feat(auth): harden authentication with argon2 passwords and rotating hashed refresh tokens

ts_interfaces/data/loint-reception.jwt.ts

@@ -10,6 +10,11 @@ export interface IJwt {
      */
     userId: string;
 
+    /**
+     * the login session backing this jwt
+     */
+    sessionId?: string;
+
     /**
      * the latest point of
      */
@@ -24,9 +29,9 @@ export interface IJwt {
     refreshEvery: number;
 
     /**
-     * the refresh token to obtain a new jwt for a session
+     * legacy field kept for compatibility with already-issued jwt documents
      */
-    refreshToken: string;
+    refreshToken?: string;
 
     /**
      * just for looks/debugging