Documentation
Examples
常见使用场景
常见使用场景
示例默认假设
auth.enable=false,并使用会话 token 进行认证。
注册(邮件验证关闭)
curl -X POST http://localhost:8080/api/auth/register \
-H 'Content-Type: application/json' \
-d '{"name":"demo","email":"demo@example.com","password":"Passw0rd!"}'
邮件验证码注册(SMTP 已启用)
# 发送验证码
curl -X POST http://localhost:8080/api/auth/register/send \
-H 'Content-Type: application/json' \
-d '{"email":"demo@example.com"}'
# 验证并完成注册
curl -X POST http://localhost:8080/api/auth/register/verify \
-H 'Content-Type: application/json' \
-d '{"email":"demo@example.com","code":"123456"}'
登录并获取会话
curl -X POST http://localhost:8080/api/auth/login \
-H 'Content-Type: application/json' \
-d '{"identifier":"demo@example.com","password":"Passw0rd!"}'
返回示例(字段可能包含 mfaToken):
{
"message": "login successful",
"token": "<session-token>",
"expiresAt": "<timestamp>",
"user": {"id":"..."}
}
会话查询
curl -H 'Authorization: Bearer <session-token>' \
http://localhost:8080/api/auth/session
MFA 绑定
# 申请 TOTP secret
curl -X POST http://localhost:8080/api/auth/mfa/totp/provision \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer <session-token>' \
-d '{}'
# 验证 TOTP
curl -X POST http://localhost:8080/api/auth/mfa/totp/verify \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer <session-token>' \
-d '{"mfaToken":"<mfa-token>","totpCode":"123456"}'
订阅 Upsert
curl -X POST http://localhost:8080/api/auth/subscriptions \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer <session-token>' \
-d '{"externalId":"sub_001","provider":"stripe","kind":"subscription","status":"active"}'
管理设置更新
curl -X POST http://localhost:8080/api/auth/admin/settings \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer <session-token>' \
-d '{"version":1,"matrix":{"billing":{"admin":true,"operator":false}}}'
Feedback