Files
shaguabijia-app-server/docs/api/admin/auth/admin-auth-login.md
T
guke b23335d5fb @
docs: reorganize api docs into categorized subdirectories and fill missing docs

- Categorize 77 existing api docs into 16 business-domain subdirectories
  (auth/ad/wallet/coupon/compare/savings/signin/tasks/invite/user/
   device/platform/intent/meituan/other) plus admin/ and internal/
- Split admin/ into 7 sub-resource subdirectories (auth/users/wallet/
  withdraws/feedbacks/admins/ad) with 4 single-file docs at root
- Create 21 new docs covering 28 previously undocumented endpoints:
  ad/watch-report, wallet/transfer-auth (3 endpoints), coupon/session+
  stats+completed-today+prompt (7), invite/me+invitees+bind+landing-track,
  user/onboarding (2), platform/flags+ad-config+app-version,
  intent/step+precoupon/step, analytics/events, order/report,
  report/submit+records, feedback/config+records, trace/finalize
- Add mock request/response JSON examples to all new docs
- Create docs/README.md with full category index for LLM navigation
- Update docs/api/README.md: fix all links, add new endpoint rows,
  replace "no doc" markers with actual links
- Fix back-navigation links (./README.md -> ../README.md or
  ../../README.md) in all moved files
@
2026-07-03 14:56:50 +08:00

1.5 KiB
Raw Blame History

POST /admin/api/auth/login — 管理员登录

所属:Admin·Auth 组(前缀 /admin/api/auth | 鉴权:无 | ← 返回 API 索引

入参

application/json:

字段 类型 必填 说明
username string 管理员账号,164 字
password string 密码,1128 字

出参

响应 200:AdminLoginResponse

字段 类型 说明
access_token string admin JWT(独立 ADMIN_JWT_SECRET、payload typ=admin、默认 12h、无 refresh)
token_type string 固定 Bearer
expires_in int access_token 剩余秒数(过期需重新登录)
admin AdminOut 当前管理员信息,字段见下

AdminOut

字段 类型 说明
id int 管理员 id
username string 账号
role string 角色:super_admin / finance / operator
status string 状态:active / disabled
created_at datetime 创建时间(UTC)
last_login_at datetime | null 上次登录时间,从未登录为 null

错误码

  • 401 用户名或密码错误(用户名不存在与密码错误统一同文案,防账号枚举)
  • 403 账号已禁用(status != active)
  • 422usernamepassword / 长度超限
  • 429 同 IP 每分钟登录超过 10 次(限流防爆破)

说明

  • 登录成功后回写 last_login_at 为当前时间。
  • 后续所有 admin 接口须带 Authorization: Bearer <access_token>;admin token 与 App 用户 token 完全隔离。