Auth API
Prefix: /api/auth | Tag: auth
Handles login, logout, account activation, and current-user lookup. Tries Supabase-backed authentication first, falls back to local hardcoded users.
Endpoints
| Method | Path | Description |
|---|---|---|
| POST | /api/auth/login | Authenticate and get a JWT |
| POST | /api/auth/activate | Activate an invited account |
| POST | /api/auth/logout | Log out (records audit event) |
| GET | /api/auth/me | Get current user profile |
POST /api/auth/login
Request body:
{
"username": "string",
"password": "string"
}
Response (LoginResponse):
{
"access_token": "eyJ...",
"token_type": "bearer",
"user": {
"id": "1",
"username": "kiran",
"name": "Kiran",
"email": "kiran@celerdata.com",
"role": "superadmin"
}
}
Returns 401 on invalid credentials.
POST /api/auth/activate
Activate an invited user account using the invitation token.
Request body:
{
"token": "string",
"password": "string (min 8 chars)"
}
Returns a LoginResponse (auto-login after activation). Returns 400 for invalid/expired tokens, 422 if password is too short.
POST /api/auth/logout
Requires JWT. Records a logout audit event. Reads X-Session-Duration header for session tracking.
Response: {"ok": true}
GET /api/auth/me
Requires JWT. Returns the current user's UserInfo.
{
"id": "1",
"username": "kiran",
"name": "Kiran",
"email": "kiran@celerdata.com",
"role": "superadmin"
}