Add Dex authentication configuration to support simple auth

[BetterAndBetterII]

Add Dex authentication configuration, and update docker-compose configuration to support OIDC authentication

issue: #4

[gemini-code-assist]

Summary of Changes

Hello @BetterAndBetterII, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

此拉取请求引入了对基于 Dex 的 OpenID Connect (OIDC) 认证的支持，为现有 GitHub OAuth 提供了替代方案。它包含了新的配置文件、用于 Dex 的 Docker Compose 设置，并重构了 Go 后端中的认证逻辑，使其更加通用和灵活。

Highlights

• OIDC 认证集成: 引入了基于 Dex 的 OpenID Connect (OIDC) 认证支持，允许用户通过 OIDC 提供商进行身份验证。
• 统一认证处理: 重构了后端认证逻辑，将 GitHub OAuth 和新的 OIDC 认证统一到 handlers/auth/auth.go 中，提高了代码的模块化和可扩展性。
• Dex 服务部署: 添加了 docker-compose.dex.yml 和 config/dex.config.yaml 文件，使得 Dex 身份提供商可以与 Excalidraw 应用一起通过 Docker Compose 轻松部署。
• 用户模型更新: core/user.go 中的用户模型已更新，以支持更通用的 Subject 和 Email 字段，取代了原有的 GitHub 特定 ID。
• 环境配置示例: 新增 .env.example.dex 文件，为 Dex OIDC 配置提供了清晰的环境变量示例。
• 文档更新: README.md 和 README_zh.md 已更新，包含了 Dex OIDC 认证的设置和使用说明。

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point in your pull request via creating an issue comment (i.e. comment on the pull request page) using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in issue comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces Dex for OIDC-based authentication, providing a simple password auth alternative to GitHub OAuth. The changes include a new docker-compose setup for Dex, configuration files, and refactoring of the authentication logic in the Go backend. While the implementation is a great step forward, there are several critical security vulnerabilities related to missing CSRF protection in the OAuth2 callbacks that must be addressed. Additionally, there are some security misconfigurations in the Dex setup that need to be fixed.