use actix_web::{HttpResponse, web}; use crate::api::response::{ApiEmptyResponse, ApiErrorResponse}; use crate::error::AppError; use crate::service::AppService; use crate::service::auth::login::LoginParams; use crate::session::Session; #[utoipa::path( post, path = "/api/v1/auth/login", tag = "Auth", operation_id = "authLogin", summary = "Account login", description = "Log in using a username or verified email. password must be a Base64 ciphertext encrypted with the public key returned by /auth/rsa; the first login attempt must include captcha. If the account has TOTP enabled, the first successful password check returns 400/two-factor required and records pending verification state in the session. Then submit username, password, and totp_code again in the same session to complete login. On success, the session is renewed, the current user is bound, and temporary RSA keys are cleared.", request_body( content = LoginParams, description = "Login parameters. username accepts a username or email; password is an RSA-OAEP-SHA256 encrypted ciphertext; captcha is the captcha stored in the current session; totp_code is required only during the second verification step.", content_type = "application/json" ), responses( (status = 200, description = "Login succeeded. The server establishes login state through the session cookie.", body = ApiEmptyResponse), (status = 400, description = "Captcha error, RSA decryption failure, or missing/incorrect TOTP.", body = ApiErrorResponse), (status = 404, description = "User does not exist or password is incorrect; to reduce enumeration risk, incorrect passwords are also treated as user-not-found.", body = ApiErrorResponse), (status = 500, description = "Database, cache, or session write failed.", body = ApiErrorResponse) ) )] pub async fn handle( service: web::Data, session: Session, params: web::Json, ) -> Result { service .auth .auth_login(params.into_inner(), session) .await?; Ok(HttpResponse::Ok().json(ApiEmptyResponse::ok("login successful"))) }