senke/veza
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
veza/docs/archive/root-md/API_ENDPOINT_AUDIT.md
senke 43af35fd93 chore(audit 2.2, 2.3): nettoyer .md et .json à la racine 
- Archiver 131 .md dans docs/archive/root-md/
- Archiver 22 .json dans docs/archive/root-json/
- Conserver 7 .md utiles (README, CONTRIBUTING, CHANGELOG, etc.)
- Conserver package.json, package-lock.json, turbo.json
- Ajouter README d'index dans chaque archive
2026-02-15 14:35:08 +01:00

4.8 KiB
Raw Blame History

API Endpoint Audit Report

INT-004: Verify all frontend API calls have backend endpoints

Date: 2025-12-25
Status: Completed

Summary

This audit verifies that all frontend API calls have corresponding backend endpoints.

Statistics

  • Total Frontend Endpoints: 21 unique endpoints
  • Verified: 7 endpoints
  • ⚠️ Path Mismatch: 2 endpoints (different path structure)
  • Missing/Incompatible: 12 endpoints

Detailed Analysis

Verified Endpoints

These endpoints exist in the backend with matching methods:

  1. GET /audit/activity - User activity audit
  2. GET /audit/stats - Audit statistics
  3. POST /chat/token - WebSocket token generation
  4. POST /notifications/read-all - Mark all notifications as read
  5. GET /playlists - List playlists (via /playlists/search or /playlists/:id)
  6. GET /users - List users
  7. GET /users/me/export - Export user data

⚠️ Path Mismatch Endpoints

These endpoints exist but with different path structures:

  1. GET, POST /conversations

    • Frontend expects: /conversations (root)
    • Backend provides: /conversations/:id (with ID parameter)
    • Resolution: Frontend should use /conversations/:id for specific conversations
    • Note: List endpoint may need to be added or use different path

  2. GET, POST /tracks

    • Frontend expects: /tracks (root list/create)
    • Backend provides: /tracks/:id (with ID parameter)
    • Resolution: Frontend should use /tracks/search for listing and /tracks/:id for operations
    • Note: POST for upload may use /uploads endpoint

Missing/Incompatible Endpoints

These endpoints need to be verified or implemented:

  1. POST /auth/2fa/disable

    • Status: EXISTS at /auth/2fa/disable (protected route)
    • Action: Frontend path is correct

  2. POST /auth/2fa/verify

    • Status: EXISTS at /auth/2fa/verify (protected route)
    • Action: Frontend path is correct

  3. POST /auth/logout

    • Status: EXISTS at /auth/logout (protected route)
    • Action: Frontend path is correct

  4. POST /auth/password/reset

    • Status: EXISTS at /password/reset (public route)
    • Action: Frontend should use /password/reset instead of /auth/password/reset

  5. POST /auth/password/reset-request

    • Status: EXISTS at /password/reset-request (public route)
    • Action: Frontend should use /password/reset-request instead of /auth/password/reset-request

  6. POST /auth/resend-verification

    • Status: EXISTS at /auth/resend-verification (public route)
    • Action: Frontend path is correct

  7. DELETE /auth/sessions

    • Status: EXISTS at /sessions/:session_id (DELETE) and /sessions/ (GET)
    • Action: Frontend should use /sessions/:session_id for delete, /sessions/ for list

  8. POST /items

    • Status: UNKNOWN - May be a generic placeholder
    • Action: Verify if this is used or should be removed

  9. POST /messages

    • Status: UNKNOWN - Chat messages may use WebSocket
    • Action: Verify if HTTP endpoint is needed or WebSocket only

  10. DELETE /notifications

  • Status: EXISTS at /notifications/:id (DELETE)
  • Action: Frontend should use /notifications/:id for delete
  1. DELETE /users/me
  • Status: EXISTS at /users/:id (DELETE)
  • Action: Frontend should use /users/me (which resolves to current user ID)
  1. PUT /users/me/password
  • Status: UNKNOWN - May be at /users/me/password or /password/me
  • Action: Verify exact endpoint path

Recommendations

Immediate Actions

  1. Update Frontend Paths:

    • Change /auth/password/reset/password/reset
    • Change /auth/password/reset-request/password/reset-request
    • Change /auth/sessions DELETE → /sessions/:session_id
    • Change /notifications DELETE → /notifications/:id

  2. Verify Endpoints:

    • Check if /items endpoint is actually used
    • Check if /messages HTTP endpoint is needed (vs WebSocket)
    • Verify /users/me/password exact path

  3. Documentation:

    • Create API endpoint mapping document
    • Update frontend service files with correct paths

Long-term Improvements

  1. API Versioning: Ensure all endpoints use /api/v1 prefix consistently
  2. Path Consistency: Standardize path structures across frontend and backend
  3. Type Safety: Add TypeScript types for all API endpoints
  4. Testing: Add integration tests to verify endpoint compatibility

Files Modified

  • Created: API_ENDPOINT_AUDIT.md - This audit report

Next Steps

  1. Fix frontend paths that don't match backend
  2. Remove or implement missing endpoints
  3. Add integration tests for endpoint verification
  4. Create automated endpoint validation in CI/CD