Refactor routing, changes API URLs (#1171)

* Make authentication part of the server, so it can be reused outside the Native API

This commit has broken tests after a rebase

* Serve frontend assets from `server`, and not from Native API

* Change Native API URL

* Fix auth tests

* Refactor server authentication

* Simplify authProvider, now subsonic token+salt comes from the server

* Don't send JWT token to UI when authenticated via Request Header

* Enable ReverseProxyWhitelist to be read from environment

ui/src/eventStream.js

@@ -15,9 +15,11 @@ const getEventStream = async () => {
   if (!es) {
     // Call `keepalive` to refresh the jwt token
     await httpClient(`${REST_URL}/keepalive/keepalive`)
-    es = new EventSource(
-      baseUrl(`${REST_URL}/events?jwt=${localStorage.getItem('token')}`)
-    )
+    let url = baseUrl(`${REST_URL}/events`)
+    if (localStorage.getItem('token')) {
+      url = url + `?jwt=${localStorage.getItem('token')}`
+    }
+    es = new EventSource(url)
   }
   return es
 }
@@ -64,7 +66,7 @@ const throttledEventHandler = throttle(eventHandler, 100, { trailing: true })
 
 const startEventStream = async () => {
   setTimeout(currentIntervalCheck)
-  if (!localStorage.getItem('token')) {
+  if (!localStorage.getItem('is-authenticated')) {
     console.log('Cannot create a unauthenticated EventSource connection')
     return Promise.reject()
   }