This project exposes a compact HTTP API designed for:
- predictable REST-style resource handling
- compatibility with browser form workflows
- easy migration to TanStack Query or GraphQL clients
- Contract file:
docs/openapi.yaml - Generated types:
src/generated/api/openapi.generated.ts(do not edit by hand) - Shared type aliases:
src/generated/api/api-types.ts
Generate types after changing the contract:
npm run gen:api-types
For the full generation layout and CI ideas, see skills/api-first/SKILL.md.
POST /api/session— create an authenticated session (JSON response)DELETE /api/session— clear the authenticated session (204 No Content)
Legacy compatibility endpoints (browser redirect flow):
POST /login/password— form login, redirects to/productor/loginGET /logout— clears cookie, redirects to/
GET /api/key— returns the local-storage encryption key (requires auth)
- Resource-oriented paths for API clients (
/api/session,/api/key) - HTTP methods map to intent:
POSTcreates a sessionDELETEends a sessionGETreads server data
- Auth/session state is cookie-backed and enforced server-side
- Error payloads use structured JSON for API routes
When adding or changing endpoints:
- Prefer
/api/*resource paths over action verbs in URLs. - Keep response shapes stable and typed.
- Use standard status codes (
200,201,204,400,401,403,429,500). - Keep legacy endpoints only as temporary compatibility shims.
- Update
src/server/config/constants.tsandsrc/client/utilities/constants.tstogether. - Regenerate shared API types with
npm run gen:api-types. - Add or update tests at the right layer (E2E for route contracts, unit/integration where practical).
- TanStack Query works best with stable, resource-oriented HTTP contracts;
/api/sessionand/api/keyare query/mutation friendly. - GraphQL migration is easier when REST behavior is already consistent and typed, making resolver mapping straightforward.
- Keeping client endpoint constants centralized reduces transport-coupling and drift during staged migrations.