refactor(server): auth (#5895)

Remove `next-auth` and implement our own Authorization/Authentication system from scratch.

## Server

- [x] tokens
  - [x] function
  - [x] encryption

- [x] AuthController
  - [x] /api/auth/sign-in
  - [x] /api/auth/sign-out
  - [x] /api/auth/session
  - [x] /api/auth/session (WE SUPPORT MULTI-ACCOUNT!)

- [x] OAuthPlugin
  - [x] OAuthController
  - [x] /oauth/login
  - [x] /oauth/callback
  - [x] Providers
    - [x] Google
    - [x] GitHub

## Client

- [x] useSession
- [x] cloudSignIn
- [x] cloudSignOut

## NOTE:

Tests will be adding in the future

packages/frontend/electron/src/main/deep-link.ts

@@ -8,7 +8,6 @@ import { logger } from './logger';
 import {
   getMainWindow,
   handleOpenUrlInHiddenWindow,
-  removeCookie,
   setCookie,
 } from './main-window';
 
@@ -82,28 +81,16 @@ async function handleOauthJwt(url: string) {
         return;
       }
 
-      const isSecure = CLOUD_BASE_URL.startsWith('https://');
-
       // set token to cookie
       await setCookie({
         url: CLOUD_BASE_URL,
         httpOnly: true,
         value: token,
         secure: true,
-        name: isSecure
-          ? '__Secure-next-auth.session-token'
-          : 'next-auth.session-token',
+        name: 'sid',
         expirationDate: Math.floor(Date.now() / 1000 + 3600 * 24 * 7),
       });
 
-      // force reset next-auth.callback-url
-      // there could be incorrect callback-url in cookie that will cause auth failure
-      // so we need to reset it to empty to mitigate this issue
-      await removeCookie(
-        CLOUD_BASE_URL,
-        isSecure ? '__Secure-next-auth.callback-url' : 'next-auth.callback-url'
-      );
-
       let hiddenWindow: BrowserWindow | null = null;
 
       ipcMain.once('affine:login', () => {