b23335d5fb
docs: reorganize api docs into categorized subdirectories and fill missing docs - Categorize 77 existing api docs into 16 business-domain subdirectories (auth/ad/wallet/coupon/compare/savings/signin/tasks/invite/user/ device/platform/intent/meituan/other) plus admin/ and internal/ - Split admin/ into 7 sub-resource subdirectories (auth/users/wallet/ withdraws/feedbacks/admins/ad) with 4 single-file docs at root - Create 21 new docs covering 28 previously undocumented endpoints: ad/watch-report, wallet/transfer-auth (3 endpoints), coupon/session+ stats+completed-today+prompt (7), invite/me+invitees+bind+landing-track, user/onboarding (2), platform/flags+ad-config+app-version, intent/step+precoupon/step, analytics/events, order/report, report/submit+records, feedback/config+records, trace/finalize - Add mock request/response JSON examples to all new docs - Create docs/README.md with full category index for LLM navigation - Update docs/api/README.md: fix all links, add new endpoint rows, replace "no doc" markers with actual links - Fix back-navigation links (./README.md -> ../README.md or ../../README.md) in all moved files @
41 lines
1.5 KiB
Markdown
41 lines
1.5 KiB
Markdown
# POST /admin/api/auth/login — 管理员登录
|
||
|
||
> 所属:Admin·Auth 组(前缀 `/admin/api/auth`) | 鉴权:无 | [← 返回 API 索引](../../README.md)
|
||
|
||
## 入参
|
||
**application/json**:
|
||
| 字段 | 类型 | 必填 | 说明 |
|
||
|---|---|---|---|
|
||
| `username` | string | ✓ | 管理员账号,1–64 字 |
|
||
| `password` | string | ✓ | 密码,1–128 字 |
|
||
|
||
## 出参
|
||
响应 `200`:`AdminLoginResponse`
|
||
|
||
| 字段 | 类型 | 说明 |
|
||
|---|---|---|
|
||
| `access_token` | string | admin JWT(独立 `ADMIN_JWT_SECRET`、payload `typ=admin`、默认 12h、无 refresh) |
|
||
| `token_type` | string | 固定 `Bearer` |
|
||
| `expires_in` | int | access_token 剩余秒数(过期需重新登录) |
|
||
| `admin` | AdminOut | 当前管理员信息,字段见下 |
|
||
|
||
**AdminOut**
|
||
| 字段 | 类型 | 说明 |
|
||
|---|---|---|
|
||
| `id` | int | 管理员 id |
|
||
| `username` | string | 账号 |
|
||
| `role` | string | 角色:`super_admin` / `finance` / `operator` |
|
||
| `status` | string | 状态:`active` / `disabled` |
|
||
| `created_at` | datetime | 创建时间(UTC) |
|
||
| `last_login_at` | datetime \| null | 上次登录时间,从未登录为 null |
|
||
|
||
## 错误码
|
||
- `401` 用户名或密码错误(用户名不存在与密码错误统一同文案,防账号枚举)
|
||
- `403` 账号已禁用(`status != active`)
|
||
- `422` 缺 `username` 或 `password` / 长度超限
|
||
- `429` 同 IP 每分钟登录超过 10 次(限流防爆破)
|
||
|
||
## 说明
|
||
- 登录成功后回写 `last_login_at` 为当前时间。
|
||
- 后续所有 admin 接口须带 `Authorization: Bearer <access_token>`;admin token 与 App 用户 token 完全隔离。
|