iDefineHD/TurboTrades
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
5da4c0f34fee25660eaf3a4d4b66a3a57f7ba4b8
TurboTrades/API_ENDPOINTS.md
iDefineHD 232968de1e first commit
2026-01-10 04:57:43 +00:00

364 lines
8.8 KiB
Markdown
Raw Blame History

# TurboTrades API Endpoints Reference
Complete list of all available API endpoints with examples.
---
## Base URL
- **Development**: `http://localhost:3000`
- **Frontend Proxy**: `http://localhost:5173/api` (proxies to backend)
---
## Authentication Endpoints
### `/auth/*`
| Method | Endpoint | Description | Auth Required |
|--------|----------|-------------|---------------|
| GET | `/auth/steam` | Initiate Steam login | No |
| GET | `/auth/steam/return` | Steam OAuth callback | No |
| GET | `/auth/steam/test` | Test Steam config | No |
| GET | `/auth/me` | Get current user | Yes (Access Token) |
| POST | `/auth/refresh` | Refresh access token | Yes (Refresh Token) |
| POST | `/auth/logout` | Logout user | Yes (Access Token) |
| GET | `/auth/verify` | Verify token validity | Yes (Access Token) |
| GET | `/auth/decode-token` | Decode JWT token (debug) | No |
### Example Usage:
```bash
# Login via Steam (opens browser)
curl http://localhost:3000/auth/steam
# Get current user (requires auth)
curl http://localhost:3000/auth/me \
-H "Cookie: accessToken=YOUR_TOKEN"
# Refresh token
curl -X POST http://localhost:3000/auth/refresh \
-H "Cookie: refreshToken=YOUR_REFRESH_TOKEN"
```
---
## User Endpoints
### `/user/*`
| Method | Endpoint | Description | Auth Required |
|--------|----------|-------------|---------------|
| GET | `/user/profile` | Get user profile | Yes |
| PATCH | `/user/email` | Update email address | Yes |
| GET | `/user/verify-email/:token` | Verify email | No |
| PATCH | `/user/trade-url` | Update Steam trade URL | Yes |
| GET | `/user/balance` | Get user balance | Yes |
| GET | `/user/stats` | Get user statistics | Yes |
| PATCH | `/user/intercom` | Update intercom ID | Yes |
| GET | `/user/:steamId` | Get public user profile | No |
### Example Usage:
```bash
# Get profile
curl http://localhost:3000/user/profile \
-H "Cookie: accessToken=YOUR_TOKEN"
# Update email
curl -X PATCH http://localhost:3000/user/email \
-H "Cookie: accessToken=YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"email": "user@example.com"}'
# Update trade URL
curl -X PATCH http://localhost:3000/user/trade-url \
-H "Cookie: accessToken=YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"tradeUrl": "https://steamcommunity.com/tradeoffer/new/?partner=123&token=abc"}'
```
---
## Two-Factor Authentication (2FA) Endpoints
### `/user/2fa/*`
| Method | Endpoint | Description | Auth Required |
|--------|----------|-------------|---------------|
| POST | `/user/2fa/setup` | Generate QR code & secret | Yes |
| POST | `/user/2fa/verify` | Verify code & enable 2FA | Yes |
| POST | `/user/2fa/disable` | Disable 2FA | Yes |
### Example Usage:
```bash
# Setup 2FA (get QR code)
curl -X POST http://localhost:3000/user/2fa/setup \
-H "Cookie: accessToken=YOUR_TOKEN"
# Verify 2FA code
curl -X POST http://localhost:3000/user/2fa/verify \
-H "Cookie: accessToken=YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"token": "123456"}'
# Disable 2FA
curl -X POST http://localhost:3000/user/2fa/disable \
-H "Cookie: accessToken=YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"password": "123456"}'
```
---
## Session Management Endpoints
### `/user/sessions/*`
| Method | Endpoint | Description | Auth Required |
|--------|----------|-------------|---------------|
| GET | `/user/sessions` | Get all active sessions | Yes |
| DELETE | `/user/sessions/:sessionId` | Revoke specific session | Yes |
| POST | `/user/sessions/revoke-all` | Revoke all other sessions | Yes |
### Example Usage:
```bash
# Get all sessions
curl http://localhost:3000/user/sessions \
-H "Cookie: accessToken=YOUR_TOKEN"
# Revoke specific session
curl -X DELETE http://localhost:3000/user/sessions/SESSION_ID \
-H "Cookie: accessToken=YOUR_TOKEN"
# Revoke all other sessions
curl -X POST http://localhost:3000/user/sessions/revoke-all \
-H "Cookie: accessToken=YOUR_TOKEN"
```
---
## Market Endpoints
### `/market/*`
| Method | Endpoint | Description | Auth Required |
|--------|----------|-------------|---------------|
| GET | `/market/items` | Get marketplace items | No |
| GET | `/market/items/:id` | Get item details | No |
| GET | `/market/featured` | Get featured items | No |
| GET | `/market/recent-sales` | Get recent sales | No |
| GET | `/market/stats` | Get market statistics | No |
| POST | `/market/purchase/:id` | Purchase an item | Yes |
### Example Usage:
```bash
# Get all items
curl http://localhost:3000/market/items
# Get items with filters
curl "http://localhost:3000/market/items?game=cs2&minPrice=10&maxPrice=100&limit=20"
# Get featured items
curl http://localhost:3000/market/featured
# Get item details
curl http://localhost:3000/market/items/ITEM_ID
# Purchase item
curl -X POST http://localhost:3000/market/purchase/ITEM_ID \
-H "Cookie: accessToken=YOUR_TOKEN"
# Get market stats
curl http://localhost:3000/market/stats
```
---
## WebSocket Endpoint
### `/ws`
Real-time updates via WebSocket.
```javascript
// Connect to WebSocket
const ws = new WebSocket('ws://localhost:3000/ws');
// Listen for messages
ws.onmessage = (event) => {
const data = JSON.parse(event.data);
console.log('Received:', data);
};
// Send ping
ws.send(JSON.stringify({ type: 'ping' }));
```
**Events:**
- `listing_update` - Item listing updated
- `listing_removed` - Item removed from market
- `listing_added` - New item added to market
- `price_update` - Item price changed
- `market_update` - Bulk market updates
- `pong` - Response to ping
---
## Testing from Frontend
### Using Axios (already configured):
```javascript
import axios from '@/utils/axios'
// Get user profile
const response = await axios.get('/api/user/profile', {
withCredentials: true
})
// Update email
await axios.patch('/api/user/email', {
email: 'user@example.com'
}, {
withCredentials: true
})
// Setup 2FA
const response = await axios.post('/api/user/2fa/setup', {}, {
withCredentials: true
})
// Get sessions
const response = await axios.get('/api/user/sessions', {
withCredentials: true
})
```
---
## Common Issues & Solutions
### 1. "Unauthorized" Error
**Cause**: No access token provided or token expired.
**Solution**:
- Login via Steam first: `http://localhost:3000/auth/steam`
- Ensure cookies are being sent: `withCredentials: true`
- Check if token is expired (15 minutes lifetime)
- Use refresh token to get new access token
### 2. "Route not found"
**Cause**: Incorrect URL or route not registered.
**Solution**:
- Check the route prefix (`/auth`, `/user`, `/market`)
- Verify the HTTP method (GET, POST, PATCH, DELETE)
- Check backend logs for route registration
### 3. CORS Issues
**Cause**: Frontend and backend on different ports.
**Solution**:
- Ensure `CORS_ORIGIN=http://localhost:5173` in `.env`
- Restart backend after changing `.env`
- Use frontend proxy: `/api/*` instead of direct backend URL
### 4. Sessions Not Working
**Cause**: Session model not properly imported or MongoDB issue.
**Solution**:
- Check MongoDB is running: `mongod`
- Verify Session model exists: `models/Session.js`
- Check backend logs for session creation errors
- Ensure TTL index is created on `expiresAt` field
---
## Response Formats
### Success Response:
```json
{
"success": true,
"data": { ... }
}
```
### Error Response:
```json
{
"error": "ErrorType",
"message": "Human readable error message",
"details": { ... }
}
```
---
## Authentication Flow
1. User clicks "Login with Steam" → `/auth/steam`
2. Redirects to Steam OpenID
3. User authenticates on Steam
4. Steam redirects back → `/auth/steam/return`
5. Backend generates JWT tokens
6. Sets `accessToken` and `refreshToken` cookies
7. Redirects to frontend → `http://localhost:5173/`
---
## Token Lifetimes
- **Access Token**: 15 minutes
- **Refresh Token**: 7 days
- **Session TTL**: 7 days (auto-deleted by MongoDB)
---
## Frontend Routes
| Route | Component | Auth Required |
|-------|-----------|---------------|
| `/` | HomePage | No |
| `/market` | MarketPage | No |
| `/item/:id` | ItemDetailsPage | No |
| `/profile` | ProfilePage | Yes |
| `/inventory` | InventoryPage | Yes |
| `/sell` | SellPage | Yes |
| `/transactions` | TransactionsPage | Yes |
| `/deposit` | DepositPage | Yes |
| `/withdraw` | WithdrawPage | Yes |
| `/admin` | AdminPage | Yes (Admin only) |
| `/faq` | FAQPage | No |
| `/support` | SupportPage | No |
| `/terms` | TermsPage | No |
| `/privacy` | PrivacyPage | No |
---
## Quick Start Testing
1. **Start MongoDB**: `mongod`
2. **Seed Database**: `npm run seed`
3. **Start Backend**: `npm run dev`
4. **Start Frontend**: `cd frontend && npm run dev`
5. **Login**: Navigate to `http://localhost:5173` and login with Steam
6. **Test Routes**: Use browser DevTools Network tab or curl commands above
---
## Notes
- All timestamps are in UTC
- Prices are in USD
- Image URLs may be Steam CDN or placeholder
- WebSocket connections are optional
- Rate limiting: 100 requests per minute (development)
Reference in New Issue View Git Blame Copy Permalink