- Move auth strategies to package/auth

- Move email and avatar functions to package/auth

api/server/routes/oauth.js

@@ -1,7 +1,6 @@
 // file deepcode ignore NoRateLimitingForLogin: Rate limiting is handled by the `loginLimiter` middleware
 const express = require('express');
 const passport = require('passport');
-const { randomState } = require('openid-client');
 const {
   checkBan,
   logHeaders,
@@ -104,7 +103,8 @@ router.get(
 /**
  * OpenID Routes
  */
-router.get('/openid', (req, res, next) => {
+router.get('/openid', async (req, res, next) => {
+  const { randomState } = await import('openid-client');
   return passport.authenticate('openid', {
     session: false,
     state: randomState(),