The user is authenticated by one of the following
methods, in order of priority:
* The presence of a valid JWT.
* Its IP.
* Its hostname.
In the case of the latter two methods, if authentication
is successful a JWT valid for 15 minutes will be generated
and passed back to the user in a cookie.
An alert is sent whenever an endpoint returns
an error other than an explicit failure (e.g.,
it won't send an alert if a middleware intentionally
returns a {status: XXX} object).
The configuration file etc/config.yaml is exposed to the
server backend under require('configuration').global.
Note that at some point it will probably make sense to
merge the two config files.
