api/docs/README.md

# API
All API endpoints are accessible with this base URL: `https://api.nerdcult.net/`.
Some API endpoints require an Authorization HTTP header.
The token for this can be aquired using the `/account/authenticate` endpoint.

## Implementation Status
__(ND)__ -> Not designed yet.


- `/account`
    - [X] `/register`
    - [X] `/verify`
    - [X] `/authenticate`
    - [X] `/delete`
    - [X] `/tokens`
    - [X] `/tokens`
    - [ ] `/follows`
    - [ ] `/followers`
    - [ ] `/deactivate`
    - [ ] `/activate`
- `/user/`
    - [ ] `/info`
    - [ ] `/follow`
    - [ ] `/follows`
    - [ ] `/followers`
    - [ ] `/projects`
- `/project`
    - [X] `/create`
    - [X] `/info`
    - [ ] `/join`
- `/vault`
    - [ ] `/info`
    - [ ] `/init`
    - [ ] `/key`
    - `/fs`
        - [ ] `/create` (ND)
        - [ ] `/read` (ND)
        - [ ] `/write` (ND)
        - [ ] `/info` (ND)
        - [ ] `/delete` (ND)
- `/admin`
    - `/backup`
        - [ ] `/list`
        - [ ] `/fetch/{id}`
        - [ ] `/create`

## Examples
An example _Register -> Verify -> Authenticate -> Delete_ flow.
The examples use the [HTTPie](https://httpie.io/) CLI.

### 1. Register a new account
```
$ http -v POST https://api.nerdcult.net/account/register email=test@not.existing password=pwd username=username
POST /account/register HTTP/1.1
Accept: application/json, */*;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Content-Length: 73
Content-Type: application/json
Host: api.nerdcult.net
User-Agent: HTTPie/3.2.1

{
    "email": "test@not.existing",
    "password": "pwd",
    "username": "username"
}


HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 0
Date: Sun, 20 Aug 2023 13:37:35 GMT
Server: nginx/1.24.0
Strict-Transport-Security: max-age=31536000; includeSubDomains
```
This sends a verification token to the email you specified in the request body.
Such a token looks like this: `f68b0ee33bbe4850991993c361997003`.

### 2. Verify the created account
```
$ http -v POST https://api.nerdcult.net/account/verify token="f68b0ee33bbe4850991993c361997003"
POST /account/verify HTTP/1.1
Accept: application/json, */*;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Content-Length: 45
Content-Type: application/json
Host: api.nerdcult.net
User-Agent: HTTPie/3.2.1

{
    "token": "f68b0ee33bbe4850991993c361997003"
}


HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 0
Date: Sun, 20 Aug 2023 13:41:51 GMT
Server: nginx/1.24.0
Strict-Transport-Security: max-age=31536000; includeSubDomains
```
The account is now verified and functional.

### 3. Get an access token
```
$ http -v POST https://api.nerdcult.net/account/authenticate username=username password=pwd
POST /account/authenticate HTTP/1.1
Accept: application/json, */*;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Content-Length: 43
Content-Type: application/json
Host: api.nerdcult.net
User-Agent: HTTPie/3.2.1

{
    "password": "pwd",
    "username": "username"
}


HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 44
Content-Type: application/json
Date: Sun, 20 Aug 2023 13:44:17 GMT
Server: nginx/1.24.0
Strict-Transport-Security: max-age=31536000; includeSubDomains

{
    "token": "f11f952c9d734461a11b087a27a219e2"
}
```
This token can now be used to call other API calls.
It will expire after 7 days.

### 4. Delete the account
This is an example for an action that needs authentication.
```
$ http -v DELETE https://api.nerdcult.net/account/delete -A bearer -a f11f952c9d734461a11b087a27a219e2
DELETE /account/delete HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
Authorization: Bearer f11f952c9d734461a11b087a27a219e2
Connection: keep-alive
Content-Length: 0
Host: api.nerdcult.net
User-Agent: HTTPie/3.2.1


HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 0
Date: Sun, 20 Aug 2023 13:54:30 GMT
Server: nginx/1.24.0
Strict-Transport-Security: max-age=31536000; includeSubDomains
```

## TODO
- Password checking on registration
- account bound rate limit
docs(api): moved into 'docs' folder and splitted into multiple files 2023-08-18 16:05:12 +00:00			`# API`
			All API endpoints are accessible with this base URL: `https://api.nerdcult.net/`.
			`Some API endpoints require an Authorization HTTP header.`
			The token for this can be aquired using the `/account/authenticate` endpoint.

			`## Implementation Status`
docs(api): fixed legend 2023-09-08 22:20:26 +00:00			`__(ND)__ -> Not designed yet.`

docs(api): defined vault and backup endpoints 2023-09-08 19:50:49 +00:00
docs(api): moved into 'docs' folder and splitted into multiple files 2023-08-18 16:05:12 +00:00			- `/account`
			- [X] `/register`
			- [X] `/verify`
			- [X] `/authenticate`
			- [X] `/delete`
			- [X] `/tokens`
			- [X] `/tokens`
			- [ ] `/follows`
			- [ ] `/followers`
feat(docker): dockerized project 2023-08-20 12:30:11 +00:00			- [ ] `/deactivate`
			- [ ] `/activate`
docs(api): designed account (de)activation 2023-08-18 21:49:41 +00:00			- `/user/`
docs(api): moved into 'docs' folder and splitted into multiple files 2023-08-18 16:05:12 +00:00			- [ ] `/info`
			- [ ] `/follow`
			- [ ] `/follows`
			- [ ] `/followers`
			- [ ] `/projects`
			- `/project`
docs(api): updated implementation status 2023-08-23 16:17:34 +00:00			- [X] `/create`
docs(api): updated implementation status 2023-09-10 00:05:49 +00:00			- [X] `/info`
docs(api): designed account (de)activation 2023-08-18 21:49:41 +00:00			- [ ] `/join`
docs(api): defined vault and backup endpoints 2023-09-08 19:50:49 +00:00			- `/vault`
docs(api): designed the basic vault endpoints 2023-09-08 22:18:58 +00:00			- [ ] `/info`
			- [ ] `/init`
			- [ ] `/key`
docs(api): defined vault and backup endpoints 2023-09-08 19:50:49 +00:00			- `/fs`
			- [ ] `/create` (ND)
			- [ ] `/read` (ND)
			- [ ] `/write` (ND)
			- [ ] `/info` (ND)
			- [ ] `/delete` (ND)
			- `/admin`
			- `/backup`
docs(api): designed the backup endpoints 2023-09-09 14:58:46 +00:00			- [ ] `/list`
			- [ ] `/fetch/{id}`
			- [ ] `/create`
docs(api): moved into 'docs' folder and splitted into multiple files 2023-08-18 16:05:12 +00:00
docs(api): added usage examples 2023-08-20 13:56:14 +00:00			`## Examples`
			`An example _Register -> Verify -> Authenticate -> Delete_ flow.`
docs(api): fixed typo fix xD 2023-08-20 13:58:49 +00:00			`The examples use the [HTTPie](https://httpie.io/) CLI.`
docs(api): added usage examples 2023-08-20 13:56:14 +00:00
			`### 1. Register a new account`
			```
			`$ http -v POST https://api.nerdcult.net/account/register email=test@not.existing password=pwd username=username`
			`POST /account/register HTTP/1.1`
			`Accept: application/json, /;q=0.5`
			`Accept-Encoding: gzip, deflate`
			`Connection: keep-alive`
			`Content-Length: 73`
			`Content-Type: application/json`
			`Host: api.nerdcult.net`
			`User-Agent: HTTPie/3.2.1`

			`{`
			`"email": "test@not.existing",`
			`"password": "pwd",`
			`"username": "username"`
			`}`


			`HTTP/1.1 200 OK`
			`Connection: keep-alive`
			`Content-Length: 0`
			`Date: Sun, 20 Aug 2023 13:37:35 GMT`
			`Server: nginx/1.24.0`
			`Strict-Transport-Security: max-age=31536000; includeSubDomains`
			```
feat(api): implemented /project/create 2023-08-23 16:16:36 +00:00			`This sends a verification token to the email you specified in the request body.`
docs(api): added usage examples 2023-08-20 13:56:14 +00:00			Such a token looks like this: `f68b0ee33bbe4850991993c361997003`.

			`### 2. Verify the created account`
			```
			`$ http -v POST https://api.nerdcult.net/account/verify token="f68b0ee33bbe4850991993c361997003"`
			`POST /account/verify HTTP/1.1`
			`Accept: application/json, /;q=0.5`
			`Accept-Encoding: gzip, deflate`
			`Connection: keep-alive`
			`Content-Length: 45`
			`Content-Type: application/json`
			`Host: api.nerdcult.net`
			`User-Agent: HTTPie/3.2.1`

			`{`
			`"token": "f68b0ee33bbe4850991993c361997003"`
			`}`


			`HTTP/1.1 200 OK`
			`Connection: keep-alive`
			`Content-Length: 0`
			`Date: Sun, 20 Aug 2023 13:41:51 GMT`
			`Server: nginx/1.24.0`
			`Strict-Transport-Security: max-age=31536000; includeSubDomains`
			```
			`The account is now verified and functional.`

			`### 3. Get an access token`
			```
			`$ http -v POST https://api.nerdcult.net/account/authenticate username=username password=pwd`
			`POST /account/authenticate HTTP/1.1`
			`Accept: application/json, /;q=0.5`
			`Accept-Encoding: gzip, deflate`
			`Connection: keep-alive`
			`Content-Length: 43`
			`Content-Type: application/json`
			`Host: api.nerdcult.net`
			`User-Agent: HTTPie/3.2.1`

			`{`
			`"password": "pwd",`
			`"username": "username"`
			`}`


			`HTTP/1.1 200 OK`
			`Connection: keep-alive`
			`Content-Length: 44`
			`Content-Type: application/json`
			`Date: Sun, 20 Aug 2023 13:44:17 GMT`
			`Server: nginx/1.24.0`
			`Strict-Transport-Security: max-age=31536000; includeSubDomains`

			`{`
			`"token": "f11f952c9d734461a11b087a27a219e2"`
			`}`
			```
			`This token can now be used to call other API calls.`
			`It will expire after 7 days.`

			`### 4. Delete the account`
			`This is an example for an action that needs authentication.`
			```
			`$ http -v DELETE https://api.nerdcult.net/account/delete -A bearer -a f11f952c9d734461a11b087a27a219e2`
			`DELETE /account/delete HTTP/1.1`
			`Accept: /`
			`Accept-Encoding: gzip, deflate`
			`Authorization: Bearer f11f952c9d734461a11b087a27a219e2`
			`Connection: keep-alive`
			`Content-Length: 0`
			`Host: api.nerdcult.net`
			`User-Agent: HTTPie/3.2.1`



			`HTTP/1.1 200 OK`
			`Connection: keep-alive`
			`Content-Length: 0`
			`Date: Sun, 20 Aug 2023 13:54:30 GMT`
			`Server: nginx/1.24.0`
			`Strict-Transport-Security: max-age=31536000; includeSubDomains`
			```

docs(api): moved into 'docs' folder and splitted into multiple files 2023-08-18 16:05:12 +00:00			`## TODO`
			`- Password checking on registration`
docs(api): defined vault and backup endpoints 2023-09-08 19:50:49 +00:00			`- account bound rate limit`