keys endpoint has been moved -  see details below
BREAKING CHANGE: The mgmt extension config has been removed - endpoint is now enabled by having both the search and the ui extensions enabled
BREAKING CHANGE: The API keys configuration has been moved from extensions to http>auth>apikey

mgmt and imagetrust extensions:
- separate the _zot/ext/mgmt into 3 separate endpoints: _zot/ext/auth, _zot/ext/notation, _zot/ext/cosign
- signature verification logic is in a separate `imagetrust` extension
- better hanling or errors in case of signature uploads: logging and error codes (more 400 and less 500 errors)
- add authz on signature uploads (and add a new middleware in common for this purpose)
- remove the mgmt extension configuration - it is now enabled if the UI and the search extensions are enabled

userprefs estension:
- userprefs are enabled if both search and ui extensions are enabled (as opposed to just search)

apikey extension is removed and logic moved into the api folder
- Move apikeys code out of pkg/extensions and into pkg/api
- Remove apikey configuration options from the extensions configuration and move it inside the http auth section
- remove the build label apikeys

other changes:
- move most of the logic adding handlers to the extensions endpoints out of routes.go and into the extensions files.
- add warnings in case the users are still using configurations with the obsolete settings for mgmt and api keys
- add a new function in the extension package which could be a single point of starting backgroud tasks for all extensions
- more clear methods for verifying specific extensions are enabled
- fix http methods paired with the UI handlers
- rebuild swagger docs

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>

pkg/api/routes_test.go

@@ -1,5 +1,5 @@
-//go:build sync && scrub && metrics && search && lint && apikey && mgmt
-// +build sync,scrub,metrics,search,lint,apikey,mgmt
+//go:build sync && scrub && metrics && search && lint && mgmt
+// +build sync,scrub,metrics,search,lint,mgmt
 
 package api_test
 
@@ -7,7 +7,6 @@ import (
 	"bytes"
 	"context"
 	"encoding/json"
-	"errors"
 	"io"
 	"net/http"
 	"net/http/httptest"
@@ -28,8 +27,6 @@ import (
 	"zotregistry.io/zot/pkg/api"
 	"zotregistry.io/zot/pkg/api/config"
 	"zotregistry.io/zot/pkg/api/constants"
-	"zotregistry.io/zot/pkg/extensions"
-	extconf "zotregistry.io/zot/pkg/extensions/config"
 	mTypes "zotregistry.io/zot/pkg/meta/types"
 	localCtx "zotregistry.io/zot/pkg/requestcontext"
 	storageTypes "zotregistry.io/zot/pkg/storage/types"
@@ -37,8 +34,6 @@ import (
 	"zotregistry.io/zot/pkg/test/mocks"
 )
 
-var ErrUnexpectedError = errors.New("error: unexpected error")
-
 const sessionStr = "session"
 
 func TestRoutes(t *testing.T) {
@@ -62,6 +57,8 @@ func TestRoutes(t *testing.T) {
 		}()
 
 		mockOIDCConfig := mockOIDCServer.Config()
+		defaultVal := true
+
 		conf.HTTP.Auth = &config.AuthConfig{
 			HTPasswd: config.AuthHTPasswd{
 				Path: htpasswdPath,
@@ -77,14 +74,7 @@ func TestRoutes(t *testing.T) {
 					},
 				},
 			},
-		}
-
-		defaultVal := true
-		apiKeyConfig := &extconf.APIKeyConfig{
-			BaseConfig: extconf.BaseConfig{Enable: &defaultVal},
-		}
-		conf.Extensions = &extconf.ExtensionConfig{
-			APIKey: apiKeyConfig,
+			APIKey: defaultVal,
 		}
 
 		ctlr := api.NewController(conf)
@@ -1434,14 +1424,14 @@ func TestRoutes(t *testing.T) {
 			request, _ := http.NewRequestWithContext(ctx, http.MethodPost, baseURL, bytes.NewReader([]byte{}))
 			response := httptest.NewRecorder()
 
-			extensions.CreateAPIKey(response, request, ctlr.MetaDB, ctlr.CookieStore, ctlr.Log)
+			rthdlr.CreateAPIKey(response, request)
 
 			resp := response.Result()
 			defer resp.Body.Close()
-			So(resp.StatusCode, ShouldEqual, http.StatusInternalServerError)
+			So(resp.StatusCode, ShouldEqual, http.StatusBadRequest)
 
 			acCtx := localCtx.AccessControlContext{
-				Username: username,
+				Username: "test",
 			}
 
 			ctx = context.TODO()
@@ -1451,14 +1441,14 @@ func TestRoutes(t *testing.T) {
 			request, _ = http.NewRequestWithContext(ctx, http.MethodPost, baseURL, bytes.NewReader([]byte{}))
 			response = httptest.NewRecorder()
 
-			extensions.CreateAPIKey(response, request, ctlr.MetaDB, ctlr.CookieStore, ctlr.Log)
+			rthdlr.CreateAPIKey(response, request)
 
 			resp = response.Result()
 			defer resp.Body.Close()
 
-			So(resp.StatusCode, ShouldEqual, http.StatusInternalServerError)
+			So(resp.StatusCode, ShouldEqual, http.StatusBadRequest)
 
-			payload := extensions.APIKeyPayload{
+			payload := api.APIKeyPayload{
 				Label:  "test",
 				Scopes: []string{"test"},
 			}
@@ -1468,11 +1458,12 @@ func TestRoutes(t *testing.T) {
 			request, _ = http.NewRequestWithContext(ctx, http.MethodPost, baseURL, bytes.NewReader(reqBody))
 			response = httptest.NewRecorder()
 
-			extensions.CreateAPIKey(response, request, mocks.MetaDBMock{
+			ctlr.MetaDB = mocks.MetaDBMock{
 				AddUserAPIKeyFn: func(ctx context.Context, hashedKey string, apiKeyDetails *mTypes.APIKeyDetails) error {
 					return ErrUnexpectedError
 				},
-			}, ctlr.CookieStore, ctlr.Log)
+			}
+			rthdlr.CreateAPIKey(response, request)
 
 			resp = response.Result()
 			defer resp.Body.Close()
@@ -1486,11 +1477,12 @@ func TestRoutes(t *testing.T) {
 			q.Add("id", "apikeyid")
 			request.URL.RawQuery = q.Encode()
 
-			extensions.RevokeAPIKey(response, request, mocks.MetaDBMock{
+			ctlr.MetaDB = mocks.MetaDBMock{
 				DeleteUserAPIKeyFn: func(ctx context.Context, id string) error {
 					return ErrUnexpectedError
 				},
-			}, ctlr.CookieStore, ctlr.Log)
+			}
+			rthdlr.RevokeAPIKey(response, request)
 
 			resp = response.Result()
 			defer resp.Body.Close()