We may allow more challenge types other than PoW in the future, eg.
captcha. So make the relevent types more generic.
Now the challenge is returned in JSON response as a individual top-level
field `register_challenge` instead of in HTTP headers.
Error types are now collected into a single place. Similar errors are
merged.
Request invariant violations are now all under 400 with type
"invalid_request" if it's a client mistake; and if it's caused by a
server restrction, under 403 with type "disabled".
We do not need that many big numbers yet. This should simplify client
implementation without native u64 (eg. JavaScript).
Also put a hard limit on `unseen_cnt` query.
This decouples SQLs from handler logic, makes it easier for auditing and
caching. It also enables the possibility to switch or support multiple
database backends.
- `IdUrl` does basic validation for identity URL. Server could enforce
additional restrictions on their own need.
- single-label doamins are now rejected by default.
- More tests are added for `IdUrl` validation.
Now a group can only be created with the creator as the only initial
member. This forbids group creator from adding other members without
their consent. Additional members can join the group later at their own
will.
- `Msg` or `msg` is now the canonical term for the substructure in a
room. It includes a `chat` subtype and (in the future) other
administration subtypes like member joining or leaving.
- `Message` or `message` can used in human oriented context like docs
and comments, but only when it is unambiguous.
- `message` is not chosen in code because it's hard to type (at least
for me!), and have ambiguous meaning of:
- "Human readable text" in context of `ApiError`'s field.
- "A unit of data transfer, datagram" in context of WebSocket Message.
- `item` is not chosen because it is overly generic.
- If a user is not a room member, HTTP 404 code=not_found will be
returned. This also happen for posting into not-joined public rooms,
and it can be interpreted as "room member is not found".
- If a user is a member but lacks the member permission to perform an
action, HTTP 403 code=permission_denied will be returned.
