Adrien
50 lines
1.3 KiB
Markdown
50 lines
1.3 KiB
Markdown
# API Contract: Auth
|
|
|
|
**Base path**: `/api/v1/auth`
|
|
**Authentication**: HTTP Basic (all endpoints in this group require valid credentials)
|
|
|
|
---
|
|
|
|
## GET /api/v1/auth/check
|
|
|
|
Verifies that the supplied HTTP Basic credentials are valid. Used by the frontend after a page refresh to confirm stored credentials are still accepted before rendering the app.
|
|
|
|
### Request
|
|
|
|
```
|
|
GET /api/v1/auth/check
|
|
Authorization: Basic <base64(username:password)>
|
|
```
|
|
|
|
No request body.
|
|
|
|
### Response — 200 OK
|
|
|
|
```json
|
|
{
|
|
"username": "neurosurgeon"
|
|
}
|
|
```
|
|
|
|
| Field | Type | Description |
|
|
|-------|------|-------------|
|
|
| `username` | string | The authenticated username |
|
|
|
|
### Response — 401 Unauthorized
|
|
|
|
Spring Security returns a standard 401 with `WWW-Authenticate: Basic realm="Realm"` header. No JSON body.
|
|
|
|
### Behaviour
|
|
|
|
- Returns `200` with the authenticated username if credentials are valid.
|
|
- Returns `401` if credentials are absent or incorrect.
|
|
- No side effects (idempotent, read-only).
|
|
|
|
---
|
|
|
|
## Notes
|
|
|
|
- All other existing endpoints (`/api/v1/books`, `/api/v1/chat`, etc.) continue to require HTTP Basic Auth as before.
|
|
- The frontend sends `Authorization: Basic ...` on every request via the axios request interceptor.
|
|
- A global axios response interceptor detects `401` responses and redirects the user to `/login`.
|