AddTokenToContext adds an xor'ed version of the CSRF token to the context, so we can pass it into forms.

Authenticate ensures the current user is logged in for all requests other than those going to "/" or static resources.

Authorize ensures that a user is authorized to commit a specific action on a specific resource.

AuthorizeResource returns a ResourceAuthorization struct describing what is being authorized and whether the current user is allowed to do what they're trying to do.

GetCSRFCookieToken returns the csrf token set in the cookie.

GetCSRFRequestToken returns the token set in the request form or header.

GetUserFromAPIHeaders returns the current user based on the API auth headers.

GetUserFromSession returns the User for the current session.

IsAPIRoute returns true if the requested route matches one of our API prefixes.

LoadCookie loads a cookie's value into the request context.

LoadCookies loads the user's flash and preference cookes into the request context.

SetDefaultHeaders sets headers that we want to include with every response.

XorStrings scrambles the CSRF token that appears in the header and in forms on each request.

AuthMap maps HTTP handler names to the permissions required to access that handler.

AuthMetadata contains information about what type of resource is being requested, and what action the user wants to take on that resource.

ResourceAuthorization contains information about the current request handler, the resource and action being requested, and whether the current user is authorized to do what they're trying to do.