API Reference

Space Game API

All endpoints are prefixed with /api. Endpoints marked JWT require a Bearer token in the Authorization header.

Base URL http://<host>:<port>/api

🔐

Authentication

POST /register Create account ▶

Creates a new user account. Returns a JWT token for use with authenticated endpoints.

Request Body

JSON

{
  "username": "newuser",
  "password": "securepassword123"
}

Responses

200OK

{ "token": "eyJhbGci..." }

409Conflict

{ "message": "User already exists" }

POST /login Authenticate user ▶

Authenticates an existing user and returns a JWT token.

Request Body

JSON

{
  "username": "existinguser",
  "password": "securepassword123"
}

Responses

200OK

{ "token": "eyJhbGci..." }

401Unauthorized

{ "message": "Invalid credentials" }

🎮

Game Assets & UI

GET /color Random hex color ▶

Returns a randomly generated hex color code for use in UI elements.

Responses

200OK

{ "color": "#A34FBC" }

GET /themePack/image Background image ▶

Serves the main background image from assets/background.jpg.

Responses

200OK

// Content-Type: image/jpeg

GET /themePack/audio Background music ▶

Serves the background music file from assets/music.mp3.

Responses

200OK

// Content-Type: audio/mpeg

GET /skins List all skins ▶

Returns URLs to all available SVG skins — spaceship, asteroid, and UFO.

Responses

200OK

{
  "spaceship": "…/Ship_Mk1.svg",
  "asteroid":  "…/SpaceRock.svg",
  "ufo":       "…/AlienInvader.svg"
}

GET /skins/:skinName Fetch skin by name ▶

Retrieves a specific SVG asset by filename.

Path Parameters

Parameter	Type	Description
skinName	string	SVG filename, e.g. `Ship_Mk1.svg`

Responses

200OK

// Content-Type: image/svg+xml

404Not Found

{ "message": "Skin not found." }

GET /asteroidLayout Random asteroid positions ▶

Returns an array of normalized 2D coordinates [x, y] for asteroid spawn positions.

Responses

200OK

{
  "layout": [
    [0.12, 0.85],
    [0.54, 0.23],
    // ...
  ]
}

POST /powerUps JWT Wave power-ups ▶

Returns two unique random power-ups after clearing a wave. Requires a valid JWT token.

Request Body

JSON

{
  "waveCleared": true,
  "waveNumber":  5
}

Responses

200OK

[
  {
    "id": 1,
    "name": "Deflector Shield",
    "description": "Absorbs one fatal hit",
    "duration": -1
  },
  {
    "id": 3,
    "name": "Chrono-Matrix",
    "description": "Slows asteroids 50%",
    "duration": 15000
  }
]

400Bad Request

{ "message": "waveCleared must be true" }

🏆

Leaderboard

GET /leaderboard Top 10 scores ▶

Returns the top 10 highest scores, ordered by score descending.

Responses

200OK

[
  {
    "id":        1,
    "username":  "playerOne",
    "score":     15000,
    "CreatedAt": "2023-10-27T10:00:00Z"
  },
  // ...
]

POST /leaderboard JWT Submit score ▶

Submits a player's score. If the user already has an entry, it's updated only when the new score is higher.

Request Body

JSON

{
  "name":  "AuthenticatedUser",
  "score": 20000
}

Responses

201Created

{ "message": "Score updated successfully" }