refactor: API endpoints

Author: rrd108

CLAUDE.md

@@ -110,9 +110,9 @@ npx nuxt-users create-user user@example.com "John Doe" password123
 - **Table management**: Utilities for checking table existence and managing database schema
 
 ### API Routes
-- **`/api/auth/login`**: POST endpoint for user authentication with bcrypt password verification and token generation
-- **`/api/auth/forgot-password`**: POST endpoint for password reset initiation
-- **`/api/auth/reset-password`**: POST endpoint for password reset completion
+- **`/api/nuxt-users/session`**: POST login, DELETE logout
+- **`/api/nuxt-users/password/forgot`**: POST password reset initiation
+- **`/api/nuxt-users/password/reset`**: POST password reset completion
 
 ### Vue Components
 - **LoginForm**: User authentication and forgot password form
@@ -216,7 +216,7 @@ yarn docs:deploy
 - **Database utilities**: `src/utils/db.ts:28` (useDb function)
 - **CLI entry**: `src/cli/main.ts:11` (command definitions)
 - **Type definitions**: `src/types.ts:11` (ModuleOptions interface)
-- **Login API**: `src/runtime/server/api/auth/login.post.ts:8` (authentication handler)
+- **Login API**: `src/runtime/server/api/nuxt-users/session/index.post.ts:8` (authentication handler)
 
 ## Documentation Mapping
 

docs/api/index.md

@@ -6,7 +6,7 @@ The Nuxt Users module provides several API endpoints for authentication, user ma
 
 ### Login
 
-**Endpoint:** `POST /api/auth/login`
+**Endpoint:** `POST /api/nuxt-users/session`
 
 Authenticate a user with email and password.
 
@@ -38,7 +38,7 @@ Authenticate a user with email and password.
 
 ### Logout
 
-**Endpoint:** `GET /api/auth/logout`
+**Endpoint:** `DELETE /api/nuxt-users/session`
 
 Logout the current user by removing their authentication token.
 
@@ -181,7 +181,7 @@ Delete a user.
 
 ### Get Profile
 
-**Endpoint:** `GET /api/nuxt-users/profile`
+**Endpoint:** `GET /api/nuxt-users/me`
 
 Get the current user's profile information.
 
@@ -206,7 +206,7 @@ Get the current user's profile information.
 
 ### Update Password
 
-**Endpoint:** `POST /api/auth/update-password`
+**Endpoint:** `PATCH /api/nuxt-users/password`
 
 Update the current user's password.
 
@@ -240,7 +240,7 @@ Update the current user's password.
 
 ### Forgot Password
 
-**Endpoint:** `POST /api/auth/forgot-password`
+**Endpoint:** `POST /api/nuxt-users/password/forgot`
 
 Send a password reset link to the user's email.
 
@@ -265,7 +265,7 @@ Send a password reset link to the user's email.
 
 ### Reset Password
 
-**Endpoint:** `POST /api/auth/reset-password`
+**Endpoint:** `POST /api/nuxt-users/password/reset`
 
 Reset user password using a valid token.
 
@@ -323,9 +323,9 @@ The user management endpoints use a role-based permission system:
 
 Consider implementing rate limiting for these endpoints:
 
-- `/api/auth/login`: Prevent brute force attacks
-- `/api/auth/forgot-password`: Prevent email spam
-- `/api/auth/reset-password`: Prevent token brute force
+- `/api/nuxt-users/session`: Prevent brute force attacks
+- `/api/nuxt-users/password/forgot`: Prevent email spam
+- `/api/nuxt-users/password/reset`: Prevent token brute force
 - `/api/nuxt-users/*`: Prevent abuse of user management endpoints
 
 ## Next Steps

docs/api/types-and-utilities.md

@@ -192,7 +192,7 @@ getCurrentUserFromToken<T extends boolean = false>(
 
 **Example:**
 ```typescript
-// server/api/user/profile.get.ts
+// server/api/nuxt-users/me.get.ts
 export default defineEventHandler(async (event) => {
   const token = getCookie(event, 'auth_token')
 
@@ -271,7 +271,7 @@ if (!result.isValid) {
 Create a comprehensive user profile API:
 
 ```typescript
-// server/api/user/profile-complete.get.ts
+// server/api/nuxt-users/me-complete.get.ts
 import { getCurrentUserFromToken, getLastLoginTime } from 'nuxt-users/utils'
 import type { UserWithoutPassword } from 'nuxt-users/utils'
 

docs/components/index.md

@@ -41,7 +41,7 @@ const handleError = (error) => {
 
 | Prop | Type | Default | Description |
 |------|------|---------|-------------|
-| `apiEndpoint` | `string` | `'/api/auth/login'` | The API endpoint for login requests |
+| `apiEndpoint` | `string` | `'/api/nuxt-users/session'` | The API endpoint for login requests |
 | `redirectTo` | `string` | `'/'` | Where to redirect after successful login |
 
 ### Events
@@ -299,7 +299,7 @@ This component handles its own API calls, message display, and redirection to lo
 
 - Automatically reads `token` and `email` from URL query parameters
 - Password confirmation validation
-- API calls to `/api/auth/reset-password`
+- API calls to `/api/nuxt-users/password/reset`
 - Automatic redirection to login on success
 - Error handling and display
 

docs/contributing/code-style.md

@@ -77,7 +77,7 @@ interface Emits {
 }
 
 const props = withDefaults(defineProps<Props>(), {
-  apiEndpoint: '/api/auth/login',
+  apiEndpoint: '/api/nuxt-users/session',
   redirectTo: '/'
 })
 

docs/contributing/running-tests.md

@@ -253,7 +253,7 @@ describe('Login API', () => {
   })
 
   it('should login successfully', async () => {
-    const response = await $fetch('/api/auth/login', {
+    const response = await $fetch('/api/nuxt-users/session', {
       method: 'POST',
       body: {
         email: 'test@example.com',

docs/guide/authentication.md

@@ -30,7 +30,7 @@ export default defineNuxtConfig({
 
 ## Authentication Flow
 
-Upon successful login via the `/api/auth/login` endpoint:
+Upon successful login via the `/api/nuxt-users/session` endpoint:
 
 1. **User submits credentials** - Email and password are sent to the server
 2. **Password verification** - bcrypt compares the password with the stored hash
@@ -75,7 +75,7 @@ CREATE TABLE personal_access_tokens (
 
 ### Endpoint
 
-`POST /api/auth/login`
+`POST /api/nuxt-users/session`
 
 ### Request Body
 
@@ -149,7 +149,7 @@ You can implement custom login logic:
 <script setup>
 const login = async (email, password) => {
   try {
-    const response = await $fetch('/api/auth/login', {
+    const response = await $fetch('/api/nuxt-users/session', {
       method: 'POST',
       body: { email, password }
     })
@@ -256,9 +256,7 @@ You can also call the logout API directly:
 <script setup>
 const logout = async () => {
   try {
-    await $fetch('/api/auth/logout', {
-      method: 'GET'
-    })
+    await $fetch('/api/nuxt-users/session', { method: 'DELETE' })
     console.log('Logged out successfully')
   } catch (error) {
     console.error('Logout failed:', error)
@@ -409,9 +407,9 @@ export default defineNuxtConfig({
     banDuration: 300000,   // 5 minute ban for violators
     delay: 1000,           // 1 second delay on banned IPs
     routes: [
-      '/api/auth/login',           // Protect login endpoint
-      '/api/auth/forgot-password', // Protect password reset requests  
-      '/api/auth/reset-password'   // Protect password reset completion
+      '/api/nuxt-users/session',           // Protect login endpoint
+      '/api/nuxt-users/password/forgot',   // Protect password reset requests  
+      '/api/nuxt-users/password/reset'     // Protect password reset completion
     ],
     log: true // Enable logging for monitoring
   }
@@ -432,12 +430,12 @@ For different security levels on different endpoints:
 ```ts
 apiShield: {
   routes: {
-    '/api/auth/login': {
+    '/api/nuxt-users/session': {
       maxRequests: 5,      // Stricter limit for login
       duration: 60000,     // 1 minute
       banDuration: 600000  // 10 minute ban
     },
-    '/api/auth/forgot-password': {
+    '/api/nuxt-users/password/forgot': {
       maxRequests: 3,      // Very strict for password reset
       duration: 300000,    // 5 minute window
       banDuration: 1800000 // 30 minute ban

docs/guide/authorization.md

@@ -34,7 +34,7 @@ export default defineNuxtConfig({
       whitelist: ['/login', '/register', '/public'],
       permissions: {
         admin: ['*'], // Admin can access everything
-        user: ['/profile', '/settings', '/api/user/profile'],
+        user: ['/profile', '/settings', '/api/nuxt-users/me'],
         moderator: ['/admin/*', '/api/admin/*', '/moderate/*'],
         editor: ['/editor/*', '/api/editor/*', '/content/*']
       }
@@ -50,7 +50,7 @@ The system supports various pattern matching for flexible route protection:
 #### Exact Paths
 ```ts
 permissions: {
-  user: ['/profile', '/settings']
+      user: ['/profile', '/settings']
 }
 ```
 
@@ -66,7 +66,7 @@ permissions: {
 #### Complex Wildcards
 ```ts
 permissions: {
-  api_user: ['/api/*/profile'],    // Access to profile endpoints under any API section
+  api_user: ['/api/*/profile'],    // Example pattern
   manager: ['/admin/*/users/*']    // Access to user management under admin
 }
 ```
@@ -95,7 +95,7 @@ nuxtUsers: {
     permissions: {
       admin: ['*'],
       manager: ['/admin/*', '/api/admin/*', '/reports/*'],
-      customer: ['/profile', '/orders', '/api/user/*'],
+      customer: ['/profile', '/orders', '/api/nuxt-users/*'],
       vendor: ['/vendor/*', '/api/vendor/*', '/products/manage']
     }
   }

docs/guide/configuration.md

@@ -317,7 +317,7 @@ nuxtUsers: {
     tokenExpiration: 1440, // Token expiration in minutes (default: 24 hours)
     permissions: {
       admin: ['*'], // Admin can access everything
-      user: ['/profile', '/settings', '/api/user/profile'],
+      user: ['/profile', '/settings', '/api/nuxt-users/me'],
       moderator: ['/admin/*', '/api/admin/*']
     }
   }
@@ -439,7 +439,7 @@ export default defineNuxtConfig({
     maxRequests: 5,
     duration: 60000,
     banDuration: 300000,
-    routes: ['/api/auth/login', '/api/auth/forgot-password']
+    routes: ['/api/nuxt-users/session', '/api/nuxt-users/password/forgot']
   }
 })
 ```

docs/guide/password-reset.md

@@ -101,15 +101,15 @@ This component provides a form for users to set a new password using a token fro
 
 The component:
 - Automatically reads `token` and `email` from URL query parameters
-- Handles API calls to `/api/auth/reset-password`
+- Handles API calls to `/api/nuxt-users/password/reset`
 - Validates password confirmation
 - Redirects to login upon success
 
 ## API Endpoints
 
 ### Forgot Password
 
-**Endpoint:** `POST /api/auth/forgot-password`
+**Endpoint:** `POST /api/nuxt-users/password/forgot`
 
 **Request Body:**
 ```json
@@ -127,7 +127,7 @@ The component:
 
 ### Reset Password
 
-**Endpoint:** `POST /api/auth/reset-password`
+**Endpoint:** `POST /api/nuxt-users/password/reset`
 
 **Request Body:**
 ```json
@@ -154,7 +154,7 @@ The component:
 <script setup>
 const requestReset = async (email) => {
   try {
-    await $fetch('/api/auth/forgot-password', {
+    await $fetch('/api/nuxt-users/password/forgot', {
       method: 'POST',
       body: { email }
     })
@@ -176,7 +176,7 @@ const requestReset = async (email) => {
 <script setup>
 const resetPassword = async (token, email, password, passwordConfirmation) => {
   try {
-    await $fetch('/api/auth/reset-password', {
+    await $fetch('/api/nuxt-users/password/reset', {
       method: 'POST',
       body: {
         token,