1.8 KiB
1.8 KiB
User Management - Xtream Player
Overview
Users are stored in H2 database (~/.xtream-player/users.db).
If no users exist, application creates default user admin / admin on startup.
Authentication for User API
User CRUD API is protected by a fixed bearer token:
- Header:
Authorization: Bearer MujBearer852654
Without this header (or with wrong value), API returns 401 Unauthorized.
/user CRUD API
Base endpoint:
http://localhost:8080/user
List users
curl -H "Authorization: Bearer MujBearer852654" \
http://localhost:8080/user
Get one user
curl -H "Authorization: Bearer MujBearer852654" \
"http://localhost:8080/user?username=admin"
Create user
curl -X POST -H "Authorization: Bearer MujBearer852654" \
-H "Content-Type: application/json" \
-d '{"username":"user","password":"pass123"}' \
http://localhost:8080/user
You can also send URL-encoded form data:
curl -X POST -H "Authorization: Bearer MujBearer852654" \
-d "username=user&password=pass123" \
http://localhost:8080/user
Update password
curl -X PUT -H "Authorization: Bearer MujBearer852654" \
-H "Content-Type: application/json" \
-d '{"username":"user","newPassword":"newPass123"}' \
http://localhost:8080/user
password is accepted as fallback key as well.
Delete user
By query param:
curl -X DELETE -H "Authorization: Bearer MujBearer852654" \
"http://localhost:8080/user?username=user"
Or by JSON body:
curl -X DELETE -H "Authorization: Bearer MujBearer852654" \
-H "Content-Type: application/json" \
-d '{"username":"user"}' \
http://localhost:8080/user
Response Notes
- Returned user objects include:
id,username,createdAt,updatedAt - Password hash is never returned by the API.