Files
shaguabijia-app-server/docs/api/admin/auth/admin-auth-login.md
T
guke b23335d5fb @
docs: reorganize api docs into categorized subdirectories and fill missing docs

- Categorize 77 existing api docs into 16 business-domain subdirectories
  (auth/ad/wallet/coupon/compare/savings/signin/tasks/invite/user/
   device/platform/intent/meituan/other) plus admin/ and internal/
- Split admin/ into 7 sub-resource subdirectories (auth/users/wallet/
  withdraws/feedbacks/admins/ad) with 4 single-file docs at root
- Create 21 new docs covering 28 previously undocumented endpoints:
  ad/watch-report, wallet/transfer-auth (3 endpoints), coupon/session+
  stats+completed-today+prompt (7), invite/me+invitees+bind+landing-track,
  user/onboarding (2), platform/flags+ad-config+app-version,
  intent/step+precoupon/step, analytics/events, order/report,
  report/submit+records, feedback/config+records, trace/finalize
- Add mock request/response JSON examples to all new docs
- Create docs/README.md with full category index for LLM navigation
- Update docs/api/README.md: fix all links, add new endpoint rows,
  replace "no doc" markers with actual links
- Fix back-navigation links (./README.md -> ../README.md or
  ../../README.md) in all moved files
@
2026-07-03 14:56:50 +08:00

41 lines
1.5 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# POST /admin/api/auth/login — 管理员登录
> 所属:Admin·Auth 组(前缀 `/admin/api/auth` | 鉴权:无 | [← 返回 API 索引](../../README.md)
## 入参
**application/json**:
| 字段 | 类型 | 必填 | 说明 |
|---|---|---|---|
| `username` | string | ✓ | 管理员账号,164 字 |
| `password` | string | ✓ | 密码,1128 字 |
## 出参
响应 `200`:`AdminLoginResponse`
| 字段 | 类型 | 说明 |
|---|---|---|
| `access_token` | string | admin JWT(独立 `ADMIN_JWT_SECRET`、payload `typ=admin`、默认 12h、无 refresh) |
| `token_type` | string | 固定 `Bearer` |
| `expires_in` | int | access_token 剩余秒数(过期需重新登录) |
| `admin` | AdminOut | 当前管理员信息,字段见下 |
**AdminOut**
| 字段 | 类型 | 说明 |
|---|---|---|
| `id` | int | 管理员 id |
| `username` | string | 账号 |
| `role` | string | 角色:`super_admin` / `finance` / `operator` |
| `status` | string | 状态:`active` / `disabled` |
| `created_at` | datetime | 创建时间(UTC) |
| `last_login_at` | datetime \| null | 上次登录时间,从未登录为 null |
## 错误码
- `401` 用户名或密码错误(用户名不存在与密码错误统一同文案,防账号枚举)
- `403` 账号已禁用(`status != active`)
- `422``username``password` / 长度超限
- `429` 同 IP 每分钟登录超过 10 次(限流防爆破)
## 说明
- 登录成功后回写 `last_login_at` 为当前时间。
- 后续所有 admin 接口须带 `Authorization: Bearer <access_token>`;admin token 与 App 用户 token 完全隔离。