Put websocket connections through middleware

• Put websocket connections through middleware
• Upgrade to node 10-lts base image
• Update lodash to fix low priority security issue

PR: #67

Security fix

Update a dep marked with a security fix, just in case:
morgan from 1.9.0 to 1.9.1

plus some other minor dep updates

v1.4.3

• Bump hoek from 4.2.0 to 4.2.1 (fixes CVE-2018-3728)
• Bump http-proxy from 1.16.2 to 1.17.0
• Bump express from 4.16.2 to 4.16.3
• Bump serve-favicon from 2.4.5 to 2.5.0
• Bump eslint from 4.17.0 to 4.19.1
• Bump eslint-plugin-import from 2.8.0 to 2.11.0
• Bump dotenv from 4.0.0 to 5.0.1

Session expires after 1 hour (by default)

Can be configured by setting the COOKIE_MAXAGE environment variable to
the number of seconds after which cookie session will expire.

Added health check endpoint

Added GET /healthz endpoint, so we (k8s) don't have to use GET /login to check if the container is healthy.

Silent SSO

Do not prompt for login when the user is already logged in Auth0 SSO.

Auth0 hosted login page

Use Auth0 hosted login page instead of custom /login page.

Binary file uploads no longer corrupted

Binary files were being decoded and re-encoded as text, which meant the files were corrupted. This release fixes binary file uploads.

Check authorised user is owner

Patches a flaw in the proxy logic, which allowed an authorised user to access other users' RStudio instances.

Fix file uploads

File uploads were broken in v1.1.0 - this version fixes them