api/API.md

# API
All API endpoints are accessible with this base URL: `https://api.nerdcult.net/`.
Some API endpoints require an Authorization HTTP header.
The token for this can be aquired using the `/account/authenticate` endpoint.

## Endpoints
### `/account/register` - POST
Requests a new nerdcult account.
This sends a verification E-Mail which contains a link to the veriication frontend with an verification token as url parameter.
This verification link will time out after 10 minutes.

#### HTTP Headers
| Header       | Content            |
|--------------|--------------------|
| Content-Type | `application/json` |

#### Content - JSON
| Field    | Description                            |
|----------|----------------------------------------|
| username | The accounts username / userid.        |
| password | The password used for authentication.  |
| email    | The email address used for validation. |

#### Responses
##### 200 - Success
The verification request was sent.
##### 400 - Error: Bad Request
The request was malformed.
##### 403 - Error: Forbidden
Blocked for security reasons.
##### 409 - Error: Conflict
The requested username or email is already taken.

__Content - JSON:__
| Field    | Description                                                          |
|----------|----------------------------------------------------------------------|
| conflict | Can be `username` or `email`, depending on what caused the conflict. |

##### 422 - Error: Unprocessable Entity
Malformed email address.


### `/account/verify` - POST
Verifies a requested account.

#### HTTP Headers
| Header       | Content            |
|--------------|--------------------|
| Content-Type | `application/json` |

#### Content - JSON
| Field | Description                                                                    |
|-------|--------------------------------------------------------------------------------|
| token | The verification token you received via an email after requesting the account. |

#### Responses
##### 200 - Success
The account was verified. You can login now.
##### 400 - Error: Bad Request
The request was malformed.
##### 403 - Error: Forbidden
Blocked for security reasons.
##### 404 - Error: Forbidden
The provided token is unknown.


### `/account/authenticate` - POST
Generates an authentication token for an account.

#### HTTP Headers
| Header       | Content            |
|--------------|--------------------|
| Content-Type | `application/json` |

#### Content - JSON
| Field    | Description                     |
|----------|---------------------------------|
| username | The accounts username / userid. |
| password | The accounts password.          |

#### Responses
##### 200 - Success
The authentication was successfull.

__Content - JSON:__
| Field | Description            |
|-------|------------------------|
| token | A unique access token. |

##### 400 - Error: Bad Request
The request was malformed.
##### 401 - Error: Unauthorized
The provided password was wrong.
##### 403 - Error: Forbidden
Blocked for security reasons.
##### 404 - Error: Not Found
The provided username was not found.
##### 424 - Error: Failed Dependency
The account isn't verified yet.


### `/account/delete` - DELETE
Deletes the account.

#### HTTP Headers
| Header        | Content            |
|---------------|--------------------|
| Authorization | `Bearer {token}`   |

#### Responses
##### 200 - Success
The account was deleted.
##### 401 - Error: Unauthorized
The provided auth token doesn't allow you to perform this operation.
##### 403 - Error: Forbidden
Blocked for security reasons.


### `/account/tokens` - DELETE
Deletes a token of the authenticated account.

#### HTTP Headers
| Header        | Content            |
|---------------|--------------------|
| Authorization | `Bearer {token}`   |
| Content-Type  | `application/json` |

#### Content - JSON
| Field | Description                       |
|-------|-----------------------------------|
| token | The token that should be deleted. |

#### Responses
##### 200 - Success
The token was deleted.
##### 401 - Error: Unauthorized
The provided auth token doesn't allow you to perform this operation.
##### 403 - Error: Forbidden
Blocked for security reasons.
##### 404 - Error: Not Found
The token that should be deleted wasn't found.


### `/account/tokens` - GET
Lists all active auth tokens for the account.

#### HTTP Headers
| Header        | Content            |
|---------------|--------------------|
| Authorization | `Bearer {token}`   |

#### Responses
##### 200 - Success
__Content - JSON:__
| Field  | Description                                                                                     |
|--------|-------------------------------------------------------------------------------------------------|
| tokens | A list of (token, expiration date) pairs. The expiration date is given as a UTC UNIX timestamp. |
##### 401 - Error: Unauthorized
The provided auth token doesn't allow you to perform this operation.
##### 403 - Error: Forbidden
Blocked for security reasons.
initial commit 2023-08-15 17:43:53 +00:00			`# API`
			All API endpoints are accessible with this base URL: `https://api.nerdcult.net/`.
			`Some API endpoints require an Authorization HTTP header.`
			The token for this can be aquired using the `/account/authenticate` endpoint.

			`## Endpoints`
			### `/account/register` - POST
			`Requests a new nerdcult account.`
			`This sends a verification E-Mail which contains a link to the veriication frontend with an verification token as url parameter.`
			`This verification link will time out after 10 minutes.`

			`#### HTTP Headers`
			`\| Header \| Content \|`
			`\|--------------\|--------------------\|`
			\| Content-Type \| `application/json` \|

			`#### Content - JSON`
			`\| Field \| Description \|`
			`\|----------\|----------------------------------------\|`
			`\| username \| The accounts username / userid. \|`
			`\| password \| The password used for authentication. \|`
			`\| email \| The email address used for validation. \|`

			`#### Responses`
			`##### 200 - Success`
			`The verification request was sent.`
docs(api): precised return code info 2023-08-16 11:23:01 +00:00			`##### 400 - Error: Bad Request`
initial commit 2023-08-15 17:43:53 +00:00			`The request was malformed.`
docs(api): precised return code info 2023-08-16 11:23:01 +00:00			`##### 403 - Error: Forbidden`
feat(api): defined and implemented return codes that allow for internal SQL injection checking 2023-08-16 15:30:18 +00:00			`Blocked for security reasons.`
docs(api): precised return code info 2023-08-16 11:23:01 +00:00			`##### 409 - Error: Conflict`
initial commit 2023-08-15 17:43:53 +00:00			`The requested username or email is already taken.`

			`__Content - JSON:__`
			`\| Field \| Description \|`
			`\|----------\|----------------------------------------------------------------------\|`
			\| conflict \| Can be `username` or `email`, depending on what caused the conflict. \|

docs(api): precised return code info 2023-08-16 11:23:01 +00:00			`##### 422 - Error: Unprocessable Entity`
initial commit 2023-08-15 17:43:53 +00:00			`Malformed email address.`

feat(api): defined token management endpoints 2023-08-17 13:20:31 +00:00
initial commit 2023-08-15 17:43:53 +00:00			### `/account/verify` - POST
			`Verifies a requested account.`

			`#### HTTP Headers`
			`\| Header \| Content \|`
			`\|--------------\|--------------------\|`
			\| Content-Type \| `application/json` \|

			`#### Content - JSON`
			`\| Field \| Description \|`
			`\|-------\|--------------------------------------------------------------------------------\|`
			`\| token \| The verification token you received via an email after requesting the account. \|`

			`#### Responses`
			`##### 200 - Success`
			`The account was verified. You can login now.`
docs(api): precised return code info 2023-08-16 11:23:01 +00:00			`##### 400 - Error: Bad Request`
initial commit 2023-08-15 17:43:53 +00:00			`The request was malformed.`
docs(api): precised return code info 2023-08-16 11:23:01 +00:00			`##### 403 - Error: Forbidden`
feat(api): defined and implemented return codes that allow for internal SQL injection checking 2023-08-16 15:30:18 +00:00			`Blocked for security reasons.`
			`##### 404 - Error: Forbidden`
initial commit 2023-08-15 17:43:53 +00:00			`The provided token is unknown.`

feat(api): defined token management endpoints 2023-08-17 13:20:31 +00:00
initial commit 2023-08-15 17:43:53 +00:00			### `/account/authenticate` - POST
			`Generates an authentication token for an account.`

			`#### HTTP Headers`
			`\| Header \| Content \|`
			`\|--------------\|--------------------\|`
			\| Content-Type \| `application/json` \|

			`#### Content - JSON`
			`\| Field \| Description \|`
			`\|----------\|---------------------------------\|`
			`\| username \| The accounts username / userid. \|`
			`\| password \| The accounts password. \|`

			`#### Responses`
			`##### 200 - Success`
			`The authentication was successfull.`

			`__Content - JSON:__`
			`\| Field \| Description \|`
			`\|-------\|------------------------\|`
			`\| token \| A unique access token. \|`

docs(api): precised return code info 2023-08-16 11:23:01 +00:00			`##### 400 - Error: Bad Request`
initial commit 2023-08-15 17:43:53 +00:00			`The request was malformed.`
feat(api): defined and implemented return codes that allow for internal SQL injection checking 2023-08-16 15:30:18 +00:00			`##### 401 - Error: Unauthorized`
initial commit 2023-08-15 17:43:53 +00:00			`The provided password was wrong.`
feat(api): defined and implemented return codes that allow for internal SQL injection checking 2023-08-16 15:30:18 +00:00			`##### 403 - Error: Forbidden`
			`Blocked for security reasons.`
docs(api): precised return code info 2023-08-16 11:23:01 +00:00			`##### 404 - Error: Not Found`
initial commit 2023-08-15 17:43:53 +00:00			`The provided username was not found.`
feat(api): added an account verification check before authentication 2023-08-16 23:29:00 +00:00			`##### 424 - Error: Failed Dependency`
			`The account isn't verified yet.`

initial commit 2023-08-15 17:43:53 +00:00
			### `/account/delete` - DELETE
			`Deletes the account.`

			`#### HTTP Headers`
			`\| Header \| Content \|`
			`\|---------------\|--------------------\|`
			\| Authorization \| `Bearer {token}` \|

			`#### Responses`
			`##### 200 - Success`
			`The account was deleted.`
feat(api): implemented a basic api skeleton, that matches the api docs 2023-08-16 12:02:23 +00:00			`##### 401 - Error: Unauthorized`
feat(api): defined token management endpoints 2023-08-17 13:20:31 +00:00			`The provided auth token doesn't allow you to perform this operation.`
			`##### 403 - Error: Forbidden`
			`Blocked for security reasons.`


			### `/account/tokens` - DELETE
			`Deletes a token of the authenticated account.`

			`#### HTTP Headers`
			`\| Header \| Content \|`
			`\|---------------\|--------------------\|`
			\| Authorization \| `Bearer {token}` \|
			\| Content-Type \| `application/json` \|

			`#### Content - JSON`
			`\| Field \| Description \|`
			`\|-------\|-----------------------------------\|`
			`\| token \| The token that should be deleted. \|`

			`#### Responses`
			`##### 200 - Success`
			`The token was deleted.`
			`##### 401 - Error: Unauthorized`
			`The provided auth token doesn't allow you to perform this operation.`
			`##### 403 - Error: Forbidden`
			`Blocked for security reasons.`
			`##### 404 - Error: Not Found`
			`The token that should be deleted wasn't found.`


			### `/account/tokens` - GET
			`Lists all active auth tokens for the account.`

			`#### HTTP Headers`
			`\| Header \| Content \|`
			`\|---------------\|--------------------\|`
			\| Authorization \| `Bearer {token}` \|

			`#### Responses`
			`##### 200 - Success`
			`__Content - JSON:__`
feat(api): fully implemented the two (GET and DELETE) `tokens` endpoints 2023-08-17 14:40:05 +00:00			`\| Field \| Description \|`
			`\|--------\|-------------------------------------------------------------------------------------------------\|`
			`\| tokens \| A list of (token, expiration date) pairs. The expiration date is given as a UTC UNIX timestamp. \|`
feat(api): defined token management endpoints 2023-08-17 13:20:31 +00:00			`##### 401 - Error: Unauthorized`
			`The provided auth token doesn't allow you to perform this operation.`
feat(api): defined and implemented return codes that allow for internal SQL injection checking 2023-08-16 15:30:18 +00:00			`##### 403 - Error: Forbidden`
			`Blocked for security reasons.`