# API Documentation

## Authentication

All protected endpoints require a Bearer token in the `Authorization` header.

### POST /login

Authenticate with login and password.

**Request Body:**
```json
{
  "login": "string",
  "password": "string"
}
```

**Response (200):**
```json
{
  "token": "string"
}
```

**Response (401):**
```json
{
  "error": "Invalid credentials"
}
```

---

### POST /reg

Register a new user.

**Request Body:**
```json
{
  "login": "string",
  "password": "string"
}
```

**Response (201):**
```json
{
  "message": "User registered"
}
```

---

### GET /watch?unique_id=...

Get the latest position for a share link.

**Response (200):**
```json
{
  "x": "number",
  "y": "number",
  "last_update": "string",
  "expires_at": "string"
}
```

**Response (404):**
```json
{
  "error": "Share link not found"
}
```

---

### PUT /geo?id=...

Update a position.

**Response (200):**
```json
{
  "message": "Position updated"
}
```

---

### POST /share

Create a new position with a share link.

**Response (201):**
```json
{
  "geo_id": "string",
  "share_id": "string"
}
```

---

## Error Responses

### Auth Middleware (401)
```json
{
  "error": "Authorization header missing or invalid"
}
```

```json
{
  "error": "Token expired"
}
```

```json
{
  "error": "Invalid token"
}
```