30 lines
1.5 KiB
Markdown
30 lines
1.5 KiB
Markdown
# Batch 10 — API Documentation Update
|
|
|
|
## File Changed
|
|
- `docs/API.md`
|
|
|
|
## Exact Changes Made
|
|
|
|
### 1. Added `POST /api/content/:cxid/report` endpoint
|
|
Inserted a new endpoint section between `GET /api/content/:cxid/file/:file_idx/raw` and `POST /api/content/:cxid/verify-password`.
|
|
|
|
- **Auth:** None
|
|
- **Body:** `{ "reason": "string" }`
|
|
- **Behavior documented:** Validates cxid, checks content is active, inserts report with `reporter_user_id = 0` (web), forwards notification to all `review_group_ids` via Telegram Bot API
|
|
- **Response:** `204 No Content` on success, `404 Not Found` if content not found/deleted/blacklisted
|
|
- **Rate limiting:** Covered by the general API governor
|
|
|
|
### 2. Updated `GET /api/content/:cxid/file/:file_idx` view counter note
|
|
Changed the note from:
|
|
> "Range requests and `If-None-Match` (ETag) matches do **not** increment the counter."
|
|
|
|
To:
|
|
> "Range requests, `If-None-Match` (ETag) matches, and HEAD requests do **not** increment the counter."
|
|
|
|
### 3. Added "Password Flow" subsection under General Behavior
|
|
Inserted after "Rate Limiting" and before "Fallback / Static Assets" to clarify:
|
|
- The `sc` query parameter is checked on both the metadata endpoint (`GET /api/content/:cxid`) and the file endpoints (`GET /api/content/:cxid/file/:file_idx`, `GET /api/content/:cxid/file/:file_idx/raw`).
|
|
- When valid, the server sets an HMAC-signed `cgcx_pw` cookie on the response.
|
|
- Passwords can also be provided via the `cgcx_pw` cookie.
|
|
- For programmatic verification, use `POST /api/content/:cxid/verify-password`.
|