Add simple auth
This commit is contained in:
Adrien
@@ -0,0 +1,49 @@
|
||||
# API Contract: Auth
|
||||
|
||||
**Base path**: `/api/v1/auth`
|
||||
**Authentication**: HTTP Basic (all endpoints in this group require valid credentials)
|
||||
|
||||
---
|
||||
|
||||
## GET /api/v1/auth/check
|
||||
|
||||
Verifies that the supplied HTTP Basic credentials are valid. Used by the frontend after a page refresh to confirm stored credentials are still accepted before rendering the app.
|
||||
|
||||
### Request
|
||||
|
||||
```
|
||||
GET /api/v1/auth/check
|
||||
Authorization: Basic <base64(username:password)>
|
||||
```
|
||||
|
||||
No request body.
|
||||
|
||||
### Response — 200 OK
|
||||
|
||||
```json
|
||||
{
|
||||
"username": "neurosurgeon"
|
||||
}
|
||||
```
|
||||
|
||||
| Field | Type | Description |
|
||||
|-------|------|-------------|
|
||||
| `username` | string | The authenticated username |
|
||||
|
||||
### Response — 401 Unauthorized
|
||||
|
||||
Spring Security returns a standard 401 with `WWW-Authenticate: Basic realm="Realm"` header. No JSON body.
|
||||
|
||||
### Behaviour
|
||||
|
||||
- Returns `200` with the authenticated username if credentials are valid.
|
||||
- Returns `401` if credentials are absent or incorrect.
|
||||
- No side effects (idempotent, read-only).
|
||||
|
||||
---
|
||||
|
||||
## Notes
|
||||
|
||||
- All other existing endpoints (`/api/v1/books`, `/api/v1/chat`, etc.) continue to require HTTP Basic Auth as before.
|
||||
- The frontend sends `Authorization: Basic ...` on every request via the axios request interceptor.
|
||||
- A global axios response interceptor detects `401` responses and redirects the user to `/login`.
|
||||
Reference in New Issue
Block a user