Add a REST API for third party usage

leepeuker commented 1 year ago

The current most http routes used have a state (php session) and are not suitable for third party usages.

Structure proposal:

[x] /users/{username}/history/movies (movies with watch dates ordered by last played)
[x] /users/{username}/watchlist/movies (movies on the users watchlist ordered by the date of the addition to the list)
[x] /users/{username}/played/movies (all movies with user plays)
[ ] /movies (get all local movies)
[x] /movies/search (search for movies, including remote results from tmdb)
[ ] /movies/sync (import or update existing movie, either movaryId OR tmdbId required)
[ ] /jobs/{jopType} (CRUD for server background jobs)
[ ] /users/{username}/settings/general (CRUD for user general setttings)
[ ] /users/{username}/settings/security (CRUD for user security setttings)

Other:

All routes have the prefix /api
Routes can require a valid auth token. The auth token is set via http header X-Auth-Token. Every user account can re/generate their X-Auth-Token (token and user are hardly coupled). This is a really basic setup which can be improved later, for now I would like to focus on functionality over security.

TODO: add api token and its management to user general account settings, maybe under new section Api

leepeuker commented 1 year ago

The basics were added together with the first api endpoint (history). The rest of the endpoints has to follow.

JVT038 commented 1 year ago

Some other suggestions:

/users/{username}/settings/general/username (PUT) - Change the username
/users/{username}/settings/general/dateformat (PUT) - Change the user's date format
/users/{username}/settings/general/privacy (PUT) - Change the privacy level; accepts an integer, based on the level
/users/{username}/settings/general/country (PUT) - Change the country
/users/{username}/settings/general/watchlistremoval (PUT) - Toggle the automatic removal from the watchlist if an item is played
/users/{username}/settings/security/password (PUT) - Change the password

leepeuker commented 1 year ago

@JVT038 true, I have added the following to the TODO

- /users/{username}/settings/general (CRUD for user general setttings)
- /users/{username}/settings/security (CRUD for user security setttings)

I think I would prefer to create just one endpoint per settings type with optional values instead of one endpoint settings type value :thinking:

leepeuker commented 1 year ago

We need to improve the rest API stability. Incorrect requested payloads lead to 500 server errors.

Additionally, we return the frontend 500/404 responses pages for server errors. The rest API response should be JSON and not html.

Edit: Fixed wrong error pages for API.

leepeuker / movary