♻️ Refactor profile and session handling

- makes the profile access more efficient (replace in-app joins to a
  simple select query on profile table
- add partial support for access-tokens (still missing some RPC methods)
- move router definitions to specific modules and simplify the main http
  module definitions to simple includes
- simplifiy authentication code related to access-tokens and sessions
- normalize db parameters with proper namespaced props
- more work on convert all modules initialization to use proper specs
  with fully-qualified keyword config props

backend/src/app/http/errors.clj

@@ -11,6 +11,8 @@
    [app.common.exceptions :as ex]
    [app.common.logging :as l]
    [app.http :as-alias http]
+   [app.http.access-token :as-alias actoken]
+   [app.http.session :as-alias session]
    [clojure.spec.alpha :as s]
    [cuerdas.core :as str]
    [yetti.request :as yrq]
@@ -26,7 +28,9 @@
 
 (defn get-context
   [request]
-  (let [claims (:session-token-claims request)]
+  (let [claims (-> {}
+                   (into (::session/token-claims request))
+                   (into (::actoken/token-claims request)))]
     (merge
      *context*
      {:path          (:path request)
@@ -49,6 +53,10 @@
   [err _]
   (yrs/response 401 (ex-data err)))
 
+(defmethod handle-exception :authorization
+  [err _]
+  (yrs/response 403 (ex-data err)))
+
 (defmethod handle-exception :restriction
   [err _]
   (yrs/response 400 (ex-data err)))