# Auth(认证与授权) ## **POST /api/Auth/Login** * **描述**: 用户登录。 * **请求体**: * `application/json`: `LoginRequest` 对象 * `text/json`: `LoginRequest` 对象 * `application/*+json`: `LoginRequest` 对象 * **响应**: 200 OK 请求示例(passwordHash为密码计算的sh256值,全小写) ```json { "username": "username", "password": "passwordHash" } ``` 示例代码 ```javascript const myHeaders = new Headers(); myHeaders.append("Content-Type", "application/json"); myHeaders.append("Authorization", ""); const raw = JSON.stringify({ "password": "", "username": "" }); const requestOptions = { method: "POST", headers: myHeaders, body: raw, redirect: "follow" }; fetch("//api/Auth/Login", requestOptions) .then((response) => response.text()) .then((result) => console.log(result)) .catch((error) => console.error(error)); ``` 返回示例 ```json { "success": true, "token": { "accessToken": "string", "refreshToken": "string", "expires": "2025-01-22T16:39:15.2904133+08:00" } } ``` *** ## **POST /api/Auth/Logout** * **描述**: 用户登出。 * **响应**: 200 OK {% hint style="info" %} 前端自行删除JWT token {% endhint %} *** ## **POST /api/Auth/Register** * **描述**: 用户注册。 * **请求体**: * `application/json`: `RegisterRequest` 对象 * `text/json`: `RegisterRequest` 对象 * `application/*+json`: `RegisterRequest` 对象 * **响应**: 200 OK 请求示例(password为sha256值) ```json { "username": "string", "password": "string", "email": "string" } ``` 返回示例 ```json { "success": true } ``` *** ## **POST /api/Auth/ChangePassword** * **描述**: 修改密码。 * **请求体**: * `application/json`: `ChangePasswordRequest` 对象 * `text/json`: `ChangePasswordRequest` 对象 * `application/*+json`: `ChangePasswordRequest` 对象 * **响应**: 200 OK 请求示例(password都为sha256值) ```json { "oldPassword": "string", "newPassword": "string" } ``` 示例代码 ```javascript const myHeaders = new Headers(); myHeaders.append("Content-Type", "application/json"); myHeaders.append("Authorization", ""); const raw = JSON.stringify({ "newPassword": "", "oldPassword": "" }); const requestOptions = { method: "POST", headers: myHeaders, body: raw, redirect: "follow" }; fetch("//api/Auth/ChangePassword", requestOptions) .then((response) => response.text()) .then((result) => console.log(result)) .catch((error) => console.error(error)); ``` 返回示例 ```json { "success": true } ``` *** ## **GET /api/Auth/Refresh** * **描述**: 刷新令牌。 * **响应**: 200 OK 请求示例 请求头携带Bearer {refresh token} 发送GET请求 返回示例 ```json { "success": true, "token": { "accessToken": "string", "refreshToken": "string", "expires": "2025-01-22T16:39:15.2904133+08:00" } } ``` *** ## **POST /api/Auth/ForgotPassword** * **描述**: 忘记密码。 * **请求体**: * `application/json`: `ForgotPasswordRequest` 对象 * `text/json`: `ForgotPasswordRequest` 对象 * `application/*+json`: `ForgotPasswordRequest` 对象 * **响应**: 200 OK 请求示例 ```json { "email": "string" } ``` 示例代码 ```javascript const myHeaders = new Headers(); myHeaders.append("Content-Type", "application/json"); myHeaders.append("Authorization", ""); const raw = JSON.stringify({ "email": "" }); const requestOptions = { method: "POST", headers: myHeaders, body: raw, redirect: "follow" }; fetch("//api/Auth/ForgotPassword", requestOptions) .then((response) => response.text()) .then((result) => console.log(result)) .catch((error) => console.error(error)); ``` ## GET api/Auth/Certificate 请求示例 ``` api/Auth/Certificate?token=xxx ``` 返回示例 ```json { "success": true } ``` **该接口用于验证忘记密码发送的邮件内的token是否有效** *** ## **POST /api/Auth/Reset** * **描述**: 重置用户密码。 * **请求体**: * `application/json`: `ResetPasswordRequest` 对象 * `text/json`: `ResetPasswordRequest` 对象 * `application/*+json`: `ResetPasswordRequest` 对象 * **请求体参数**: * `token` (string, required): 重置密码的令牌。 * `newPassword` (string, required): 新密码。 {% hint style="warning" %} newPassword为前端sha256小写值,请勿直接传输密码明文 {% endhint %} * **响应**: * **200 OK**: 密码重置成功。 * **400 Bad Request**: 令牌无效或已过期。 * **404 Not Found**: 用户不存在。 * **请求示例**: ```json { "token": "12345abcde", "newPassword": "newPassword123" } ``` * **示例代码**: ```javascript const myHeaders = new Headers(); myHeaders.append("Content-Type", "application/json"); myHeaders.append("Authorization", ""); const raw = JSON.stringify({ "token": "12345abcde", "newPassword": "newPassword123" }); const requestOptions = { method: "POST", headers: myHeaders, body: raw, redirect: "follow" }; fetch("/api/Auth/Reset", requestOptions) .then((response) => response.json()) .then((result) => console.log(result)) .catch((error) => console.error(error)); ``` * **返回示例**: * 成功: ```json { "success": true } ``` * 令牌无效或已过期: ```json { "success": false, "message": "Token is invalid or has expired." } ``` * 用户不存在: ```json { "success": false, "message": "User not found." } ``` #### **接口逻辑说明** 1. **验证令牌**: * 从缓存中查找与 `token` 对应的用户信息。 * 如果令牌无效或已过期,返回 `400 Bad Request`。 2. **查找用户**: * 根据缓存中的用户 ID 查找用户。 * 如果用户不存在,返回 `404 Not Found`。 3. **更新密码**: * 将用户密码更新为 `newPassword`。 * 清除缓存中的令牌。 4. **返回结果**: * 如果密码重置成功,返回 `200 OK` 和 `{ success: true }`。 --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://jeanhuas-organization.gitbook.io/imarket/api/auth-ren-zheng-yu-shou-quan.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.