Authentication

Endpoints for user authentication and token management.

Authentication is handled via secure HTTP-only cookies for JWT tokens and CSRF protection.

POST /api/login

Authenticate a user and receive authentication tokens via cookies.

Method: POST
Path: /api/login
Source: handlers.go

Request Body

{
  "username": "string",
  "password": "string"
}

Response

{
  "username": "string"
}

Cookies Set

access_token: JWT access token (HTTP-only)
refresh_token: JWT refresh token (HTTP-only)
csrf_token: CSRF protection token
upload_key: Upload key for image uploads (HTTP-only)

Example

curl -X POST \
  -H "Content-Type: application/json" \
  -d '{"username":"user","password":"pass"}' \
  http://localhost:8080/api/login

Errors

400: Invalid request
401: Invalid credentials
500: Internal server error

POST /api/logout

Logout the current user by clearing authentication cookies.

Method: POST
Path: /api/logout
Source: handlers.go

Response

{
  "message": "Logged out successfully"
}

Example

curl -X POST http://localhost:8080/api/logout

POST /api/refresh

Refresh the access token using the refresh token cookie.

Method: POST
Path: /api/refresh
Source: handlers.go

Response

{
  "success": true,
  "username": "string"
}

Cookies Updated

access_token: New JWT access token
refresh_token: New JWT refresh token
csrf_token: New CSRF token

Example

curl -X POST http://localhost:8080/api/refresh

Errors

401: No refresh token or invalid refresh token
500: Internal server error

POST /api/verify

Verify the current authentication state.

Method: POST
Path: /api/verify
Source: handlers.go

Response

{
  "username": "string"
}

Example

curl -X POST http://localhost:8080/api/verify

Errors

401: Not authenticated
500: Internal server error

API Reference

Overview of all S.I.M.P backend API endpoints and groups.

Images

Endpoints for uploading, deleting, listing, and accessing images.