Add auth indication

[MV-GH]

With 0.19 now its not obvious which endpoints need authentication and which not. Maybe we should annotate that information in the JSDoc. This is especially useful for my openapi spec. As I can parse this JSDoc and auto add which endpoints need auth or not.

[dessalines]

We could annotate the http methods in some way, but it wouldn't be a good idea to do so for the auto-generated request objects.

I'm not sure what typedoc label would work best tho: https://tsdoc.org/pages/tags/public/

[MV-GH]

Yes, I meant the http routes. It doesn't have to be a real annotation. Could just be @Authenticed.But what should we do for methods that have different response based on auth. see GET /site

[dessalines]

How about @Auth required or @Auth optional ?

I think there are a few routes that don't use auth at all.

[MV-GH]

Yeah for those routes without auth we simply don't add a annotation.

So @Auth for full authenticated routes. So @AuthElevated or something for routes where auth elevates the response?

It should also be documented what each annotation means in that http file

[dessalines]

I'd be good with either of those.

[NatoBoram]

It doesn't necessarily need to be an annotation, it could also be a sentence. Something like Requires authentication. or Requires moderator privileges. or Requires administrator privileges. that is just placed at the end of the TSDoc comment

[MV-GH]

Well it doesn't matter to me as long as it can easily be parsed. (The above solution doesn't seem like that though)

[Nutomic]

In the Lemmy code you can see that an endpoint requires auth if the handler method takes param LocalUserView. If auth is optional the param is Option<LocalUserView>. If there is no LocalUserView param then auth makes no difference, but I dont think there is such an endpoint (except RSS feeds etc).

So it would be great if this could be generated from the Rust code, but its probably not possible due to lack of tooling.