docs: align api auth spec
This commit is contained in:
41
specs/API.md
41
specs/API.md
@@ -1,16 +1,16 @@
|
||||
# 新项目 API 规格(/t/:tenant_code/v1)
|
||||
# 新项目 API 规格(/v1)
|
||||
|
||||
## 0. 通用约定
|
||||
|
||||
### 0.1 Base URL 与租户
|
||||
|
||||
- Base:`/t/:tenant_code/v1`
|
||||
- `tenant_code` 校验:服务端对路径段做 `lower()` 后校验 `^[a-z0-9_-]+$`,并查表确认租户存在且启用
|
||||
- Base:`/v1`
|
||||
- 多租户路径 `/t/:tenant_code/v1` 为后续规划,待统一改造后启用
|
||||
|
||||
### 0.2 认证
|
||||
|
||||
- WeChat H5:Cookie 会话(例如 `token`),请求需携带 `withCredentials`
|
||||
- Admin:`Authorization: Bearer <token>`
|
||||
- 现实现:OTP 登录 + JWT,所有受保护接口需携带 `Authorization: Bearer <token>`
|
||||
- Admin:同上(Bearer Token)
|
||||
|
||||
### 0.3 响应
|
||||
|
||||
@@ -22,23 +22,31 @@
|
||||
|
||||
---
|
||||
|
||||
## 1. WeChat OAuth
|
||||
### 0.4 当前实现说明
|
||||
|
||||
### 1.1 发起授权
|
||||
- 当前端到端实现已切换为 OTP + JWT;以下 WeChat OAuth/H5 内容为历史规格,待后续统一重写
|
||||
|
||||
`GET /auth/wechat?redirect=<url>`
|
||||
---
|
||||
|
||||
- 行为:302 跳转到微信授权 URL;回调为 `/t/:tenant_code/v1/auth/login`
|
||||
## 1. OTP 登录
|
||||
|
||||
### 1.2 授权回调
|
||||
### 1.1 发送验证码
|
||||
|
||||
`GET /auth/login?code=<code>&state=<state>&redirect=<url>`
|
||||
`POST /auth/otp`
|
||||
|
||||
- 行为:
|
||||
- 获取 openid 与用户资料
|
||||
- `(tenant_id, open_id)` 获取或创建 `users`
|
||||
- 写入 Cookie 会话
|
||||
- 302 回跳 `redirect`
|
||||
Body:
|
||||
```json
|
||||
{ "phone": "13800000000" }
|
||||
```
|
||||
|
||||
### 1.2 登录/注册
|
||||
|
||||
`POST /auth/login`
|
||||
|
||||
Body:
|
||||
```json
|
||||
{ "phone": "13800000000", "otp": "1234" }
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
@@ -245,4 +253,3 @@ Body:
|
||||
`GET /admin/orders?page=&limit=&order_number=&user_id=`
|
||||
|
||||
`POST /admin/orders/:id/refund`:仅余额订单可退款
|
||||
|
||||
|
||||
Reference in New Issue
Block a user