feat: announcements/ changelogs endpoint

[oSumAtrIX]

About

It is currently not possible to publish official announcements or changelogs.

Solution

Add the following endpoints:

• /announcements
• /announcements/latest
• /changelogs
• /changelogs/latest

Why

• We "abuse" and depend on 3rd party services such as Discord, Reddit, or Twitter to make official announcements or changelogs.
• A single trusted source can announce the first and foremost announcements. In the case of the API, the API delivers patches, for example. So if the API also delivers announcements, you can be sure of the origin
• Other sources that host the API can make their own announcements and changelogs and would not have to rely on 3rd party services as well

Additional context

It may be beneficial to authenticate this endpoint. The reason to do so would be so that it isn't scraped. Imagine the following scenario:
Someone forks ReVanced Manager. Now that they use our API endpoint, we will deliver announcements and changelogs on their fork. The same applies to the ReVanced website, which could consume them. Ideally, we display them on the website, which would act as the primary source of information. If the endpoint were not authenticated, some other website would use it. Instead, the idea is to host your own API to deliver them. ReVanced Website and ReVanced Manager would have a variable in the source code that can be set at the built time to authenticate against the endpoint. Adding a captcha to the endpoints may also be beneficial to prevent scraping. Further attempts are not necessary to protect the endpoints.

[SodaWithoutSparkles]

So how do the client (for example, the announcement patch in YouTube ReVanced) access the api if it has a CAPTCHA?

If you set a variable at built time, wouldnt it also be scraped by decompiling the apk or just use sth like MITM + wireshark?

[oSumAtrIX]

To display Captcha, a traditional WebView component would be displayed that would complete the captcha.
A captcha is a server sided, you can not complete it by reverse engineering the client. Everything is open source regardless, though, we aren't hiding anything.

[Ushie]

Why would there be an announcement patch for YouTube?

[SodaWithoutSparkles]

Why would there be an announcement patch for YouTube?

ReVanced/revanced-patches-template#1047

So Osu are saying that the client would have a CAPTCHA window once a day?

why dont just rate-limit the client IP instead?

[oSumAtrIX]

@alexandreteles If possible, a specification could be released early for clients to mock the endpoints until it is available. Currently open: ReVanced/revanced-website#165