|
15 | 15 | * **Standardized Success Responses:** Returns consistent JSON success responses wrapped in a `SuccessApiResponse` structure, including request metadata (`requestId`, `timestamp`). |
16 | 16 | * **Standardized Error Handling:** Returns consistent JSON error responses via centralized middleware (`lib/src/middlewares/error_handler.dart`) for predictable client-side handling. |
17 | 17 | * **Request Traceability:** Generates a unique `requestId` (UUID v4) for each incoming request, included in success response metadata and available for server-side logging via context. |
18 | | -* **In-Memory Demo Mode:** Utilizes pre-loaded fixture data (`lib/src/fixtures/`) for demonstration and development purposes, simulating a live backend without external dependencies for core data and settings. |
| 18 | +* **In-Memory Demo Mode:** Utilizes pre-loaded fixture data (`lib/src/fixtures/`) for demonstration and development purposes, simulating a live backend without external dependencies for core data, settings, and email sending. |
| 19 | +* **Authentication:** Provides endpoints for user sign-in/sign-up via email code and anonymous sign-in. Includes token generation and validation via middleware. |
19 | 20 |
|
20 | 21 | ### Data API (`/api/v1/data`) |
21 | 22 |
|
|
42 | 43 | * **Key Packages & Shared Core:** |
43 | 44 | * `dart_frog`: The web framework foundation. |
44 | 45 | * `uuid`: Used to generate unique request IDs. |
45 | | - * `ht_shared`: Contains shared data models (`Headline`, `Category`, etc.), API response wrappers (`SuccessApiResponse`, `ResponseMetadata`), and standard exceptions (`HtHttpException`). |
| 46 | + * `ht_shared`: Contains shared data models (`Headline`, `Category`, `User`, `AuthSuccessResponse`, etc.), API response wrappers (`SuccessApiResponse`, `ResponseMetadata`), and standard exceptions (`HtHttpException`). |
46 | 47 | * `ht_data_client`: Defines the generic `HtDataClient<T>` interface. |
47 | 48 | * `ht_data_inmemory`: Provides the `HtDataInMemoryClient<T>` implementation for data. |
48 | 49 | * `ht_data_repository`: Defines the generic `HtDataRepository<T>` for data access. |
49 | 50 | * `ht_app_settings_client`: Defines the `HtAppSettingsClient` interface for settings. |
50 | 51 | * `ht_app_settings_inmemory`: Provides the `HtAppSettingsInMemory` implementation for settings. |
51 | 52 | * `ht_app_settings_repository`: Defines the `HtAppSettingsRepository` for settings management. |
| 53 | + * `ht_email_client`: Defines the `HtEmailClient` interface for sending emails. |
| 54 | + * `ht_email_inmemory`: Provides the `HtEmailInMemoryClient` implementation for emails. |
| 55 | + * `ht_email_repository`: Defines the `HtEmailRepository` for email operations. |
52 | 56 | * `ht_http_client`: Provides custom HTTP exceptions (`HtHttpException` subtypes) used for consistent error signaling. |
53 | 57 | * **Key Patterns:** |
54 | | - * **Repository Pattern:** `HtDataRepository<T>` and `HtAppSettingsRepository` provide clean abstractions over data/settings logic. Route handlers interact with repositories. |
| 58 | + * **Repository Pattern:** `HtDataRepository<T>`, `HtAppSettingsRepository`, and `HtEmailRepository` provide clean abstractions over data/settings/email logic. Route handlers interact with repositories. |
| 59 | + * **Service Layer:** Services like `AuthService` orchestrate complex operations involving multiple repositories or logic (e.g., authentication flow). |
55 | 60 | * **Generic Data Endpoint:** A single set of route handlers serves multiple data models via `/api/v1/data`. |
56 | 61 | * **Model Registry:** A central map (`lib/src/registry/model_registry.dart`) links data model names to configurations (`ModelConfig`) for the generic data endpoint. |
57 | | - * **Dependency Injection (Dart Frog Providers):** Middleware (`routes/_middleware.dart`) provides singleton instances of repositories (`HtDataRepository<T>`, `HtAppSettingsRepository`), the `ModelRegistryMap`, and a unique `RequestId`. |
| 62 | + * **Dependency Injection (Dart Frog Providers):** Middleware (`routes/_middleware.dart`) provides singleton instances of repositories, services (`AuthService`, `AuthTokenService`, etc.), the `ModelRegistryMap`, and a unique `RequestId`. |
58 | 63 | * **Centralized Error Handling:** The `errorHandler` middleware intercepts exceptions and maps them to standardized JSON error responses. |
| 64 | + * **Authentication Middleware:** `authenticationProvider` validates tokens and provides `User?` context; `requireAuthentication` enforces access for protected routes. |
| 65 | + |
| 66 | +## API Endpoints: Authentication (`/api/v1/auth`) |
| 67 | + |
| 68 | +These endpoints handle user authentication flows. |
| 69 | + |
| 70 | +**Standard Response Structure:** Uses the same `SuccessApiResponse` and error structure as the Data API. Authentication success responses typically use `SuccessApiResponse<AuthSuccessResponse>` (containing User and token) or `SuccessApiResponse<User>`. |
| 71 | + |
| 72 | +**Authentication Operations:** |
| 73 | + |
| 74 | +1. **Request Sign-In Code** |
| 75 | + * **Method:** `POST` |
| 76 | + * **Path:** `/api/v1/auth/request-code` |
| 77 | + * **Request Body: ** JSON object `{"email": "[email protected]"}`. |
| 78 | + * **Success Response:** `202 Accepted` (Indicates request accepted, email sending initiated). |
| 79 | + * **Example: ** `POST /api/v1/auth/request-code` with body `{"email": "[email protected]"}` |
| 80 | + |
| 81 | +2. **Verify Sign-In Code** |
| 82 | + * **Method:** `POST` |
| 83 | + * **Path:** `/api/v1/auth/verify-code` |
| 84 | + * **Request Body: ** JSON object `{"email": "[email protected]", "code": "123456"}`. |
| 85 | + * **Success Response:** `200 OK` with `SuccessApiResponse<AuthSuccessResponse>` containing the `User` object and the authentication `token`. |
| 86 | + * **Error Response:** `400 Bad Request` (e.g., invalid code/email format), `400 Bad Request` via `InvalidInputException` (e.g., code incorrect/expired). |
| 87 | + * **Example: ** `POST /api/v1/auth/verify-code` with body `{"email": "[email protected]", "code": "654321"}` |
| 88 | + |
| 89 | +3. **Sign In Anonymously** |
| 90 | + * **Method:** `POST` |
| 91 | + * **Path:** `/api/v1/auth/anonymous` |
| 92 | + * **Request Body:** None. |
| 93 | + * **Success Response:** `200 OK` with `SuccessApiResponse<AuthSuccessResponse>` containing the anonymous `User` object and the authentication `token`. |
| 94 | + * **Example:** `POST /api/v1/auth/anonymous` |
| 95 | + |
| 96 | +4. **Get Current User Details** |
| 97 | + * **Method:** `GET` |
| 98 | + * **Path:** `/api/v1/auth/me` |
| 99 | + * **Authentication:** Required (Bearer Token). |
| 100 | + * **Success Response:** `200 OK` with `SuccessApiResponse<User>` containing the details of the authenticated user. |
| 101 | + * **Error Response:** `401 Unauthorized`. |
| 102 | + * **Example:** `GET /api/v1/auth/me` with `Authorization: Bearer <token>` header. |
| 103 | + |
| 104 | +5. **Sign Out** |
| 105 | + * **Method:** `POST` |
| 106 | + * **Path:** `/api/v1/auth/sign-out` |
| 107 | + * **Authentication:** Required (Bearer Token). |
| 108 | + * **Request Body:** None. |
| 109 | + * **Success Response:** `204 No Content` (Indicates successful server-side action, if any). Client is responsible for clearing local token. |
| 110 | + * **Error Response:** `401 Unauthorized`. |
| 111 | + * **Example:** `POST /api/v1/auth/sign-out` with `Authorization: Bearer <token>` header. |
59 | 112 |
|
60 | 113 | ## API Endpoints: Data (`/api/v1/data`) |
61 | 114 |
|
|
0 commit comments