# API Documentation

## Base URL
`http://localhost:3000/api/v1`

## Authentication
Authentication is handled via **JWT (JSON Web Tokens)** stored in HTTP-Only cookies.
Header: `Authorization: Bearer <token>` (Alternative to cookies).

---

## Endpoints

### 1. Auth & User

| Method | Endpoint | Description | Access |
| :--- | :--- | :--- | :--- |
| `POST` | `/auth/login` | Login with username/password | Public |
| `POST` | `/auth/register` | Create new account | Public |
| `GET` | `/auth/me` | Get current session user | Private |
| `PATCH` | `/users/me` | Update profile (avatar, bio) | Private |
| `GET` | `/users/:id` | Get public profile of a user | Public |

### 2. Materials (Resources)

| Method | Endpoint | Description | Access |
| :--- | :--- | :--- | :--- |
| `GET` | `/materials` | List all materials (Pagination + Filter) | Public |
| `POST` | `/materials` | Create new material | Private |
| `GET` | `/materials/:id` | Get detail + Code/Video URL | Public |
| `DELETE`| `/materials/:id` | Delete material (Author/Admin only) | Private |
| `POST` | `/materials/:id/download` | Increment download count & get secure link | Private |

#### Query Parameters (GET /materials)
*   `page`: Page number (default 1)
*   `limit`: Items per page (default 12)
*   `type`: Filter by 'CODE', 'VIDEO', 'ASSET_ZIP'
*   `sort`: 'latest' | 'popular'

### 3. Interactions

| Method | Endpoint | Description | Access |
| :--- | :--- | :--- | :--- |
| `POST` | `/materials/:id/comments` | Add a comment | Private |
| `POST` | `/materials/:id/favorite` | Toggle favorite status | Private |

### 4. Admin (Console)

| Method | Endpoint | Description | Access |
| :--- | :--- | :--- | :--- |
| `GET` | `/admin/users` | List all system users | Admin |
| `POST` | `/admin/users/:id/ban` | Ban/Unban user | Admin |
| `GET` | `/admin/config` | Get DB/System configuration | Admin |
| `PUT` | `/admin/config` | Update system configuration | Admin |

---

## Example Usage (Fetch)

```javascript
// Get Materials
const response = await fetch('/api/v1/materials?type=CODE');
const result = await response.json();

if (result.success) {
  console.log(result.data); // Array of MaterialDTO
}
```