+++
title = "Implement PUT /api/quotes — create quote, generate NanoID, generate auth_code if not provided, return 201 with auth_code"
priority = 5
status = "todo"
ticket_type = "task"
dependencies = ["f3dc74", "a5049d", "d792e2", "03bb91", "175382", "6f2e18"]
+++
The `quotesdb` API is built with Axum + Tokio, targeting Cloudflare Workers via `workers-rs`. It serves JSON at `/api/*` endpoints and persists data to Cloudflare D1 (production) or a local SQLite file via Turso (development). Source lives in `src/bin/api/`.
Shared types and utilities are in `src/lib.rs` — code placed there must compile for both the host target and `wasm32-unknown-unknown`.
`PUT /api/quotes` creates a new quote. The request body is JSON; `auth_code` is optional — if omitted, one is generated. The response is 201 with the full quote object and the `auth_code` (always returned so the user can save it).
Request body: `{ text, author, source?, tags?, date?, auth_code? }`
Response 201: `{ quote: {...}, auth_code: "word-word-word-word" }`
Implement the `PUT /api/quotes` handler:
1. Deserialise and validate the request body (text and author are required)
2. Generate a NanoID for the quote ID
3. Generate an auth_code if not provided in the request
4. INSERT the quote into the `quotes` table
5. INSERT any tags into `quote_tags`
6. Return 201 with the created quote and auth_code
- Return 422 if `text` or `author` is missing or empty.
- NanoID generation must be WASM-compatible (see TRIAGE ticket 6f2e18).
- Use the shared `generate_auth_code()` function from `src/lib.rs`.
- Tag insertion must use the shared `replace_tags_for_quote()` logic (ticket 175382).
Use `superpowers:test-driven-development` — write tests for: auto-generated auth_code, custom auth_code, missing required fields 422.
Use `superpowers:verification-before-completion` before closing.
Run in order from the `quotesdb/` directory:
```sh
cargo fmt
cargo check
cargo clippy
cargo test
```
`feat(quotesdb): implement PUT /api/quotes — create quote with NanoID and auth_code`