Add a REST API for third party usage

[leepeuker]

The current most http routes used have a state (php session) and are not suitable for third party usages.

Structure proposal:

• /users/{username}/history/movies (movies with watch dates ordered by last played)
• /users/{username}/watchlist/movies (movies on the users watchlist ordered by the date of the addition to the list)
• /users/{username}/played/movies (all movies with user plays)
• /movies (get all local movies)
• /movies/search (search for movies, including remote results from tmdb)
• /movies/sync (import or update existing movie, either movaryId OR tmdbId required)
• /jobs/{jopType} (CRUD for server background jobs)
• /users/{username}/settings/general (CRUD for user general setttings)
• /users/{username}/settings/security (CRUD for user security setttings)

Other:

• All routes have the prefix /api
• Routes can require a valid auth token. The auth token is set via http header X-Auth-Token. Every user account can re/generate their X-Auth-Token (token and user are hardly coupled). This is a really basic setup which can be improved later, for now I would like to focus on functionality over security.

TODO: add api token and its management to user general account settings, maybe under new section Api

[leepeuker]

The basics were added together with the first api endpoint (history). The rest of the endpoints has to follow.

[JVT038]

Some other suggestions:

• /users/{username}/settings/general/username (PUT) - Change the username
• /users/{username}/settings/general/dateformat (PUT) - Change the user's date format
• /users/{username}/settings/general/privacy (PUT) - Change the privacy level; accepts an integer, based on the level
• /users/{username}/settings/general/country (PUT) - Change the country
• /users/{username}/settings/general/watchlistremoval (PUT) - Toggle the automatic removal from the watchlist if an item is played
• /users/{username}/settings/security/password (PUT) - Change the password

[leepeuker]

@JVT038 true, I have added the following to the TODO

- /users/{username}/settings/general (CRUD for user general setttings)
- /users/{username}/settings/security (CRUD for user security setttings)

I think I would prefer to create just one endpoint per settings type with optional values instead of one endpoint settings type value 🤔

[leepeuker]

We need to improve the rest API stability. Incorrect requested payloads lead to 500 server errors.

Additionally, we return the frontend 500/404 responses pages for server errors. The rest API response should be JSON and not html.

Edit: Fixed wrong error pages for API.