syntaxbullet/aurorabot
1
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
25a0bd3431f30e49a3acbfcd3cfcd3b7c14a705c
aurorabot/api/README.md
syntaxbullet 25a0bd3431
Some checks failed
Deploy to Production / test (push) Failing after 29s
Details
Sign panel sessions and isolate test runs 
- Replace in-memory auth sessions with signed cookies and signed OAuth state
- Add auth route coverage and update panel/web server wiring
- Switch test script to per-file Bun processes and clean up type checks
2026-04-09 21:44:05 +02:00

131 lines
2.8 KiB
Markdown
Raw Blame History

# Aurora API
Aurora's API is a Bun server that runs inside the same process as the Discord bot. It serves REST routes, the authenticated WebSocket endpoint, static assets, and built panel files.
## Runtime model
- Entry point: `api/src/server.ts`
- Route dispatcher: `api/src/routes/index.ts`
- Auth: Discord OAuth with signed session cookies
- WebSocket: `/ws`
- Static assets: `/assets/*`
- Built panel fallback: `panel/dist`
## Access model
Public:
- `GET /api/health`
- `/auth/discord`
- `/auth/callback`
- `POST /auth/logout`
- `GET /auth/me`
Player-accessible API routes:
- `GET /api/stats`
- `GET /api/health`
- `GET /api/me`
- `GET /api/me/inventory`
Admin-only API routes:
- everything else under `/api/*`
Admin vs player is derived from `ADMIN_USER_IDS`. A user must already exist in the `users` table to complete panel login.
## Route summary
### Auth
- `GET /auth/discord`
- `GET /auth/callback`
- `POST /auth/logout`
- `GET /auth/me`
### Dashboard and system
- `GET /api/health`
- `GET /api/stats`
- `GET /api/stats/activity`
- `POST /api/actions/reload-commands`
- `POST /api/actions/clear-cache`
- `POST /api/actions/maintenance-mode`
### Settings
- `GET /api/settings`
- `POST /api/settings`
- `GET /api/settings/meta`
- `GET /api/guilds/:guildId/settings`
- `PUT|PATCH /api/guilds/:guildId/settings`
- `DELETE /api/guilds/:guildId/settings`
### Users, classes, and inventory
- `GET /api/me`
- `GET /api/me/inventory`
- `GET /api/users`
- `GET /api/users/:id`
- `PUT /api/users/:id`
- `GET /api/users/:id/inventory`
- `POST /api/users/:id/inventory`
- `DELETE /api/users/:id/inventory/:itemId`
- `GET /api/classes`
- `POST /api/classes`
- `PUT /api/classes/:id`
- `DELETE /api/classes/:id`
### Game content
- `GET /api/items`
- `POST /api/items`
- `GET /api/items/:id`
- `PUT /api/items/:id`
- `DELETE /api/items/:id`
- `POST /api/items/:id/icon`
- `GET /api/quests`
- `POST /api/quests`
- `PUT /api/quests/:id`
- `DELETE /api/quests/:id`
- `GET /api/lootdrops`
- `POST /api/lootdrops`
- `DELETE /api/lootdrops/:messageId`
### Moderation and economy history
- `GET /api/moderation`
- `POST /api/moderation`
- `GET /api/transactions`
## WebSocket
`/ws` requires a valid `aurora_session` cookie.
Current behavior:
- dashboard clients subscribe to `dashboard`
- game clients also use lobby and room-scoped traffic through `GameServer`
- `PING` from the client returns `PONG`
- dashboard stats are broadcast every 5 seconds while at least one client is connected
- hard limits in `api/src/server.ts`:
- 200 concurrent connections
- 16 KB max payload
- 60 second idle timeout
## Development
Start the backend:
```bash
bun run dev
```
Optional panel dev server:
```bash
bun run panel:dev
```
Panel dev runs on `http://localhost:5173` and proxies API/auth/assets/WebSocket requests to `http://localhost:3000`.
Reference in New Issue View Git Blame Copy Permalink