[chore] The Big Middleware and API Refactor (tm) (#1250)

* interim commit: start refactoring middlewares into package under router

* another interim commit, this is becoming a big job

* another fucking massive interim commit

* refactor bookmarks to new style

* ambassador, wiz zeze commits you are spoiling uz

* she compiles, we're getting there

* we're just normal men; we're just innocent men

* apiutil

* whoopsie

* i'm glad noone reads commit msgs haha :blob_sweat:

* use that weirdo go-bytesize library for maxMultipartMemory

* fix media module paths

docs/api/ratelimiting.md

@@ -1,10 +1,16 @@
 # Rate Limit
 
-To mitigate abuse + scraping of your instance, an IP-based HTTP rate limit is in place.
+To mitigate abuse + scraping of your instance, IP-based HTTP rate limiting is in place.
 
-This rate limit applies not just to the API, but to all requests (web, federation, etc).
+There are separate rate limiters configured for different groupings of endpoints. In other words, being rate limited for one part of the API doesn't necessarily mean you will be rate limited for other parts. Each entry in the following list has a separate rate limiter:
 
-By default, a maximum of 1000 requests in a 5 minute time window are allowed.
+- `/users/*` and `/emoji/*` - ActivityPub (s2s) endpoints.
+- `/auth/*` and `/oauth/*` - Sign in + OAUTH token requests.
+- `/fileserver/*` - Media attachments, emojis, etc.
+- `/nodeinfo/*` - NodeInfo endpoint(s).
+- `/.well-known/*` - webfinger + nodeinfo requests.
+
+By default, each rate limiter allows a maximum of 300 requests in a 5 minute time window: 1 request per second per client IP address.
 
 Every response will include the current status of the rate limit with the following headers:
 

docs/api/swagger.yaml

@@ -1914,7 +1914,7 @@ definitions:
         title: SwaggerCollection represents an activitypub collection.
         type: object
         x-go-name: SwaggerCollection
-        x-go-package: github.com/superseriousbusiness/gotosocial/internal/api/s2s/user
+        x-go-package: github.com/superseriousbusiness/gotosocial/internal/api/activitypub/users
     swaggerCollectionPage:
         properties:
             id:
@@ -1949,7 +1949,7 @@ definitions:
         title: SwaggerCollectionPage represents one page of a collection.
         type: object
         x-go-name: SwaggerCollectionPage
-        x-go-package: github.com/superseriousbusiness/gotosocial/internal/api/s2s/user
+        x-go-package: github.com/superseriousbusiness/gotosocial/internal/api/activitypub/users
     tag:
         properties:
             name:
@@ -2049,9 +2049,9 @@ paths:
                     description: ""
                     schema:
                         $ref: '#/definitions/wellKnownResponse'
-            summary: Directs callers to /nodeinfo/2.0.
+            summary: Returns a well-known response which redirects callers to `/nodeinfo/2.0`.
             tags:
-                - nodeinfo
+                - .well-known
     /.well-known/webfinger:
         get:
             description: |-
@@ -2074,7 +2074,7 @@ paths:
                         $ref: '#/definitions/wellKnownResponse'
             summary: Handles webfinger account lookup requests.
             tags:
-                - webfinger
+                - .well-known
     /api/{api_version}/media:
         post:
             consumes: