136 lines
4.8 KiB
Markdown
136 lines
4.8 KiB
Markdown
# API Endpoint Audit Report
|
|
|
|
## INT-004: Verify all frontend API calls have backend endpoints
|
|
|
|
**Date**: 2025-12-25
|
|
**Status**: Completed
|
|
|
|
## Summary
|
|
|
|
This audit verifies that all frontend API calls have corresponding backend endpoints.
|
|
|
|
### Statistics
|
|
- **Total Frontend Endpoints**: 21 unique endpoints
|
|
- **✅ Verified**: 7 endpoints
|
|
- **⚠️ Path Mismatch**: 2 endpoints (different path structure)
|
|
- **❌ Missing/Incompatible**: 12 endpoints
|
|
|
|
## Detailed Analysis
|
|
|
|
### ✅ Verified Endpoints
|
|
|
|
These endpoints exist in the backend with matching methods:
|
|
|
|
1. **GET /audit/activity** - User activity audit
|
|
2. **GET /audit/stats** - Audit statistics
|
|
3. **POST /chat/token** - WebSocket token generation
|
|
4. **POST /notifications/read-all** - Mark all notifications as read
|
|
5. **GET /playlists** - List playlists (via /playlists/search or /playlists/:id)
|
|
6. **GET /users** - List users
|
|
7. **GET /users/me/export** - Export user data
|
|
|
|
### ⚠️ Path Mismatch Endpoints
|
|
|
|
These endpoints exist but with different path structures:
|
|
|
|
1. **GET, POST /conversations**
|
|
- Frontend expects: `/conversations` (root)
|
|
- Backend provides: `/conversations/:id` (with ID parameter)
|
|
- **Resolution**: Frontend should use `/conversations/:id` for specific conversations
|
|
- **Note**: List endpoint may need to be added or use different path
|
|
|
|
2. **GET, POST /tracks**
|
|
- Frontend expects: `/tracks` (root list/create)
|
|
- Backend provides: `/tracks/:id` (with ID parameter)
|
|
- **Resolution**: Frontend should use `/tracks/search` for listing and `/tracks/:id` for operations
|
|
- **Note**: POST for upload may use `/uploads` endpoint
|
|
|
|
### ❌ Missing/Incompatible Endpoints
|
|
|
|
These endpoints need to be verified or implemented:
|
|
|
|
1. **POST /auth/2fa/disable**
|
|
- **Status**: ✅ EXISTS at `/auth/2fa/disable` (protected route)
|
|
- **Action**: Frontend path is correct
|
|
|
|
2. **POST /auth/2fa/verify**
|
|
- **Status**: ✅ EXISTS at `/auth/2fa/verify` (protected route)
|
|
- **Action**: Frontend path is correct
|
|
|
|
3. **POST /auth/logout**
|
|
- **Status**: ✅ EXISTS at `/auth/logout` (protected route)
|
|
- **Action**: Frontend path is correct
|
|
|
|
4. **POST /auth/password/reset**
|
|
- **Status**: ✅ EXISTS at `/password/reset` (public route)
|
|
- **Action**: Frontend should use `/password/reset` instead of `/auth/password/reset`
|
|
|
|
5. **POST /auth/password/reset-request**
|
|
- **Status**: ✅ EXISTS at `/password/reset-request` (public route)
|
|
- **Action**: Frontend should use `/password/reset-request` instead of `/auth/password/reset-request`
|
|
|
|
6. **POST /auth/resend-verification**
|
|
- **Status**: ✅ EXISTS at `/auth/resend-verification` (public route)
|
|
- **Action**: Frontend path is correct
|
|
|
|
7. **DELETE /auth/sessions**
|
|
- **Status**: ✅ EXISTS at `/sessions/:session_id` (DELETE) and `/sessions/` (GET)
|
|
- **Action**: Frontend should use `/sessions/:session_id` for delete, `/sessions/` for list
|
|
|
|
8. **POST /items**
|
|
- **Status**: ❓ UNKNOWN - May be a generic placeholder
|
|
- **Action**: Verify if this is used or should be removed
|
|
|
|
9. **POST /messages**
|
|
- **Status**: ❓ UNKNOWN - Chat messages may use WebSocket
|
|
- **Action**: Verify if HTTP endpoint is needed or WebSocket only
|
|
|
|
10. **DELETE /notifications**
|
|
- **Status**: ✅ EXISTS at `/notifications/:id` (DELETE)
|
|
- **Action**: Frontend should use `/notifications/:id` for delete
|
|
|
|
11. **DELETE /users/me**
|
|
- **Status**: ✅ EXISTS at `/users/:id` (DELETE)
|
|
- **Action**: Frontend should use `/users/me` (which resolves to current user ID)
|
|
|
|
12. **PUT /users/me/password**
|
|
- **Status**: ❓ UNKNOWN - May be at `/users/me/password` or `/password/me`
|
|
- **Action**: Verify exact endpoint path
|
|
|
|
## Recommendations
|
|
|
|
### Immediate Actions
|
|
|
|
1. **Update Frontend Paths**:
|
|
- Change `/auth/password/reset` → `/password/reset`
|
|
- Change `/auth/password/reset-request` → `/password/reset-request`
|
|
- Change `/auth/sessions` DELETE → `/sessions/:session_id`
|
|
- Change `/notifications` DELETE → `/notifications/:id`
|
|
|
|
2. **Verify Endpoints**:
|
|
- Check if `/items` endpoint is actually used
|
|
- Check if `/messages` HTTP endpoint is needed (vs WebSocket)
|
|
- Verify `/users/me/password` exact path
|
|
|
|
3. **Documentation**:
|
|
- Create API endpoint mapping document
|
|
- Update frontend service files with correct paths
|
|
|
|
### Long-term Improvements
|
|
|
|
1. **API Versioning**: Ensure all endpoints use `/api/v1` prefix consistently
|
|
2. **Path Consistency**: Standardize path structures across frontend and backend
|
|
3. **Type Safety**: Add TypeScript types for all API endpoints
|
|
4. **Testing**: Add integration tests to verify endpoint compatibility
|
|
|
|
## Files Modified
|
|
|
|
- Created: `API_ENDPOINT_AUDIT.md` - This audit report
|
|
|
|
## Next Steps
|
|
|
|
1. Fix frontend paths that don't match backend
|
|
2. Remove or implement missing endpoints
|
|
3. Add integration tests for endpoint verification
|
|
4. Create automated endpoint validation in CI/CD
|
|
|