Add an AppSpecificAuthToken data model for app-specific auth tokens. These will be used for the Docker CLI in place of username+password

data/database.py

@@ -1418,6 +1418,26 @@ class BitTorrentPieces(BaseModel):
     )
 
 
+class AppSpecificAuthToken(BaseModel):
+  """ AppSpecificAuthToken represents a token generated by a user for use with an external
+      application where putting the user's credentials, even encrypted, is deemed too risky.
+  """
+  user = QuayUserField()
+  uuid = CharField(default=uuid_generator, max_length=36, index=True)
+  title = CharField()
+  token_code = CharField(default=random_string_generator(length=120), unique=True, index=True)
+  created = DateTimeField(default=datetime.now)
+  expiration = DateTimeField(null=True)
+  last_accessed = DateTimeField(null=True)
+
+  class Meta:
+    database = db
+    read_slaves = (read_slave,)
+    indexes = (
+      (('user', 'expiration'), False),
+    )
+  
+
 beta_classes = set([ManifestLayerScan, Tag, TagKind, BlobPlacementLocation, ManifestLayer, ManifestList,
                     BitTorrentPieces, MediaType, Label, ManifestBlob, BlobUploading, Blob,
                     ManifestLayerDockerV1, BlobPlacementLocationPreference, ManifestListManifest,