Add new config option webserver.api.searchAPIauth

[DL6ER]

What does this implement/fix?

Add new config option webserver.api.searchAPIauth defaulting to false to aid pi-hole/pi-hole#5361

Related issue or feature (if applicable): N/A

Pull request in docs with documentation (if applicable): N/A

---

By submitting this pull request, I confirm the following:

1. I have read and understood the contributors guide, as well as this entire template. I understand which branch to base my commits and Pull Requests against.
2. I have commented my proposed changes within the code.
3. I am willing to help maintain this change if there are issues with it later.
4. It is compatible with the EUPL 1.2 license
5. I have squashed any insignificant commits. (git rebase)

Checklist:

• The code change is tested and works locally.
• I based my code and PRs against the repositories developmental branch.
• I signed off all commits. Pi-hole enforces the DCO for all contributions
• I signed all my commits. Pi-hole requires signatures to verify authorship
• I have read the above and my PR is ready for review.

[yubiuser]

Mhhh.. it's not working or I misunderstood true/false settings. Testing with latest query_list_v6 branch from core.
Always running pihole -q flurry.com

When I set localAPIauth=false I don't need to authenticate, regardless of searchAPIauthsetting. But when setting localAPIauth=true I always need to authenticate, regardless of searchAPIauthsetting.

[DL6ER]

searchAPIauth = false means: No auth needed for /api/search (default)

Which domain are you using to communicate with the Pi-hole? Note that devices will only be considered "local" when the request arrives either on 127.0.0.1 or ::1. Doing it over pi.hole is fine, too, if it results in a loopback connection. Please enable debug.api and check FTL.log to locate lines like

2023-10-13 22:36:03.473 [1663473/T1663483] DEBUG_API: Requested API URI: 127.0.0.1 -> GET /api/search ? (null) (Content-Type (null))

The address before the -> GET is the client's address.

[yubiuser]

It's probably an issue on core. I first try to authenticate and then try to query the endpoint. But with the new option I need to query first, check the response, and in case it's unauthenticated do the authentication and re-query.

2023-10-13 22:45:26.782 [72240/T72246] DEBUG_API: Requested API URI: 127.0.0.1 -> GET /api/auth ? (null) (Content-Type (null))
2023-10-13 22:45:26.783 [72240/T72246] DEBUG_API: Received no payload
2023-10-13 22:45:26.783 [72240/T72246] DEBUG_API: Processing GET /api/auth in /api/auth
2023-10-13 22:45:26.783 [72240/T72246] DEBUG_API: API Authentication: FAIL (no SID provided)
2023-10-13 22:45:26.783 [72240/T72246] DEBUG_API: API Auth status: Invalid, asking to delete cookie
2023-10-13 22:45:26.786 [72240/T72246] DEBUG_API: Done
2023-10-13 22:45:26.862 [72240/T72247] DEBUG_API: Requested API URI: 127.0.0.1 -> POST /api/auth ? (null) (Content-Type application/x-www-form-urlencoded)
2023-10-13 22:45:26.862 [72240/T72247] DEBUG_API: Received payload with size: 15
2023-10-13 22:45:26.863 [72240/T72247] DEBUG_API: Processing POST /api/auth in /api/auth
2023-10-13 22:45:26.863 [72240/T72247] DEBUG_API: API Authentication: FAIL (no SID provided)
2023-10-13 22:45:26.863 [72240/T72247] DEBUG_API: API: Password incorrect: ''
2023-10-13 22:45:26.863 [72240/T72247] DEBUG_API: API Auth status: Invalid, asking to delete cookie
2023-10-13 22:45:26.864 [72240/T72247] DEBUG_API: Done

[yubiuser]

While trying to adjust the code of my core PR, I noticed that this PR breaks the /search endpoint for non-local users. It will always de-authenticate (e.g. running the adlist search from the web interface)

2023-10-13 23:04:28.165 [72240/T72249] DEBUG_API: Requested API URI: 10.0.1.59 -> GET /api/search/flurry.com ? partial=false&N=20 (Content-Type (null))
2023-10-13 23:04:28.166 [72240/T72249] DEBUG_API: Received no payload
2023-10-13 23:04:28.167 [72240/T72249] WARNING: API: Unauthorized