gitdata.ai/gitks
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
9eb77ab98bb3fa91b58e334bc23bda46474f87fb
gitks/api/auth/request_reset_password.rs
T
zhenyi 0d3b53f7a0 feat(auth): add comprehensive authentication system with 2FA support 
- Add new auth module with captcha, login, logout, register, and email verification endpoints
- Implement two-factor authentication with TOTP enable, disable, verify, and backup codes regeneration
- Create RSA public key endpoint for secure password encryption
- Add user profile management with get current user and email retrieval
- Integrate OpenAPI documentation for all authentication endpoints
- Implement password reset functionality with email verification flow
- Add comprehensive API response structures with proper error handling
- Configure all auth routes under /api/v1/auth scope with proper tagging
2026-06-07 18:09:38 +08:00

35 lines
1.5 KiB
Rust
Raw Blame History

use actix_web::{HttpResponse, web};
use crate::api::response::{ApiEmptyResponse, ApiErrorResponse};
use crate::error::AppError;
use crate::service::AppService;
use crate::service::auth::reset_pass::ResetPasswordRequest;
#[utoipa::path(
post,
path = "/api/v1/auth/reset-password",
tag = "Auth",
operation_id = "authRequestPasswordReset",
summary = "Request password reset email",
description = "Submit an email address to send a password reset link if it belongs to an active user. To prevent user enumeration, the business logic attempts to return success whether the email exists, rate limits are triggered, or email delivery fails. Internally, the endpoint enforces a 60-second cooldown and a daily limit of 5 requests per email.",
request_body(
content = ResetPasswordRequest,
description = "The email address that should receive the password reset link.",
content_type = "application/json"
),
responses(
(status = 200, description = "The request has been accepted; if the email exists, a reset email will be sent.", body = ApiEmptyResponse),
(status = 500, description = "Rare unrecoverable server-side error.", body = ApiErrorResponse)
)
)]
pub async fn handle(
service: web::Data<AppService>,
params: web::Json<ResetPasswordRequest>,
) -> Result<HttpResponse, AppError> {
service
.auth
.auth_reset_password_request(params.into_inner())
.await?;
Ok(HttpResponse::Ok().json(ApiEmptyResponse::ok("password reset request accepted")))
}
Reference in New Issue View Git Blame Copy Permalink