Add username/password auth and login UI
This commit is contained in:
35
API.md
35
API.md
@@ -1,28 +1,33 @@
|
||||
# API Contract (MVP)
|
||||
# API Contract (Auth-enabled)
|
||||
|
||||
All endpoints are JSON. Player identity comes from HttpOnly cookie `player`.
|
||||
All endpoints are JSON. Most routes require the HttpOnly cookie `player`, which is issued after successful register/login. Legacy player rows are given `legacy-xxxxxxxx` usernames during migration; they must register/login to get a valid auth cookie.
|
||||
|
||||
## Auth
|
||||
POST /api/auth/register
|
||||
POST /api/auth/login
|
||||
POST /api/auth/logout
|
||||
|
||||
## State
|
||||
GET /api/state
|
||||
GET /api/state (public)
|
||||
|
||||
## Player
|
||||
GET /api/me
|
||||
## Player (requires auth)
|
||||
GET /api/me
|
||||
POST /api/me/name
|
||||
|
||||
## Suggestions
|
||||
GET /api/suggestions/mine
|
||||
POST /api/suggestions
|
||||
DELETE /api/suggestions/{id}
|
||||
## Suggestions (requires auth + phase gating)
|
||||
GET /api/suggestions/mine
|
||||
POST /api/suggestions
|
||||
DELETE /api/suggestions/{id}
|
||||
GET /api/suggestions/all
|
||||
|
||||
## Votes
|
||||
GET /api/votes/mine
|
||||
## Votes (requires auth + phase gating)
|
||||
GET /api/votes/mine
|
||||
POST /api/votes
|
||||
|
||||
## Results
|
||||
## Results (requires auth + phase gating)
|
||||
GET /api/results
|
||||
|
||||
## Admin
|
||||
POST /api/admin/phase
|
||||
POST /api/admin/reset
|
||||
## Admin (admin key header/query required)
|
||||
POST /api/admin/phase
|
||||
POST /api/admin/reset
|
||||
POST /api/admin/factory-reset
|
||||
|
||||
Reference in New Issue
Block a user