sneakygeek/SneakySwole
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
89d70fcae7bd71a3e2448b66cd32d4b3346685e2
SneakySwole/docs/API_REFERENCE.md
Phillip Tarrant 53e62f694f docs: replace implementation plans with architecture and API reference docs 
Remove phase implementation plans, design notes, and source spreadsheet
that are no longer needed. Add architecture.md, API_REFERENCE.md, and
database_schema.md for ongoing development and debugging reference.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-24 14:19:49 -06:00

7.5 KiB
Raw Blame History

API Reference

All endpoints return HTML (full pages or HTMX partials) unless noted otherwise. Protected routes require a valid admin session cookie.

Authentication

GET /login

Render the login form.

  • Auth: None
  • Response: Full page (pages/login.html)

POST /login

Authenticate admin credentials and start a session.

  • Auth: None
  • Content-Type: application/x-www-form-urlencoded
  • Form fields:
    • username (string) — admin username
    • password (string) — admin password
  • Success: 303 redirect to /, sets session cookie (httponly, samesite=lax, 24h TTL)
  • Failure: 200 with login page re-rendered and error message

GET /logout

End the admin session.

  • Auth: None (clears cookies regardless)
  • Response: 303 redirect to /login, deletes session and active_profile_id cookies

Health

GET /health

Application health check for monitoring and readiness probes.

  • Auth: None
  • Response: JSON 
    {
  "app": "sneakyswole",
  "version": "0.1.0",
  "status": "ok"
}

Pages

GET /

Home page.

  • Auth: None
  • Response: Full page (pages/home.html)

Profiles

All profile routes require admin authentication.

GET /profiles

List all user profiles (excludes admin).

  • Auth: Admin session
  • Response: Full page (pages/profiles.html)
  • Template context: profiles, active_profile_id, admin

POST /profiles/switch

Switch the active user profile.

  • Auth: Admin session
  • Content-Type: application/x-www-form-urlencoded
  • Form fields:
    • profile_id (string) — ID of the profile to activate
  • Response: 303 redirect to referring page, sets active_profile_id cookie

GET /profiles/{profile_id}/edit

Render the profile edit form.

  • Auth: Admin session
  • Path params: profile_id (int)
  • Response: Full page (pages/profile_edit.html)

POST /profiles/{profile_id}/edit

Update a user profile.

  • Auth: Admin session
  • Path params: profile_id (int)
  • Content-Type: application/x-www-form-urlencoded
  • Form fields:
    • display_name (string)
    • height (string)
    • weight (string)
    • goals (string)
  • Response: 303 redirect to /profiles

Workouts

All workout routes require admin authentication.

GET /workouts

List all workout days as clickable cards.

  • Auth: Admin session
  • Response: Full page (pages/workout_days.html)
  • Template context: days, admin

GET /workouts/{day_name}

Display a full workout day with warmups, exercises, programming targets, and inline logging.

  • Auth: Admin session
  • Path params: day_name (string) — URL-friendly name, e.g., "push", "pull", "lower", "full-body"
  • Response: Full page (pages/workout_day.html)
  • Template context: day_name, warmups, exercises, programs, active_profile, existing_logs, suggestions, workout_day_id, admin
  • Notes: Day name is normalized (e.g., "full-body" → "Full Body"). If an active profile is set, includes programming targets, progression suggestions, and today's existing logs.

Exercises

All exercise routes require admin authentication.

GET /exercises

Render the exercise browser with filter dropdowns.

  • Auth: Admin session
  • Response: Full page (pages/exercise_browser.html)
  • Template context: exercises, workout_days, muscle_groups, admin

GET /exercises/search

HTMX partial — return filtered exercise list.

  • Auth: Admin session
  • Query params:
    • workout_day (string, optional) — filter by workout day name
    • muscle_group (string, optional) — filter by muscle group
  • Response: HTMX partial (partials/exercise_list.html)
  • Usage: Called via hx-get from exercise browser filter dropdowns

Workout Logging

All logging routes require admin authentication. Responses are HTMX partials that update inline.

POST /log

Log a single set for an exercise. Auto-creates today's workout session if needed.

  • Auth: Admin session
  • Content-Type: application/x-www-form-urlencoded
  • Form fields:
    • exercise_id (int)
    • workout_day_id (int)
    • set_number (int, default=1)
    • reps (int)
    • weight (string) — e.g., "30 lbs", "BW"
    • felt_easy (checkbox, "on" = true)
  • Response: HTMX partial (partials/log_entry.html) with updated logs for this exercise
  • Error: If no active profile selected, returns partials/flash_message.html with error

POST /log/{log_id}/edit

Edit an existing log entry.

  • Auth: Admin session
  • Path params: log_id (int)
  • Content-Type: application/x-www-form-urlencoded
  • Form fields:
    • reps (int)
    • weight (string)
    • felt_easy (checkbox)
    • notes (string, optional)
  • Response: HTMX partial (partials/log_entry.html) with updated logs

POST /log/{log_id}/delete

Delete a log entry.

  • Auth: Admin session
  • Path params: log_id (int)
  • Response: HTMX partial (partials/log_entry.html) with remaining logs, or empty HTML if log not found

History

All history routes require admin authentication.

GET /history

Display log history for the active profile — list of past sessions, most recent first.

  • Auth: Admin session
  • Response: Full page (pages/log_history.html)
  • Template context: sessions, days_by_id, active_profile, admin
  • Notes: Requires active profile to show sessions

GET /history/{session_id}

Display detailed logs for a specific workout session, grouped by exercise.

  • Auth: Admin session
  • Path params: session_id (int)
  • Response: Full page (pages/session_detail.html)
  • Template context: workout_session, logs_by_exercise, exercises_by_id, days_by_id, admin

Dashboard

All dashboard routes require admin authentication.

GET /dashboard

Render the progress dashboard with summary stats, volume chart, and exercise links.

  • Auth: Admin session
  • Response: Full page (pages/dashboard.html)
  • Template context: stats, volume_data_json, exercises, active_profile, admin
  • Notes: Stats and volume data require an active profile. Chart.js renders client-side charts from JSON embedded in the template.

GET /dashboard/exercise/{exercise_id}

Per-exercise progress page with charts and progression suggestions.

  • Auth: Admin session
  • Path params: exercise_id (int)
  • Response: Full page (pages/exercise_progress.html)
  • Template context: exercise, progress_data_json, suggestion, active_profile, admin

Schedule

GET /schedule

4-week calendar view showing which workout day maps to which date.

  • Auth: Admin session
  • Response: Full page (pages/schedule.html)
  • Template context: weeks, active_profile, admin
  • Notes: Calendar starts from Monday of the current week. Days with completed sessions are highlighted. Requires active profile for session completion data.

Authentication Details

Cookies

Cookie Purpose Flags TTL
session Admin session token (itsdangerous signed) httponly, samesite=lax 24 hours
active_profile_id Currently selected user profile ID httponly, samesite=lax 24 hours

Auth Failure Behavior

  • Missing or invalid session cookie → 302 redirect to /login
  • Handled via NotAuthenticatedError exception + registered handler in app/main.py
Reference in New Issue View Git Blame Copy Permalink