> ## Documentation Index
> Fetch the complete documentation index at: https://docs.fucksornot.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Register & Login

The unified authentication endpoint handles both user registration and login.

## Register a New User

To create a new account, set `action` to `register`:

<CodeGroup>
  ```bash cURL theme={null}
  curl -X POST https://fucksornot.com/api/auth \
    -H "Content-Type: application/json" \
    -d '{
      "action": "register",
      "email": "user@example.com",
      "username": "johndoe",
      "password": "SecurePassword123!"
    }'
  ```

  ```javascript JavaScript theme={null}
  const response = await fetch('https://fucksornot.com/api/auth', {
    method: 'POST',
    headers: { 'Content-Type': 'application/json' },
    body: JSON.stringify({
      action: 'register',
      email: 'user@example.com',
      username: 'johndoe',
      password: 'SecurePassword123!'
    })
  });
  ```
</CodeGroup>

### Validation Rules

| Field      | Rules                                             |
| ---------- | ------------------------------------------------- |
| `email`    | Valid email format                                |
| `username` | 3-30 characters, alphanumeric and underscore only |
| `password` | Minimum 8 characters, complexity requirements     |

## Login

To authenticate an existing user, set `action` to `login`:

<CodeGroup>
  ```bash cURL theme={null}
  curl -X POST https://fucksornot.com/api/auth \
    -H "Content-Type: application/json" \
    -d '{
      "action": "login",
      "email": "user@example.com",
      "password": "SecurePassword123!"
    }'
  ```

  ```javascript JavaScript theme={null}
  const response = await fetch('https://fucksornot.com/api/auth', {
    method: 'POST',
    headers: { 'Content-Type': 'application/json' },
    body: JSON.stringify({
      action: 'login',
      email: 'user@example.com',
      password: 'SecurePassword123!'
    })
  });
  ```
</CodeGroup>

### With MFA

If MFA is enabled, include the code:

```json theme={null}
{
  "action": "login",
  "email": "user@example.com",
  "password": "SecurePassword123!",
  "mfaCode": "123456"
}
```

## Response

```json theme={null}
{
  "user": {
    "id": "550e8400-e29b-41d4-a716-446655440000",
    "username": "johndoe",
    "email": "user@example.com"
  },
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "mfaRequired": false
}
```

If MFA is required but not provided:

```json theme={null}
{
  "mfaRequired": true,
  "userId": "user-uuid"
}
```

## Rate Limiting

This endpoint is rate limited to **10 attempts per 15 minutes** per IP address.
