Refactor user editing endpoints (only auth site) under api/user/ while leaving host-based endpoints at api root.

frontend/src/components/DeviceLinkView.vue

@@ -7,7 +7,7 @@
       </header>
       <RegistrationLinkModal
         inline
-        :endpoint="'/auth/api/create-link'"
+                :endpoint="'/auth/api/user/create-link'"
         :user-name="userName"
         :auto-copy="false"
         :prefix-copy-with-user-name="!!userName"

frontend/src/components/ProfileView.vue

@@ -15,7 +15,7 @@
           :created-at="authStore.userInfo.user.created_at"
           :last-seen="authStore.userInfo.user.last_seen"
           :loading="authStore.isLoading"
-          update-endpoint="/auth/api/user-display-name"
+          update-endpoint="/auth/api/user/display-name"
           @saved="authStore.loadUserInfo()"
           @edit-name="openNameDialog"
         />
@@ -68,7 +68,7 @@
       </section>
       <RegistrationLinkModal
         v-if="showRegLink"
-        :endpoint="'/auth/api/create-link'"
+                :endpoint="'/auth/api/user/create-link'"
         :auto-copy="false"
         :prefix-copy-with-user-name="false"
         @close="showRegLink = false"

frontend/src/stores/auth.js

@@ -127,7 +127,7 @@ export const useAuthStore = defineStore('auth', {
       }
     },
     async deleteCredential(uuid) {
-  const response = await fetch(`/auth/api/credential/${uuid}`, {method: 'Delete'})
+  const response = await fetch(`/auth/api/user/credential/${uuid}`, {method: 'Delete'})
       const result = await response.json()
       if (result.detail) throw new Error(`Server: ${result.detail}`)
 
@@ -135,7 +135,7 @@ export const useAuthStore = defineStore('auth', {
     },
     async terminateSession(sessionId) {
       try {
-        const res = await fetch(`/auth/api/session/${sessionId}`, { method: 'DELETE' })
+        const res = await fetch(`/auth/api/user/session/${sessionId}`, { method: 'DELETE' })
         let payload = null
         try {
           payload = await res.json()
@@ -180,7 +180,7 @@ export const useAuthStore = defineStore('auth', {
     },
     async logoutEverywhere() {
       try {
-        const res = await fetch('/auth/api/logout-all', {method: 'POST'})
+        const res = await fetch('/auth/api/user/logout-all', {method: 'POST'})
         if (!res.ok) {
           let message = 'Logout failed'
           try {

passkey/fastapi/api.py

@@ -370,7 +370,7 @@ async def api_logout(
     return {"message": "Logged out successfully"}
 
 
-@app.post("/logout-all")
+@app.post("/user/logout-all")
 async def api_logout_all(
     request: Request, response: Response, auth=Cookie(None, alias="__Host-auth")
 ):
@@ -386,7 +386,7 @@ async def api_logout_all(
     return {"message": "Logged out from all hosts"}
 
 
-@app.delete("/session/{session_id}")
+@app.delete("/user/session/{session_id}")
 async def api_delete_session(
     request: Request,
     response: Response,
@@ -431,7 +431,7 @@ async def api_set_session(
     }
 
 
-@app.delete("/credential/{uuid}")
+@app.delete("/user/credential/{uuid}")
 async def api_delete_credential(
     request: Request, uuid: UUID, auth: str = Cookie(None, alias="__Host-auth")
 ):
@@ -439,7 +439,7 @@ async def api_delete_credential(
     return {"message": "Credential deleted successfully"}
 
 
-@app.post("/create-link")
+@app.post("/user/create-link")
 async def api_create_link(request: Request, auth=Cookie(None, alias="__Host-auth")):
     s = await get_session(auth, host=request.headers.get("host"))
     token = passphrase.generate()