replace /answer frontend

[flrgh]

Here's the current abomination:

The goal is to replace this with something nicer. It's a form that is primarily viewed on mobile, so UX-wise that means...

• form buttons/inputs should be clustered close enough together so that a user can easily complete the form single-handedly
• hitboxes/clickable areas should be large enough to not require super precise input
• allow/deny selection should be very hard to mix up: maybe some color coding would help?

We can bake the data into the response (that's how it works now--templated html) OR you can just use the API:

GET /access/pending/by-token/{token} returns info on the pending request:

{
    "allowed_scopes": [
        "global",
        "host",
        "url"
    ],
    "allowed_subjects": [
        "addr",
        "ua"
    ],
    "created": 1685995455.905,
    "expires": 1685999055.905,
    "max_ttl": 86400,
    "request": {
        "addr": "12.34.56.78",
        "asn": 7018,
        "country": "US",
        "host": "fake-app.com",
        "method": "GET",
        "org": "ATT-INTERNET4",
        "path": "/super-duper",
        "scheme": "https",
        "ua": "HTTPie/3.2.1",
        "uri": "/super-duper"
    },
    "state": "pending",
    "token": "3b5f3c330f19449d343a68d042c432b146147bb913c739da"
}

...and GET /ip/info/{addr} can be used to gather additional IP address info for display:

{
    "addr": "12.34.56.78",
    "asn": 7018,
    "city": "Atlanta",
    "continent": "North America",
    "continent_code": "NA",
    "country": "United States",
    "country_code": "US",
    "latitude": 33.7173,
    "longitude": -84.4783,
    "map_link": "https://www.openstreetmap.org/?mlat=33.7173&mlon=-84.4783#map=13/33.7173/-84.4783",
    "org": "ATT-INTERNET4",
    "postal_code": "30311",
    "region": "Georgia",
    "region_code": "GA",
    "search_link": "https://nominatim.openstreetmap.org/ui/search.html?country=United%20States&countrycodes=US&postalcode=30311&city=Atlanta&state=Georgia",
    "time_zone": "America/New_York"
}

One feature of the current form is that the server checks if the request to /answer (to load the form) came from the same IP address as the request that needs approval, and if so, the following message is added to the rendered html:

(this is your current IP address)

It's helpful to see this when approving a request, so it would be nice to preserve the feature in the new frontend. Without changing any backend APIs, the most straightforward way to do this is to use the /ip/addr API endpoint to fetch your IP address and then cross-reference this against request.addr from the /access/pending/by-token/{token} response.

[flrgh]

Because this is primarily used from mobile I think it'd be best if we could return all the necessary info from one API request instead of three (/access/pending/by-token/:token + /ip/addr + /ip/info/:addr), in order to keep latency from extra request round-trips low. Lemme know whenever you want to work on this one, and I'll pair with you on making the necessary API updates for this.