Food Hub API Documentation

System Architecture

graph TB
    Client[Client Applications]
    API[Food Hub API]
    Auth[Authentication Service]
    DB[(Database)]
    Stripe[Stripe Payment]
    Storage[File Storage]

    Client -->|HTTP/HTTPS| API
    API -->|Authenticate| Auth
    API -->|CRUD Operations| DB
    API -->|Payment Processing| Stripe
    API -->|File Operations| Storage

    subgraph Backend Services
        API
        Auth
        DB
        Storage
    end

Order Processing Flow

sequenceDiagram
    participant C as Customer
    participant A as API
    participant R as Restaurant
    participant S as Stripe

    C->>A: Create Order
    A->>S: Initialize Payment
    S-->>A: Payment Intent
    A-->>C: Payment Details
    C->>S: Process Payment
    S-->>A: Payment Confirmation
    A->>R: New Order Notification
    R->>A: Accept Order
    A-->>C: Order Confirmed

Authentication Flow

flowchart LR
    A[Start] --> B{Has Token?}
    B -->|Yes| C[Validate Token]
    B -->|No| D[Login Required]
    C -->|Valid| E[Access Granted]
    C -->|Invalid| D
    D --> F[Login]
    F --> G[Generate Token]
    G --> E

Restaurant Management Flow

flowchart TD
    A[Restaurant Owner] -->|Login| B[Dashboard]
    B -->|Manage Menu| C[Products Management]
    B -->|View Orders| D[Order Management]
    B -->|Update Details| E[Restaurant Profile]
    
    C -->|Add Product| C1[New Product Form]
    C -->|Edit Product| C2[Edit Product Form]
    C -->|Delete Product| C3[Confirm Delete]
    
    D -->|New Orders| D1[Process Orders]
    D -->|Active Orders| D2[Update Status]
    D -->|Completed Orders| D3[View History]

Data Model Relationships

erDiagram
    User ||--o{ Order : places
    User ||--o{ Restaurant : owns
    User ||--|| DeliveryPerson : has
    Restaurant ||--o{ Product : has
    Restaurant ||--o{ Order : receives
    Order ||--|{ OrderItem : contains
    Product ||--o{ OrderItem : includes
    DeliveryPerson ||--o{ Order : delivers
    
    User {
        int id
        string name
        string email
        string role
    }
    
    Restaurant {
        int id
        string name
        string address
        int owner_id
    }
    
    Product {
        int id
        string name
        float price
        int restaurant_id
    }
    
    Order {
        int id
        int user_id
        int restaurant_id
        int delivery_person_id
        string status
        float total
    }

    DeliveryPerson {
        int id
        int user_id
        string status
    }

Role-based Access Control

Admin

Full system access

View all orders across restaurants
Filter orders by restaurant
Manage all restaurants
Manage all users
Access system statistics
Assign delivery persons to orders

Restaurant Owner

Restaurant management access

View orders for owned restaurants
Manage restaurant details
Manage menu items
View restaurant statistics
Process orders

Customer

Basic ordering access

View own orders only
Place new orders
View restaurant menus
Track order status
Manage profile

Delivery Person

Order delivery access

View assigned orders
Update delivery status
Update availability status
View delivery history
Manage profile

API Request/Response Flow

sequenceDiagram
    participant C as Client
    participant M as Middleware
    participant A as API Controller
    participant D as Database
    
    C->>M: HTTP Request
    M->>M: Validate Token
    M->>M: Check Permissions
    
    alt Invalid Auth
        M-->>C: 401/403 Error
    else Valid Auth
        M->>A: Forward Request
        A->>D: Query Data
        D-->>A: Return Data
        A-->>C: JSON Response
    end

    Note over C,D: All responses follow standard format

API Endpoints

Authentication

POST /api/auth/login

Login with email and password

POST /api/auth/register

Register new user account

POST /api/auth/logout

Logout current user

Users

GET /api/users

Get all users with optional role filter (admin only)

Query Parameters:

role: Filter users by role (admin, restaurant, user, delivery)

Example Request:

GET /api/users?role=delivery

POST /api/users

Create new user (admin only)

PUT /api/users/{id}

Update user details (admin only)

Orders

GET /api/orders

Get orders based on role:

Admin: All orders (optional restaurant_id filter)
Restaurant: Orders for owned restaurants only
Customer: Own orders only
Delivery Person: Assigned orders only

GET /api/orders/{id}

Get specific order details (role-based access)

POST /api/orders

Create new order (customers only)

POST /api/orders/confirm-payment

Confirm order payment

PUT /api/orders/{id}/status

Update order status and assign delivery person

Admin: Can update status and assign delivery person
Restaurant: Can only update status up to 'ready'
Delivery Person: Can only update status to 'delivered' for assigned orders

Request body:

{
    "status": "ready",
    "delivery_person_id": 1  // Optional, admin only
}

Restaurants

GET /api/restaurants

List all restaurants (public)

GET /api/restaurants/{id}

Get restaurant details (public)

POST /api/restaurants

Create new restaurant (admin only)

PUT /api/restaurants/{id}

Update restaurant (admin or owner)

Products

GET /api/products

List all products (public)

POST /api/products

Create new product (restaurant owner or admin)

PUT /api/products/{id}

Update product (restaurant owner or admin)

Delivery Persons

GET /api/delivery-persons

Get all delivery persons (admin only)

GET /api/delivery-persons/available

Get available delivery persons (admin only)

PUT /api/delivery-persons/{id}/status

Update delivery person status (delivery person or admin)

GET /api/delivery-persons/orders

Get assigned orders (delivery person only)

Stripe Integration

GET /api/stripe/config

Get Stripe publishable key (public)