|
| 1 | +# AiFoodApp Backend API Endpoints Summary |
| 2 | + |
| 3 | +This document provides an overview of all main backend endpoints for frontend integration, including their HTTP methods, paths, authentication requirements, and usage notes. |
| 4 | + |
| 5 | +**Authentication Method: Standard OAuth2 with Google** |
| 6 | +- Uses Spring Security OAuth2 with session-based authentication |
| 7 | +- No custom JWT tokens or manual token refresh |
| 8 | +- Standard OAuth2 expiration handling |
| 9 | + |
| 10 | +--- |
| 11 | + |
| 12 | +## 1. AuthController (`/api/auth`) |
| 13 | +Handles standard OAuth2 authentication and user session management. |
| 14 | + |
| 15 | +- **GET `/api/auth/me`** |
| 16 | + - **Description:** Returns the current authenticated user's info. |
| 17 | + - **Frontend Usage:** Check if the user is logged in and get their profile. |
| 18 | + - **Auth:** Required (OAuth2 session) |
| 19 | + |
| 20 | +- **POST `/api/auth/logout`** |
| 21 | + - **Description:** Logs out the current user (invalidates session). |
| 22 | + - **Frontend Usage:** Call when the user clicks "logout". |
| 23 | + - **Auth:** Required (OAuth2 session) |
| 24 | + |
| 25 | +- **GET `/api/auth/login/google`** |
| 26 | + - **Description:** Returns the Google OAuth2 login URL. |
| 27 | + - **Response:** `{"loginUrl": "/oauth2/authorization/google"}` |
| 28 | + - **Frontend Usage:** Get the URL to redirect users for Google login. |
| 29 | + - **Auth:** No (public endpoint) |
| 30 | + |
| 31 | +- **GET `/api/auth/status`** |
| 32 | + - **Description:** Returns authentication status and user info. |
| 33 | + - **Response:** `{"authenticated": true/false, "user": {...}}` |
| 34 | + - **Frontend Usage:** Check session status on app load. |
| 35 | + - **Auth:** No (public endpoint) |
| 36 | + |
| 37 | +--- |
| 38 | + |
| 39 | +## 2. OAuth2 Endpoints (Standard Spring Security) |
| 40 | +Standard OAuth2 login flow endpoints managed by Spring Security. |
| 41 | + |
| 42 | +- **GET `/oauth2/authorization/google`** |
| 43 | + - **Description:** Initiates Google OAuth2 login flow. |
| 44 | + - **Frontend Usage:** Redirect users here to start Google login. |
| 45 | + - **Auth:** No (starts login flow) |
| 46 | + |
| 47 | +- **GET `/login/oauth2/code/google`** |
| 48 | + - **Description:** OAuth2 callback endpoint (handled by Spring Security). |
| 49 | + - **Frontend Usage:** Google redirects here after user authentication. |
| 50 | + - **Auth:** No (callback handling) |
| 51 | + |
| 52 | +--- |
| 53 | + |
| 54 | +## 3. FoodItemController (`/api/foods`) |
| 55 | +Handles CRUD operations for food items with AI enhancement. |
| 56 | + |
| 57 | +- **POST `/api/foods/create`** |
| 58 | + - **Description:** Create a new food item (with AI enhancement). |
| 59 | + - **Request:** JSON body with name, quantity, expiration. |
| 60 | + - **Response:** Created food item (with AI-determined nutrition). |
| 61 | + - **Auth:** Required (OAuth2 session) |
| 62 | + |
| 63 | +- **GET `/api/foods/{id}`** |
| 64 | + - **Description:** Get a food item by its ID. |
| 65 | + - **Response:** Food item details or 404 if not found. |
| 66 | + - **Auth:** Required (OAuth2 session) |
| 67 | + |
| 68 | +- **GET `/api/foods`** |
| 69 | + - **Description:** List all food items for the user. |
| 70 | + - **Response:** Array of food items. |
| 71 | + - **Auth:** Required (OAuth2 session) |
| 72 | + |
| 73 | +--- |
| 74 | + |
| 75 | +## 4. RecipeController (`/api/recipes`) |
| 76 | +Handles recipe management and AI-powered recipe features. |
| 77 | + |
| 78 | +- **GET `/api/recipes/gen`** |
| 79 | + - **Description:** Generates a recipe using AI. |
| 80 | + - **Frontend Usage:** Get AI-generated recipes. |
| 81 | + - **Auth:** Required (OAuth2 session) |
| 82 | + |
| 83 | +- **GET `/api/recipes/analyze/{id}`** |
| 84 | + - **Description:** Analyzes a recipe by ID (nutrition, etc.). |
| 85 | + - **Frontend Usage:** Show analysis for a selected recipe. |
| 86 | + - **Auth:** Required (OAuth2 session) |
| 87 | + |
| 88 | +--- |
| 89 | + |
| 90 | +## 5. UserInfoController (`/api`) |
| 91 | +Handles user info endpoints. |
| 92 | + |
| 93 | +- **GET `/api/auth`** |
| 94 | + - **Description:** Returns authentication/user info. |
| 95 | + - **Frontend Usage:** Get user details (alternative to `/api/auth/me`). |
| 96 | + - **Auth:** Required (OAuth2 session) |
| 97 | + |
| 98 | +--- |
| 99 | + |
| 100 | +## 6. HealthController |
| 101 | +- **GET `/health`** |
| 102 | + - **Description:** Health check endpoint. |
| 103 | + - **Frontend Usage:** Not typically used; for monitoring/deployment. |
| 104 | + - **Auth:** No |
| 105 | + |
| 106 | +--- |
| 107 | + |
| 108 | +## 7. DebugController (`/api/debug`) |
| 109 | +Debug and session management endpoints (for development/testing only). |
| 110 | + |
| 111 | +- **GET `/api/debug/info`**: Returns debug info |
| 112 | +- **GET `/api/debug/auth-info`**: Returns authentication debug info |
| 113 | +- **GET `/api/debug/session`**: Returns current session info |
| 114 | +- **GET `/api/debug/sessions/info`**: Returns all session info |
| 115 | +- **GET `/api/debug/sessions/create`**: Creates a new session |
| 116 | +- **GET `/api/debug/sessions/invalidate`**: Invalidates a session |
| 117 | +- **GET `/api/debug/test-cookie`**: Tests cookie handling |
| 118 | +- **Frontend Usage:** Only use for development/testing, not in production. |
| 119 | + |
| 120 | +--- |
| 121 | + |
| 122 | +## Authentication Flow for Frontend |
| 123 | + |
| 124 | +### 1. **Check Authentication Status** |
| 125 | +```javascript |
| 126 | +// On app load, check if user is already authenticated |
| 127 | +const response = await fetch('/api/auth/status', { credentials: 'include' }); |
| 128 | +const { authenticated, user } = await response.json(); |
| 129 | +``` |
| 130 | + |
| 131 | +### 2. **Initiate Login** |
| 132 | +```javascript |
| 133 | +// Redirect to Google OAuth2 login |
| 134 | +window.location.href = '/oauth2/authorization/google'; |
| 135 | +// Or get the URL first: |
| 136 | +const response = await fetch('/api/auth/login/google'); |
| 137 | +const { loginUrl } = await response.json(); |
| 138 | +window.location.href = loginUrl; |
| 139 | +``` |
| 140 | + |
| 141 | +### 3. **Handle Login Success** |
| 142 | +After successful OAuth2 login, Spring Security redirects to your frontend callback URL (configured in `OAuth2LoginSuccessHandler`). No token handling needed - just check auth status. |
| 143 | + |
| 144 | +### 4. **Make Authenticated Requests** |
| 145 | +```javascript |
| 146 | +// All API calls use session cookies automatically |
| 147 | +const response = await fetch('/api/foods', { |
| 148 | + credentials: 'include' // Important: include cookies |
| 149 | +}); |
| 150 | +``` |
| 151 | + |
| 152 | +### 5. **Logout** |
| 153 | +```javascript |
| 154 | +await fetch('/api/auth/logout', { |
| 155 | + method: 'POST', |
| 156 | + credentials: 'include' |
| 157 | +}); |
| 158 | +``` |
| 159 | + |
| 160 | +--- |
| 161 | + |
| 162 | +## Important Notes for Frontend Integration |
| 163 | + |
| 164 | +- **No Token Management:** The frontend doesn't need to handle tokens - Spring Security manages OAuth2 sessions automatically |
| 165 | +- **Cookie-Based:** Authentication uses secure HTTP-only cookies (JSESSIONID) |
| 166 | +- **Include Credentials:** All API requests must include `credentials: 'include'` to send session cookies |
| 167 | +- **Standard OAuth2:** Uses Google's standard OAuth2 flow with automatic token refresh handled by Spring Security |
| 168 | +- **Session Expiration:** Sessions expire based on Google's OAuth2 token expiration time |
| 169 | + |
| 170 | +--- |
| 171 | + |
| 172 | +*This API uses standard Spring Security OAuth2 without custom token handling for maximum reliability and security.* |
0 commit comments