Table of contents
Documentation

EzSuite - API

EzSuite API – Überblick

Basis-URL: https://<URL>:<PORT> (Standard: 3000) API-Präfix: /api

Authentifizierung: 

  • Geschützte Endpunkte erwarten `Authorization: Bearer <JWT>`.
  • Refresh-Token wird als HttpOnly-Cookie unter `/api/auth/refresh` verwendet.

Fehlerformat (typisch):

  • 400: { error: string }
  • 401: { message: string }
  • 404: { error: string }
  • 500: { error: string, details?: string }

Auth

POST /api/auth/login Auth: öffentlich Request: { email: string, password: string } Response: { accessToken: string } Side-effects: setzt HttpOnly Refresh-Cookie Errors: 400, 401, 500
POST /api/auth/refresh Auth: Refresh-Cookie erforderlich Request: (kein Body; Cookie: refresh_token) Response: { accessToken: string } Side-effects: rotiert Refresh-Cookie Errors: 401, 500

Users

POST /api/users/register Auth: öffentlich Request: { username: string, email: string, password: string } Response: { id: number, username: string, email: string } Errors: 409 (Unique-Verletzung), 400, 500
GET /api/users/me Auth: Bearer-Token Request: (kein Body) Response: { id: number, username: string, email: string } Errors: 404, 401
DELETE /api/users/me Auth: Bearer-Token Request: { password: string } Response: { message: 'Account deleted successfully' } Side-effects: widerruft vorhandene Refresh-Tokens, löscht Konto Errors: 400, 401, 404, 500

Projects

GET /api/projects/ Auth: Bearer-Token Request: (kein Body) Response: [ { id, name, description, created_at, updated_at } ] Errors: 500
POST /api/projects/ Auth: Bearer-Token Request: { name: string, description?: string } Response: { id, name, description, created_at, updated_at } Validierung: name erforderlich, max Länge 200 Errors: 400, 500
PUT /api/projects/:id Auth: Bearer-Token Request: { name?: string, description?: string } Response: { id, name, description, created_at, updated_at } Hinweise: nur übergebene Felder werden aktualisiert; `updated_at` wird gesetzt Errors: 400 (keine Felder), 404, 500
DELETE /api/projects/:id Auth: Bearer-Token Request: (kein Body) Response: Status 204 bei Erfolg Errors: 400, 404, 500

Time

GET /api/time/ping Auth: Bearer-Token Request: (kein Body) Response: { ok: true, user: { id, email? } }
POST /api/time/entries Auth: Bearer-Token Request: { date: string (ISO), started_at: string (ISO), ended_at?: string (ISO), description?: string, project_id?: number } Response: { message: 'Time entry created successfully', id: number } Validierung: `date`, `started_at` erforderlich Hinweis: Datums-/Zeitfelder werden DB-kompatibel gespeichert Errors: 400, 500
GET /api/time/entries Auth: Bearer-Token Request: (kein Body) Response: [ { id, user_id, project_id?, date, description?, started_at, ended_at?, created_at, updated_at } ] Sortierung: date DESC, started_at DESC Errors: 500
GET /api/time/entries/:id Auth: Bearer-Token (nur eigene Einträge) Request: (kein Body) Response: { id, user_id, project_id?, date, description?, started_at, ended_at?, created_at, updated_at } Errors: 404, 500
PUT /api/time/entries/:id Auth: Bearer-Token (nur eigene Einträge) Request: { date: string (ISO), started_at: string (ISO), ended_at?: string (ISO), description?: string, project_id?: number } Response: { message: 'Time entry updated successfully', changes: number } Validierung: `date`, `started_at` erforderlich Errors: 400, 404, 500
DELETE /api/time/entries/:id Auth: Bearer-Token (nur eigene Einträge) Request: (kein Body) Response: { message: 'Time entry deleted successfully', changes: number } Errors: 404, 500
next
EzTime API