feat(api): add v2 routes, auth middleware, structured errors, and server status endpoint

Introduces incremental API improvements for custom launcher support (mhf-iel, stratic-dev's Rust launcher): - Standardize all error responses to JSON envelopes with error/message - Add Bearer token auth middleware for v2 routes (legacy body-token preserved) - Add `returning` (>90d inactive) and `courses` fields to auth response - Add /v2/ route prefix with HTTP method enforcement - Add GET /v2/server/status for MezFes, featured weapon, and event status - Add APIEventRepo for read-only event data access Closes #44
2026-03-22 07:32:32 +01:00 · 2026-02-27 12:46:23 +01:00
parent 9f43940a44
commit 7ff26f4980
11 changed files with 825 additions and 92 deletions
--- a/server/api/endpoints_coverage_test.go
+++ b/server/api/endpoints_coverage_test.go
@@ -162,8 +162,12 @@ func TestLoginEndpoint_UsernameNotFound(t *testing.T) {
 	if rec.Code != http.StatusBadRequest {
 		t.Errorf("status = %d, want 400", rec.Code)
 	}
-	if rec.Body.String() != "username-error" {
-		t.Errorf("body = %q, want username-error", rec.Body.String())
+	var errResp ErrorResponse
+	if err := json.NewDecoder(rec.Body).Decode(&errResp); err != nil {
+		t.Fatalf("decode error: %v", err)
+	}
+	if errResp.Error != "invalid_username" {
+		t.Errorf("error = %q, want invalid_username", errResp.Error)
 	}
 }

@@ -195,8 +199,12 @@ func TestLoginEndpoint_WrongPassword(t *testing.T) {
 	if rec.Code != http.StatusBadRequest {
 		t.Errorf("status = %d, want 400", rec.Code)
 	}
-	if rec.Body.String() != "password-error" {
-		t.Errorf("body = %q, want password-error", rec.Body.String())
+	var errResp ErrorResponse
+	if err := json.NewDecoder(rec.Body).Decode(&errResp); err != nil {
+		t.Fatalf("decode error: %v", err)
+	}
+	if errResp.Error != "invalid_password" {
+		t.Errorf("error = %q, want invalid_password", errResp.Error)
 	}
 }