Account functionality extended, API authentication implemented

- Can now add a second email address to your account and delete one of 
your email addresses
- Reset password now works
- Resetting the password of an account without a password set will set 
one
- Email templates overhauled
- Login tokens limited to close previously devastating ($800 database 
bill) security hole
- Login with REST API now works
- Once logged in, authentication of API calls with token works
- Creatures can now be fetched using the API

app/imports/server/rest/apiPublications/creature.js

@@ -0,0 +1,46 @@
+import SimpleSchema from 'simpl-schema';
+import Creatures from '/imports/api/creature/creatures/Creatures.js';
+import CreatureProperties from '/imports/api/creature/creatureProperties/CreatureProperties.js';
+import { assertViewPermission } from '/imports/api/creature/creatures/creaturePermissions.js';
+import computeCreature from '/imports/api/engine/computeCreature.js';
+import VERSION from '/imports/constants/VERSION.js';
+
+Meteor.publish('api-creature', function(creatureId){
+  try {
+    new SimpleSchema({
+      creatureId: {
+        type: String,
+        regEx: SimpleSchema.RegEx.Id,
+      },
+    }).validate({ creatureId });
+  } catch (e){
+    this.error(e);
+    return;
+  }
+  const userId = this.userId;
+  const creatureCursor = Creatures.find({
+    _id: creatureId,
+  });
+  const creature = creatureCursor.fetch()[0];
+  try {
+    assertViewPermission(creature, userId)
+  } catch(e){
+    this.error(e);
+    return;
+  }
+  if (creature.computeVersion !== VERSION){
+    try {
+      computeCreature(creatureId)
+    } catch(e){
+      console.error(e)
+    }
+  }
+  return [
+    creatureCursor,
+    CreatureProperties.find({
+      'ancestors.id': creatureId,
+    }),
+  ];
+}, {
+  url: 'api/creature/:0'
+});

app/imports/server/rest/apiPublications/index.js

@@ -0,0 +1 @@
+import './creature.js';