gitdata.ai/gitks
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
4586b79cb849daf9627133dd12af186ea81d684b
gitks/api/auth/login.rs
T
zhenyi 0d3b53f7a0 feat(auth): add comprehensive authentication system with 2FA support 
- Add new auth module with captcha, login, logout, register, and email verification endpoints
- Implement two-factor authentication with TOTP enable, disable, verify, and backup codes regeneration
- Create RSA public key endpoint for secure password encryption
- Add user profile management with get current user and email retrieval
- Integrate OpenAPI documentation for all authentication endpoints
- Implement password reset functionality with email verification flow
- Add comprehensive API response structures with proper error handling
- Configure all auth routes under /api/v1/auth scope with proper tagging
2026-06-07 18:09:38 +08:00

39 lines
2.1 KiB
Rust
Raw Blame History

use actix_web::{HttpResponse, web};
use crate::api::response::{ApiEmptyResponse, ApiErrorResponse};
use crate::error::AppError;
use crate::service::AppService;
use crate::service::auth::login::LoginParams;
use crate::session::Session;
#[utoipa::path(
post,
path = "/api/v1/auth/login",
tag = "Auth",
operation_id = "authLogin",
summary = "Account login",
description = "Log in using a username or verified email. password must be a Base64 ciphertext encrypted with the public key returned by /auth/rsa; the first login attempt must include captcha. If the account has TOTP enabled, the first successful password check returns 400/two-factor required and records pending verification state in the session. Then submit username, password, and totp_code again in the same session to complete login. On success, the session is renewed, the current user is bound, and temporary RSA keys are cleared.",
request_body(
content = LoginParams,
description = "Login parameters. username accepts a username or email; password is an RSA-OAEP-SHA256 encrypted ciphertext; captcha is the captcha stored in the current session; totp_code is required only during the second verification step.",
content_type = "application/json"
),
responses(
(status = 200, description = "Login succeeded. The server establishes login state through the session cookie.", body = ApiEmptyResponse),
(status = 400, description = "Captcha error, RSA decryption failure, or missing/incorrect TOTP.", body = ApiErrorResponse),
(status = 404, description = "User does not exist or password is incorrect; to reduce enumeration risk, incorrect passwords are also treated as user-not-found.", body = ApiErrorResponse),
(status = 500, description = "Database, cache, or session write failed.", body = ApiErrorResponse)
)
)]
pub async fn handle(
service: web::Data<AppService>,
session: Session,
params: web::Json<LoginParams>,
) -> Result<HttpResponse, AppError> {
service
.auth
.auth_login(params.into_inner(), session)
.await?;
Ok(HttpResponse::Ok().json(ApiEmptyResponse::ok("login successful")))
}
Reference in New Issue View Git Blame Copy Permalink