qzl/social-app
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor: 统一认证端点并删除冗余 profile 模块

Browse Source 
- 合并 auth 端点: /verifications/verify → /verify, /verifications/resend → /resend
- 整合密码重置到 /verify 端点 (type=recovery)
- 移除未使用的 /auth/users 端点
- 添加 redirect URL 白名单验证 (site_url + additional_redirect_urls)
- 限流改用 Redis + IP 标识,替代内存锁
- 删除 v1/profile 死代码模块
- 更新前端 auth_api 适配新端点
- 添加 supabase site_url 和 additional_redirect_urls 配置
This commit is contained in:
zl-q
2026-03-07 14:55:00 +08:00
parent 1f6cb1a48f
commit ec33bb0cee
25 changed files with 421 additions and 1614 deletions
Download Patch File Download Diff File Expand all files Collapse all files
docs/runtime/runtime-route.md
+24 -105
View File
@@ -44,14 +44,16 @@
---
### POST /auth/verifications/resend
### POST /auth/resend
重发验证码。
重发验证码(统一端点,支持注册/找回密码)
**Request:**
```json
{
"email": "string (email)"
"type": "signup | recovery (default: signup)",
"email": "string (email)",
"redirect_to": "string? (仅 recovery 可选)"
}
```
@@ -63,19 +65,20 @@
---
### POST /auth/verifications/verify
### POST /auth/verify
验证码校验。
验证码校验(统一端点,按 `type` 区分场景)
**Request:**
**Request (signup):**
```json
{
"type": "signup",
"email": "string (email)",
"token": "string (6 digits)"
}
```
**Response:** 200 OK
**Response (signup):** 200 OK
```json
{
"access_token": "string",
@@ -89,6 +92,18 @@
}
```
**Request (recovery):**
```json
{
"type": "recovery",
"email": "string (email)",
"token": "string (6 digits)",
"new_password": "string (min 6 chars)"
}
```
**Response (recovery):** 204 No Content
**Errors:**
- 401: 验证码无效或已过期
- 422: 请求参数无效
@@ -157,6 +172,7 @@
**Errors:**
- 401: 无效的 refresh token
- 422: 请求参数无效
- 429: 请求过于频繁
---
@@ -175,47 +191,6 @@
**Errors:**
- 422: 请求参数无效
---
### POST /auth/password-reset
发送密码重置验证码。
**Request:**
```json
{
"email": "string (email)",
"redirect_to": "string? (optional)"
}
```
**Response:** 204 No Content
**Errors:**
- 422: 请求参数无效
- 429: 请求过于频繁
---
### POST /auth/password-reset/confirm
验证 recovery 验证码并完成改密。
**Request:**
```json
{
"email": "string (email)",
"token": "string (6 digits)",
"new_password": "string (min 6 chars)"
}
```
**Response:** 204 No Content
**Errors:**
- 401: 验证码无效或已过期
- 422: 请求参数无效
- 429: 请求过于频繁
---
@@ -397,60 +372,6 @@
---
## Profile
### GET /profile/me
获取当前用户信息(需要认证)。
**Response:** 200 OK
```json
{
"id": "string",
"username": "string",
"avatar_url": "string?",
"bio": "string?"
}
```
**Errors:**
- 401: 未认证
---
### PATCH /profile/me
更新当前用户信息(需要认证)。
**Request:**
```json
{
"username": "string? (3-30 chars)",
"avatar_url": "string? (URL)",
"bio": "string? (max 200 chars)"
}
```
**Response:** 200 OK
**Errors:**
- 401: 未认证
- 422: 请求参数无效
---
### GET /profile/{username}
按用户名查询用户公开信息(需要认证)。
**Response:** 200 OK
**Errors:**
- 401: 未认证
- 404: 用户不存在
---
## Inbox Messages
### GET /inbox/messages
@@ -521,8 +442,6 @@
## Users
> **Note:** `/users/me` 与 `/profile/me` 功能重叠(历史兼容)。推荐使用 `/profile/me`。
### GET /users/me
获取当前用户信息(需要认证)。
@@ -910,7 +829,7 @@ data: {"session_id":"..."}
"title": "Unauthorized",
"status": 401,
"detail": "验证码无效或已过期",
"instance": "/api/v1/auth/verifications/verify"
"instance": "/api/v1/auth/verify"
}
```
docs/runtime/runtime-runbook.md
+5 -15
View File
@@ -121,7 +121,7 @@ curl -fsS http://127.0.0.1:${SOCIAL_SUPABASE__KONG_HTTP_PORT:-8000}/health
docker compose --env-file .env -f infra/docker/docker-compose.yml ps
# 核心接口 smoke
curl -sS -X POST "${WEB_BASE_URL}/api/v1/auth/login" \
curl -sS -X POST "${WEB_BASE_URL}/api/v1/auth/sessions" \
-H 'Content-Type: application/json' \
-d '{"email":"demo@example.com","password":"secret123"}'
```
@@ -137,24 +137,14 @@ curl -sS -X POST "${WEB_BASE_URL}/api/v1/auth/verifications" \
-d '{"username":"demo","email":"demo@example.com","password":"secret123"}'
# signup verify
curl -sS -X POST "${WEB_BASE_URL}/api/v1/auth/verifications/verify" \
curl -sS -X POST "${WEB_BASE_URL}/api/v1/auth/verify" \
-H 'Content-Type: application/json' \
-d '{"email":"demo@example.com","token":"123456"}'
-d '{"type":"signup","email":"demo@example.com","token":"123456"}'
# signup resend
curl -sS -X POST "${WEB_BASE_URL}/api/v1/auth/verifications/resend" \
curl -sS -X POST "${WEB_BASE_URL}/api/v1/auth/resend" \
-H 'Content-Type: application/json' \
-d '{"email":"demo@example.com"}'
# profile patch
curl -sS -X PATCH "${WEB_BASE_URL}/api/v1/profile/me" \
-H 'Content-Type: application/json' \
-H "Authorization: Bearer <access_token>" \
-d '{"username":"demo2","bio":"hello"}'
# profile get
curl -sS "${WEB_BASE_URL}/api/v1/profile/me" \
-H "Authorization: Bearer <access_token>"
-d '{"type":"signup","email":"demo@example.com"}'
```
通过标准:接口返回符合预期的 2xx 或受控业务错误,无 5xx。