Interpreter session per-user

[mergeconflict]

There should be an REST resource corresponding to each interpreter session. Picturing the following:

• /console

  • POST: Create a new sub-resource representing a session.

    Should respond with 201 CREATED, or 403 FORBIDDEN if somebody's spamming.

• /console/{id}

  • POST: send code to be interpreted.

    Should respond with 200 OK normally, 400 BAD REQUEST if the code is broken, 403 FORBIDDEN if the user does something malicious like System.exit, or 404 NOT FOUND if the session id doesn't exist.

  • DELETE: kill the session.

    Should return 204 NO CONTENT normally, 404 NOT FOUND if the session id doesn't exist.

On the front-end, we'd store the current session URI in a browser cookie. If the cookie is present, the "submit" buttons would just POST to that URI. If absent, they would first need to POST to the /console root resource to obtain a session.

[mergeconflict]

I just made Console an actor in #39, so theoretically the Scaffold actor could just spawn an arbitrary number of these in response to "POST /console" requests, and kill them after some timeout.

I say "theoretically" because who knows what sort of ridiculous global, mutable state the interpreter contains... It'll be super awesome if we have to spawn a JVM for each interpreter.