๐ Authentication API โ
๐ Customer Registration โ
POST /api/auth/customer/registerRequest:
json
{
"name": "Jane Doe",
"email": "jane@example.com",
"password": "securepassword",
"phone": "+1234567890"
}Response: 201 Created
json
{
"success": true,
"data": {
"token": "eyJhbG...",
"customer": {
"id": "cuid",
"name": "Jane Doe",
"email": "jane@example.com"
}
}
}๐ Customer Login โ
POST /api/auth/customer/loginRequest:
json
{
"email": "jane@example.com",
"password": "securepassword"
}Response: 200 OK
json
{
"success": true,
"data": {
"token": "eyJhbG...",
"customer": {
"id": "cuid",
"name": "Jane Doe",
"email": "jane@example.com"
}
}
}๐จโ๐ผ Staff Login โ
POST /api/auth/staff/loginRequest:
json
{
"email": "admin@kitchenasty.com",
"password": "admin123"
}Response: 200 OK
json
{
"success": true,
"data": {
"token": "eyJhbG...",
"user": {
"id": "cuid",
"name": "Admin",
"email": "admin@kitchenasty.com",
"role": "SUPER_ADMIN"
}
}
}๐ฅ Staff Registration โ
POST /api/auth/staff/register
Authorization: Bearer <super-admin-token>Only Super Admins can create new staff accounts.
Request:
json
{
"name": "New Staff",
"email": "staff@kitchenasty.com",
"password": "password123",
"role": "STAFF",
"locationId": "location-id"
}๐ค Get Current User โ
GET /api/auth/me
Authorization: Bearer <token>Returns the currently authenticated user (staff or customer).
Response: 200 OK
json
{
"success": true,
"data": {
"id": "cuid",
"email": "user@example.com",
"name": "User Name",
"type": "staff",
"role": "MANAGER"
}
}๐ต Google OAuth โ
GET /api/auth/googleRedirects the user to Google's OAuth consent screen. After approval, redirects to /api/auth/google/callback which issues a JWT token.
Only available when GOOGLE_CLIENT_ID is configured.
๐ท Facebook OAuth โ
GET /api/auth/facebookRedirects the user to Facebook's login dialog. After approval, redirects to /api/auth/facebook/callback which issues a JWT token.
Only available when FACEBOOK_APP_ID is configured.
โ ๏ธ Error Cases โ
| Scenario | Status | Error |
|---|---|---|
| โ Invalid credentials | 401 | Invalid email or password |
| ๐ง Email already exists | 400 | Email already registered |
| ๐ Missing required fields | 400 | Validation error message |
| ๐ซ Unauthorized staff registration | 403 | Forbidden |