{ "swagger": "2.0", "info": { "description": "用户身份认证与管理服务,提供注册、登录、用户管理、RBAC等功能", "title": "Identity Service API", "contact": {}, "version": "1.0.0" }, "basePath": "/api/v1", "paths": { "/admin/abac-policies": { "get": { "security": [ { "bearerAuth": [] } ], "description": "查询租户的ABAC条件策略列表,支持分页", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "角色权限" ], "summary": "查询ABAC策略列表", "parameters": [ { "type": "integer", "default": 1, "description": "页码", "name": "page", "in": "query" }, { "type": "integer", "default": 20, "description": "每页数量", "name": "page_size", "in": "query" } ], "responses": { "200": { "description": "策略列表", "schema": { "$ref": "#/definitions/dto.ListResponse-dto_ABACPolicyResponse" } }, "401": { "description": "未认证或令牌无效", "schema": { "$ref": "#/definitions/dto.Problem" } }, "403": { "description": "权限不足", "schema": { "$ref": "#/definitions/dto.Problem" } }, "404": { "description": "资源不存在", "schema": { "$ref": "#/definitions/dto.Problem" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/dto.Problem" } } } }, "post": { "security": [ { "bearerAuth": [] } ], "description": "创建新的ABAC条件策略", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "角色权限" ], "summary": "创建ABAC策略", "parameters": [ { "description": "创建策略请求", "name": "request", "in": "body", "required": true, "schema": { "$ref": "#/definitions/dto.CreateABACPolicyRequest" } } ], "responses": { "201": { "description": "创建成功", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.DataResponse-dto_ABACPolicyResponse" } }, "400": { "description": "请求参数错误", "schema": { "$ref": "#/definitions/dto.Problem" } }, "401": { "description": "未认证或令牌无效", "schema": { "$ref": "#/definitions/dto.Problem" } }, "403": { "description": "权限不足", "schema": { "$ref": "#/definitions/dto.Problem" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/dto.Problem" } } } } }, "/admin/abac-policies/{id}": { "get": { "security": [ { "bearerAuth": [] } ], "description": "根据策略ID获取ABAC策略详情", "tags": [ "角色权限" ], "summary": "获取ABAC策略详情", "parameters": [ { "type": "string", "description": "策略ID", "name": "id", "in": "path", "required": true } ], "responses": { "200": { "description": "策略详情", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.DataResponse-dto_ABACPolicyResponse" } }, "401": { "description": "未认证或令牌无效", "schema": { "$ref": "#/definitions/dto.Problem" } }, "403": { "description": "权限不足", "schema": { "$ref": "#/definitions/dto.Problem" } }, "404": { "description": "资源不存在", "schema": { "$ref": "#/definitions/dto.Problem" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/dto.Problem" } } } }, "put": { "security": [ { "bearerAuth": [] } ], "description": "更新指定ABAC策略的配置", "tags": [ "角色权限" ], "summary": "更新ABAC策略", "parameters": [ { "type": "string", "description": "策略ID", "name": "id", "in": "path", "required": true }, { "description": "更新策略请求", "name": "request", "in": "body", "required": true, "schema": { "$ref": "#/definitions/dto.UpdateABACPolicyRequest" } } ], "responses": { "200": { "description": "更新成功", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.DataResponse-dto_ABACPolicyResponse" } }, "400": { "description": "请求参数错误", "schema": { "$ref": "#/definitions/dto.Problem" } }, "401": { "description": "未认证或令牌无效", "schema": { "$ref": "#/definitions/dto.Problem" } }, "403": { "description": "权限不足", "schema": { "$ref": "#/definitions/dto.Problem" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/dto.Problem" } } } }, "delete": { "security": [ { "bearerAuth": [] } ], "description": "删除指定的ABAC条件策略", "tags": [ "角色权限" ], "summary": "删除ABAC策略", "parameters": [ { "type": "string", "description": "策略ID", "name": "id", "in": "path", "required": true } ], "responses": { "204": { "description": "删除成功" }, "400": { "description": "请求参数错误", "schema": { "$ref": "#/definitions/dto.Problem" } }, "401": { "description": "未认证或令牌无效", "schema": { "$ref": "#/definitions/dto.Problem" } }, "403": { "description": "权限不足", "schema": { "$ref": "#/definitions/dto.Problem" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/dto.Problem" } } } } }, "/admin/agents": { "get": { "security": [ { "bearerAuth": [] } ], "description": "查询 Non-Human Identity (NHI) Agent 列表,支持按状态和工作负载子类型过滤", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "Admin/Agents" ], "summary": "List Agents", "parameters": [ { "type": "string", "description": "租户ID", "name": "tenant_id", "in": "query", "required": true }, { "type": "string", "description": "状态过滤", "name": "status", "in": "query" }, { "type": "string", "description": "工作负载子类型", "name": "workload_subtype", "in": "query" }, { "type": "integer", "default": 1, "description": "页码", "name": "page", "in": "query" }, { "type": "integer", "default": 20, "description": "每页数量", "name": "page_size", "in": "query" } ], "responses": { "200": { "description": "Agent 列表", "schema": { "$ref": "#/definitions/dto.ListResponse-domain_AgentInfo" } } } }, "post": { "security": [ { "bearerAuth": [] } ], "description": "创建一个新的 Non-Human Identity (NHI) Agent", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "Admin/Agents" ], "summary": "Create Agent", "parameters": [ { "description": "创建 Agent 请求", "name": "request", "in": "body", "required": true, "schema": { "$ref": "#/definitions/domain.CreateAgentRequest" } } ], "responses": { "201": { "description": "创建的 Agent", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.DataResponse-domain_AgentInfo" } } } } }, "/admin/agents/{id}": { "get": { "security": [ { "bearerAuth": [] } ], "description": "获取指定 Non-Human Identity (NHI) Agent 的详细信息", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "Admin/Agents" ], "summary": "Get Agent", "parameters": [ { "type": "string", "description": "Agent ID", "name": "id", "in": "path", "required": true } ], "responses": { "200": { "description": "Agent 详情", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.DataResponse-domain_AgentInfo" } } } }, "put": { "security": [ { "bearerAuth": [] } ], "description": "更新指定 Non-Human Identity (NHI) Agent 的配置", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "Admin/Agents" ], "summary": "Update Agent", "parameters": [ { "type": "string", "description": "Agent ID", "name": "id", "in": "path", "required": true }, { "description": "更新 Agent 请求", "name": "request", "in": "body", "required": true, "schema": { "$ref": "#/definitions/domain.UpdateAgentRequest" } } ], "responses": { "200": { "description": "更新后的 Agent", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.DataResponse-domain_AgentInfo" } } } }, "delete": { "security": [ { "bearerAuth": [] } ], "description": "撤销指定的 Non-Human Identity (NHI) Agent(软删除,状态变为 revoked)", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "Admin/Agents" ], "summary": "Revoke Agent", "parameters": [ { "type": "string", "description": "Agent ID", "name": "id", "in": "path", "required": true } ], "responses": { "200": { "description": "撤销成功", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } } } } }, "/admin/agents/{id}/activity": { "get": { "security": [ { "bearerAuth": [] } ], "description": "获取指定 Agent 的活动日志", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "Admin/Agents" ], "summary": "Agent Activity", "parameters": [ { "type": "string", "description": "Agent ID", "name": "id", "in": "path", "required": true }, { "type": "integer", "default": 1, "description": "页码", "name": "page", "in": "query" }, { "type": "integer", "default": 20, "description": "每页数量", "name": "page_size", "in": "query" } ], "responses": { "200": { "description": "活动日志列表", "schema": { "type": "array", "items": { "type": "object" } } } } } }, "/admin/agents/{id}/credentials": { "get": { "security": [ { "bearerAuth": [] } ], "description": "获取指定 Agent 的凭证列表", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "Admin/Agents" ], "summary": "Agent Credentials", "parameters": [ { "type": "string", "description": "Agent ID", "name": "id", "in": "path", "required": true } ], "responses": { "200": { "description": "凭证列表", "schema": { "type": "array", "items": { "type": "object" } } } } } }, "/admin/agents/{id}/permissions": { "get": { "security": [ { "bearerAuth": [] } ], "description": "获取指定 Agent 的权限列表", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "Admin/Agents" ], "summary": "Agent Permissions", "parameters": [ { "type": "string", "description": "Agent ID", "name": "id", "in": "path", "required": true } ], "responses": { "200": { "description": "权限列表", "schema": { "type": "array", "items": { "type": "object" } } } } } }, "/admin/auth-policies": { "get": { "description": "分页获取所有租户的认证策略", "produces": [ "application/json" ], "tags": [ "认证策略管理" ], "summary": "获取租户认证策略列表", "parameters": [ { "type": "integer", "default": 1, "description": "页码", "name": "page", "in": "query" }, { "type": "integer", "default": 20, "description": "每页数量", "name": "page_size", "in": "query" } ], "responses": { "200": { "description": "策略列表", "schema": { "$ref": "#/definitions/dto.TenantAuthPolicyListResponse" } } } } }, "/admin/auth-policies/{tenant_id}": { "get": { "description": "获取指定租户的认证策略配置", "produces": [ "application/json" ], "tags": [ "认证策略管理" ], "summary": "获取租户认证策略", "parameters": [ { "type": "string", "description": "租户ID", "name": "tenant_id", "in": "path", "required": true } ], "responses": { "200": { "description": "策略详情", "schema": { "$ref": "#/definitions/dto.TenantAuthPolicyResponse" } } } }, "put": { "description": "创建或更新指定租户的认证策略(部分更新,未设置的字段保持默认值)", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "认证策略管理" ], "summary": "更新租户认证策略", "parameters": [ { "type": "string", "description": "租户ID", "name": "tenant_id", "in": "path", "required": true }, { "description": "策略配置", "name": "policy", "in": "body", "required": true, "schema": { "$ref": "#/definitions/dto.TenantAuthPolicyRequest" } } ], "responses": { "200": { "description": "更新后的策略", "schema": { "$ref": "#/definitions/dto.TenantAuthPolicyResponse" } } } }, "delete": { "description": "删除指定租户的认证策略配置,删除后将使用系统默认策略", "produces": [ "application/json" ], "tags": [ "认证策略管理" ], "summary": "删除租户认证策略", "parameters": [ { "type": "string", "description": "租户ID", "name": "tenant_id", "in": "path", "required": true } ], "responses": { "200": { "description": "删除成功", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } } } } }, "/admin/auth/api-keys": { "get": { "security": [ { "bearerAuth": [] } ], "description": "管理员查看租户下所有 API Key(不限制所属用户)", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "API Key" ], "summary": "管理员查询 API Key 列表", "parameters": [ { "type": "integer", "default": 1, "description": "页码", "name": "page", "in": "query" }, { "type": "integer", "default": 20, "description": "每页数量", "name": "page_size", "in": "query" }, { "type": "string", "description": "状态筛选: active/inactive/revoked", "name": "status", "in": "query" }, { "type": "string", "description": "环境筛选: live/test", "name": "environment", "in": "query" }, { "type": "string", "description": "搜索名称或前缀", "name": "search", "in": "query" } ], "responses": { "200": { "description": "API Key 列表", "schema": { "$ref": "#/definitions/dto.ApiKeyListResponse" } }, "401": { "description": "未认证或令牌无效", "schema": { "$ref": "#/definitions/dto.Problem" } }, "403": { "description": "权限不足", "schema": { "$ref": "#/definitions/dto.Problem" } }, "404": { "description": "资源不存在", "schema": { "$ref": "#/definitions/dto.Problem" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/dto.Problem" } } } } }, "/admin/auth/api-keys/anomalies": { "get": { "security": [ { "bearerAuth": [] } ], "description": "扫描审计日志检测异常模式:高失败率、多IP调用等", "tags": [ "API Key" ], "summary": "安全异常检测", "responses": { "200": { "description": "异常列表", "schema": { "allOf": [ { "$ref": "#/definitions/gitee_com_linmes_authms_micro-services_identity-service_internal_handler_dto.DataResponse" }, { "type": "object", "properties": { "data": { "type": "array", "items": { "$ref": "#/definitions/dto.ApiKeyAnomalyResponse" } } } } ] } }, "401": { "description": "未认证或令牌无效", "schema": { "$ref": "#/definitions/dto.Problem" } }, "403": { "description": "权限不足", "schema": { "$ref": "#/definitions/dto.Problem" } }, "404": { "description": "资源不存在", "schema": { "$ref": "#/definitions/dto.Problem" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/dto.Problem" } } } } }, "/admin/auth/api-keys/batch-revoke": { "post": { "security": [ { "bearerAuth": [] } ], "description": "一次吊销多个 API Key(软删除,保留审计记录)", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "API Key" ], "summary": "批量吊销 API Key", "parameters": [ { "description": "批量吊销请求", "name": "request", "in": "body", "required": true, "schema": { "$ref": "#/definitions/dto.BatchRevokeRequest" } } ], "responses": { "200": { "description": "吊销结果", "schema": { "allOf": [ { "$ref": "#/definitions/gitee_com_linmes_authms_micro-services_identity-service_internal_handler_dto.DataResponse" }, { "type": "object", "properties": { "data": { "$ref": "#/definitions/dto.BatchRevokeResponse" } } } ] } }, "400": { "description": "请求参数错误", "schema": { "$ref": "#/definitions/dto.Problem" } }, "401": { "description": "未认证或令牌无效", "schema": { "$ref": "#/definitions/dto.Problem" } }, "403": { "description": "权限不足", "schema": { "$ref": "#/definitions/dto.Problem" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/dto.Problem" } } } } }, "/admin/auth/api-keys/cleanup-audit-logs": { "post": { "security": [ { "bearerAuth": [] } ], "description": "删除超过指定天数的 API Key 审计日志(内部管理)", "tags": [ "API Key" ], "summary": "清理旧审计日志", "parameters": [ { "type": "integer", "default": 90, "description": "保留天数", "name": "days", "in": "query" } ], "responses": { "200": { "description": "清理结果", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_micro-services_identity-service_internal_handler_dto.DataResponse" } }, "400": { "description": "请求参数错误", "schema": { "$ref": "#/definitions/dto.Problem" } }, "401": { "description": "未认证或令牌无效", "schema": { "$ref": "#/definitions/dto.Problem" } }, "403": { "description": "权限不足", "schema": { "$ref": "#/definitions/dto.Problem" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/dto.Problem" } } } } }, "/admin/auth/api-keys/expiring": { "get": { "security": [ { "bearerAuth": [] } ], "description": "查询租户下将在 N 天内过期的活跃 API Key", "tags": [ "API Key" ], "summary": "获取即将过期的 API Key", "parameters": [ { "type": "integer", "default": 7, "description": "过期天数范围", "name": "days", "in": "query" }, { "type": "integer", "default": 1, "description": "页码", "name": "page", "in": "query" }, { "type": "integer", "default": 20, "description": "每页数量", "name": "page_size", "in": "query" } ], "responses": { "200": { "description": "即将过期的 Key 列表", "schema": { "$ref": "#/definitions/dto.ApiKeyListResponse" } }, "401": { "description": "未认证或令牌无效", "schema": { "$ref": "#/definitions/dto.Problem" } }, "403": { "description": "权限不足", "schema": { "$ref": "#/definitions/dto.Problem" } }, "404": { "description": "资源不存在", "schema": { "$ref": "#/definitions/dto.Problem" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/dto.Problem" } } } } }, "/admin/auth/api-keys/stats": { "get": { "security": [ { "bearerAuth": [] } ], "description": "获取租户下 API Key 的汇总统计(总量/活跃/已吊销)", "tags": [ "API Key" ], "summary": "管理员 API Key 统计", "responses": { "200": { "description": "统计结果", "schema": { "allOf": [ { "$ref": "#/definitions/gitee_com_linmes_authms_micro-services_identity-service_internal_handler_dto.DataResponse" }, { "type": "object", "properties": { "data": { "$ref": "#/definitions/dto.AdminStatsData" } } } ] } }, "401": { "description": "未认证或令牌无效", "schema": { "$ref": "#/definitions/dto.Problem" } }, "403": { "description": "权限不足", "schema": { "$ref": "#/definitions/dto.Problem" } }, "404": { "description": "资源不存在", "schema": { "$ref": "#/definitions/dto.Problem" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/dto.Problem" } } } } }, "/admin/auth/api-keys/{id}/force": { "delete": { "security": [ { "bearerAuth": [] } ], "description": "管理员强制吊销任意 API Key,记录操作者信息", "tags": [ "API Key" ], "summary": "管理员强制吊销 API Key", "responses": { "204": { "description": "吊销成功" }, "400": { "description": "请求参数错误", "schema": { "$ref": "#/definitions/dto.Problem" } }, "401": { "description": "未认证或令牌无效", "schema": { "$ref": "#/definitions/dto.Problem" } }, "403": { "description": "权限不足", "schema": { "$ref": "#/definitions/dto.Problem" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/dto.Problem" } } } } }, "/admin/identity-providers": { "get": { "security": [ { "bearerAuth": [] } ], "description": "分页查询身份提供商列表,支持按类型和状态过滤", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "身份提供商" ], "summary": "列出身份提供商", "parameters": [ { "type": "string", "description": "提供商类型过滤", "name": "type", "in": "query" }, { "type": "string", "description": "状态过滤: active/inactive", "name": "status", "in": "query" }, { "type": "integer", "default": 1, "description": "页码", "name": "page", "in": "query" }, { "type": "integer", "default": 20, "description": "每页条数", "name": "page_size", "in": "query" } ], "responses": { "200": { "description": "OK", "schema": { "$ref": "#/definitions/dto.IDPListResponse" } }, "401": { "description": "Unauthorized", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } }, "500": { "description": "Internal Server Error", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } } } }, "post": { "security": [ { "bearerAuth": [] } ], "description": "创建新的身份提供商(OAuth/OIDC/SAML/Social)", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "身份提供商" ], "summary": "创建身份提供商", "parameters": [ { "description": "创建请求", "name": "body", "in": "body", "required": true, "schema": { "$ref": "#/definitions/dto.CreateIDPRequest" } } ], "responses": { "200": { "description": "OK", "schema": { "$ref": "#/definitions/dto.IDPDetailResponse" } }, "400": { "description": "Bad Request", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } }, "401": { "description": "Unauthorized", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } }, "500": { "description": "Internal Server Error", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } } } } }, "/admin/identity-providers/import-oidc-discovery": { "post": { "security": [ { "bearerAuth": [] } ], "description": "从OIDC discovery URL导入身份提供商配置", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "身份提供商" ], "summary": "导入OIDC Discovery", "parameters": [ { "description": "OIDC discovery URL", "name": "body", "in": "body", "required": true, "schema": { "$ref": "#/definitions/dto.ImportOIDCDiscoveryRequest" } } ], "responses": { "200": { "description": "OK", "schema": { "$ref": "#/definitions/dto.IDPDetailResponse" } }, "400": { "description": "Bad Request", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } }, "401": { "description": "Unauthorized", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } }, "500": { "description": "Internal Server Error", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } } } } }, "/admin/identity-providers/import-saml-metadata": { "post": { "security": [ { "bearerAuth": [] } ], "description": "从SAML metadata URL导入身份提供商配置", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "身份提供商" ], "summary": "导入SAML Metadata", "parameters": [ { "description": "SAML metadata URL", "name": "body", "in": "body", "required": true, "schema": { "$ref": "#/definitions/dto.ImportSAMLMetadataRequest" } } ], "responses": { "200": { "description": "OK", "schema": { "$ref": "#/definitions/dto.IDPDetailResponse" } }, "400": { "description": "Bad Request", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } }, "401": { "description": "Unauthorized", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } }, "500": { "description": "Internal Server Error", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } } } } }, "/admin/identity-providers/{id}": { "get": { "security": [ { "bearerAuth": [] } ], "description": "获取指定身份提供商的详细配置", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "身份提供商" ], "summary": "获取身份提供商详情", "parameters": [ { "type": "string", "description": "提供商ID", "name": "id", "in": "path", "required": true } ], "responses": { "200": { "description": "OK", "schema": { "$ref": "#/definitions/dto.IDPDetailResponse" } }, "401": { "description": "Unauthorized", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } }, "404": { "description": "Not Found", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } }, "500": { "description": "Internal Server Error", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } } } }, "put": { "security": [ { "bearerAuth": [] } ], "description": "更新身份提供商的配置信息", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "身份提供商" ], "summary": "更新身份提供商", "parameters": [ { "type": "string", "description": "提供商ID", "name": "id", "in": "path", "required": true }, { "description": "更新请求", "name": "body", "in": "body", "required": true, "schema": { "$ref": "#/definitions/dto.UpdateIDPRequest" } } ], "responses": { "200": { "description": "OK", "schema": { "$ref": "#/definitions/dto.IDPDetailResponse" } }, "400": { "description": "Bad Request", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } }, "401": { "description": "Unauthorized", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } }, "404": { "description": "Not Found", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } }, "500": { "description": "Internal Server Error", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } } } }, "delete": { "security": [ { "bearerAuth": [] } ], "description": "删除指定的身份提供商", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "身份提供商" ], "summary": "删除身份提供商", "parameters": [ { "type": "string", "description": "提供商ID", "name": "id", "in": "path", "required": true } ], "responses": { "200": { "description": "OK", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } }, "401": { "description": "Unauthorized", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } }, "404": { "description": "Not Found", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } }, "500": { "description": "Internal Server Error", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } } } } }, "/admin/identity-providers/{id}/activate": { "post": { "security": [ { "bearerAuth": [] } ], "description": "将指定身份提供商状态设置为 active", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "身份提供商" ], "summary": "启用身份提供商", "parameters": [ { "type": "string", "description": "提供商ID", "name": "id", "in": "path", "required": true } ], "responses": { "200": { "description": "OK", "schema": { "$ref": "#/definitions/dto.IDPDetailResponse" } }, "401": { "description": "Unauthorized", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } }, "404": { "description": "Not Found", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } }, "500": { "description": "Internal Server Error", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } } } } }, "/admin/identity-providers/{id}/attribute-mapping": { "get": { "security": [ { "bearerAuth": [] } ], "description": "获取身份提供商的属性映射配置", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "身份提供商" ], "summary": "获取属性映射", "parameters": [ { "type": "string", "description": "身份提供商ID", "name": "id", "in": "path", "required": true } ], "responses": { "200": { "description": "OK", "schema": { "type": "object" } }, "401": { "description": "Unauthorized", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } }, "404": { "description": "Not Found", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } }, "500": { "description": "Internal Server Error", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } } } }, "put": { "security": [ { "bearerAuth": [] } ], "description": "更新身份提供商的属性映射配置", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "身份提供商" ], "summary": "更新属性映射", "parameters": [ { "type": "string", "description": "身份提供商ID", "name": "id", "in": "path", "required": true }, { "description": "属性映射", "name": "body", "in": "body", "required": true, "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_micro-services_identity-service_internal_handler_dto.UpdateAttributeMappingRequest" } } ], "responses": { "200": { "description": "OK", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } }, "400": { "description": "Bad Request", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } }, "401": { "description": "Unauthorized", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } }, "404": { "description": "Not Found", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } }, "500": { "description": "Internal Server Error", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } } } } }, "/admin/identity-providers/{id}/certificates": { "get": { "security": [ { "bearerAuth": [] } ], "description": "分页列出指定身份提供商的证书", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "身份提供商" ], "summary": "列出证书", "parameters": [ { "type": "string", "description": "提供商ID", "name": "id", "in": "path", "required": true }, { "type": "integer", "default": 1, "description": "页码", "name": "page", "in": "query" }, { "type": "integer", "default": 20, "description": "每页条数", "name": "page_size", "in": "query" } ], "responses": { "200": { "description": "OK", "schema": { "$ref": "#/definitions/dto.CertificateListResponse" } }, "401": { "description": "Unauthorized", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } }, "500": { "description": "Internal Server Error", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } } } }, "post": { "security": [ { "bearerAuth": [] } ], "description": "为身份提供商上传签名/加密证书", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "身份提供商" ], "summary": "上传证书", "parameters": [ { "type": "string", "description": "提供商ID", "name": "id", "in": "path", "required": true }, { "description": "证书信息", "name": "body", "in": "body", "required": true, "schema": { "$ref": "#/definitions/dto.CreateCertificateRequest" } } ], "responses": { "200": { "description": "OK", "schema": { "$ref": "#/definitions/dto.CertificateDetailResponse" } }, "400": { "description": "Bad Request", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } }, "401": { "description": "Unauthorized", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } }, "404": { "description": "Not Found", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } }, "500": { "description": "Internal Server Error", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } } } } }, "/admin/identity-providers/{id}/certificates/{cert_id}": { "delete": { "security": [ { "bearerAuth": [] } ], "description": "吊销并删除指定证书", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "身份提供商" ], "summary": "删除证书", "parameters": [ { "type": "string", "description": "提供商ID", "name": "id", "in": "path", "required": true }, { "type": "string", "description": "证书ID", "name": "cert_id", "in": "path", "required": true } ], "responses": { "200": { "description": "OK", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } }, "401": { "description": "Unauthorized", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } }, "404": { "description": "Not Found", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } }, "500": { "description": "Internal Server Error", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } } } } }, "/admin/identity-providers/{id}/certificates/{cert_id}/rotate": { "post": { "security": [ { "bearerAuth": [] } ], "description": "吊销旧证书并上传新证书", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "身份提供商" ], "summary": "证书轮转", "parameters": [ { "type": "string", "description": "提供商ID", "name": "id", "in": "path", "required": true }, { "type": "string", "description": "旧证书ID", "name": "cert_id", "in": "path", "required": true }, { "description": "新证书信息", "name": "body", "in": "body", "required": true, "schema": { "$ref": "#/definitions/dto.RotateCertificateRequest" } } ], "responses": { "200": { "description": "OK", "schema": { "$ref": "#/definitions/dto.CertificateDetailResponse" } }, "400": { "description": "Bad Request", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } }, "401": { "description": "Unauthorized", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } }, "404": { "description": "Not Found", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } }, "500": { "description": "Internal Server Error", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } } } } }, "/admin/identity-providers/{id}/deactivate": { "post": { "security": [ { "bearerAuth": [] } ], "description": "将指定身份提供商状态设置为 inactive", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "身份提供商" ], "summary": "停用身份提供商", "parameters": [ { "type": "string", "description": "提供商ID", "name": "id", "in": "path", "required": true } ], "responses": { "200": { "description": "OK", "schema": { "$ref": "#/definitions/dto.IDPDetailResponse" } }, "401": { "description": "Unauthorized", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } }, "404": { "description": "Not Found", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } }, "500": { "description": "Internal Server Error", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } } } } }, "/admin/identity-providers/{id}/jit-config": { "get": { "security": [ { "bearerAuth": [] } ], "description": "获取身份提供商的JIT(Just-In-Time)配置", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "身份提供商" ], "summary": "获取JIT配置", "parameters": [ { "type": "string", "description": "提供商ID", "name": "id", "in": "path", "required": true } ], "responses": { "200": { "description": "OK", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } }, "401": { "description": "Unauthorized", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } }, "404": { "description": "Not Found", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } }, "500": { "description": "Internal Server Error", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } } } }, "put": { "security": [ { "bearerAuth": [] } ], "description": "更新身份提供商的JIT(Just-In-Time)配置", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "身份提供商" ], "summary": "更新JIT配置", "parameters": [ { "type": "string", "description": "提供商ID", "name": "id", "in": "path", "required": true }, { "description": "JIT配置体", "name": "body", "in": "body", "required": true, "schema": { "$ref": "#/definitions/dto.UpdateJITConfigRequest" } } ], "responses": { "200": { "description": "OK", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } }, "400": { "description": "Bad Request", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } }, "401": { "description": "Unauthorized", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } }, "404": { "description": "Not Found", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } }, "500": { "description": "Internal Server Error", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } } } } }, "/admin/identity-providers/{id}/stats": { "get": { "security": [ { "bearerAuth": [] } ], "description": "获取身份提供商的使用统计数据(用户数、登录次数、最后登录时间)", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "身份提供商" ], "summary": "获取提供商统计", "parameters": [ { "type": "string", "description": "提供商ID", "name": "id", "in": "path", "required": true } ], "responses": { "200": { "description": "OK", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } }, "401": { "description": "Unauthorized", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } }, "404": { "description": "Not Found", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } }, "500": { "description": "Internal Server Error", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } } } } }, "/admin/identity-providers/{id}/test": { "post": { "security": [ { "bearerAuth": [] } ], "description": "测试指定身份提供商的连接配置是否有效", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "身份提供商" ], "summary": "测试身份提供商连接", "parameters": [ { "type": "string", "description": "提供商ID", "name": "id", "in": "path", "required": true } ], "responses": { "200": { "description": "OK", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } }, "400": { "description": "Bad Request", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } }, "401": { "description": "Unauthorized", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } }, "404": { "description": "Not Found", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } }, "500": { "description": "Internal Server Error", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } } } } }, "/admin/identity-providers/{id}/users": { "get": { "security": [ { "bearerAuth": [] } ], "description": "分页查询通过指定身份提供商登录的用户列表", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "身份提供商" ], "summary": "获取提供商关联用户", "parameters": [ { "type": "string", "description": "提供商ID", "name": "id", "in": "path", "required": true }, { "type": "integer", "default": 1, "description": "页码", "name": "page", "in": "query" }, { "type": "integer", "default": 20, "description": "每页条数", "name": "page_size", "in": "query" } ], "responses": { "200": { "description": "OK", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } }, "401": { "description": "Unauthorized", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } }, "404": { "description": "Not Found", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } }, "500": { "description": "Internal Server Error", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } } } } }, "/admin/impersonate": { "post": { "security": [ { "bearerAuth": [] } ], "description": "管理员直接以目标用户身份登录,返回access_token/refresh_token,需要super_admin角色", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "账户管理" ], "summary": "管理员模拟用户登录", "parameters": [ { "description": "模拟请求", "name": "request", "in": "body", "required": true, "schema": { "$ref": "#/definitions/dto.AdminImpersonateRequest" } } ], "responses": { "200": { "description": "模拟成功", "schema": { "$ref": "#/definitions/dto.AdminImpersonateResponseWrapper" } }, "400": { "description": "请求参数错误", "schema": { "$ref": "#/definitions/dto.Problem" } }, "401": { "description": "未认证或令牌无效", "schema": { "$ref": "#/definitions/dto.Problem" } }, "403": { "description": "权限不足", "schema": { "$ref": "#/definitions/dto.Problem" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/dto.Problem" } } } } }, "/admin/iots": { "get": { "security": [ { "bearerAuth": [] } ], "description": "查询 Non-Human Identity (NHI) IoT Device 列表,支持按状态和工作负载子类型过滤", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "Admin/IoTs" ], "summary": "List Devices", "parameters": [ { "type": "string", "description": "状态过滤", "name": "status", "in": "query" }, { "type": "string", "description": "工作负载子类型", "name": "workload_subtype", "in": "query" }, { "type": "integer", "default": 1, "description": "页码", "name": "page", "in": "query" }, { "type": "integer", "default": 20, "description": "每页数量", "name": "page_size", "in": "query" } ], "responses": { "200": { "description": "IoT Device 列表", "schema": { "$ref": "#/definitions/dto.ListResponse-gitee_com_linmes_authms_micro-services_identity-service_internal_device_domain_DeviceInfo" } } } }, "post": { "security": [ { "bearerAuth": [] } ], "description": "创建一个新的 Non-Human Identity (NHI) IoT Device", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "Admin/IoTs" ], "summary": "Create Device", "parameters": [ { "description": "创建设备请求", "name": "request", "in": "body", "required": true, "schema": { "$ref": "#/definitions/domain.CreateDeviceRequest" } } ], "responses": { "201": { "description": "创建的 Device", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.DataResponse-gitee_com_linmes_authms_micro-services_identity-service_internal_device_domain_DeviceInfo" } } } } }, "/admin/iots/{id}": { "get": { "security": [ { "bearerAuth": [] } ], "description": "获取指定 Non-Human Identity (NHI) IoT Device 的详细信息", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "Admin/IoTs" ], "summary": "Get Device", "parameters": [ { "type": "string", "description": "设备 ID", "name": "id", "in": "path", "required": true } ], "responses": { "200": { "description": "设备详情", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.DataResponse-gitee_com_linmes_authms_micro-services_identity-service_internal_device_domain_DeviceInfo" } } } }, "put": { "security": [ { "bearerAuth": [] } ], "description": "更新指定 Non-Human Identity (NHI) IoT Device 的配置", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "Admin/IoTs" ], "summary": "Update Device", "parameters": [ { "type": "string", "description": "设备 ID", "name": "id", "in": "path", "required": true }, { "description": "更新设备请求", "name": "request", "in": "body", "required": true, "schema": { "$ref": "#/definitions/domain.UpdateDeviceRequest" } } ], "responses": { "200": { "description": "更新后的 Device", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.DataResponse-gitee_com_linmes_authms_micro-services_identity-service_internal_device_domain_DeviceInfo" } } } }, "delete": { "security": [ { "bearerAuth": [] } ], "description": "撤销指定的 Non-Human Identity (NHI) IoT Device(软删除,状态变为 revoked)", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "Admin/IoTs" ], "summary": "Revoke Device", "parameters": [ { "type": "string", "description": "设备 ID", "name": "id", "in": "path", "required": true } ], "responses": { "200": { "description": "撤销成功", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } } } } }, "/admin/policies/nhi": { "get": { "security": [ { "bearerAuth": [] } ], "description": "获取当前租户的NHI(非人类身份)策略配置,包括Agent/Robot/Device限制和默认值", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "NHI管理" ], "summary": "获取NHI策略", "responses": { "200": { "description": "当前NHI策略", "schema": { "$ref": "#/definitions/dto.NHIPolicyResponseWrapper" } }, "401": { "description": "未认证或令牌无效", "schema": { "$ref": "#/definitions/dto.Problem" } }, "403": { "description": "权限不足", "schema": { "$ref": "#/definitions/dto.Problem" } }, "404": { "description": "资源不存在", "schema": { "$ref": "#/definitions/dto.Problem" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/dto.Problem" } } } }, "put": { "security": [ { "bearerAuth": [] } ], "description": "更新当前租户的NHI(非人类身份)策略配置", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "NHI管理" ], "summary": "更新NHI策略", "parameters": [ { "description": "NHI策略更新请求", "name": "request", "in": "body", "required": true, "schema": { "$ref": "#/definitions/dto.NHIPolicyRequest" } } ], "responses": { "200": { "description": "更新后的NHI策略", "schema": { "$ref": "#/definitions/dto.NHIPolicyResponseWrapper" } }, "400": { "description": "请求参数错误", "schema": { "$ref": "#/definitions/dto.Problem" } }, "401": { "description": "未认证或令牌无效", "schema": { "$ref": "#/definitions/dto.Problem" } }, "403": { "description": "权限不足", "schema": { "$ref": "#/definitions/dto.Problem" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/dto.Problem" } } } } }, "/admin/relationships/check": { "post": { "security": [ { "bearerAuth": [] } ], "description": "基于关系型访问控制模型,检查指定主体对目标对象的关系是否存在", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "角色权限" ], "summary": "检查关系权限", "parameters": [ { "description": "关系检查请求", "name": "request", "in": "body", "required": true, "schema": { "$ref": "#/definitions/handler.rebacCheckRequest" } } ], "responses": { "200": { "description": "检查结果", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.DataResponse-handler_rebacCheckResponse" } }, "400": { "description": "请求参数无效", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } }, "500": { "description": "内部错误", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } } } } }, "/admin/relationships/expand": { "get": { "security": [ { "bearerAuth": [] } ], "description": "展开指定对象的关系树,返回所有相关的用户主体和用户集合", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "角色权限" ], "summary": "展开关系树", "parameters": [ { "type": "string", "description": "对象类型", "name": "object_type", "in": "query", "required": true }, { "type": "string", "description": "对象ID", "name": "object_id", "in": "query", "required": true }, { "type": "string", "description": "关系名称", "name": "relation", "in": "query", "required": true } ], "responses": { "200": { "description": "关系展开树", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.DataResponse-any" } }, "400": { "description": "参数无效", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } }, "500": { "description": "内部错误", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } } } } }, "/admin/robots": { "get": { "security": [ { "bearerAuth": [] } ], "description": "Query Non-Human Identity (NHI) Robot list", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "Admin/Robots" ], "summary": "List Robots", "parameters": [ { "type": "string", "description": "Status filter", "name": "status", "in": "query" }, { "type": "string", "description": "Workload subtype filter", "name": "workload_subtype", "in": "query" }, { "type": "integer", "default": 1, "description": "Page number", "name": "page", "in": "query" }, { "type": "integer", "default": 20, "description": "Page size", "name": "page_size", "in": "query" } ], "responses": { "200": { "description": "Robot list", "schema": { "$ref": "#/definitions/dto.ListResponse-domain_RobotInfo" } } } }, "post": { "security": [ { "bearerAuth": [] } ], "description": "Create a new Non-Human Identity (NHI) Robot", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "Admin/Robots" ], "summary": "Create Robot", "parameters": [ { "description": "Create Robot request", "name": "request", "in": "body", "required": true, "schema": { "$ref": "#/definitions/domain.CreateRobotRequest" } } ], "responses": { "201": { "description": "Created Robot", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.DataResponse-domain_RobotInfo" } } } } }, "/admin/robots/{id}": { "get": { "security": [ { "bearerAuth": [] } ], "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "Admin/Robots" ], "summary": "Get Robot", "parameters": [ { "type": "string", "description": "Robot ID", "name": "id", "in": "path", "required": true } ], "responses": { "200": { "description": "Robot details", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.DataResponse-domain_RobotInfo" } } } }, "put": { "security": [ { "bearerAuth": [] } ], "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "Admin/Robots" ], "summary": "Update Robot", "parameters": [ { "type": "string", "description": "Robot ID", "name": "id", "in": "path", "required": true }, { "description": "Update Robot request", "name": "request", "in": "body", "required": true, "schema": { "$ref": "#/definitions/domain.UpdateRobotRequest" } } ], "responses": { "200": { "description": "Updated Robot", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.DataResponse-domain_RobotInfo" } } } }, "delete": { "security": [ { "bearerAuth": [] } ], "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "Admin/Robots" ], "summary": "Delete Robot", "parameters": [ { "type": "string", "description": "Robot ID", "name": "id", "in": "path", "required": true } ], "responses": { "200": { "description": "Deleted", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } } } } }, "/admin/robots/{id}/commission": { "post": { "security": [ { "bearerAuth": [] } ], "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "Admin/Robots" ], "summary": "Commission Robot", "parameters": [ { "type": "string", "description": "Robot ID", "name": "id", "in": "path", "required": true } ], "responses": { "200": { "description": "Commissioned Robot", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.DataResponse-domain_RobotInfo" } } } } }, "/admin/robots/{id}/decommission": { "post": { "security": [ { "bearerAuth": [] } ], "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "Admin/Robots" ], "summary": "Decommission Robot", "parameters": [ { "type": "string", "description": "Robot ID", "name": "id", "in": "path", "required": true } ], "responses": { "200": { "description": "Decommissioned Robot", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.DataResponse-domain_RobotInfo" } } } } }, "/admin/robots/{id}/intent": { "post": { "security": [ { "bearerAuth": [] } ], "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "Admin/Robots" ], "summary": "Issue Intent Token", "parameters": [ { "type": "string", "description": "Robot ID", "name": "id", "in": "path", "required": true }, { "description": "Intent Token request", "name": "request", "in": "body", "required": true, "schema": { "$ref": "#/definitions/handler.IssueIntentTokenRequest" } } ], "responses": { "200": { "description": "Intent Token", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.DataResponse-handler_IssueIntentTokenResponse" } } } } }, "/admin/robots/{id}/intent/revoke": { "post": { "security": [ { "bearerAuth": [] } ], "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "Admin/Robots" ], "summary": "Revoke Intent Token", "parameters": [ { "type": "string", "description": "Robot ID", "name": "id", "in": "path", "required": true }, { "description": "Revoke intent token request", "name": "request", "in": "body", "required": true, "schema": { "$ref": "#/definitions/handler.RevokeIntentTokenRequest" } } ], "responses": { "200": { "description": "Revoked", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } } } } }, "/admin/role-activations": { "get": { "security": [ { "bearerAuth": [] } ], "description": "管理员分页查询所有角色激活记录,支持按状态过滤", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "角色权限" ], "summary": "查询角色激活记录", "parameters": [ { "type": "string", "description": "激活状态过滤", "name": "status", "in": "query" }, { "type": "integer", "default": 1, "description": "页码", "name": "page", "in": "query" }, { "type": "integer", "default": 20, "description": "每页数量", "name": "page_size", "in": "query" } ], "responses": { "200": { "description": "角色激活列表", "schema": { "$ref": "#/definitions/dto.ListResponse-dto_ActivationResponse" } }, "400": { "description": "请求参数无效", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } } } } }, "/admin/role-activations/{id}/approve": { "post": { "security": [ { "bearerAuth": [] } ], "description": "管理员批准待处理的角色激活请求", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "角色权限" ], "summary": "批准角色激活", "parameters": [ { "type": "string", "description": "激活记录ID", "name": "id", "in": "path", "required": true } ], "responses": { "200": { "description": "批准成功", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "400": { "description": "请求参数无效", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } } } } }, "/admin/role-activations/{id}/revoke": { "post": { "security": [ { "bearerAuth": [] } ], "description": "管理员撤销正在生效的角色激活,立即移除用户的提权权限", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "角色权限" ], "summary": "撤销角色激活", "parameters": [ { "type": "string", "description": "激活记录ID", "name": "id", "in": "path", "required": true }, { "description": "撤销请求", "name": "request", "in": "body", "required": true, "schema": { "$ref": "#/definitions/dto.RevokeActivationRequest" } } ], "responses": { "200": { "description": "撤销成功", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "400": { "description": "请求参数无效", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } } } } }, "/admin/saml/providers": { "get": { "security": [ { "bearerAuth": [] } ], "description": "获取当前租户的所有SAML身份提供商列表", "produces": [ "application/json" ], "tags": [ "SAML Admin" ], "summary": "列出SAML IdP", "parameters": [ { "type": "integer", "default": 1, "description": "页码", "name": "page", "in": "query" }, { "type": "integer", "default": 20, "description": "每页数量", "name": "page_size", "in": "query" } ], "responses": { "200": { "description": "OK", "schema": { "$ref": "#/definitions/dto.SamlProviderListDetailResponse" } } } }, "post": { "security": [ { "bearerAuth": [] } ], "description": "注册一个新的SAML身份提供商配置", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "SAML Admin" ], "summary": "注册SAML IdP", "parameters": [ { "description": "SAML IdP配置", "name": "body", "in": "body", "required": true, "schema": { "$ref": "#/definitions/dto.SamlProviderRequest" } } ], "responses": { "200": { "description": "OK", "schema": { "$ref": "#/definitions/dto.SamlProviderItemDetailResponse" } } } } }, "/admin/saml/providers/{id}": { "get": { "security": [ { "bearerAuth": [] } ], "description": "根据ID获取SAML身份提供商详情", "produces": [ "application/json" ], "tags": [ "SAML Admin" ], "summary": "获取SAML IdP详情", "parameters": [ { "type": "string", "description": "SAML IdP ID", "name": "id", "in": "path", "required": true } ], "responses": { "200": { "description": "OK", "schema": { "$ref": "#/definitions/dto.SamlProviderItemDetailResponse" } } } }, "put": { "security": [ { "bearerAuth": [] } ], "description": "更新SAML身份提供商配置", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "SAML Admin" ], "summary": "更新SAML IdP", "parameters": [ { "type": "string", "description": "SAML IdP ID", "name": "id", "in": "path", "required": true }, { "description": "SAML IdP更新配置", "name": "body", "in": "body", "required": true, "schema": { "$ref": "#/definitions/dto.SamlProviderRequest" } } ], "responses": { "200": { "description": "OK", "schema": { "$ref": "#/definitions/dto.SamlProviderItemDetailResponse" } } } }, "delete": { "security": [ { "bearerAuth": [] } ], "description": "删除SAML身份提供商配置", "produces": [ "application/json" ], "tags": [ "SAML Admin" ], "summary": "删除SAML IdP", "parameters": [ { "type": "string", "description": "SAML IdP ID", "name": "id", "in": "path", "required": true } ], "responses": { "200": { "description": "OK", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } } } } }, "/admin/saml/providers/{id}/attribute-mapping": { "put": { "security": [ { "bearerAuth": [] } ], "description": "更新SAML IdP的属性映射配置", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "SAML Admin" ], "summary": "更新属性映射", "parameters": [ { "type": "string", "description": "SAML IdP ID", "name": "id", "in": "path", "required": true }, { "description": "属性映射", "name": "body", "in": "body", "required": true, "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_micro-services_identity-service_internal_saml_handler_dto.UpdateAttributeMappingRequest" } } ], "responses": { "200": { "description": "OK", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } } } } }, "/admin/security/auth-config": { "get": { "security": [ { "bearerAuth": [] } ], "description": "获取当前认证安全配置,包含密码策略和登录安全设置", "produces": [ "application/json" ], "tags": [ "安全策略" ], "summary": "获取认证配置", "responses": { "200": { "description": "认证配置", "schema": { "type": "object" } }, "401": { "description": "未认证或令牌无效", "schema": { "$ref": "#/definitions/dto.Problem" } }, "403": { "description": "权限不足", "schema": { "$ref": "#/definitions/dto.Problem" } }, "404": { "description": "资源不存在", "schema": { "$ref": "#/definitions/dto.Problem" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/dto.Problem" } } } }, "put": { "security": [ { "bearerAuth": [] } ], "description": "运行时更新认证安全配置,包含密码策略和登录安全设置", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "安全策略" ], "summary": "更新认证配置", "parameters": [ { "description": "认证配置更新请求", "name": "request", "in": "body", "required": true, "schema": { "$ref": "#/definitions/dto.UpdateAuthConfigRequest" } } ], "responses": { "200": { "description": "更新成功", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "400": { "description": "请求参数错误", "schema": { "$ref": "#/definitions/dto.Problem" } }, "401": { "description": "未认证或令牌无效", "schema": { "$ref": "#/definitions/dto.Problem" } }, "403": { "description": "权限不足", "schema": { "$ref": "#/definitions/dto.Problem" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/dto.Problem" } } } } }, "/admin/security/password-policy": { "get": { "security": [ { "bearerAuth": [] } ], "description": "获取当前的密码策略配置", "produces": [ "application/json" ], "tags": [ "安全策略" ], "summary": "获取密码策略", "responses": { "200": { "description": "密码策略", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_micro-services_identity-service_internal_handler_dto.DataResponse" } }, "401": { "description": "未认证或令牌无效", "schema": { "$ref": "#/definitions/dto.Problem" } }, "403": { "description": "权限不足", "schema": { "$ref": "#/definitions/dto.Problem" } }, "404": { "description": "资源不存在", "schema": { "$ref": "#/definitions/dto.Problem" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/dto.Problem" } } } }, "put": { "security": [ { "bearerAuth": [] } ], "description": "运行时更新密码策略配置,支持多租户差异化设置", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "安全策略" ], "summary": "更新密码策略", "parameters": [ { "description": "密码策略更新请求", "name": "request", "in": "body", "required": true, "schema": { "$ref": "#/definitions/dto.UpdatePasswordPolicyRequest" } } ], "responses": { "200": { "description": "更新成功", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } }, "400": { "description": "请求参数错误", "schema": { "$ref": "#/definitions/dto.Problem" } }, "401": { "description": "未认证或令牌无效", "schema": { "$ref": "#/definitions/dto.Problem" } }, "403": { "description": "权限不足", "schema": { "$ref": "#/definitions/dto.Problem" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/dto.Problem" } } } } }, "/admin/security/password-stats": { "get": { "security": [ { "bearerAuth": [] } ], "description": "返回当前租户的密码统计信息,包括总数、活跃、过期、24小时变更和重置数", "produces": [ "application/json" ], "tags": [ "安全策略" ], "summary": "获取密码统计", "responses": { "200": { "description": "密码统计", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.DataResponse-any" } }, "401": { "description": "未认证或令牌无效", "schema": { "$ref": "#/definitions/dto.Problem" } }, "403": { "description": "权限不足", "schema": { "$ref": "#/definitions/dto.Problem" } }, "404": { "description": "资源不存在", "schema": { "$ref": "#/definitions/dto.Problem" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/dto.Problem" } } } } }, "/admin/security/risk-events": { "get": { "security": [ { "bearerAuth": [] } ], "tags": [ "安全" ], "summary": "风险事件列表", "parameters": [ { "type": "string", "description": "事件类型", "name": "event_type", "in": "query" }, { "type": "string", "description": "用户ID", "name": "user_id", "in": "query" }, { "type": "integer", "description": "最低风险分数", "name": "min_score", "in": "query" }, { "type": "string", "description": "开始日期 (RFC3339)", "name": "start_date", "in": "query" }, { "type": "string", "description": "结束日期 (RFC3339)", "name": "end_date", "in": "query" } ], "responses": { "200": { "description": "风险事件列表", "schema": { "$ref": "#/definitions/dto.RiskEventListResponse" } }, "401": { "description": "未认证或令牌无效", "schema": { "$ref": "#/definitions/dto.Problem" } }, "403": { "description": "权限不足", "schema": { "$ref": "#/definitions/dto.Problem" } }, "404": { "description": "资源不存在", "schema": { "$ref": "#/definitions/dto.Problem" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/dto.Problem" } } } } }, "/admin/security/risk-events/aggregation": { "get": { "security": [ { "bearerAuth": [] } ], "tags": [ "安全" ], "summary": "风险事件聚合", "parameters": [ { "type": "string", "description": "开始日期 (RFC3339)", "name": "start_date", "in": "query" }, { "type": "string", "description": "结束日期 (RFC3339)", "name": "end_date", "in": "query" } ], "responses": { "200": { "description": "聚合数据", "schema": { "type": "object" } }, "401": { "description": "未认证或令牌无效", "schema": { "$ref": "#/definitions/dto.Problem" } }, "403": { "description": "权限不足", "schema": { "$ref": "#/definitions/dto.Problem" } }, "404": { "description": "资源不存在", "schema": { "$ref": "#/definitions/dto.Problem" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/dto.Problem" } } } } }, "/admin/users": { "get": { "security": [ { "bearerAuth": [] } ], "description": "获取租户下的用户列表,支持按状态和关键字搜索", "produces": [ "application/json" ], "tags": [ "账户管理" ], "summary": "查询用户列表", "parameters": [ { "type": "string", "description": "用户状态", "name": "status", "in": "query" }, { "type": "string", "description": "搜索关键字", "name": "search", "in": "query" }, { "type": "boolean", "description": "是否未成年人筛选", "name": "is_minor", "in": "query" }, { "type": "integer", "default": 1, "description": "页码", "name": "page", "in": "query" }, { "type": "integer", "default": 20, "description": "每页数量", "name": "limit", "in": "query" } ], "responses": { "200": { "description": "用户列表", "schema": { "$ref": "#/definitions/dto.UserListResponse" } }, "401": { "description": "未认证或令牌无效", "schema": { "$ref": "#/definitions/dto.Problem" } }, "403": { "description": "权限不足", "schema": { "$ref": "#/definitions/dto.Problem" } }, "404": { "description": "资源不存在", "schema": { "$ref": "#/definitions/dto.Problem" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/dto.Problem" } } } }, "post": { "security": [ { "bearerAuth": [] } ], "description": "创建新用户账号并返回用户信息", "produces": [ "application/json" ], "tags": [ "账户管理" ], "summary": "创建用户", "parameters": [ { "description": "创建用户请求", "name": "request", "in": "body", "required": true, "schema": { "$ref": "#/definitions/dto.HTTPUserCreateRequest" } } ], "responses": { "201": { "description": "创建成功", "schema": { "$ref": "#/definitions/dto.CreateUserResponse" } }, "400": { "description": "请求参数错误", "schema": { "$ref": "#/definitions/dto.Problem" } }, "401": { "description": "未认证或令牌无效", "schema": { "$ref": "#/definitions/dto.Problem" } }, "403": { "description": "权限不足", "schema": { "$ref": "#/definitions/dto.Problem" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/dto.Problem" } } } } }, "/admin/users/batch": { "post": { "security": [ { "bearerAuth": [] } ], "description": "批量创建多个用户,单个失败不影响其他用户", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "账户管理" ], "summary": "批量创建用户", "parameters": [ { "description": "批量创建请求", "name": "request", "in": "body", "required": true, "schema": { "$ref": "#/definitions/dto.BatchCreateUserRequest" } } ], "responses": { "200": { "description": "批量创建结果", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_micro-services_identity-service_internal_handler_dto.DataResponse" } }, "400": { "description": "请求参数错误", "schema": { "$ref": "#/definitions/dto.Problem" } }, "401": { "description": "未认证或令牌无效", "schema": { "$ref": "#/definitions/dto.Problem" } }, "403": { "description": "权限不足", "schema": { "$ref": "#/definitions/dto.Problem" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/dto.Problem" } } } } }, "/admin/users/batch/status": { "post": { "security": [ { "bearerAuth": [] } ], "description": "批量更新多个用户的状态", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "账户管理" ], "summary": "批量更新用户状态", "parameters": [ { "description": "批量更新请求", "name": "request", "in": "body", "required": true, "schema": { "$ref": "#/definitions/dto.BatchUpdateUserStatusRequest" } } ], "responses": { "200": { "description": "更新成功", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } }, "400": { "description": "请求参数错误", "schema": { "$ref": "#/definitions/dto.Problem" } }, "401": { "description": "未认证或令牌无效", "schema": { "$ref": "#/definitions/dto.Problem" } }, "403": { "description": "权限不足", "schema": { "$ref": "#/definitions/dto.Problem" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/dto.Problem" } } } } }, "/admin/users/merge": { "post": { "security": [ { "bearerAuth": [] } ], "description": "将两个用户合并为一个,保留主账户,合并从账户的身份、角色和关联数据", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "账户管理" ], "summary": "合并用户", "parameters": [ { "description": "合并请求", "name": "request", "in": "body", "required": true, "schema": { "$ref": "#/definitions/dto.MergeUsersRequest" } } ], "responses": { "200": { "description": "合并结果", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_micro-services_identity-service_internal_handler_dto.DataResponse" } }, "400": { "description": "请求参数错误", "schema": { "$ref": "#/definitions/dto.Problem" } }, "401": { "description": "未认证或令牌无效", "schema": { "$ref": "#/definitions/dto.Problem" } }, "403": { "description": "权限不足", "schema": { "$ref": "#/definitions/dto.Problem" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/dto.Problem" } } } } }, "/admin/users/{user_id}": { "get": { "security": [ { "bearerAuth": [] } ], "description": "根据用户ID获取用户详细信息和身份列表", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "账户管理" ], "summary": "获取用户详情", "parameters": [ { "type": "string", "description": "用户ID", "name": "user_id", "in": "path", "required": true } ], "responses": { "200": { "description": "用户信息", "schema": { "$ref": "#/definitions/dto.UserDetailResponse" } }, "401": { "description": "未认证或令牌无效", "schema": { "$ref": "#/definitions/dto.Problem" } }, "403": { "description": "权限不足", "schema": { "$ref": "#/definitions/dto.Problem" } }, "404": { "description": "资源不存在", "schema": { "$ref": "#/definitions/dto.Problem" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/dto.Problem" } } } }, "put": { "security": [ { "bearerAuth": [] } ], "description": "更新指定用户的状态、MFA设置和元数据", "produces": [ "application/json" ], "tags": [ "账户管理" ], "summary": "更新用户信息", "parameters": [ { "type": "string", "description": "用户ID", "name": "user_id", "in": "path", "required": true }, { "description": "更新用户请求", "name": "request", "in": "body", "required": true, "schema": { "$ref": "#/definitions/dto.UserUpdateRequest" } } ], "responses": { "200": { "description": "更新成功", "schema": { "$ref": "#/definitions/dto.UpdateUserResponse" } }, "400": { "description": "请求参数错误", "schema": { "$ref": "#/definitions/dto.Problem" } }, "401": { "description": "未认证或令牌无效", "schema": { "$ref": "#/definitions/dto.Problem" } }, "403": { "description": "权限不足", "schema": { "$ref": "#/definitions/dto.Problem" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/dto.Problem" } } } }, "delete": { "security": [ { "bearerAuth": [] } ], "description": "根据用户ID删除用户,支持永久删除", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "账户管理" ], "summary": "删除用户", "parameters": [ { "type": "string", "description": "用户ID", "name": "user_id", "in": "path", "required": true }, { "type": "boolean", "description": "是否永久删除", "name": "permanent", "in": "query" } ], "responses": { "204": { "description": "删除成功" }, "400": { "description": "请求参数错误", "schema": { "$ref": "#/definitions/dto.Problem" } }, "401": { "description": "未认证或令牌无效", "schema": { "$ref": "#/definitions/dto.Problem" } }, "403": { "description": "权限不足", "schema": { "$ref": "#/definitions/dto.Problem" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/dto.Problem" } } } } }, "/admin/users/{user_id}/account-unlocks": { "post": { "security": [ { "bearerAuth": [] } ], "description": "解锁指定用户的账户", "produces": [ "application/json" ], "tags": [ "账户管理" ], "summary": "解锁账户", "parameters": [ { "type": "string", "description": "用户ID", "name": "user_id", "in": "path", "required": true }, { "description": "解锁请求", "name": "request", "in": "body", "schema": { "$ref": "#/definitions/dto.UnlockAccountRequest" } } ], "responses": { "200": { "description": "解锁成功", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } }, "400": { "description": "请求参数错误", "schema": { "$ref": "#/definitions/dto.Problem" } }, "401": { "description": "未认证或令牌无效", "schema": { "$ref": "#/definitions/dto.Problem" } }, "403": { "description": "权限不足", "schema": { "$ref": "#/definitions/dto.Problem" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/dto.Problem" } } } } }, "/admin/users/{user_id}/children-consent/deny": { "post": { "security": [ { "bearerAuth": [] } ], "description": "管理员拒绝家长/儿童同意,标记未成年人账户为拒绝状态", "produces": [ "application/json" ], "tags": [ "未成年人管理" ], "summary": "拒绝儿童同意", "parameters": [ { "type": "string", "description": "用户ID", "name": "user_id", "in": "path", "required": true } ], "responses": { "200": { "description": "拒绝成功", "schema": { "$ref": "#/definitions/dto.ChildrenConsentResponse" } }, "400": { "description": "请求参数错误", "schema": { "$ref": "#/definitions/dto.Problem" } }, "401": { "description": "未认证或令牌无效", "schema": { "$ref": "#/definitions/dto.Problem" } }, "403": { "description": "权限不足", "schema": { "$ref": "#/definitions/dto.Problem" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/dto.Problem" } } } } }, "/admin/users/{user_id}/children-consent/verify": { "post": { "security": [ { "bearerAuth": [] } ], "description": "管理员验证家长/儿童同意,完成未成年人账户的激活", "produces": [ "application/json" ], "tags": [ "未成年人管理" ], "summary": "验证儿童同意", "parameters": [ { "type": "string", "description": "用户ID", "name": "user_id", "in": "path", "required": true } ], "responses": { "200": { "description": "验证成功", "schema": { "$ref": "#/definitions/dto.ChildrenConsentResponse" } }, "400": { "description": "请求参数错误", "schema": { "$ref": "#/definitions/dto.Problem" } }, "401": { "description": "未认证或令牌无效", "schema": { "$ref": "#/definitions/dto.Problem" } }, "403": { "description": "权限不足", "schema": { "$ref": "#/definitions/dto.Problem" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/dto.Problem" } } } } }, "/admin/users/{user_id}/identities": { "get": { "security": [ { "bearerAuth": [] } ], "description": "获取指定用户的所有登录身份列表", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "账户管理" ], "summary": "获取用户身份列表", "parameters": [ { "type": "string", "description": "用户ID", "name": "user_id", "in": "path", "required": true } ], "responses": { "200": { "description": "身份列表", "schema": { "$ref": "#/definitions/dto.GetIdentitiesResponse" } }, "401": { "description": "未认证或令牌无效", "schema": { "$ref": "#/definitions/dto.Problem" } }, "403": { "description": "权限不足", "schema": { "$ref": "#/definitions/dto.Problem" } }, "404": { "description": "资源不存在", "schema": { "$ref": "#/definitions/dto.Problem" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/dto.Problem" } } } }, "post": { "security": [ { "bearerAuth": [] } ], "description": "为指定用户添加新的登录身份(如邮箱、手机号、第三方账号)", "tags": [ "账户管理" ], "summary": "添加用户身份", "parameters": [ { "type": "string", "description": "用户ID", "name": "user_id", "in": "path", "required": true }, { "description": "添加身份请求", "name": "request", "in": "body", "required": true, "schema": { "$ref": "#/definitions/dto.AddIdentityRequest" } } ], "responses": { "201": { "description": "添加成功", "schema": { "$ref": "#/definitions/dto.AddIdentityResponse" } }, "400": { "description": "请求参数错误", "schema": { "$ref": "#/definitions/dto.Problem" } }, "401": { "description": "未认证或令牌无效", "schema": { "$ref": "#/definitions/dto.Problem" } }, "403": { "description": "权限不足", "schema": { "$ref": "#/definitions/dto.Problem" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/dto.Problem" } } } } }, "/admin/users/{user_id}/identities/{identity_id}": { "delete": { "security": [ { "bearerAuth": [] } ], "description": "移除指定用户的某个登录身份", "produces": [ "application/json" ], "tags": [ "账户管理" ], "summary": "移除用户身份", "parameters": [ { "type": "string", "description": "用户ID", "name": "user_id", "in": "path", "required": true }, { "type": "string", "description": "身份ID", "name": "identity_id", "in": "path", "required": true } ], "responses": { "204": { "description": "移除成功" }, "400": { "description": "请求参数错误", "schema": { "$ref": "#/definitions/dto.Problem" } }, "401": { "description": "未认证或令牌无效", "schema": { "$ref": "#/definitions/dto.Problem" } }, "403": { "description": "权限不足", "schema": { "$ref": "#/definitions/dto.Problem" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/dto.Problem" } } } } }, "/admin/users/{user_id}/identities/{identity_id}/set-primary": { "put": { "security": [ { "bearerAuth": [] } ], "description": "将指定用户的某个身份设为主登录身份", "produces": [ "application/json" ], "tags": [ "账户管理" ], "summary": "设置主身份", "parameters": [ { "type": "string", "description": "用户ID", "name": "user_id", "in": "path", "required": true }, { "type": "string", "description": "身份ID", "name": "identity_id", "in": "path", "required": true } ], "responses": { "200": { "description": "设置成功", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } }, "400": { "description": "请求参数错误", "schema": { "$ref": "#/definitions/dto.Problem" } }, "401": { "description": "未认证或令牌无效", "schema": { "$ref": "#/definitions/dto.Problem" } }, "403": { "description": "权限不足", "schema": { "$ref": "#/definitions/dto.Problem" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/dto.Problem" } } } } }, "/admin/users/{user_id}/identities/{identity_id}/verifications": { "post": { "security": [ { "bearerAuth": [] } ], "description": "验证指定用户的某个身份(如发送验证码到邮箱/手机)", "produces": [ "application/json" ], "tags": [ "账户管理" ], "summary": "验证用户身份", "parameters": [ { "type": "string", "description": "用户ID", "name": "user_id", "in": "path", "required": true }, { "type": "string", "description": "身份ID", "name": "identity_id", "in": "path", "required": true } ], "responses": { "200": { "description": "验证成功", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } }, "400": { "description": "请求参数错误", "schema": { "$ref": "#/definitions/dto.Problem" } }, "401": { "description": "未认证或令牌无效", "schema": { "$ref": "#/definitions/dto.Problem" } }, "403": { "description": "权限不足", "schema": { "$ref": "#/definitions/dto.Problem" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/dto.Problem" } } } } }, "/admin/users/{user_id}/impersonate": { "post": { "security": [ { "bearerAuth": [] } ], "description": "管理员获取目标用户的JWT(模拟会话),需要super_admin角色", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "账户管理" ], "summary": "管理员模拟用户", "parameters": [ { "type": "string", "description": "目标用户ID", "name": "user_id", "in": "path", "required": true }, { "description": "模拟原因", "name": "request", "in": "body", "schema": { "$ref": "#/definitions/dto.ImpersonateRequest" } } ], "responses": { "200": { "description": "模拟成功", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.DataResponse-dto_ImpersonateResponse" } }, "400": { "description": "请求参数错误", "schema": { "$ref": "#/definitions/dto.Problem" } }, "401": { "description": "未认证或令牌无效", "schema": { "$ref": "#/definitions/dto.Problem" } }, "403": { "description": "权限不足", "schema": { "$ref": "#/definitions/dto.Problem" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/dto.Problem" } } } } }, "/admin/users/{user_id}/login-histories": { "get": { "security": [ { "bearerAuth": [] } ], "description": "获取指定用户的登录历史记录列表", "produces": [ "application/json" ], "tags": [ "账户管理" ], "summary": "获取登录历史", "parameters": [ { "type": "string", "description": "用户ID", "name": "user_id", "in": "path", "required": true }, { "type": "integer", "default": 1, "description": "页码", "name": "page", "in": "query" }, { "type": "integer", "default": 20, "description": "每页数量", "name": "page_size", "in": "query" } ], "responses": { "200": { "description": "登录历史", "schema": { "$ref": "#/definitions/dto.LoginHistoryListResponse" } }, "401": { "description": "未认证或令牌无效", "schema": { "$ref": "#/definitions/dto.Problem" } }, "403": { "description": "权限不足", "schema": { "$ref": "#/definitions/dto.Problem" } }, "404": { "description": "资源不存在", "schema": { "$ref": "#/definitions/dto.Problem" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/dto.Problem" } } } } }, "/admin/users/{user_id}/oauth-connections": { "get": { "security": [ { "bearerAuth": [] } ], "description": "管理员查看指定用户绑定的所有第三方OAuth连接列表", "produces": [ "application/json" ], "tags": [ "Admin", "OAuth" ], "summary": "管理员查看用户OAuth连接", "parameters": [ { "type": "string", "description": "用户ID", "name": "user_id", "in": "path", "required": true } ], "responses": { "200": { "description": "用户OAuth连接列表", "schema": { "$ref": "#/definitions/dto.ListResponse-any" } }, "401": { "description": "未认证或令牌无效", "schema": { "$ref": "#/definitions/dto.Problem" } }, "403": { "description": "权限不足", "schema": { "$ref": "#/definitions/dto.Problem" } }, "404": { "description": "资源不存在", "schema": { "$ref": "#/definitions/dto.Problem" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/dto.Problem" } } } } }, "/admin/users/{user_id}/password": { "put": { "security": [ { "bearerAuth": [] } ], "description": "管理员为指定用户修改/重置密码", "tags": [ "身份认证" ], "summary": "修改密码", "parameters": [ { "type": "string", "description": "用户ID", "name": "user_id", "in": "path", "required": true }, { "description": "修改密码请求", "name": "request", "in": "body", "required": true, "schema": { "$ref": "#/definitions/dto.HTTPChangePasswordRequest" } } ], "responses": { "200": { "description": "修改成功", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } }, "400": { "description": "请求参数错误", "schema": { "$ref": "#/definitions/dto.Problem" } }, "401": { "description": "未认证或令牌无效", "schema": { "$ref": "#/definitions/dto.Problem" } }, "403": { "description": "权限不足", "schema": { "$ref": "#/definitions/dto.Problem" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/dto.Problem" } } } } }, "/admin/users/{user_id}/password-resets": { "post": { "security": [ { "bearerAuth": [] } ], "description": "管理员触发指定用户的密码重置流程", "tags": [ "身份认证" ], "summary": "重置密码", "parameters": [ { "type": "string", "description": "用户ID", "name": "user_id", "in": "path", "required": true }, { "description": "重置密码请求", "name": "request", "in": "body", "required": true, "schema": { "$ref": "#/definitions/dto.HTTPResetPasswordRequest" } } ], "responses": { "200": { "description": "重置成功", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } }, "400": { "description": "请求参数错误", "schema": { "$ref": "#/definitions/dto.Problem" } }, "401": { "description": "未认证或令牌无效", "schema": { "$ref": "#/definitions/dto.Problem" } }, "403": { "description": "权限不足", "schema": { "$ref": "#/definitions/dto.Problem" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/dto.Problem" } } } } }, "/admin/users/{user_id}/password-status": { "get": { "security": [ { "bearerAuth": [] } ], "description": "查看用户的密码生命周期状态,包括是否需强制修改、密码年龄、过期时间等", "tags": [ "身份认证" ], "summary": "获取用户密码状态", "parameters": [ { "type": "string", "description": "用户ID", "name": "user_id", "in": "path", "required": true } ], "responses": { "200": { "description": "成功", "schema": { "$ref": "#/definitions/dto.PasswordStatusResponse" } }, "401": { "description": "未认证或令牌无效", "schema": { "$ref": "#/definitions/dto.Problem" } }, "403": { "description": "权限不足", "schema": { "$ref": "#/definitions/dto.Problem" } }, "404": { "description": "资源不存在", "schema": { "$ref": "#/definitions/dto.Problem" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/dto.Problem" } } } } }, "/admin/users/{user_id}/security-status": { "get": { "security": [ { "bearerAuth": [] } ], "description": "获取用户安全状态信息", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "账户管理" ], "summary": "获取安全状态", "parameters": [ { "type": "string", "description": "用户ID", "name": "user_id", "in": "path", "required": true } ], "responses": { "200": { "description": "安全状态", "schema": { "$ref": "#/definitions/dto.SecurityStatusResponse2" } }, "401": { "description": "未认证或令牌无效", "schema": { "$ref": "#/definitions/dto.Problem" } }, "403": { "description": "权限不足", "schema": { "$ref": "#/definitions/dto.Problem" } }, "404": { "description": "资源不存在", "schema": { "$ref": "#/definitions/dto.Problem" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/dto.Problem" } } } } }, "/admin/users/{user_id}/status": { "put": { "security": [ { "bearerAuth": [] } ], "description": "管理员更新指定用户的状态(如启用、禁用、锁定等)", "tags": [ "账户管理" ], "summary": "更新用户状态", "parameters": [ { "type": "string", "description": "用户ID", "name": "user_id", "in": "path", "required": true } ], "responses": { "200": { "description": "更新成功", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_micro-services_identity-service_internal_handler_dto.DataResponse" } }, "400": { "description": "请求参数错误", "schema": { "$ref": "#/definitions/dto.Problem" } }, "401": { "description": "未认证或令牌无效", "schema": { "$ref": "#/definitions/dto.Problem" } }, "403": { "description": "权限不足", "schema": { "$ref": "#/definitions/dto.Problem" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/dto.Problem" } } } } }, "/auth/anonymous": { "post": { "description": "创建临时匿名会话并返回受限JWT令牌(anonymous角色,无刷新令牌),用于浏览公开内容或低风险操作。匿名用户ID以anon_前缀标识。", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "身份认证" ], "summary": "匿名认证", "parameters": [ { "description": "匿名认证请求", "name": "request", "in": "body", "required": true, "schema": { "$ref": "#/definitions/dto.AnonymousSigninRequest" } } ], "responses": { "200": { "description": "匿名会话已创建,返回受限JWT令牌", "schema": { "$ref": "#/definitions/dto.LoginByCodeResponse" } }, "400": { "description": "请求参数无效", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } } } } }, "/auth/api-keys": { "get": { "security": [ { "bearerAuth": [] } ], "description": "查询当前用户的 API Key 列表,绝不返回原文或哈希", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "API Key" ], "summary": "查询 API Key 列表", "parameters": [ { "type": "integer", "default": 1, "description": "页码", "name": "page", "in": "query" }, { "type": "integer", "default": 20, "description": "每页数量", "name": "page_size", "in": "query" }, { "type": "string", "description": "状态筛选: active/inactive/revoked", "name": "status", "in": "query" }, { "type": "string", "description": "环境筛选: live/test", "name": "environment", "in": "query" }, { "type": "string", "description": "搜索名称或前缀", "name": "search", "in": "query" } ], "responses": { "200": { "description": "API Key 列表", "schema": { "$ref": "#/definitions/dto.ApiKeyListResponse" } }, "401": { "description": "未认证或令牌无效", "schema": { "$ref": "#/definitions/dto.Problem" } }, "404": { "description": "资源不存在", "schema": { "$ref": "#/definitions/dto.Problem" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/dto.Problem" } } } }, "post": { "security": [ { "bearerAuth": [] } ], "description": "创建新的 API Key,返回原始 Key 仅一次", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "API Key" ], "summary": "创建 API Key", "parameters": [ { "description": "创建 API Key 请求", "name": "request", "in": "body", "required": true, "schema": { "$ref": "#/definitions/dto.CreateApiKeyRequest" } } ], "responses": { "201": { "description": "创建成功,返回原始 Key(仅此一次)", "schema": { "allOf": [ { "$ref": "#/definitions/gitee_com_linmes_authms_micro-services_identity-service_internal_handler_dto.DataResponse" }, { "type": "object", "properties": { "data": { "$ref": "#/definitions/dto.CreateApiKeyResponse" } } } ] } }, "400": { "description": "请求参数错误", "schema": { "$ref": "#/definitions/dto.Problem" } }, "401": { "description": "未认证或令牌无效", "schema": { "$ref": "#/definitions/dto.Problem" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/dto.Problem" } } } } }, "/auth/api-keys/{id}": { "get": { "security": [ { "bearerAuth": [] } ], "description": "根据 ID 获取 API Key 详情,绝不返回原文", "tags": [ "API Key" ], "summary": "获取 API Key 详情", "responses": { "200": { "description": "API Key 详情", "schema": { "allOf": [ { "$ref": "#/definitions/gitee_com_linmes_authms_micro-services_identity-service_internal_handler_dto.DataResponse" }, { "type": "object", "properties": { "data": { "$ref": "#/definitions/dto.ApiKeyResponse" } } } ] } }, "401": { "description": "未认证或令牌无效", "schema": { "$ref": "#/definitions/dto.Problem" } }, "404": { "description": "资源不存在", "schema": { "$ref": "#/definitions/dto.Problem" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/dto.Problem" } } } }, "delete": { "security": [ { "bearerAuth": [] } ], "description": "软删除 API Key(保留审计记录)", "tags": [ "API Key" ], "summary": "吊销 API Key", "responses": { "204": { "description": "吊销成功" }, "400": { "description": "请求参数错误", "schema": { "$ref": "#/definitions/dto.Problem" } }, "401": { "description": "未认证或令牌无效", "schema": { "$ref": "#/definitions/dto.Problem" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/dto.Problem" } } } } }, "/auth/api-keys/{id}/audit-logs": { "get": { "security": [ { "bearerAuth": [] } ], "description": "获取指定 API Key 的审计日志记录(验证成功/失败记录)", "tags": [ "API Key" ], "summary": "获取 API Key 审计日志", "parameters": [ { "type": "integer", "default": 1, "description": "页码", "name": "page", "in": "query" }, { "type": "integer", "default": 20, "description": "每页数量", "name": "page_size", "in": "query" } ], "responses": { "200": { "description": "审计日志列表", "schema": { "$ref": "#/definitions/dto.ApiKeyAuditLogListResponse" } } } } }, "/auth/api-keys/{id}/ip-restrictions": { "post": { "security": [ { "bearerAuth": [] } ], "description": "为 API Key 添加 IP/CIDR 限制", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "API Key" ], "summary": "添加 IP 限制", "parameters": [ { "description": "IP 限制请求", "name": "request", "in": "body", "required": true, "schema": { "$ref": "#/definitions/dto.AddIPRestrictionRequest" } } ], "responses": { "200": { "description": "添加成功", "schema": { "allOf": [ { "$ref": "#/definitions/gitee_com_linmes_authms_micro-services_identity-service_internal_handler_dto.DataResponse" }, { "type": "object", "properties": { "data": { "$ref": "#/definitions/dto.ApiKeyResponse" } } } ] } }, "400": { "description": "请求参数错误", "schema": { "$ref": "#/definitions/dto.Problem" } }, "401": { "description": "未认证或令牌无效", "schema": { "$ref": "#/definitions/dto.Problem" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/dto.Problem" } } } } }, "/auth/api-keys/{id}/ip-restrictions/{restriction_id}": { "delete": { "security": [ { "bearerAuth": [] } ], "description": "从 API Key 中删除指定的 IP/CIDR 限制", "tags": [ "API Key" ], "summary": "删除 IP 限制", "responses": { "200": { "description": "删除成功", "schema": { "allOf": [ { "$ref": "#/definitions/gitee_com_linmes_authms_micro-services_identity-service_internal_handler_dto.DataResponse" }, { "type": "object", "properties": { "data": { "$ref": "#/definitions/dto.ApiKeyResponse" } } } ] } }, "400": { "description": "请求参数错误", "schema": { "$ref": "#/definitions/dto.Problem" } }, "401": { "description": "未认证或令牌无效", "schema": { "$ref": "#/definitions/dto.Problem" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/dto.Problem" } } } } }, "/auth/api-keys/{id}/rotate": { "post": { "security": [ { "bearerAuth": [] } ], "description": "创建新 Key 并标记旧 Key 为 inactive(24h 宽限期),返回新 Key 仅一次", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "API Key" ], "summary": "轮换 API Key", "responses": { "200": { "description": "新创建的 API Key", "schema": { "allOf": [ { "$ref": "#/definitions/gitee_com_linmes_authms_micro-services_identity-service_internal_handler_dto.DataResponse" }, { "type": "object", "properties": { "data": { "$ref": "#/definitions/dto.CreateApiKeyResponse" } } } ] } }, "400": { "description": "请求参数错误", "schema": { "$ref": "#/definitions/dto.Problem" } }, "401": { "description": "未认证或令牌无效", "schema": { "$ref": "#/definitions/dto.Problem" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/dto.Problem" } } } } }, "/auth/api-keys/{id}/scopes": { "put": { "security": [ { "bearerAuth": [] } ], "description": "更新 API Key 的 scope 列表", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "API Key" ], "summary": "更新 API Key 权限范围", "parameters": [ { "description": "Scopes 更新请求", "name": "request", "in": "body", "required": true, "schema": { "$ref": "#/definitions/dto.UpdateApiKeyScopesRequest" } } ], "responses": { "200": { "description": "更新成功", "schema": { "allOf": [ { "$ref": "#/definitions/gitee_com_linmes_authms_micro-services_identity-service_internal_handler_dto.DataResponse" }, { "type": "object", "properties": { "data": { "$ref": "#/definitions/dto.ApiKeyResponse" } } } ] } }, "400": { "description": "请求参数错误", "schema": { "$ref": "#/definitions/dto.Problem" } }, "401": { "description": "未认证或令牌无效", "schema": { "$ref": "#/definitions/dto.Problem" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/dto.Problem" } } } } }, "/auth/api-keys/{id}/status": { "put": { "security": [ { "bearerAuth": [] } ], "description": "切换 API Key 状态(active ↔ inactive)", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "API Key" ], "summary": "启用/禁用 API Key", "parameters": [ { "description": "状态更新请求", "name": "request", "in": "body", "required": true, "schema": { "$ref": "#/definitions/dto.UpdateApiKeyStatusRequest" } } ], "responses": { "200": { "description": "更新成功", "schema": { "allOf": [ { "$ref": "#/definitions/gitee_com_linmes_authms_micro-services_identity-service_internal_handler_dto.DataResponse" }, { "type": "object", "properties": { "data": { "$ref": "#/definitions/dto.ApiKeyResponse" } } } ] } }, "400": { "description": "请求参数错误", "schema": { "$ref": "#/definitions/dto.Problem" } }, "401": { "description": "未认证或令牌无效", "schema": { "$ref": "#/definitions/dto.Problem" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/dto.Problem" } } } } }, "/auth/api-keys/{id}/usage": { "get": { "security": [ { "bearerAuth": [] } ], "description": "获取指定 API Key 的使用统计信息", "tags": [ "API Key" ], "summary": "获取 API Key 使用统计", "responses": { "200": { "description": "使用统计", "schema": { "allOf": [ { "$ref": "#/definitions/gitee_com_linmes_authms_micro-services_identity-service_internal_handler_dto.DataResponse" }, { "type": "object", "properties": { "data": { "$ref": "#/definitions/dto.ApiKeyUsageResponse" } } } ] } }, "401": { "description": "未认证或令牌无效", "schema": { "$ref": "#/definitions/dto.Problem" } }, "404": { "description": "资源不存在", "schema": { "$ref": "#/definitions/dto.Problem" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/dto.Problem" } } } } }, "/auth/api-keys/{id}/usage-stats": { "get": { "security": [ { "bearerAuth": [] } ], "description": "获取指定 API Key 的 30 天每日调用统计", "tags": [ "API Key" ], "summary": "获取 API Key 使用统计", "responses": { "200": { "description": "每日使用统计", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_micro-services_identity-service_internal_handler_dto.DataResponse" } }, "401": { "description": "未认证或令牌无效", "schema": { "$ref": "#/definitions/dto.Problem" } }, "404": { "description": "资源不存在", "schema": { "$ref": "#/definitions/dto.Problem" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/dto.Problem" } } } } }, "/auth/captcha/challenge": { "get": { "description": "获取PoW或Turnstile CAPTCHA挑战,用于登录等需要人机验证的场景。返回挑战ID和数据,前端求解后随登录请求提交。用于防止自动化攻击和暴力破解。", "produces": [ "application/json" ], "tags": [ "身份认证" ], "summary": "获取CAPTCHA挑战", "parameters": [ { "enum": [ "pow", "turnstile" ], "type": "string", "default": "pow", "description": "CAPTCHA提供商", "name": "provider", "in": "query" } ], "responses": { "200": { "description": "CAPTCHA挑战数据", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.DataResponse-any" } }, "400": { "description": "请求参数无效", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "500": { "description": "CAPTCHA服务不可用或服务器内部错误", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } } } } }, "/auth/forgot-password": { "post": { "description": "用户忘记密码时,通过邮箱或手机号发送密码重置验证码,支持邮箱和短信两种方式。参考:NIST SP 800-63B §5.1.1.2、OWASP ASVS V2.1。", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "身份认证" ], "summary": "忘记密码", "parameters": [ { "description": "忘记密码请求", "name": "request", "in": "body", "required": true, "schema": { "$ref": "#/definitions/dto.ForgotPasswordRequest" } } ], "responses": { "200": { "description": "验证码已发送至关联邮箱或手机", "schema": { "$ref": "#/definitions/dto.ForgotPasswordResponse" } }, "400": { "description": "请求参数无效或用户不存在", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } } } } }, "/auth/generate-ticket": { "post": { "security": [ { "bearerAuth": [] } ], "description": "为指定用户生成一次性登录票据(5分钟有效,一次性使用),用于SSO跳转或管理员代登录场景。需要JWT认证,由管理员或系统调用。", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "身份认证" ], "summary": "生成一次性票据", "parameters": [ { "description": "生成票据请求", "name": "request", "in": "body", "required": true, "schema": { "$ref": "#/definitions/dto.GenerateTicketInput" } } ], "responses": { "200": { "description": "票据已生成,返回票据和过期时间", "schema": { "$ref": "#/definitions/dto.GenerateTicketResponse" } }, "400": { "description": "请求参数无效", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "401": { "description": "未认证或令牌无效", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } } } } }, "/auth/id-token/signin": { "post": { "description": "使用外部OIDC Provider签发的ID Token进行跨系统SSO登录,验证id_token后返回本地JWT令牌", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "身份认证" ], "summary": "ID Token登录", "parameters": [ { "description": "ID Token登录请求", "name": "request", "in": "body", "required": true, "schema": { "type": "object", "properties": { "id_token": { "type": "string" }, "provider": { "type": "string" } } } } ], "responses": { "200": { "description": "登录成功", "schema": { "$ref": "#/definitions/dto.LoginResponse" } } } } }, "/auth/login": { "post": { "description": "使用用户名、邮箱或手机号加密码进行登录,支持渐进式延迟反暴力破解、CAPTCHA人机验证和风险评估。登录成功后返回JWT令牌。参考:NIST SP 800-63B §5.1.1.2、OWASP ASVS V2.1。", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "身份认证" ], "summary": "用户登录", "parameters": [ { "description": "登录请求", "name": "request", "in": "body", "required": true, "schema": { "$ref": "#/definitions/dto.LoginRequest" } } ], "responses": { "200": { "description": "登录成功,返回访问令牌和刷新令牌", "schema": { "$ref": "#/definitions/dto.LoginResponse" } }, "400": { "description": "请求参数无效或凭据错误", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } } } } }, "/auth/login/email-code": { "post": { "description": "使用邮箱验证码进行免密登录,支持自动注册", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "身份认证" ], "summary": "邮箱验证码登录", "parameters": [ { "description": "登录请求", "name": "request", "in": "body", "required": true, "schema": { "$ref": "#/definitions/dto.LoginByEmailCodeRequest" } } ], "responses": { "200": { "description": "登录成功", "schema": { "$ref": "#/definitions/dto.LoginByCodeResponse" } } } } }, "/auth/login/phone-code": { "post": { "description": "使用手机验证码进行免密登录,支持自动注册", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "身份认证" ], "summary": "手机验证码登录", "parameters": [ { "description": "登录请求", "name": "request", "in": "body", "required": true, "schema": { "$ref": "#/definitions/dto.LoginByPhoneCodeRequest" } } ], "responses": { "200": { "description": "登录成功", "schema": { "$ref": "#/definitions/dto.LoginByCodeResponse" } } } } }, "/auth/magic-link/callback": { "get": { "description": "GET: 渲染中转HTML页面 (无泄露), POST: 验证token生成JWT", "produces": [ "application/json" ], "tags": [ "身份认证" ], "summary": "魔法链接回调 (GET→POST 双步跳转)", "parameters": [ { "type": "string", "description": "魔法链接令牌 (GET)", "name": "token", "in": "query" } ], "responses": { "302": { "description": "重定向到前端\" @Success 200 \"HTML中转页\" @Failure 302 \"重定向到登录页" } } }, "post": { "description": "GET: 渲染中转HTML页面 (无泄露), POST: 验证token生成JWT", "produces": [ "application/json" ], "tags": [ "身份认证" ], "summary": "魔法链接回调 (GET→POST 双步跳转)", "parameters": [ { "type": "string", "description": "魔法链接令牌 (GET)", "name": "token", "in": "query" } ], "responses": { "302": { "description": "重定向到前端\" @Success 200 \"HTML中转页\" @Failure 302 \"重定向到登录页" } } } }, "/auth/magic-link/request": { "post": { "description": "验证邮箱并发送包含魔法链接的邮件。无论邮箱是否注册均返回成功(防枚举)。", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "身份认证" ], "summary": "请求发送魔法链接", "parameters": [ { "description": "请求参数", "name": "body", "in": "body", "required": true, "schema": { "$ref": "#/definitions/dto.RequestMagicLinkRequest" } } ], "responses": { "200": { "description": "请求已接收", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "400": { "description": "请求参数错误", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "429": { "description": "请求过于频繁", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } } } } }, "/auth/me": { "get": { "security": [ { "bearerAuth": [] } ], "description": "返回当前认证用户的ID、用户名、邮箱、手机号及账户状态,支持从JWT直接解析用户身份。参考:RFC 7519 (JWT)、OWASP ASVS V2.1。", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "身份认证" ], "summary": "获取当前登录用户信息", "responses": { "200": { "description": "当前用户的详细身份信息", "schema": { "$ref": "#/definitions/dto.UserInfoResponseWrapper" } }, "401": { "description": "未认证或令牌无效", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "404": { "description": "用户不存在", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } } } }, "put": { "security": [ { "bearerAuth": [] } ], "description": "更新当前认证用户的基本资料,支持修改用户名和MFA启用状态。参考:GDPR Art 16 (Right to Rectification)、OWASP ASVS V2.1。", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "身份认证" ], "summary": "更新当前用户信息", "parameters": [ { "description": "更新用户请求", "name": "request", "in": "body", "required": true, "schema": { "$ref": "#/definitions/dto.UpdateUserAuthRequest" } } ], "responses": { "200": { "description": "用户信息更新成功", "schema": { "$ref": "#/definitions/dto.UpdateCurrentUserAuthResponse" } }, "400": { "description": "请求参数无效", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "401": { "description": "未认证或令牌无效", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } } } }, "delete": { "security": [ { "bearerAuth": [] } ], "description": "停用当前登录用户的账户,需提供密码验证。账户将被软删除,数据保留可恢复。", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "账户管理" ], "summary": "停用当前账户", "parameters": [ { "description": "停用请求参数", "name": "request", "in": "body", "schema": { "$ref": "#/definitions/dto.DeactivateAccountRequest" } } ], "responses": { "200": { "description": "账户已停用", "schema": { "$ref": "#/definitions/dto.DeactivateAccountResponse" } } } } }, "/auth/me/audit-logs": { "get": { "security": [ { "bearerAuth": [] } ], "description": "分页查询当前用户的操作审计日志,支持按时间范围和操作类型筛选", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "账户管理" ], "summary": "获取我的审计日志", "parameters": [ { "type": "integer", "default": 1, "description": "页码", "name": "page", "in": "query" }, { "type": "integer", "default": 20, "description": "每页条数", "name": "page_size", "in": "query" }, { "type": "string", "description": "开始日期", "name": "start_date", "in": "query" }, { "type": "string", "description": "结束日期", "name": "end_date", "in": "query" }, { "type": "string", "description": "操作类型", "name": "action", "in": "query" } ], "responses": { "200": { "description": "审计日志列表", "schema": { "$ref": "#/definitions/dto.AuditLogListResponse" } } } } }, "/auth/me/authenticator/backup": { "get": { "security": [ { "bearerAuth": [] } ], "description": "获取用户最新的认证器加密备份数据", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "会话与设备" ], "responses": { "200": { "description": "最新备份数据", "schema": { "$ref": "#/definitions/dto.AuthenticatorBackupDetailResponse" } }, "401": { "description": "未认证或令牌无效", "schema": { "$ref": "#/definitions/dto.Problem" } }, "404": { "description": "资源不存在", "schema": { "$ref": "#/definitions/dto.Problem" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/dto.Problem" } } } }, "post": { "security": [ { "bearerAuth": [] } ], "description": "上传前端PBKDF2+AES-GCM加密的认证器备份,服务端仅存储密文无法解密。每个用户最多保存3个历史版本(LRU淘汰)", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "会话与设备" ], "parameters": [ { "description": "加密备份数据", "name": "request", "in": "body", "required": true, "schema": { "$ref": "#/definitions/dto.AuthenticatorBackupUploadRequest" } } ], "responses": { "201": { "description": "备份上传成功", "schema": { "$ref": "#/definitions/dto.AuthenticatorBackupDetailResponse" } }, "400": { "description": "请求参数错误", "schema": { "$ref": "#/definitions/dto.Problem" } }, "401": { "description": "未认证或令牌无效", "schema": { "$ref": "#/definitions/dto.Problem" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/dto.Problem" } } } } }, "/auth/me/authenticator/backup/{id}": { "delete": { "security": [ { "bearerAuth": [] } ], "description": "删除指定版本的认证器加密备份", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "会话与设备" ], "parameters": [ { "type": "string", "description": "备份ID", "name": "id", "in": "path", "required": true } ], "responses": { "200": { "description": "备份已删除", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "400": { "description": "请求参数错误", "schema": { "$ref": "#/definitions/dto.Problem" } }, "401": { "description": "未认证或令牌无效", "schema": { "$ref": "#/definitions/dto.Problem" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/dto.Problem" } } } } }, "/auth/me/authenticator/devices": { "get": { "security": [ { "bearerAuth": [] } ], "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "会话与设备" ], "responses": { "200": { "description": "设备列表", "schema": { "$ref": "#/definitions/dto.AuthenticatorDeviceListResponse" } }, "401": { "description": "未认证或令牌无效", "schema": { "$ref": "#/definitions/dto.Problem" } }, "404": { "description": "资源不存在", "schema": { "$ref": "#/definitions/dto.Problem" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/dto.Problem" } } } } }, "/auth/me/authenticator/devices/{id}": { "delete": { "security": [ { "bearerAuth": [] } ], "description": "移除指定的认证器设备(清理关联的Push订阅和TOTP设备)", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "会话与设备" ], "summary": "移除认证器设备", "parameters": [ { "type": "string", "description": "设备ID", "name": "id", "in": "path", "required": true } ], "responses": { "200": { "description": "设备已移除", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "400": { "description": "请求参数错误", "schema": { "$ref": "#/definitions/dto.Problem" } }, "401": { "description": "未认证或令牌无效", "schema": { "$ref": "#/definitions/dto.Problem" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/dto.Problem" } } } } }, "/auth/me/children-consent": { "get": { "security": [ { "bearerAuth": [] } ], "description": "获取关联儿童账户的隐私同意状态,用于COPPA/GDPR合规", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "账户管理" ], "summary": "获取儿童隐私同意状态", "responses": { "200": { "description": "成功", "schema": { "$ref": "#/definitions/dto.GetChildrenConsentResponse" } } } } }, "/auth/me/consent": { "post": { "security": [ { "bearerAuth": [] } ], "description": "记录用户对特定隐私范围的同意授权,用于GDPR合规", "tags": [ "账户管理" ], "summary": "记录用户同意", "parameters": [ { "description": "request body", "name": "request", "in": "body", "required": true, "schema": { "$ref": "#/definitions/dto.ConsentRequest" } } ], "responses": { "200": { "description": "操作成功", "schema": { "$ref": "#/definitions/dto.RecordConsentResponse" } } } }, "delete": { "security": [ { "bearerAuth": [] } ], "description": "撤销用户对特定隐私范围的同意授权,满足GDPR要求", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "账户管理" ], "summary": "撤销用户同意", "parameters": [ { "type": "string", "description": "request body", "name": "scope", "in": "query" } ], "responses": { "200": { "description": "操作成功", "schema": { "$ref": "#/definitions/dto.RevokeConsentResponse" } } } } }, "/auth/me/consent-history": { "get": { "security": [ { "bearerAuth": [] } ], "description": "获取用户的同意授权历史记录,用于GDPR合规审计", "produces": [ "application/json" ], "tags": [ "账户管理" ], "summary": "获取同意历史记录", "responses": { "200": { "description": "成功", "schema": { "$ref": "#/definitions/dto.ConsentHistoryResponse" } } } } }, "/auth/me/delete-account": { "post": { "security": [ { "bearerAuth": [] } ], "description": "依据GDPR第17条,永久删除用户账户数据,需密码验证,不可恢复", "tags": [ "账户管理" ], "summary": "永久删除账户 (GDPR 被遗忘权/账户删除)", "parameters": [ { "description": "删除账户请求(含密码)", "name": "request", "in": "body", "required": true, "schema": { "$ref": "#/definitions/dto.DeleteAccountRequest" } } ], "responses": { "200": { "description": "操作成功", "schema": { "$ref": "#/definitions/dto.DeleteAccountResponse" } } } } }, "/auth/me/devices": { "get": { "security": [ { "bearerAuth": [] } ], "description": "获取当前用户关联的所有设备列表", "produces": [ "application/json" ], "tags": [ "账户管理" ], "summary": "获取我的设备列表", "responses": { "200": { "description": "成功", "schema": { "$ref": "#/definitions/dto.DeviceListResponse" } } } } }, "/auth/me/devices/{device_id}": { "delete": { "security": [ { "bearerAuth": [] } ], "description": "移除指定设备,取消该设备的信任状态", "produces": [ "application/json" ], "tags": [ "账户管理" ], "summary": "移除设备", "parameters": [ { "type": "string", "description": "设备ID", "name": "device_id", "in": "path", "required": true } ], "responses": { "200": { "description": "操作成功", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } } } } }, "/auth/me/devices/{device_id}/trust": { "put": { "security": [ { "bearerAuth": [] } ], "description": "设置或取消设备的信任状态,信任设备可跳过重复的MFA验证", "tags": [ "账户管理" ], "summary": "信任/取消信任设备", "parameters": [ { "type": "string", "description": "设备ID", "name": "device_id", "in": "path", "required": true }, { "description": "request body", "name": "request", "in": "body", "required": true, "schema": { "$ref": "#/definitions/dto.SelfTrustDeviceRequest" } } ], "responses": { "200": { "description": "操作成功", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } } } } }, "/auth/me/email-verification-status": { "get": { "security": [ { "bearerAuth": [] } ], "description": "获取当前登录用户的邮箱验证状态", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "身份认证" ], "summary": "检查邮箱验证状态", "responses": { "200": { "description": "邮箱验证状态", "schema": { "$ref": "#/definitions/dto.EmailStatusResponse" } } } } }, "/auth/me/email/change": { "post": { "security": [ { "bearerAuth": [] } ], "description": "变更当前用户的邮箱地址,需验证当前密码、新邮箱以及发送验证码", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "账户管理" ], "summary": "变更邮箱地址", "parameters": [ { "description": "request body", "name": "request", "in": "body", "required": true, "schema": { "$ref": "#/definitions/dto.ChangeEmailRequest" } } ], "responses": { "200": { "description": "操作成功", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } } } } }, "/auth/me/email/verify": { "post": { "security": [ { "bearerAuth": [] } ], "description": "验证邮箱变更的验证码,验证成功后更新主邮箱", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "账户管理" ], "summary": "验证邮箱变更", "parameters": [ { "description": "请求参数", "name": "request", "in": "body", "required": true, "schema": { "$ref": "#/definitions/dto.VerifyChangeRequest" } } ], "responses": { "200": { "description": "操作成功", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } } } } }, "/auth/me/export-data": { "post": { "security": [ { "bearerAuth": [] } ], "description": "依据GDPR第15/20条,导出用户全部个人数据,包含身份、设备、会话、钱包、审计等跨服务数据", "tags": [ "账户管理" ], "summary": "导出我的数据 (GDPR DSAR)", "responses": { "200": { "description": "成功", "schema": { "$ref": "#/definitions/dto.ExportMyDataResponse" } } } } }, "/auth/me/memberships": { "get": { "security": [ { "bearerAuth": [] } ], "description": "返回当前用户在所有租户下的成员身份状态(包括 pending/disabled)", "produces": [ "application/json" ], "tags": [ "账户管理" ], "summary": "获取我的租户成员状态", "responses": { "200": { "description": "成员列表", "schema": { "$ref": "#/definitions/dto.MembershipListResponseWrapper" } } } } }, "/auth/me/password": { "put": { "security": [ { "bearerAuth": [] } ], "description": "验证旧密码后设置新密码,修改成功后自动撤销所有会话以确保账户安全。参考:NIST SP 800-63B §5.1.1.2、OWASP ASVS V2.1。", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "身份认证" ], "summary": "修改当前用户密码", "parameters": [ { "description": "修改密码请求", "name": "request", "in": "body", "required": true, "schema": { "$ref": "#/definitions/dto.HTTPChangePasswordRequest" } } ], "responses": { "200": { "description": "密码修改成功,所有会话已撤销", "schema": { "$ref": "#/definitions/dto.ChangePasswordResponse" } }, "400": { "description": "请求参数无效或旧密码验证失败", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "401": { "description": "未认证或令牌无效", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } } } } }, "/auth/me/password-strength": { "post": { "security": [ { "bearerAuth": [] } ], "description": "使用当前租户的密码策略检查密码强度", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "身份认证" ], "summary": "检查密码强度", "parameters": [ { "description": "密码检查请求", "name": "request", "in": "body", "required": true, "schema": { "$ref": "#/definitions/handler.SelfServicePasswordStrengthRequest" } } ], "responses": { "200": { "description": "密码强度", "schema": { "$ref": "#/definitions/dto.PasswordStrengthResponseWrapper" } } } } }, "/auth/me/permissions": { "get": { "security": [ { "bearerAuth": [] } ], "description": "返回当前用户在租户下的所有权限代码列表,包括角色继承权限、层级权限和直赋权限的聚合结果。参考:NIST SP 800-53 AC-6、OWASP ASVS V1.2。", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "身份认证" ], "summary": "获取当前用户权限", "responses": { "200": { "description": "当前用户的权限代码列表", "schema": { "$ref": "#/definitions/dto.MyPermissionsResponseWrapper" } }, "401": { "description": "未认证或令牌无效", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } } } } }, "/auth/me/phone-verification-status": { "get": { "security": [ { "bearerAuth": [] } ], "description": "获取当前登录用户的手机号验证状态", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "身份认证" ], "summary": "检查手机号验证状态", "responses": { "200": { "description": "手机号验证状态", "schema": { "$ref": "#/definitions/dto.PhoneStatusResponse" } } } } }, "/auth/me/phone/change": { "post": { "security": [ { "bearerAuth": [] } ], "description": "变更当前用户的手机号,需要验证新手机号和当前密码", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "账户管理" ], "summary": "变更手机号", "parameters": [ { "description": "请求参数", "name": "request", "in": "body", "required": true, "schema": { "$ref": "#/definitions/dto.ChangePhoneRequest" } } ], "responses": { "200": { "description": "操作成功", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } } } } }, "/auth/me/phone/verify": { "post": { "security": [ { "bearerAuth": [] } ], "description": "验证手机号变更的验证码,验证成功后更新主手机号", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "账户管理" ], "summary": "验证手机号变更", "parameters": [ { "description": "请求参数", "name": "request", "in": "body", "required": true, "schema": { "$ref": "#/definitions/dto.VerifyChangeRequest" } } ], "responses": { "200": { "description": "操作成功", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } } } } }, "/auth/me/recovery-contacts": { "get": { "security": [ { "bearerAuth": [] } ], "description": "获取用户设置的恢复联系方式(recovery email/phone),数据存储在用户Metadata中", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "账户管理" ], "summary": "获取恢复联系人列表", "responses": { "200": { "description": "成功", "schema": { "$ref": "#/definitions/dto.RecoveryContactListResponse" } } } }, "post": { "security": [ { "bearerAuth": [] } ], "description": "添加新的recovery email/phone作为账户恢复联系方式", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "账户管理" ], "summary": "添加恢复联系人", "parameters": [ { "description": "request body", "name": "request", "in": "body", "required": true, "schema": { "$ref": "#/definitions/dto.AddRecoveryContactRequest" } } ], "responses": { "200": { "description": "操作成功", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } } } } }, "/auth/me/recovery-contacts/{contact_id}": { "delete": { "security": [ { "bearerAuth": [] } ], "description": "移除指定的恢复联系方式", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "账户管理" ], "summary": "移除恢复联系人", "parameters": [ { "type": "string", "description": "request body", "name": "contact_id", "in": "path", "required": true } ], "responses": { "200": { "description": "操作成功", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } } } } }, "/auth/me/role-activations": { "get": { "security": [ { "bearerAuth": [] } ], "description": "返回当前用户的所有角色激活记录", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "角色权限" ], "summary": "查询我的角色激活", "responses": { "200": { "description": "角色激活列表", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.DataResponse-array_dto_ActivationResponse" } } } }, "post": { "security": [ { "bearerAuth": [] } ], "description": "用户提交角色激活请求(即时提权JIT),提供角色ID、理由和有效时长", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "角色权限" ], "summary": "请求角色激活", "parameters": [ { "description": "激活请求", "name": "request", "in": "body", "required": true, "schema": { "$ref": "#/definitions/dto.RequestActivationRequest" } } ], "responses": { "201": { "description": "角色激活成功", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.DataResponse-dto_ActivationResponse" } }, "400": { "description": "请求参数无效", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } } } } }, "/auth/me/saml-links": { "get": { "security": [ { "bearerAuth": [] } ], "description": "获取当前用户绑定的所有SAML/SSO身份提供商账户", "produces": [ "application/json" ], "tags": [ "账户管理" ], "summary": "获取SAML关联账户列表", "responses": { "200": { "description": "成功", "schema": { "$ref": "#/definitions/dto.ListResponse-handler_SamlLinkedAccountInfo" } } } } }, "/auth/me/saml-links/{id}": { "delete": { "security": [ { "bearerAuth": [] } ], "description": "解绑指定的SAML/SSO身份提供商账户关联", "produces": [ "application/json" ], "tags": [ "账户管理" ], "summary": "解绑SAML关联账户", "parameters": [ { "type": "string", "description": "SAML关联账户ID", "name": "id", "in": "path", "required": true } ], "responses": { "200": { "description": "操作成功", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } } } } }, "/auth/me/security-events": { "get": { "security": [ { "bearerAuth": [] } ], "description": "分页获取用户的安全相关事件(异常登录、密码变更、MFA变更等)\n自动过滤已dismiss的事件", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "账户管理" ], "summary": "获取安全事件列表", "parameters": [ { "type": "integer", "default": 1, "description": "页码", "name": "page", "in": "query" }, { "type": "integer", "default": 20, "description": "每页条数", "name": "page_size", "in": "query" } ], "responses": { "200": { "description": "成功", "schema": { "$ref": "#/definitions/dto.SecurityEventListResponse" } } } } }, "/auth/me/security-events/{event_id}/dismiss": { "post": { "security": [ { "bearerAuth": [] } ], "description": "标记安全事件为已关闭(dismissed=true),事件将从列表中消失", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "账户管理" ], "summary": "关闭安全事件提醒", "parameters": [ { "type": "string", "description": "事件ID", "name": "event_id", "in": "path", "required": true }, { "description": "request body", "name": "request", "in": "body", "schema": { "$ref": "#/definitions/dto.SecurityEventDismissRequest" } } ], "responses": { "200": { "description": "操作成功", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } } } } }, "/auth/me/sessions": { "get": { "security": [ { "bearerAuth": [] } ], "description": "获取当前用户的所有活跃会话,优先从 session-service 获取,包含AMR/IP/GeoIP等安全上下文信息\n若sessionClient不可用则降级到deviceService设备记录查询", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "账户管理" ], "summary": "获取我的会话列表", "parameters": [ { "type": "integer", "description": "页码", "name": "page", "in": "query" }, { "type": "integer", "description": "每页数量", "name": "page_size", "in": "query" } ], "responses": { "200": { "description": "成功", "schema": { "$ref": "#/definitions/dto.GetMySessionsResponse" } } } }, "delete": { "security": [ { "bearerAuth": [] } ], "description": "登出当前用户的所有会话,调用 deviceService.RemoveAllDevices 清除所有设备记录", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "账户管理" ], "summary": "登出所有会话", "responses": { "200": { "description": "操作成功", "schema": { "$ref": "#/definitions/dto.LogoutAllSessionsResponse" } } } } }, "/auth/me/sessions/{session_id}": { "delete": { "security": [ { "bearerAuth": [] } ], "description": "登出指定会话ID,如果设备记录存在则同时清除", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "账户管理" ], "summary": "登出指定会话", "parameters": [ { "type": "string", "description": "会话ID", "name": "session_id", "in": "path", "required": true } ], "responses": { "200": { "description": "操作成功", "schema": { "$ref": "#/definitions/dto.LogoutSessionResponse" } } } } }, "/auth/me/stop-impersonation": { "post": { "security": [ { "bearerAuth": [] } ], "description": "当前模拟会话中,停止模拟并返回管理员的JWT", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "账户管理" ], "summary": "结束模拟会话", "responses": { "200": { "description": "结束成功", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.DataResponse-dto_StopImpersonationResponse" } }, "400": { "description": "请求参数错误", "schema": { "$ref": "#/definitions/dto.Problem" } }, "401": { "description": "未认证或令牌无效", "schema": { "$ref": "#/definitions/dto.Problem" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/dto.Problem" } } } } }, "/auth/me/switch-tenant": { "post": { "security": [ { "bearerAuth": [] } ], "description": "验证用户在新租户下的成员资格,检查跨租户切换策略,验证通过后签发新JWT令牌(含新租户的角色和权限)。参考:NIST SP 800-53 AC-2、OWASP ASVS V1.2。", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "身份认证" ], "summary": "切换当前租户", "parameters": [ { "description": "切换租户请求", "name": "request", "in": "body", "required": true, "schema": { "$ref": "#/definitions/dto.SwitchTenantRequest" } } ], "responses": { "200": { "description": "租户切换成功,返回新JWT令牌", "schema": { "$ref": "#/definitions/dto.SwitchTenantResponseWrapper" } }, "400": { "description": "请求参数无效", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "401": { "description": "未认证或令牌无效", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "403": { "description": "无目标租户成员资格或跨租户切换被禁用", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } } } } }, "/auth/me/tenants": { "get": { "security": [ { "bearerAuth": [] } ], "description": "返回当前用户有权限访问的所有租户列表,包含租户ID、名称、显示名称和用户在各租户的角色。支持通过租户服务获取租户显示名称。", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "身份认证" ], "summary": "获取当前用户租户", "responses": { "200": { "description": "当前用户的租户列表及角色", "schema": { "$ref": "#/definitions/dto.MyTenantsResponseWrapper" } }, "401": { "description": "未认证或令牌无效", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } } } } }, "/auth/me/webauthn-credentials": { "get": { "security": [ { "bearerAuth": [] } ], "description": "获取当前用户已注册的所有WebAuthn凭证", "produces": [ "application/json" ], "tags": [ "WebAuthn" ], "summary": "获取已注册的Passkey列表", "responses": { "200": { "description": "凭证列表", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } }, "401": { "description": "未授权", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } }, "500": { "description": "服务器错误", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } } } } }, "/auth/me/webauthn-credentials/{id}": { "delete": { "security": [ { "bearerAuth": [] } ], "description": "删除指定的WebAuthn凭证", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "WebAuthn" ], "summary": "删除Passkey", "parameters": [ { "type": "string", "description": "凭证ID", "name": "id", "in": "path", "required": true } ], "responses": { "200": { "description": "删除成功", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } }, "401": { "description": "未授权", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } }, "404": { "description": "凭证不存在", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } }, "500": { "description": "服务器错误", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } } } } }, "/auth/mfa/verify-challenge": { "post": { "description": "使用challenge_token和MFA验证码(TOTP/SMS/Email/Push)完成多因素认证,验证成功后返回真实JWT令牌,替换临时的挑战令牌。参考:RFC 6238 (TOTP)、RFC 4226 (HOTP)、NIST SP 800-63B §5.1、OWASP ASVS V2.8。", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "多因素认证" ], "summary": "验证MFA挑战", "parameters": [ { "description": "MFA验证请求", "name": "request", "in": "body", "required": true, "schema": { "$ref": "#/definitions/dto.VerifyMFAChallengeRequest" } } ], "responses": { "200": { "description": "MFA验证成功,返回真实JWT令牌", "schema": { "$ref": "#/definitions/dto.LoginResponse" } }, "400": { "description": "挑战令牌无效或验证码错误", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "500": { "description": "MFA服务不可用或服务器内部错误", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } } } } }, "/auth/oauth/accounts": { "get": { "security": [ { "bearerAuth": [] } ], "description": "获取当前用户绑定的所有第三方OAuth账号", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "身份认证" ], "summary": "获取用户OAuth账号列表", "responses": { "200": { "description": "账号列表", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_micro-services_identity-service_internal_handler_dto.DataResponse" } }, "401": { "description": "未认证或令牌无效", "schema": { "$ref": "#/definitions/dto.Problem" } }, "404": { "description": "资源不存在", "schema": { "$ref": "#/definitions/dto.Problem" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/dto.Problem" } } } } }, "/auth/oauth/bind": { "post": { "security": [ { "bearerAuth": [] } ], "description": "为当前用户绑定第三方OAuth账号", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "身份认证" ], "summary": "绑定OAuth账号", "parameters": [ { "description": "绑定OAuth请求", "name": "request", "in": "body", "required": true, "schema": { "$ref": "#/definitions/dto.BindOAuthRequest" } } ], "responses": { "200": { "description": "绑定成功", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_micro-services_identity-service_internal_handler_dto.DataResponse" } }, "400": { "description": "请求参数错误", "schema": { "$ref": "#/definitions/dto.Problem" } }, "401": { "description": "未认证或令牌无效", "schema": { "$ref": "#/definitions/dto.Problem" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/dto.Problem" } } } } }, "/auth/oauth/providers": { "get": { "description": "获取系统支持的所有OAuth登录提供者列表", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "身份认证" ], "summary": "获取OAuth提供商列表", "responses": { "200": { "description": "提供商列表", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_micro-services_identity-service_internal_handler_dto.DataResponse" } }, "401": { "description": "未认证或令牌无效", "schema": { "$ref": "#/definitions/dto.Problem" } }, "404": { "description": "资源不存在", "schema": { "$ref": "#/definitions/dto.Problem" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/dto.Problem" } } } } }, "/auth/oauth/unbind": { "post": { "security": [ { "bearerAuth": [] } ], "description": "解绑当前用户绑定的第三方OAuth账号", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "身份认证" ], "summary": "解绑OAuth账号", "parameters": [ { "description": "解绑OAuth请求", "name": "request", "in": "body", "required": true, "schema": { "$ref": "#/definitions/dto.UnbindOAuthRequest" } } ], "responses": { "200": { "description": "解绑成功", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_micro-services_identity-service_internal_handler_dto.DataResponse" } }, "400": { "description": "请求参数错误", "schema": { "$ref": "#/definitions/dto.Problem" } }, "401": { "description": "未认证或令牌无效", "schema": { "$ref": "#/definitions/dto.Problem" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/dto.Problem" } } } } }, "/auth/oauth/{provider}": { "get": { "description": "发起OAuth授权流程,重定向到第三方授权页面", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "身份认证" ], "summary": "发起OAuth登录", "parameters": [ { "type": "string", "description": "OAuth鎻愪緵鑰?", "name": "provider", "in": "path", "required": true } ], "responses": { "302": { "description": "閲嶅畾鍚戝埌OAuth鎺堟潈椤?" }, "401": { "description": "未认证或令牌无效", "schema": { "$ref": "#/definitions/dto.Problem" } }, "404": { "description": "资源不存在", "schema": { "$ref": "#/definitions/dto.Problem" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/dto.Problem" } } } } }, "/auth/oauth/{provider}/callback": { "get": { "description": "处理OAuth授权回调,获取用户信息并创建会话", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "身份认证" ], "summary": "OAuth回调", "parameters": [ { "type": "string", "description": "OAuth鎻愪緵鑰?", "name": "provider", "in": "path", "required": true }, { "type": "string", "description": "鎺堟潈鐮?", "name": "code", "in": "query", "required": true }, { "type": "string", "description": "状态参数", "name": "state", "in": "query", "required": true } ], "responses": { "200": { "description": "登录成功", "schema": { "$ref": "#/definitions/dto.OAuthCallbackResponse" } }, "401": { "description": "未认证或令牌无效", "schema": { "$ref": "#/definitions/dto.Problem" } }, "404": { "description": "资源不存在", "schema": { "$ref": "#/definitions/dto.Problem" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/dto.Problem" } } } } }, "/auth/oidc/backchannel-logout": { "post": { "description": "处理OpenID Connect Backchannel Logout 1.0规范的后通道登出请求。接收OP发送的logout_token,验证后撤销对应用户的所有会话。", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "OAuth授权" ], "summary": "OIDC后通道登出", "parameters": [ { "description": "登出令牌请求", "name": "request", "in": "body", "required": true, "schema": { "$ref": "#/definitions/handler.BackchannelLogoutRequest" } } ], "responses": { "200": { "description": "登出成功", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } }, "400": { "description": "请求参数无效", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } } } } }, "/auth/oidc/logout": { "post": { "description": "处理OpenID Connect RP-Initiated Logout 1.0规范的登出请求。根据id_token_hint重定向到OP的end_session_endpoint或post_logout_redirect_uri,同时撤销当前用户的会话。", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "OAuth授权" ], "summary": "RP发起登出", "parameters": [ { "type": "string", "description": "ID Token提示", "name": "id_token_hint", "in": "query" }, { "type": "string", "description": "登出后重定向URI", "name": "post_logout_redirect_uri", "in": "query" }, { "type": "string", "description": "状态参数", "name": "state", "in": "query" } ], "responses": { "200": { "description": "登出成功", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } }, "302": { "description": "重定向到登出页面", "schema": { "type": "string" } } } } }, "/auth/oidc/session-iframe": { "get": { "description": "返回OpenID Connect Session Management 1.0规范的不可见iframe,用于第三方cookie的会话状态追踪。", "produces": [ "text/html" ], "tags": [ "OAuth授权" ], "summary": "OIDC会话状态iframe", "responses": { "200": { "description": "包含session state管理脚本的HTML iframe页面", "schema": { "type": "string" } } } } }, "/auth/qr-login/cancel": { "post": { "security": [ { "bearerAuth": [] } ], "description": "取消正在进行的二维码登录会话", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "会话与设备" ], "summary": "取消二维码登录", "parameters": [ { "description": "取消请求", "name": "request", "in": "body", "required": true, "schema": { "$ref": "#/definitions/dto.QrLoginCancelRequest" } } ], "responses": { "200": { "description": "取消成功", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "400": { "description": "请求参数无效", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } } } } }, "/auth/qr-login/confirm": { "post": { "security": [ { "bearerAuth": [] } ], "description": "已登录用户在移动端确认登录请求,完成二维码登录流程", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "会话与设备" ], "summary": "确认二维码登录", "parameters": [ { "description": "确认请求", "name": "request", "in": "body", "required": true, "schema": { "$ref": "#/definitions/dto.QrLoginConfirmRequest" } } ], "responses": { "200": { "description": "确认成功", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "400": { "description": "请求参数无效", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } } } } }, "/auth/qr-login/initiate": { "post": { "description": "生成一个新的二维码登录会话,返回会话令牌和数字匹配码供用户扫描", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "会话与设备" ], "summary": "发起二维码登录", "responses": { "200": { "description": "二维码登录会话已创建", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.DataResponse-dto_QrLoginInitiateResponse" } }, "429": { "description": "请求频率过高", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } } } } }, "/auth/qr-login/scan": { "post": { "security": [ { "bearerAuth": [] } ], "description": "已登录用户扫描二维码,将会话状态更新为已扫描,同时可附件设备信息", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "会话与设备" ], "summary": "扫描二维码登录", "parameters": [ { "description": "扫描请求", "name": "request", "in": "body", "required": true, "schema": { "$ref": "#/definitions/dto.QrLoginScanRequest" } } ], "responses": { "200": { "description": "扫描成功", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "400": { "description": "请求参数无效", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } } } } }, "/auth/qr-login/status": { "get": { "description": "轮询二维码登录会话的当前状态,确认完成后返回access_token和refresh_token", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "会话与设备" ], "summary": "查询二维码登录状态", "parameters": [ { "type": "string", "description": "会话令牌", "name": "token", "in": "query", "required": true } ], "responses": { "200": { "description": "会话状态", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.DataResponse-dto_QrLoginStatusResponse" } }, "400": { "description": "参数无效", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } } } } }, "/auth/re-authenticate": { "post": { "security": [ { "bearerAuth": [] } ], "description": "高风险操作前的重新认证,通过密码验证提升当前会话的安全级别\n返回step_up_token,有效期5分钟,可用于后续高安全操作的身份令牌传递", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "身份认证" ], "summary": "重新认证(Step-up)", "parameters": [ { "description": "request body", "name": "request", "in": "body", "required": true, "schema": { "$ref": "#/definitions/dto.ReAuthenticateRequest" } } ], "responses": { "200": { "description": "操作成功", "schema": { "$ref": "#/definitions/dto.ReAuthenticateDataWrapper" } } } } }, "/auth/recover-account": { "post": { "description": "当用户无法访问主身份(邮箱或手机)时,通过预先设置的恢复联系人来验证身份并发起密码重置流程。参考:NIST SP 800-63B §5.1.1.2、OWASP ASVS V2.3。", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "身份认证" ], "summary": "通过恢复联系人初始化账户恢复", "parameters": [ { "description": "账户恢复请求", "name": "request", "in": "body", "required": true, "schema": { "$ref": "#/definitions/dto.RecoverAccountRequest" } } ], "responses": { "200": { "description": "恢复码已发送至受信任联系人", "schema": { "$ref": "#/definitions/dto.RecoverAccountResponse" } }, "400": { "description": "请求参数无效", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } } } } }, "/auth/recover-account/reset": { "post": { "description": "使用账户恢复验证码验证通过后,设置新密码,完成账户恢复和密码重置。参考:NIST SP 800-63B §5.1.1.2。", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "身份认证" ], "summary": "通过恢复码重置密码", "parameters": [ { "description": "恢复重置请求", "name": "request", "in": "body", "required": true, "schema": { "$ref": "#/definitions/dto.RecoverAccountResetRequest" } } ], "responses": { "200": { "description": "密码重置成功", "schema": { "$ref": "#/definitions/dto.RecoverAccountResetResponse" } }, "400": { "description": "请求参数无效或验证码已过期", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } } } } }, "/auth/recovery/complete": { "post": { "description": "验证恢复码和恢复令牌后设置新密码,自动撤销所有会话以确保账户安全,并发送密码变更通知。参考:NIST SP 800-63B §5.1.1.2、OWASP ASVS V2.1。", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "身份认证" ], "summary": "完成账户恢复", "parameters": [ { "description": "完成恢复请求", "name": "request", "in": "body", "required": true, "schema": { "$ref": "#/definitions/dto.CompleteAccountRecoveryRequest" } } ], "responses": { "200": { "description": "账户恢复完成,密码已重置", "schema": { "$ref": "#/definitions/dto.CompleteAccountRecoveryResponse" } }, "400": { "description": "请求参数无效或恢复令牌已过期", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } } } } }, "/auth/recovery/request": { "post": { "description": "通过邮箱或手机号发起账户恢复流程,生成恢复令牌并向受信任联系人发送验证码,支持将恢复码发送至备用邮箱或手机。参考:NIST SP 800-63B §5.1.1.2、OWASP ASVS V2.3。", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "身份认证" ], "summary": "发起账户恢复", "parameters": [ { "description": "账户恢复请求", "name": "request", "in": "body", "required": true, "schema": { "$ref": "#/definitions/dto.RequestAccountRecoveryRequest" } } ], "responses": { "200": { "description": "恢复流程已发起,恢复令牌和掩码联系方式已返回", "schema": { "$ref": "#/definitions/dto.RequestAccountRecoveryResponseWrapper" } }, "400": { "description": "请求参数无效", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } } } } }, "/auth/recovery/verify": { "post": { "description": "验证从受信任联系人收到的恢复码,验证成功后返回确认,允许用户进入密码重置步骤。参考:NIST SP 800-63B §5.1.1.2、OWASP ASVS V2.3。", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "身份认证" ], "summary": "验证账户恢复码", "parameters": [ { "description": "验证请求", "name": "request", "in": "body", "required": true, "schema": { "$ref": "#/definitions/dto.VerifyAccountRecoveryRequest" } } ], "responses": { "200": { "description": "恢复验证码校验成功", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "400": { "description": "请求参数无效或恢复码已过期", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } } } } }, "/auth/refresh": { "post": { "description": "使用刷新令牌获取新的访问令牌和刷新令牌对,支持复用攻击检测与自动撤销。参考:RFC 6749 §1.5、RFC 7519 (JWT)。", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "身份认证" ], "summary": "刷新访问令牌", "parameters": [ { "description": "刷新请求", "name": "request", "in": "body", "required": true, "schema": { "$ref": "#/definitions/dto.RefreshTokenRequest" } } ], "responses": { "200": { "description": "令牌刷新成功,返回新的访问令牌和刷新令牌", "schema": { "$ref": "#/definitions/dto.LoginResponse" } }, "400": { "description": "请求参数无效或令牌格式错误", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } } } } }, "/auth/register": { "post": { "description": "使用用户名、邮箱、手机号和密码创建账户,支持开放注册、邀请注册和审批三种成员加入方式。创建成功后自动发送欢迎通知。参考:OWASP ASVS V2.2。", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "身份认证" ], "summary": "用户注册", "parameters": [ { "description": "注册请求", "name": "request", "in": "body", "required": true, "schema": { "$ref": "#/definitions/dto.RegisterRequest" } } ], "responses": { "201": { "description": "注册成功,返回用户ID和状态", "schema": { "$ref": "#/definitions/dto.RegisterResponse" } }, "400": { "description": "请求参数无效或用户名已存在", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } } } } }, "/auth/register/check-email": { "get": { "description": "在用户注册前校验邮箱是否已被注册,防止重复注册与临时邮箱滥用。支持GET和POST两种请求方式。参考:OWASP ASVS V2.2。", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "身份认证" ], "summary": "检查邮箱是否可用", "parameters": [ { "type": "string", "description": "邮箱地址(GET方式)", "name": "email", "in": "query" }, { "description": "邮箱地址(POST方式)", "name": "request", "in": "body", "schema": { "$ref": "#/definitions/dto.CheckEmailRequest" } } ], "responses": { "200": { "description": "邮箱可用性检查结果", "schema": { "$ref": "#/definitions/dto.CheckEmailResponse" } }, "400": { "description": "请求参数无效", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } } } }, "post": { "description": "在用户注册前校验邮箱是否已被注册,防止重复注册与临时邮箱滥用。支持GET和POST两种请求方式。参考:OWASP ASVS V2.2。", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "身份认证" ], "summary": "检查邮箱是否可用", "parameters": [ { "type": "string", "description": "邮箱地址(GET方式)", "name": "email", "in": "query" }, { "description": "邮箱地址(POST方式)", "name": "request", "in": "body", "schema": { "$ref": "#/definitions/dto.CheckEmailRequest" } } ], "responses": { "200": { "description": "邮箱可用性检查结果", "schema": { "$ref": "#/definitions/dto.CheckEmailResponse" } }, "400": { "description": "请求参数无效", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } } } } }, "/auth/register/check-username": { "get": { "description": "在用户注册前校验用户名是否已被占用,防止批量注册和冲突。支持GET和POST两种请求方式。参考:OWASP ASVS V2.2。", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "身份认证" ], "summary": "检查用户名是否可用", "parameters": [ { "type": "string", "description": "用户名(GET方式)", "name": "username", "in": "query" }, { "description": "用户名(POST方式)", "name": "request", "in": "body", "schema": { "$ref": "#/definitions/dto.CheckUsernameRequest" } } ], "responses": { "200": { "description": "用户名可用性检查结果", "schema": { "$ref": "#/definitions/dto.CheckUsernameResponse" } }, "400": { "description": "请求参数无效", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } } } }, "post": { "description": "在用户注册前校验用户名是否已被占用,防止批量注册和冲突。支持GET和POST两种请求方式。参考:OWASP ASVS V2.2。", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "身份认证" ], "summary": "检查用户名是否可用", "parameters": [ { "type": "string", "description": "用户名(GET方式)", "name": "username", "in": "query" }, { "description": "用户名(POST方式)", "name": "request", "in": "body", "schema": { "$ref": "#/definitions/dto.CheckUsernameRequest" } } ], "responses": { "200": { "description": "用户名可用性检查结果", "schema": { "$ref": "#/definitions/dto.CheckUsernameResponse" } }, "400": { "description": "请求参数无效", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } } } } }, "/auth/register/email-code": { "post": { "description": "使用邮箱验证码完成无密码注册并自动登录,创建密码豁免用户。注册前需先调用发送验证码接口获取验证码。参考:OWASP ASVS V2.2。", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "身份认证" ], "summary": "邮箱验证码注册", "parameters": [ { "description": "邮箱验证码注册请求", "name": "request", "in": "body", "required": true, "schema": { "$ref": "#/definitions/dto.RegisterByEmailCodeRequest" } } ], "responses": { "200": { "description": "注册成功并自动登录,返回JWT令牌", "schema": { "$ref": "#/definitions/dto.LoginByCodeResponse" } }, "400": { "description": "请求参数无效或验证码错误", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } } } } }, "/auth/register/invitation": { "post": { "description": "通过有效的租户邀请码完成注册,邀请码由租户管理员生成。注册成功后自动接受邀请并加入租户,返回JWT令牌。参考:OWASP ASVS V2.2。", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "身份认证" ], "summary": "邀请注册", "parameters": [ { "description": "邀请注册请求", "name": "request", "in": "body", "required": true, "schema": { "$ref": "#/definitions/dto.RegisterByInvitationRequest" } } ], "responses": { "200": { "description": "注册成功并自动登录", "schema": { "$ref": "#/definitions/dto.LoginResponse" } }, "400": { "description": "请求参数无效或邀请码已失效", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } } } } }, "/auth/register/oauth": { "post": { "description": "使用OAuth回调生成的pending_token完成注册,创建用户并自动绑定OAuth连接和提供商信息,返回JWT令牌。注册后的审批流程由租户的成员资格策略控制。参考:RFC 6749 §4.1、OWASP ASVS V2.2。", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "身份认证" ], "summary": "OAuth补充注册", "parameters": [ { "description": "OAuth补充注册请求", "name": "request", "in": "body", "required": true, "schema": { "$ref": "#/definitions/dto.RegisterByOAuthRequest" } } ], "responses": { "200": { "description": "注册成功并自动登录", "schema": { "$ref": "#/definitions/dto.RegisterByOAuthResponse" } }, "400": { "description": "请求参数无效或pending_token已过期", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } } } } }, "/auth/register/phone-code": { "post": { "description": "使用手机短信验证码完成无密码注册并自动登录,创建密码豁免用户。注册前需先调用发送短信验证码接口获取验证码。参考:OWASP ASVS V2.2。", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "身份认证" ], "summary": "手机验证码注册", "parameters": [ { "description": "手机验证码注册请求", "name": "request", "in": "body", "required": true, "schema": { "$ref": "#/definitions/dto.RegisterByPhoneCodeRequest" } } ], "responses": { "200": { "description": "注册成功并自动登录,返回JWT令牌", "schema": { "$ref": "#/definitions/dto.LoginByCodeResponse" } }, "400": { "description": "请求参数无效或验证码错误", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } } } } }, "/auth/register/reapply": { "post": { "description": "被拒绝注册后重新提交申请,将disabled成员重新置为pending状态供管理员再次审批。参考:OWASP ASVS V2.2。", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "身份认证" ], "summary": "重新申请注册", "parameters": [ { "description": "重新申请请求", "name": "request", "in": "body", "required": true, "schema": { "$ref": "#/definitions/dto.ReapplyRegistrationRequest" } } ], "responses": { "200": { "description": "重新申请已提交成功", "schema": { "$ref": "#/definitions/dto.ReapplyRegistrationResponseWrapper" } }, "400": { "description": "请求参数无效或用户不存在", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } } } } }, "/auth/resend-sms-code": { "post": { "description": "重新向用户手机发送短信验证码", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "身份认证" ], "summary": "重新发送短信验证码", "parameters": [ { "description": "重新发送短信验证码请求", "name": "request", "in": "body", "required": true, "schema": { "$ref": "#/definitions/dto.ResendSMSCodeRequest" } } ], "responses": { "200": { "description": "发送成功", "schema": { "$ref": "#/definitions/dto.PhoneVerificationResponse" } } } } }, "/auth/resend-verification-email": { "post": { "description": "重新向用户邮箱发送验证链接或验证码", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "身份认证" ], "summary": "重新发送邮箱验证邮件", "parameters": [ { "description": "重新发送验证邮件请求", "name": "request", "in": "body", "required": true, "schema": { "$ref": "#/definitions/dto.ResendVerificationEmailRequest" } } ], "responses": { "200": { "description": "发送成功", "schema": { "$ref": "#/definitions/dto.EmailVerificationResponse" } } } } }, "/auth/reset-password": { "post": { "description": "使用验证码验证通过后设置新密码,支持邮箱和短信两种验证方式。参考:NIST SP 800-63B §5.1.1.2、OWASP ASVS V2.1。", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "身份认证" ], "summary": "重置密码", "parameters": [ { "description": "重置密码请求", "name": "request", "in": "body", "required": true, "schema": { "$ref": "#/definitions/dto.ResetPasswordRequest" } } ], "responses": { "200": { "description": "密码重置成功", "schema": { "$ref": "#/definitions/dto.ResetPasswordResponse" } }, "400": { "description": "请求参数无效或验证码已过期", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } } } } }, "/auth/send-login-code": { "post": { "description": "向指定邮箱或手机号发送一次性登录验证码,用于无密码登录流程。支持 rate limiting 和 per-target 限流。", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "身份认证" ], "summary": "发送登录验证码", "parameters": [ { "description": "发送验证码请求", "name": "request", "in": "body", "required": true, "schema": { "$ref": "#/definitions/dto.SendLoginCodeRequest" } } ], "responses": { "200": { "description": "发送成功", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.DataResponse-dto_SendLoginCodeResponse" } }, "400": { "description": "参数错误", "schema": { "$ref": "#/definitions/dto.Problem" } }, "429": { "description": "请求过于频繁", "schema": { "$ref": "#/definitions/dto.Problem" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/dto.Problem" } } } } }, "/auth/send-sms-code": { "post": { "description": "向用户手机发送短信验证码,用于手机验证或登录", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "身份认证" ], "summary": "发送短信验证码", "parameters": [ { "description": "发送短信验证码请求", "name": "request", "in": "body", "required": true, "schema": { "$ref": "#/definitions/dto.SendSMSCodeRequest" } } ], "responses": { "200": { "description": "发送成功", "schema": { "$ref": "#/definitions/dto.PhoneVerificationResponse" } } } } }, "/auth/send-verification-email": { "post": { "description": "向指定邮箱发送验证码邮件", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "身份认证" ], "summary": "发送邮箱验证邮件", "parameters": [ { "description": "发送验证邮件请求", "name": "request", "in": "body", "required": true, "schema": { "$ref": "#/definitions/dto.SendVerificationEmailRequest" } } ], "responses": { "200": { "description": "发送成功", "schema": { "$ref": "#/definitions/dto.EmailVerificationResponse" } } } } }, "/auth/sso/callback": { "post": { "security": [ { "bearerAuth": [] } ], "description": "接收企业身份提供商的回调信息,验证state并交换本地访问令牌", "produces": [ "application/json" ], "tags": [ "身份认证" ], "summary": "企业SSO回调", "parameters": [ { "description": "SSO回调请求", "name": "request", "in": "body", "required": true, "schema": { "$ref": "#/definitions/dto.SSOCallbackRequest" } } ], "responses": { "200": { "description": "返回本地访问令牌", "schema": { "$ref": "#/definitions/dto.SSOCallbackResponse" } } } } }, "/auth/sso/initiate": { "post": { "security": [ { "bearerAuth": [] } ], "description": "根据指定的SSO提供商(SAML或OIDC)生成授权URL与state参数,通过PKCE和CSRF state保护,引导用户跳转至企业身份提供商进行认证。参考:SAML 2.0 Core §3.4、OpenID Connect Core 1.0 §3、RFC 7636 (PKCE)。", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "身份认证" ], "summary": "启动企业SSO登录", "parameters": [ { "description": "SSO启动请求", "name": "request", "in": "body", "required": true, "schema": { "$ref": "#/definitions/dto.SSOInitiateRequest" } } ], "responses": { "200": { "description": "SSO发起成功,返回授权URL和state参数", "schema": { "$ref": "#/definitions/dto.SSOInitiateResponse" } }, "400": { "description": "请求参数无效或不支持的SSO提供商", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "401": { "description": "未认证或令牌无效", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } } } } }, "/auth/ticket/signin": { "post": { "description": "使用后台生成的一次性票据完成登录,票据验证成功后立即失效(一次性使用),返回JWT令牌。适用于跨系统SSO和管理员代登录场景。参考:RFC 6749 §1.5。", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "身份认证" ], "summary": "票据签名登录", "parameters": [ { "description": "票据登录请求", "name": "request", "in": "body", "required": true, "schema": { "$ref": "#/definitions/dto.TicketSigninRequest" } } ], "responses": { "200": { "description": "登录成功,返回JWT令牌", "schema": { "$ref": "#/definitions/dto.LoginResponse" } }, "400": { "description": "票据无效或已过期", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } } } } }, "/auth/verify-email": { "post": { "description": "验证用户提交的邮箱验证码", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "身份认证" ], "summary": "验证邮箱地址", "parameters": [ { "description": "验证邮箱请求", "name": "request", "in": "body", "required": true, "schema": { "$ref": "#/definitions/dto.VerifyEmailRequest" } } ], "responses": { "200": { "description": "验证成功", "schema": { "$ref": "#/definitions/dto.EmailVerifiedResponse" } } } } }, "/auth/verify-phone": { "post": { "description": "验证用户提交的手机号验证码", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "身份认证" ], "summary": "验证手机号", "parameters": [ { "description": "验证手机号请求", "name": "request", "in": "body", "required": true, "schema": { "$ref": "#/definitions/dto.VerifyPhoneRequest" } } ], "responses": { "200": { "description": "验证成功", "schema": { "$ref": "#/definitions/dto.PhoneVerifiedResponse" } } } } }, "/auth/verify-reset-code": { "post": { "description": "验证用户提交的重置密码验证码是否有效,验证通过后允许进入密码重置步骤。参考:OWASP ASVS V2.3。", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "身份认证" ], "summary": "验证重置验证码", "parameters": [ { "description": "验证重置码请求", "name": "request", "in": "body", "required": true, "schema": { "$ref": "#/definitions/dto.VerifyResetCodeRequest" } } ], "responses": { "200": { "description": "验证码有效", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "400": { "description": "请求参数无效或验证码已过期", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } } } } }, "/auth/web3/verify": { "post": { "description": "验证Ethereum/Solana等Web3钱包的数字签名,无需认证", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "身份认证" ], "summary": "验证Web3钱包签名", "parameters": [ { "description": "钱包验证请求", "name": "request", "in": "body", "required": true, "schema": { "$ref": "#/definitions/dto.Web3VerifyRequest" } } ], "responses": { "200": { "description": "验证结果", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.DataResponse-dto_Web3VerifyResponse" } } } } }, "/auth/webauthn/authenticate/begin": { "post": { "description": "根据邮箱查找用户,生成Passkey登录挑战(无需JWT)", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "WebAuthn" ], "summary": "开始Passkey公开认证", "parameters": [ { "description": "认证请求", "name": "request", "in": "body", "required": true, "schema": { "$ref": "#/definitions/dto.PasskeyAuthBeginRequest" } } ], "responses": { "200": { "description": "登录选项", "schema": { "$ref": "#/definitions/dto.WebAuthnLoginResponseWrapper" } }, "400": { "description": "请求参数错误", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } }, "404": { "description": "用户不存在", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } } } } }, "/auth/webauthn/authenticate/complete": { "post": { "description": "验证Passkey认证响应并返回JWT令牌(无需JWT)", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "WebAuthn" ], "summary": "完成Passkey公开认证", "parameters": [ { "description": "认证完成请求", "name": "request", "in": "body", "required": true, "schema": { "$ref": "#/definitions/dto.PasskeyAuthenticateCompleteRequest" } } ], "responses": { "200": { "description": "登录成功", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_micro-services_identity-service_internal_handler_dto.DataResponse" } }, "400": { "description": "请求参数错误", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } }, "401": { "description": "认证失败", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } } } } }, "/auth/webauthn/login/begin": { "post": { "security": [ { "bearerAuth": [] } ], "description": "生成登录挑战,返回给前端调用 navigator.credentials.get()", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "WebAuthn" ], "summary": "开始Passkey登录", "parameters": [ { "description": "登录请求", "name": "request", "in": "body", "required": true, "schema": { "$ref": "#/definitions/handler.beginLoginRequest" } } ], "responses": { "200": { "description": "登录选项", "schema": { "$ref": "#/definitions/dto.WebAuthnLoginResponseWrapper" } }, "401": { "description": "未授权", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } }, "500": { "description": "服务器错误", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } } } } }, "/auth/webauthn/login/complete": { "post": { "security": [ { "bearerAuth": [] } ], "description": "验证客户端返回的认证签名", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "WebAuthn" ], "summary": "完成Passkey登录", "parameters": [ { "description": "认证响应", "name": "request", "in": "body", "required": true, "schema": { "$ref": "#/definitions/handler.completeLoginRequest" } } ], "responses": { "200": { "description": "验证结果", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } }, "400": { "description": "请求参数错误", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } }, "401": { "description": "未授权", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } }, "500": { "description": "服务器错误", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } } } } }, "/auth/webauthn/register/begin": { "post": { "security": [ { "bearerAuth": [] } ], "description": "生成注册挑战和凭证创建选项,返回给前端调用 navigator.credentials.create()", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "WebAuthn" ], "summary": "开始Passkey注册", "parameters": [ { "description": "注册请求", "name": "request", "in": "body", "required": true, "schema": { "$ref": "#/definitions/handler.beginRegistrationRequest" } } ], "responses": { "200": { "description": "注册选项", "schema": { "$ref": "#/definitions/dto.WebAuthnRegistrationResponseWrapper" } }, "400": { "description": "请求参数错误", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } }, "401": { "description": "未授权", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } }, "500": { "description": "服务器错误", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } } } } }, "/auth/webauthn/register/complete": { "post": { "security": [ { "bearerAuth": [] } ], "description": "验证客户端创建的凭证并保存公钥, 返回恢复码", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "WebAuthn" ], "summary": "完成Passkey注册", "parameters": [ { "description": "凭证创建结果", "name": "request", "in": "body", "required": true, "schema": { "$ref": "#/definitions/handler.completeRegistrationRequest" } } ], "responses": { "200": { "description": "注册成功, 含恢复码", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } }, "400": { "description": "请求参数错误", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } }, "401": { "description": "未授权", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } }, "500": { "description": "服务器错误", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } } } } }, "/devices": { "get": { "security": [ { "bearerAuth": [] } ], "description": "获取当前用户的所有登录设备列表", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "会话与设备" ], "summary": "获取用户设备列表", "responses": { "200": { "description": "设备列表", "schema": { "$ref": "#/definitions/dto.DeviceListResponse" } }, "401": { "description": "未授权", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } } } }, "delete": { "security": [ { "bearerAuth": [] } ], "description": "移除用户的所有设备(当前设备可选保留)", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "会话与设备" ], "summary": "移除所有设备", "parameters": [ { "type": "boolean", "description": "是否排除当前设备", "name": "except_current", "in": "query" } ], "responses": { "204": { "description": "成功移除" }, "401": { "description": "未授权", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } } } } }, "/devices/{id}": { "delete": { "security": [ { "bearerAuth": [] } ], "description": "移除指定的登录设备", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "会话与设备" ], "summary": "移除设备", "parameters": [ { "type": "string", "description": "设备ID", "name": "id", "in": "path", "required": true } ], "responses": { "204": { "description": "成功移除" }, "401": { "description": "未授权", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } }, "404": { "description": "设备不存在", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } } } } }, "/devices/{id}/trust": { "put": { "security": [ { "bearerAuth": [] } ], "description": "设置设备的信任状态", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "会话与设备" ], "summary": "信任/取消信任设备", "parameters": [ { "type": "string", "description": "设备ID", "name": "id", "in": "path", "required": true }, { "description": "信任设置", "name": "request", "in": "body", "required": true, "schema": { "$ref": "#/definitions/dto.TrustDeviceRequest" } } ], "responses": { "200": { "description": "设置成功", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } }, "400": { "description": "请求错误", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } }, "401": { "description": "未授权", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } }, "404": { "description": "设备不存在", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } } } } }, "/internal/identity/erase-user/{user_id}": { "delete": { "description": "内部API:硬删除指定用户的所有认证数据,通过 X-Tenant-ID 请求头传递租户 ID,无需认证", "produces": [ "application/json" ], "tags": [ "账户管理" ], "summary": "内部硬删除用户", "parameters": [ { "type": "string", "description": "用户ID", "name": "user_id", "in": "path", "required": true } ], "responses": { "200": { "description": "删除成功", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "400": { "description": "请求参数错误", "schema": { "$ref": "#/definitions/dto.Problem" } }, "401": { "description": "未认证或令牌无效", "schema": { "$ref": "#/definitions/dto.Problem" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/dto.Problem" } } } } }, "/internal/identity/validate-key": { "post": { "description": "Gateway/其他服务调用此接口验证 API Key 的有效性", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "API Key" ], "summary": "验证 API Key(内部)", "parameters": [ { "description": "验证请求", "name": "request", "in": "body", "required": true, "schema": { "$ref": "#/definitions/dto.ValidateKeyRequest" } } ], "responses": { "200": { "description": "验证成功", "schema": { "$ref": "#/definitions/dto.ValidateKeyResult" } }, "401": { "description": "Key 无效" } } } }, "/internal/identity/verify-password": { "post": { "description": "验证用户密码是否正确,返回验证结果及用户ID", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "身份认证" ], "summary": "验证密码", "parameters": [ { "description": "验证密码请求", "name": "request", "in": "body", "required": true, "schema": { "$ref": "#/definitions/dto.VerifyPasswordRequest" } } ], "responses": { "200": { "description": "验证成功", "schema": { "$ref": "#/definitions/dto.VerifyPasswordResponse" } }, "400": { "description": "请求参数错误", "schema": { "$ref": "#/definitions/dto.Problem" } }, "401": { "description": "未认证或令牌无效", "schema": { "$ref": "#/definitions/dto.Problem" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/dto.Problem" } } } } }, "/internal/maker-checker/record": { "post": { "description": "记录关键操作的双人复核(Maker-Checker)信息", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "账户管理" ], "summary": "记录双人复核", "parameters": [ { "description": "记录请求", "name": "request", "in": "body", "required": true, "schema": { "$ref": "#/definitions/dto.MakerCheckerRecordRequest" } } ], "responses": { "201": { "description": "记录成功", "schema": { "$ref": "#/definitions/dto.MakerCheckerRecordResponse" } }, "400": { "description": "请求参数错误", "schema": { "$ref": "#/definitions/dto.Problem" } }, "401": { "description": "未认证或令牌无效", "schema": { "$ref": "#/definitions/dto.Problem" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/dto.Problem" } } } } }, "/internal/pim/cleanup-expired": { "post": { "description": "内部API:清理指定租户或当前租户的过期角色激活记录。生产环境禁止外部调用。", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "角色权限" ], "summary": "清理过期角色激活", "parameters": [ { "description": "清理请求 { tenant_id: string }", "name": "request", "in": "body", "required": true, "schema": { "type": "object" } } ], "responses": { "200": { "description": "清理成功", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.DataResponse-dto_CleanupExpiredResponse" } }, "400": { "description": "请求参数无效或禁止访问", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } } } } }, "/internal/record-login-failure": { "post": { "description": "内部API:记录用户登录失败事件", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "身份认证" ], "summary": "记录登录失败", "parameters": [ { "description": "记录请求", "name": "request", "in": "body", "required": true, "schema": { "$ref": "#/definitions/dto.RecordLoginFailureRequest" } } ], "responses": { "200": { "description": "记录结果", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_micro-services_identity-service_internal_handler_dto.DataResponse" } }, "400": { "description": "请求参数错误", "schema": { "$ref": "#/definitions/dto.Problem" } }, "401": { "description": "未认证或令牌无效", "schema": { "$ref": "#/definitions/dto.Problem" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/dto.Problem" } } } } }, "/internal/record-login-success": { "post": { "description": "内部API:记录用户登录成功事件", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "身份认证" ], "summary": "记录登录成功", "parameters": [ { "description": "记录请求", "name": "request", "in": "body", "required": true, "schema": { "$ref": "#/definitions/dto.RecordLoginSuccessRequest" } } ], "responses": { "200": { "description": "记录成功", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } }, "400": { "description": "请求参数错误", "schema": { "$ref": "#/definitions/dto.Problem" } }, "401": { "description": "未认证或令牌无效", "schema": { "$ref": "#/definitions/dto.Problem" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/dto.Problem" } } } } }, "/internal/seed-provider": { "post": { "description": "Creates a test SAML IdP provider for development", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "internal" ], "summary": "Seed SAML provider (dev only)", "parameters": [ { "type": "string", "description": "Tenant ID", "name": "X-Tenant-ID", "in": "header", "required": true } ], "responses": { "200": { "description": "OK", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.DataResponse-string" } } } } }, "/iots": { "get": { "description": "查询当前租户下的 Non-Human Identity (NHI) IoT Device 列表", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "IoTs" ], "summary": "List User Devices", "parameters": [ { "type": "string", "description": "状态过滤", "name": "status", "in": "query" }, { "type": "string", "description": "工作负载子类型", "name": "workload_subtype", "in": "query" }, { "type": "integer", "default": 1, "description": "页码", "name": "page", "in": "query" }, { "type": "integer", "default": 20, "description": "每页数量", "name": "page_size", "in": "query" } ], "responses": { "200": { "description": "IoT Device 列表", "schema": { "$ref": "#/definitions/dto.ListResponse-gitee_com_linmes_authms_micro-services_identity-service_internal_device_domain_DeviceInfo" } } } } }, "/iots/pair": { "post": { "description": "通过 user_code 配对 Non-Human Identity (NHI) IoT Device", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "IoTs" ], "summary": "Pair Device", "parameters": [ { "description": "配对设备请求", "name": "request", "in": "body", "required": true, "schema": { "$ref": "#/definitions/domain.PairDeviceRequest" } } ], "responses": { "200": { "description": "配对后的 Device", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.DataResponse-gitee_com_linmes_authms_micro-services_identity-service_internal_device_domain_DeviceInfo" } } } } }, "/iots/{id}": { "delete": { "description": "取消配对指定的 Non-Human Identity (NHI) IoT Device", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "IoTs" ], "summary": "Unpair Device", "parameters": [ { "type": "string", "description": "设备 ID", "name": "id", "in": "path", "required": true } ], "responses": { "200": { "description": "取消配对成功", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } } } } }, "/iots/{id}/family-access": { "get": { "security": [ { "bearerAuth": [] } ], "description": "查询指定 IoT Device 的家庭成员访问列表", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "IoTs" ], "summary": "List Family Access", "parameters": [ { "type": "string", "description": "设备 ID", "name": "id", "in": "path", "required": true } ], "responses": { "200": { "description": "家庭成员列表", "schema": { "$ref": "#/definitions/dto.ListResponse-domain_FamilyMemberInfo" } } } }, "post": { "security": [ { "bearerAuth": [] } ], "description": "授予指定用户对 IoT Device 的家庭访问权限", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "IoTs" ], "summary": "Grant Family Access", "parameters": [ { "type": "string", "description": "设备 ID", "name": "id", "in": "path", "required": true }, { "description": "授予访问权限请求", "name": "request", "in": "body", "required": true, "schema": { "$ref": "#/definitions/domain.GrantFamilyAccessRequest" } } ], "responses": { "201": { "description": "授予成功", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.DataResponse-domain_FamilyMemberInfo" } } } } }, "/iots/{id}/family-access/{memberId}": { "delete": { "security": [ { "bearerAuth": [] } ], "description": "撤销指定家庭成员对 IoT Device 的访问权限", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "IoTs" ], "summary": "Revoke Family Access", "parameters": [ { "type": "string", "description": "设备 ID", "name": "id", "in": "path", "required": true }, { "type": "string", "description": "成员 ID", "name": "memberId", "in": "path", "required": true } ], "responses": { "200": { "description": "撤销成功", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } } } } }, "/iots/{id}/transfer": { "post": { "description": "将指定的 Non-Human Identity (NHI) IoT Device 转移给新的所有者", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "IoTs" ], "summary": "Transfer Device", "parameters": [ { "type": "string", "description": "设备 ID", "name": "id", "in": "path", "required": true }, { "description": "转移设备请求", "name": "request", "in": "body", "required": true, "schema": { "$ref": "#/definitions/domain.TransferDeviceRequest" } } ], "responses": { "200": { "description": "转移后的 Device", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.DataResponse-gitee_com_linmes_authms_micro-services_identity-service_internal_device_domain_DeviceInfo" } } } } }, "/public/auth-config/by-domain/{domain}": { "get": { "description": "根据域名(如example.com)查询对应租户的公开认证配置,包括密码策略、可用的OAuth和SSO提供商、登录方式等。无需认证。", "produces": [ "application/json" ], "tags": [ "身份认证" ], "summary": "根据域名获取租户认证配置(公开)", "parameters": [ { "type": "string", "description": "域名", "name": "domain", "in": "path", "required": true } ], "responses": { "200": { "description": "租户认证配置信息", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.DataResponse-dto_PublicAuthConfigResponse" } }, "400": { "description": "域名参数无效", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "404": { "description": "未找到对应租户", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } } } } }, "/public/auth-config/by-identifier": { "get": { "description": "输入邮箱或用户名,返回匹配的租户列表。用于 OIDC Home Realm Discovery 和 Identifier-First 登录流程。返回公开的租户信息,不泄露用户是否存在。", "produces": [ "application/json" ], "tags": [ "身份认证" ], "summary": "根据标识符发现租户", "parameters": [ { "type": "string", "description": "邮箱或用户名", "name": "identifier", "in": "query", "required": true } ], "responses": { "200": { "description": "匹配的租户列表", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.DataResponse-dto_IdentifierDiscoveryResponse" } } } } }, "/public/auth-config/by-slug/{slug}": { "get": { "description": "根据租户名称/slug获取公开的认证配置,无需认证", "produces": [ "application/json" ], "tags": [ "身份认证" ], "summary": "根据租户标识获取认证配置(公开)", "parameters": [ { "type": "string", "description": "租户名称或slug", "name": "slug", "in": "path", "required": true } ], "responses": { "200": { "description": "认证配置", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.DataResponse-dto_PublicAuthConfigResponse" } } } } }, "/public/auth-config/{tenant_id}": { "get": { "description": "根据租户ID获取公开的认证配置(密码策略、租户信息),无需认证", "produces": [ "application/json" ], "tags": [ "身份认证" ], "summary": "获取租户认证配置(公开)", "parameters": [ { "type": "string", "description": "租户ID", "name": "tenant_id", "in": "path", "required": true } ], "responses": { "200": { "description": "认证配置", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.DataResponse-dto_PublicAuthConfigResponse" } } } } }, "/public/key-exchange": { "get": { "description": "生成临时 ECDH P-256 密钥对,返回服务端公钥和交换 ID。客户端用此公钥完成 ECDH → 派生 AES-256-GCM 会话密钥加密密码。", "produces": [ "application/json" ], "tags": [ "身份认证 - 内部接口" ], "summary": "ECDH 密钥交换", "responses": { "200": { "description": "密钥交换参数", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.DataResponse-dto_KeyExchangeResponse" } } } } }, "/public/password-strength": { "post": { "description": "使用系统默认密码策略检查密码强度,无需认证", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "身份认证" ], "summary": "检查密码强度(公开)", "parameters": [ { "description": "密码检查请求", "name": "request", "in": "body", "required": true, "schema": { "$ref": "#/definitions/handler.CheckPublicPasswordStrengthRequest" } } ], "responses": { "200": { "description": "密码强度", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.DataResponse-dto_PasswordStrengthResponse" } } } } }, "/public/tenants/discover": { "get": { "description": "列出可公开发现和加入的租户列表,包含租户ID、名称、显示名称和成员加入方式。用于注册页面展示可选租户。无需认证。", "produces": [ "application/json" ], "tags": [ "身份认证" ], "summary": "发现公开可加入的租户", "responses": { "200": { "description": "可发现的租户列表", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.DataResponse-array_dto_DiscoverTenantInfo" } }, "400": { "description": "请求参数无效", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } } } } }, "/saml/{provider_id}/acs": { "post": { "description": "接收SAML IdP的断言响应,验证并返回访问令牌", "consumes": [ "application/x-www-form-urlencoded" ], "produces": [ "application/json" ], "tags": [ "SAML" ], "summary": "断言消费服务", "parameters": [ { "type": "string", "description": "SAML IdP ID", "name": "provider_id", "in": "path", "required": true }, { "type": "string", "description": "Base64编码的SAML响应", "name": "SAMLResponse", "in": "formData", "required": true }, { "type": "string", "description": "RelayState", "name": "RelayState", "in": "formData" } ], "responses": { "200": { "description": "OK", "schema": { "$ref": "#/definitions/dto.SAMLTokenDetailResponse" } } } } }, "/saml/{provider_id}/login": { "get": { "description": "发起SAML SSO登录,重定向到IdP", "produces": [ "application/json" ], "tags": [ "SAML" ], "summary": "SP-initiated SSO", "parameters": [ { "type": "string", "description": "SAML IdP ID", "name": "provider_id", "in": "path", "required": true } ], "responses": { "302": { "description": "Redirect to IdP SSO URL", "schema": { "type": "string" } } } } }, "/saml/{provider_id}/metadata": { "get": { "description": "获取SAML服务提供商的元数据XML", "produces": [ "application/xml" ], "tags": [ "SAML" ], "summary": "获取SP元数据", "parameters": [ { "type": "string", "description": "SAML IdP ID", "name": "provider_id", "in": "path", "required": true } ], "responses": { "200": { "description": "SAML metadata XML", "schema": { "type": "string" } } } } }, "/saml/{provider_id}/slo": { "get": { "description": "处理SAML单点登出请求", "consumes": [ "application/x-www-form-urlencoded" ], "produces": [ "application/json" ], "tags": [ "SAML" ], "summary": "单点登出", "parameters": [ { "type": "string", "description": "SAML IdP ID", "name": "provider_id", "in": "path", "required": true } ], "responses": { "200": { "description": "OK", "schema": { "$ref": "#/definitions/dto.SAMLSLODetailResponse" } } } } }, "/saml/{provider_id}/slo/sp": { "get": { "description": "构建SAML LogoutRequest并重定向至IdP的SLO端点", "produces": [ "application/json" ], "tags": [ "SAML" ], "summary": "SP发起的SAML单点登出", "parameters": [ { "type": "string", "description": "SAML Provider ID", "name": "provider_id", "in": "path", "required": true }, { "type": "string", "description": "User ID", "name": "user_id", "in": "query", "required": true }, { "type": "string", "description": "Session Index", "name": "session_index", "in": "query" } ], "responses": { "302": { "description": "重定向至IdP SLO端点" }, "400": { "description": "缺少user_id", "schema": { "$ref": "#/definitions/dto.SAMLSLOResponse" } }, "404": { "description": "Provider未找到", "schema": { "$ref": "#/definitions/dto.SAMLSLOResponse" } } } } }, "/scim/Groups": { "get": { "description": "SCIM 2.0组列表", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "SCIM" ], "summary": "列出SCIM组", "parameters": [ { "type": "integer", "default": 1, "description": "起始索引", "name": "startIndex", "in": "query" }, { "type": "integer", "default": 100, "description": "每页数量", "name": "count", "in": "query" } ], "responses": { "200": { "description": "OK", "schema": { "$ref": "#/definitions/domain.SCIMListResponse" } }, "401": { "description": "未认证或令牌无效", "schema": { "$ref": "#/definitions/dto.Problem" } }, "404": { "description": "资源不存在", "schema": { "$ref": "#/definitions/dto.Problem" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/dto.Problem" } } } }, "post": { "description": "SCIM 2.0创建组", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "SCIM" ], "summary": "创建SCIM组", "parameters": [ { "description": "SCIM组", "name": "body", "in": "body", "required": true, "schema": { "$ref": "#/definitions/domain.SCIMGroup" } } ], "responses": { "201": { "description": "Created", "schema": { "$ref": "#/definitions/domain.SCIMGroup" } }, "400": { "description": "请求参数错误", "schema": { "$ref": "#/definitions/dto.Problem" } }, "401": { "description": "未认证或令牌无效", "schema": { "$ref": "#/definitions/dto.Problem" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/dto.Problem" } } } } }, "/scim/Groups/{id}": { "get": { "description": "SCIM 2.0获取指定组", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "SCIM" ], "summary": "获取SCIM组", "parameters": [ { "type": "string", "description": "组ID", "name": "id", "in": "path", "required": true } ], "responses": { "200": { "description": "OK", "schema": { "$ref": "#/definitions/domain.SCIMGroup" } }, "401": { "description": "未认证或令牌无效", "schema": { "$ref": "#/definitions/dto.Problem" } }, "404": { "description": "资源不存在", "schema": { "$ref": "#/definitions/dto.Problem" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/dto.Problem" } } } }, "put": { "description": "SCIM 2.0全量更新组", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "SCIM" ], "summary": "更新SCIM组", "parameters": [ { "type": "string", "description": "组ID", "name": "id", "in": "path", "required": true }, { "description": "SCIM组", "name": "body", "in": "body", "required": true, "schema": { "$ref": "#/definitions/domain.SCIMGroup" } } ], "responses": { "200": { "description": "OK", "schema": { "$ref": "#/definitions/domain.SCIMGroup" } }, "400": { "description": "请求参数错误", "schema": { "$ref": "#/definitions/dto.Problem" } }, "401": { "description": "未认证或令牌无效", "schema": { "$ref": "#/definitions/dto.Problem" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/dto.Problem" } } } }, "delete": { "description": "SCIM 2.0删除组", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "SCIM" ], "summary": "删除SCIM组", "parameters": [ { "type": "string", "description": "组ID", "name": "id", "in": "path", "required": true } ], "responses": { "204": { "description": "删除成功" }, "400": { "description": "请求参数错误", "schema": { "$ref": "#/definitions/dto.Problem" } }, "401": { "description": "未认证或令牌无效", "schema": { "$ref": "#/definitions/dto.Problem" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/dto.Problem" } } } }, "patch": { "description": "SCIM 2.0 PATCH组", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "SCIM" ], "summary": "部分更新SCIM组", "parameters": [ { "type": "string", "description": "组ID", "name": "id", "in": "path", "required": true }, { "description": "PATCH操作", "name": "body", "in": "body", "required": true, "schema": { "type": "array", "items": { "$ref": "#/definitions/domain.SCIMPatchOperation" } } } ], "responses": { "200": { "description": "OK", "schema": { "$ref": "#/definitions/domain.SCIMGroup" } }, "400": { "description": "请求参数错误", "schema": { "$ref": "#/definitions/dto.Problem" } }, "401": { "description": "未认证或令牌无效", "schema": { "$ref": "#/definitions/dto.Problem" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/dto.Problem" } } } } }, "/scim/ResourceTypes": { "get": { "description": "获取SCIM资源类型列表(RFC 7644)", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "SCIM" ], "summary": "SCIM资源类型", "responses": { "200": { "description": "OK", "schema": { "type": "array", "items": { "$ref": "#/definitions/domain.SCIMResourceType" } } }, "401": { "description": "未认证或令牌无效", "schema": { "$ref": "#/definitions/dto.Problem" } }, "404": { "description": "资源不存在", "schema": { "$ref": "#/definitions/dto.Problem" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/dto.Problem" } } } } }, "/scim/Schemas": { "get": { "description": "获取SCIM Schema定义(RFC 7644)", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "SCIM" ], "summary": "SCIM Schemas", "responses": { "200": { "description": "OK", "schema": { "type": "array", "items": { "$ref": "#/definitions/domain.SCIMSchemaDefinition" } } }, "401": { "description": "未认证或令牌无效", "schema": { "$ref": "#/definitions/dto.Problem" } }, "404": { "description": "资源不存在", "schema": { "$ref": "#/definitions/dto.Problem" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/dto.Problem" } } } } }, "/scim/ServiceProviderConfig": { "get": { "description": "获取SCIM服务提供商能力配置(RFC 7644)", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "SCIM" ], "summary": "SCIM服务提供商配置", "responses": { "200": { "description": "OK", "schema": { "$ref": "#/definitions/domain.SCIMServiceProviderConfig" } }, "401": { "description": "未认证或令牌无效", "schema": { "$ref": "#/definitions/dto.Problem" } }, "404": { "description": "资源不存在", "schema": { "$ref": "#/definitions/dto.Problem" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/dto.Problem" } } } } }, "/scim/Users": { "get": { "description": "SCIM 2.0用户列表(支持过滤、分页)", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "SCIM" ], "summary": "列出SCIM用户", "parameters": [ { "type": "integer", "default": 1, "description": "起始索引", "name": "startIndex", "in": "query" }, { "type": "integer", "default": 100, "description": "每页数量", "name": "count", "in": "query" }, { "type": "string", "description": "过滤器", "name": "filter", "in": "query" } ], "responses": { "200": { "description": "OK", "schema": { "$ref": "#/definitions/domain.SCIMListResponse" } }, "401": { "description": "未认证或令牌无效", "schema": { "$ref": "#/definitions/dto.Problem" } }, "404": { "description": "资源不存在", "schema": { "$ref": "#/definitions/dto.Problem" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/dto.Problem" } } } }, "post": { "description": "SCIM 2.0创建用户", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "SCIM" ], "summary": "创建SCIM用户", "parameters": [ { "description": "SCIM用户", "name": "body", "in": "body", "required": true, "schema": { "$ref": "#/definitions/domain.SCIMUser" } } ], "responses": { "201": { "description": "Created", "schema": { "$ref": "#/definitions/domain.SCIMUser" } }, "400": { "description": "Bad Request", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } } } } }, "/scim/Users/{id}": { "get": { "description": "SCIM 2.0获取指定用户", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "SCIM" ], "summary": "获取SCIM用户", "parameters": [ { "type": "string", "description": "用户ID", "name": "id", "in": "path", "required": true } ], "responses": { "200": { "description": "OK", "schema": { "$ref": "#/definitions/domain.SCIMUser" } }, "404": { "description": "Not Found", "schema": { "$ref": "#/definitions/dto.SimpleResponseWrapper" } } } }, "put": { "description": "SCIM 2.0全量更新用户", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "SCIM" ], "summary": "更新SCIM用户", "parameters": [ { "type": "string", "description": "用户ID", "name": "id", "in": "path", "required": true }, { "description": "SCIM用户", "name": "body", "in": "body", "required": true, "schema": { "$ref": "#/definitions/domain.SCIMUser" } } ], "responses": { "200": { "description": "OK", "schema": { "$ref": "#/definitions/domain.SCIMUser" } } } }, "delete": { "description": "SCIM 2.0删除用户", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "SCIM" ], "summary": "删除SCIM用户", "parameters": [ { "type": "string", "description": "用户ID", "name": "id", "in": "path", "required": true } ], "responses": { "204": { "description": "删除成功" }, "400": { "description": "请求参数错误", "schema": { "$ref": "#/definitions/dto.Problem" } }, "401": { "description": "未认证或令牌无效", "schema": { "$ref": "#/definitions/dto.Problem" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/dto.Problem" } } } }, "patch": { "description": "SCIM 2.0 PATCH用户", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "SCIM" ], "summary": "部分更新SCIM用户", "parameters": [ { "type": "string", "description": "用户ID", "name": "id", "in": "path", "required": true }, { "description": "PATCH操作", "name": "body", "in": "body", "required": true, "schema": { "type": "array", "items": { "$ref": "#/definitions/domain.SCIMPatchOperation" } } } ], "responses": { "200": { "description": "OK", "schema": { "$ref": "#/definitions/domain.SCIMUser" } }, "400": { "description": "请求参数错误", "schema": { "$ref": "#/definitions/dto.Problem" } }, "401": { "description": "未认证或令牌无效", "schema": { "$ref": "#/definitions/dto.Problem" } }, "500": { "description": "服务器内部错误", "schema": { "$ref": "#/definitions/dto.Problem" } } } } } }, "definitions": { "domain.AgentInfo": { "type": "object", "properties": { "callback_url": { "type": "string" }, "created_at": { "type": "string" }, "description": { "type": "string" }, "identity_id": { "type": "string" }, "jit_ttl": { "type": "integer" }, "last_rotated_at": { "type": "string" }, "name": { "type": "string" }, "owner_id": { "type": "string" }, "rotation_days": { "type": "integer" }, "status": { "type": "string" }, "updated_at": { "type": "string" }, "workload_subtype": { "type": "string" } } }, "domain.CreateAgentRequest": { "type": "object", "required": [ "name" ], "properties": { "description": { "type": "string" }, "jit_ttl": { "type": "integer" }, "name": { "type": "string" }, "role_code": { "description": "default: agent_executor", "type": "string" }, "rotation_days": { "type": "integer" }, "workload_subtype": { "description": "default: agent", "type": "string" } } }, "domain.CreateDeviceRequest": { "type": "object", "required": [ "name" ], "properties": { "firmware_ver": { "type": "string" }, "hardware_id": { "type": "string" }, "manufacturer": { "type": "string" }, "name": { "type": "string" }, "workload_subtype": { "type": "string" } } }, "domain.CreateRobotRequest": { "type": "object", "required": [ "name" ], "properties": { "firmware_ver": { "type": "string" }, "location": { "type": "string" }, "model": { "type": "string" }, "name": { "type": "string" }, "workload_subtype": { "type": "string" } } }, "domain.FamilyMemberInfo": { "type": "object", "properties": { "email": { "type": "string" }, "granted_at": { "type": "string" }, "member_id": { "type": "string" }, "role": { "type": "string" } } }, "domain.GrantFamilyAccessRequest": { "type": "object", "required": [ "email" ], "properties": { "email": { "type": "string" }, "role": { "type": "string" } } }, "domain.PairDeviceRequest": { "type": "object", "properties": { "user_code": { "type": "string" } } }, "domain.RobotInfo": { "type": "object", "properties": { "created_at": { "type": "string" }, "firmware_ver": { "type": "string" }, "identity_id": { "type": "string" }, "last_health_at": { "type": "string" }, "location": { "type": "string" }, "model": { "type": "string" }, "name": { "type": "string" }, "owner_id": { "type": "string" }, "safety_policy": { "type": "string" }, "status": { "type": "string" }, "updated_at": { "type": "string" }, "workload_subtype": { "type": "string" } } }, "domain.SCIMAttribute": { "type": "object", "properties": { "caseExact": { "type": "boolean" }, "description": { "type": "string" }, "multiValued": { "type": "boolean" }, "mutability": { "type": "string" }, "name": { "type": "string" }, "required": { "type": "boolean" }, "returned": { "type": "string" }, "subAttributes": { "type": "array", "items": { "$ref": "#/definitions/domain.SCIMAttribute" } }, "type": { "type": "string" }, "uniqueness": { "type": "string" } } }, "domain.SCIMAuthScheme": { "type": "object", "properties": { "description": { "type": "string" }, "name": { "type": "string" }, "primary": { "type": "boolean" }, "type": { "type": "string" } } }, "domain.SCIMBulkSupported": { "type": "object", "properties": { "maxOperations": { "type": "integer" }, "maxPayloadSize": { "type": "integer" }, "supported": { "type": "boolean" } } }, "domain.SCIMEmail": { "type": "object", "properties": { "primary": { "type": "boolean" }, "type": { "type": "string" }, "value": { "type": "string" } } }, "domain.SCIMFilterSupported": { "type": "object", "properties": { "maxResults": { "type": "integer" }, "supported": { "type": "boolean" } } }, "domain.SCIMGroup": { "type": "object", "properties": { "displayName": { "type": "string" }, "externalId": { "type": "string" }, "id": { "type": "string" }, "members": { "type": "array", "items": { "$ref": "#/definitions/domain.SCIMMember" } }, "meta": { "$ref": "#/definitions/domain.SCIMMeta" }, "schemas": { "type": "array", "items": { "type": "string" } } } }, "domain.SCIMGroupRef": { "type": "object", "properties": { "$ref": { "type": "string" }, "display": { "type": "string" }, "value": { "type": "string" } } }, "domain.SCIMListResponse": { "type": "object", "properties": { "Resources": {}, "itemsPerPage": { "type": "integer" }, "schemas": { "type": "array", "items": { "type": "string" } }, "startIndex": { "type": "integer" }, "totalResults": { "type": "integer" } } }, "domain.SCIMMember": { "type": "object", "properties": { "$ref": { "type": "string" }, "display": { "type": "string" }, "value": { "type": "string" } } }, "domain.SCIMMeta": { "type": "object", "properties": { "created": { "type": "string" }, "lastModified": { "type": "string" }, "location": { "type": "string" }, "resourceType": { "type": "string" } } }, "domain.SCIMName": { "type": "object", "properties": { "familyName": { "type": "string" }, "formatted": { "type": "string" }, "givenName": { "type": "string" } } }, "domain.SCIMPatchOperation": { "type": "object", "properties": { "op": { "type": "string" }, "path": { "type": "string" }, "value": {} } }, "domain.SCIMPhoneNumber": { "type": "object", "properties": { "type": { "type": "string" }, "value": { "type": "string" } } }, "domain.SCIMResourceType": { "type": "object", "properties": { "description": { "type": "string" }, "endpoint": { "type": "string" }, "id": { "type": "string" }, "meta": { "$ref": "#/definitions/domain.SCIMMeta" }, "name": { "type": "string" }, "schema": { "type": "string" }, "schemaExtensions": { "type": "array", "items": { "type": "string" } }, "schemas": { "type": "array", "items": { "type": "string" } } } }, "domain.SCIMSchemaDefinition": { "type": "object", "properties": { "attributes": { "type": "array", "items": { "$ref": "#/definitions/domain.SCIMAttribute" } }, "description": { "type": "string" }, "id": { "type": "string" }, "meta": { "$ref": "#/definitions/domain.SCIMMeta" }, "name": { "type": "string" }, "schemas": { "type": "array", "items": { "type": "string" } } } }, "domain.SCIMServiceProviderConfig": { "type": "object", "properties": { "authenticationSchemes": { "type": "array", "items": { "$ref": "#/definitions/domain.SCIMAuthScheme" } }, "bulk": { "$ref": "#/definitions/domain.SCIMBulkSupported" }, "changePassword": { "$ref": "#/definitions/domain.SCIMSupported" }, "etag": { "$ref": "#/definitions/domain.SCIMSupported" }, "filter": { "$ref": "#/definitions/domain.SCIMFilterSupported" }, "meta": { "$ref": "#/definitions/domain.SCIMMeta" }, "patch": { "$ref": "#/definitions/domain.SCIMSupported" }, "schemas": { "type": "array", "items": { "type": "string" } }, "sort": { "$ref": "#/definitions/domain.SCIMSupported" } } }, "domain.SCIMSupported": { "type": "object", "properties": { "supported": { "type": "boolean" } } }, "domain.SCIMUser": { "type": "object", "properties": { "active": { "type": "boolean" }, "displayName": { "type": "string" }, "emails": { "type": "array", "items": { "$ref": "#/definitions/domain.SCIMEmail" } }, "externalId": { "type": "string" }, "groups": { "type": "array", "items": { "$ref": "#/definitions/domain.SCIMGroupRef" } }, "id": { "type": "string" }, "meta": { "$ref": "#/definitions/domain.SCIMMeta" }, "name": { "$ref": "#/definitions/domain.SCIMName" }, "phoneNumbers": { "type": "array", "items": { "$ref": "#/definitions/domain.SCIMPhoneNumber" } }, "schemas": { "type": "array", "items": { "type": "string" } }, "userName": { "type": "string" } } }, "domain.TransferDeviceRequest": { "type": "object", "properties": { "new_owner_id": { "type": "string" } } }, "domain.UpdateAgentRequest": { "type": "object", "properties": { "callback_url": { "type": "string" }, "description": { "type": "string" }, "name": { "type": "string" } } }, "domain.UpdateDeviceRequest": { "type": "object", "properties": { "firmware_ver": { "type": "string" }, "hardware_id": { "type": "string" }, "manufacturer": { "type": "string" }, "name": { "type": "string" } } }, "domain.UpdateRobotRequest": { "type": "object", "properties": { "firmware_ver": { "type": "string" }, "location": { "type": "string" }, "name": { "type": "string" }, "safety_policy": { "type": "string" } } }, "domain.UserConsent": { "type": "object", "properties": { "granted": { "type": "boolean" }, "id": { "type": "string" }, "ip_address": { "type": "string" }, "recorded_at": { "type": "string" }, "revoked_at": { "type": "string" }, "scope": { "description": "marketing, analytics, third_party, terms, privacy", "type": "string" }, "tenant_id": { "type": "string" }, "user_agent": { "type": "string" }, "user_id": { "type": "string" }, "version": { "description": "政策版本号", "type": "string" } } }, "dto.ABACPolicyResponse": { "type": "object", "properties": { "condition": { "type": "string" }, "created_at": { "type": "string" }, "description": { "type": "string" }, "effect": { "type": "string" }, "enabled": { "type": "boolean" }, "id": { "type": "string" }, "name": { "type": "string" }, "priority": { "type": "integer" }, "tenant_id": { "type": "string" }, "updated_at": { "type": "string" } } }, "dto.ActivationResponse": { "type": "object", "properties": { "activated_at": { "type": "string" }, "created_at": { "type": "string" }, "expire_at": { "type": "string" }, "id": { "type": "string" }, "justification": { "type": "string" }, "revoked_at": { "type": "string" }, "role_id": { "type": "string" }, "status": { "type": "string" }, "tenant_id": { "type": "string" }, "user_id": { "type": "string" } } }, "dto.AddIPRestrictionRequest": { "type": "object", "required": [ "value" ], "properties": { "label": { "type": "string" }, "value": { "type": "string" } } }, "dto.AddIdentityRequest": { "description": "添加身份凭证请求参数", "type": "object", "required": [ "identifier", "type" ], "properties": { "code": { "description": "验证码", "type": "string" }, "identifier": { "description": "标识", "type": "string" }, "password": { "description": "密码", "type": "string" }, "type": { "description": "类型", "type": "string", "enum": [ "email", "phone" ] } } }, "dto.AddIdentityResponse": { "type": "object", "properties": { "code": { "type": "integer" }, "data": { "$ref": "#/definitions/dto.IdentityResponse" }, "message": { "type": "string" }, "timestamp": { "type": "string" } } }, "dto.AddRecoveryContactRequest": { "description": "添加备用联系方式", "type": "object", "required": [ "type", "value" ], "properties": { "type": { "description": "类型", "type": "string", "enum": [ "email", "phone" ] }, "value": { "description": "联系方式", "type": "string" } } }, "dto.AdminImpersonateRequest": { "description": "管理员模拟其他用户登录请求", "type": "object", "required": [ "user_id" ], "properties": { "reason": { "type": "string", "example": "Troubleshooting user issue" }, "user_id": { "type": "string", "example": "01ARZ3NDEKTSV4RRFFQ69G5FAV" } } }, "dto.AdminImpersonateResponse": { "description": "管理员模拟用户登录响应", "type": "object", "properties": { "access_token": { "type": "string", "example": "eyJhbGciOi..." }, "expires_in": { "type": "integer", "example": 1800 }, "refresh_token": { "type": "string", "example": "eyJhbGciOi..." }, "token_type": { "type": "string", "example": "Bearer" }, "user": { "$ref": "#/definitions/dto.UserInfo" } } }, "dto.AdminImpersonateResponseWrapper": { "type": "object", "properties": { "code": { "type": "integer" }, "data": { "$ref": "#/definitions/dto.AdminImpersonateResponse" }, "message": { "type": "string" }, "timestamp": { "type": "string" } } }, "dto.AdminStatsData": { "type": "object", "properties": { "active": { "type": "integer" }, "inactive": { "type": "integer" }, "revoked": { "type": "integer" }, "total": { "type": "integer" } } }, "dto.AnonymousSigninRequest": { "description": "匿名认证请求参数", "type": "object", "properties": { "tenant_id": { "description": "租户ID", "type": "string", "example": "tnt_xyz789" } } }, "dto.ApiKeyAnomalyResponse": { "description": "API Key异常检测结果", "type": "object", "properties": { "description": { "type": "string", "example": "High authentication failure rate detected" }, "key_id": { "type": "string", "example": "01ARZ3NDEKTSV4RRFFQ69G5FAV" }, "severity": { "type": "string", "example": "high" }, "type": { "type": "string", "example": "high_failure_rate" }, "value": { "type": "number", "example": 0.85 } } }, "dto.ApiKeyAuditLogListResponse": { "type": "object", "properties": { "code": { "type": "integer" }, "items": { "description": "统一使用 items", "type": "array", "items": { "$ref": "#/definitions/dto.ApiKeyAuditLogResponse" } }, "message": { "type": "string" }, "pagination": { "description": "分页信息(嵌套对象)", "allOf": [ { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.PageInfo" } ] }, "timestamp": { "type": "string" }, "total": { "description": "总条数(平铺,便于直接读取)", "type": "integer" } } }, "dto.ApiKeyAuditLogResponse": { "type": "object", "properties": { "action": { "type": "string", "example": "api_key.created" }, "api_key_id": { "type": "string", "example": "01ARZ3NDEKTSV4RRFFQ69G5FAV" }, "created_at": { "type": "string", "example": "2024-01-01T00:00:00Z" }, "detail": { "type": "string", "example": "API key created successfully" }, "id": { "type": "string", "example": "01ARZ3NDEKTSV4RRFFQ69G5FAV" }, "ip": { "type": "string", "example": "192.168.1.100" }, "success": { "type": "boolean", "example": true }, "user_agent": { "type": "string", "example": "Mozilla/5.0" } } }, "dto.ApiKeyListResponse": { "type": "object", "properties": { "code": { "type": "integer" }, "items": { "description": "统一使用 items", "type": "array", "items": { "$ref": "#/definitions/dto.ApiKeyResponse" } }, "message": { "type": "string" }, "pagination": { "description": "分页信息(嵌套对象)", "allOf": [ { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.PageInfo" } ] }, "timestamp": { "type": "string" }, "total": { "description": "总条数(平铺,便于直接读取)", "type": "integer" } } }, "dto.ApiKeyResponse": { "type": "object", "properties": { "created_at": { "type": "string", "example": "2024-01-01T00:00:00Z" }, "environment": { "type": "string", "example": "live" }, "expires_at": { "type": "string", "example": "2025-01-15T00:00:00Z" }, "id": { "type": "string", "example": "01ARZ3NDEKTSV4RRFFQ69G5FAV" }, "ip_restrictions": { "type": "array", "items": { "$ref": "#/definitions/dto.ipRestrictionDTO" } }, "last_used_at": { "type": "string", "example": "2024-01-15T10:30:00Z" }, "last_used_ip": { "type": "string", "example": "192.168.1.100" }, "name": { "type": "string", "example": "my-api-key" }, "scopes": { "type": "array", "items": { "type": "string" }, "example": [ "[\"read\"", "\"write\"]" ] }, "status": { "type": "string", "example": "active" }, "tenant_id": { "type": "string", "example": "01ARZ3NDEKTSV4RRFFQ69G5FAV" }, "updated_at": { "type": "string", "example": "2024-06-15T12:00:00Z" }, "usage_count": { "type": "integer", "example": 42 }, "user_id": { "type": "string", "example": "01ARZ3NDEKTSV4RRFFQ69G5FAV" } } }, "dto.ApiKeyUsageResponse": { "type": "object", "properties": { "id": { "type": "string", "example": "01ARZ3NDEKTSV4RRFFQ69G5FAV" }, "last_used_at": { "type": "string", "example": "2024-01-15T10:30:00Z" }, "last_used_ip": { "type": "string", "example": "192.168.1.100" }, "name": { "type": "string", "example": "my-api-key" }, "status": { "type": "string", "example": "active" }, "usage_count": { "type": "integer", "example": 42 } } }, "dto.AuditLogListResponse": { "type": "object", "properties": { "code": { "type": "integer" }, "items": { "description": "统一使用 items", "type": "array", "items": { "$ref": "#/definitions/dto.AuditLogResponse" } }, "message": { "type": "string" }, "pagination": { "description": "分页信息(嵌套对象)", "allOf": [ { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.PageInfo" } ] }, "timestamp": { "type": "string" }, "total": { "description": "总条数(平铺,便于直接读取)", "type": "integer" } } }, "dto.AuditLogResponse": { "description": "审计日志记录", "type": "object", "properties": { "action": { "description": "Action", "type": "string", "example": "user.login" }, "created_at": { "description": "时间", "type": "string", "example": "2026-04-15T10:30:00Z" }, "details": { "description": "Details", "type": "string", "example": "details" }, "id": { "description": "日志ID", "type": "string", "example": "audit_abc123" }, "ip": { "description": "IP", "type": "string", "example": "192.168.1.1" }, "resource": { "description": "Resource", "type": "string", "example": "session" }, "resource_id": { "description": "Resource ID", "type": "string", "example": "sess_123" }, "status": { "description": "Status", "type": "string", "example": "success" }, "tenant_id": { "description": "租户ID", "type": "string", "example": "tnt_xyz789" }, "user_agent": { "description": "User-Agent", "type": "string", "example": "Mozilla/5.0" }, "user_id": { "description": "用户ID", "type": "string", "example": "usr_abc123" } } }, "dto.AuthUserResponse": { "description": "认证用户信息", "type": "object", "properties": { "age_group": { "description": "年龄分组", "type": "string" }, "birth_date": { "description": "出生日期 (RFC3339)", "type": "string" }, "created_at": { "description": "创建时间", "type": "string", "example": "2026-01-01T00:00:00Z" }, "email": { "description": "邮箱", "type": "string", "example": "john@example.com" }, "email_verified_at": { "description": "邮箱验证时间", "type": "string", "example": "2026-01-10T08:00:00Z" }, "id": { "description": "用户ID", "type": "string", "example": "usr_abc123" }, "is_minor": { "description": "是否未成年人", "type": "boolean" }, "last_login_at": { "description": "最后登录", "type": "string", "example": "2026-04-14T10:30:00Z" }, "last_login_ip": { "description": "最后登录IP", "type": "string", "example": "192.168.1.1" }, "locked_until": { "description": "锁定截止", "type": "string", "example": "2026-04-15T12:00:00Z" }, "login_fail_count": { "description": "失败次数", "type": "integer", "example": 0 }, "metadata": { "description": "扩展元数据", "type": "object", "additionalProperties": true }, "mfa_enabled": { "description": "是否启用MFA", "type": "boolean", "example": false }, "mfa_type": { "description": "MFA类型", "type": "string", "example": "totp" }, "must_change_password": { "description": "需要强制修改密码", "type": "boolean", "example": false }, "password_changed_at": { "description": "密码最后修改时间", "type": "string" }, "pending_parental_consent": { "description": "是否等待家长同意", "type": "boolean" }, "phone": { "description": "手机号", "type": "string", "example": "13800138000" }, "phone_verified_at": { "description": "手机验证时间", "type": "string", "example": "2026-01-10T08:00:00Z" }, "status": { "description": "状态", "type": "string", "example": "active" }, "tenant_id": { "description": "租户ID", "type": "string", "example": "tnt_xyz789" }, "updated_at": { "description": "更新时间", "type": "string", "example": "2026-04-10T14:20:00Z" }, "username": { "description": "用户名", "type": "string", "example": "john_doe" } } }, "dto.AuthenticatorBackupDetailResponse": { "type": "object", "properties": { "code": { "type": "integer" }, "data": { "$ref": "#/definitions/dto.AuthenticatorBackupResponse" }, "message": { "type": "string" }, "timestamp": { "type": "string" } } }, "dto.AuthenticatorBackupResponse": { "type": "object", "properties": { "account_count": { "type": "integer", "example": 5 }, "backup_type": { "type": "string", "example": "totp" }, "checksum": { "type": "string", "example": "sha256-hash" }, "created_at": { "type": "string", "example": "2026-05-12T12:00:00Z" }, "device_name": { "type": "string", "example": "iPhone 15" }, "encrypted_data": { "type": "string", "example": "AES-GCM-encrypted-base64..." }, "id": { "type": "string", "example": "backup-abc123" }, "version": { "type": "integer", "example": 1 } } }, "dto.AuthenticatorBackupUploadRequest": { "type": "object", "required": [ "encrypted_data" ], "properties": { "account_count": { "type": "integer", "example": 5 }, "backup_type": { "type": "string", "example": "totp" }, "checksum": { "type": "string", "example": "sha256-hash" }, "device_name": { "type": "string", "example": "iPhone 15" }, "encrypted_data": { "type": "string", "example": "AES-GCM-encrypted-base64..." } } }, "dto.AuthenticatorDeviceItem": { "type": "object", "properties": { "created_at": { "type": "string", "example": "2026-05-12T12:00:00Z" }, "device_id": { "type": "string", "example": "dev-abc123" }, "device_name": { "type": "string", "example": "iPhone 15" }, "device_type": { "type": "string", "example": "totp" }, "enabled": { "type": "boolean", "example": true }, "last_used_at": { "type": "string", "example": "2026-05-12T12:00:00Z" } } }, "dto.AuthenticatorDeviceListResponse": { "type": "object", "properties": { "code": { "type": "integer" }, "items": { "description": "统一使用 items", "type": "array", "items": { "$ref": "#/definitions/dto.AuthenticatorDeviceItem" } }, "message": { "type": "string" }, "pagination": { "description": "分页信息(嵌套对象)", "allOf": [ { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.PageInfo" } ] }, "timestamp": { "type": "string" }, "total": { "description": "总条数(平铺,便于直接读取)", "type": "integer" } } }, "dto.BatchCreateUserItem": { "description": "批量创建用户单项", "type": "object", "required": [ "password" ], "properties": { "email": { "description": "邮箱", "type": "string" }, "metadata": { "description": "扩展元数据", "type": "object", "additionalProperties": { "type": "string" } }, "password": { "description": "密码", "type": "string", "minLength": 8 }, "phone": { "description": "手机号", "type": "string" }, "username": { "description": "用户名", "type": "string" } } }, "dto.BatchCreateUserRequest": { "description": "批量创建用户请求", "type": "object", "required": [ "users" ], "properties": { "users": { "description": "用户列表", "type": "array", "maxItems": 1000, "minItems": 1, "items": { "$ref": "#/definitions/dto.BatchCreateUserItem" } } } }, "dto.BatchRevokeRequest": { "type": "object", "required": [ "ids" ], "properties": { "ids": { "type": "array", "items": { "type": "string" } } } }, "dto.BatchRevokeResponse": { "type": "object", "properties": { "failed": { "type": "array", "items": { "type": "string" } }, "revoked": { "type": "integer" } } }, "dto.BatchUpdateUserStatusRequest": { "description": "批量更新用户状态请求", "type": "object", "required": [ "status", "user_ids" ], "properties": { "status": { "description": "目标状态", "type": "string", "enum": [ "active", "banned", "pending" ] }, "user_ids": { "description": "用户ID列表", "type": "array", "maxItems": 1000, "minItems": 1, "items": { "type": "string" } } } }, "dto.BindOAuthRequest": { "description": "绑定OAuth账户请求", "type": "object", "required": [ "code", "provider" ], "properties": { "code": { "description": "Code", "type": "string" }, "code_verifier": { "description": "PKCE code verifier", "type": "string" }, "provider": { "description": "Provider", "type": "string" } } }, "dto.BrandingInfo": { "description": "登录页品牌定制(Logo/主色/自定义CSS)", "type": "object", "properties": { "custom_css": { "type": "string", "example": ".login-btn { border-radius: 12px; }" }, "favicon_url": { "type": "string", "example": "https://cdn.example.com/favicon.ico" }, "logo_url": { "type": "string", "example": "https://cdn.example.com/logo.png" }, "primary_color": { "type": "string", "example": "#3b82f6" } } }, "dto.CertificateDetailResponse": { "type": "object", "properties": { "code": { "type": "integer" }, "data": { "$ref": "#/definitions/dto.ProviderCertificateResponse" }, "message": { "type": "string" }, "timestamp": { "type": "string" } } }, "dto.CertificateListResponse": { "type": "object", "properties": { "code": { "type": "integer" }, "items": { "description": "统一使用 items", "type": "array", "items": { "$ref": "#/definitions/dto.ProviderCertificateResponse" } }, "message": { "type": "string" }, "pagination": { "description": "分页信息(嵌套对象)", "allOf": [ { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.PageInfo" } ] }, "timestamp": { "type": "string" }, "total": { "description": "总条数(平铺,便于直接读取)", "type": "integer" } } }, "dto.ChangeEmailRequest": { "description": "发起邮箱变更请求", "type": "object", "required": [ "new_email", "password" ], "properties": { "new_email": { "description": "新邮箱", "type": "string" }, "password": { "description": "当前密码", "type": "string" } } }, "dto.ChangePasswordResponse": { "type": "object", "properties": { "code": { "type": "integer" }, "message": { "type": "string" } } }, "dto.ChangePhoneRequest": { "description": "发起手机号变更请求", "type": "object", "required": [ "new_phone", "password" ], "properties": { "new_phone": { "description": "新手机号(E.164格式)", "type": "string" }, "password": { "description": "当前密码", "type": "string" } } }, "dto.CheckEmailRequest": { "description": "检查邮箱可用性请求", "type": "object", "required": [ "email" ], "properties": { "email": { "description": "Email", "type": "string", "example": "user@example.com" } } }, "dto.CheckEmailResponse": { "description": "检查邮箱可用性结果", "type": "object", "properties": { "available": { "description": "Is available", "type": "boolean", "example": true }, "email": { "description": "Email", "type": "string", "example": "user@example.com" } } }, "dto.CheckUsernameRequest": { "description": "检查用户名可用性请求", "type": "object", "required": [ "username" ], "properties": { "username": { "description": "Username", "type": "string", "example": "john_doe" } } }, "dto.CheckUsernameResponse": { "description": "检查用户名可用性结果", "type": "object", "properties": { "available": { "description": "Is available", "type": "boolean", "example": true }, "username": { "description": "Username", "type": "string", "example": "john_doe" } } }, "dto.ChildrenConsentResponse": { "description": "未成年人家长同意验证状态", "type": "object", "properties": { "id": { "description": "记录ID", "type": "string", "example": "child_consent_001" }, "method": { "description": "验证方式", "type": "string", "example": "email" }, "parent_email": { "description": "家长邮箱", "type": "string", "example": "parent@example.com" }, "parent_phone": { "description": "家长手机", "type": "string", "example": "13800138000" }, "recorded_at": { "description": "记录时间", "type": "string", "example": "2026-04-15T10:30:00Z" }, "status": { "description": "状态", "type": "string", "example": "pending" }, "tenant_id": { "description": "租户ID", "type": "string", "example": "tnt_xyz789" }, "user_id": { "description": "用户ID", "type": "string", "example": "usr_abc123" }, "verified": { "description": "是否已验证", "type": "boolean", "example": true }, "verified_at": { "description": "验证时间", "type": "string", "example": "2026-04-15T10:30:00Z" } } }, "dto.CleanupExpiredResponse": { "type": "object", "properties": { "expired_count": { "type": "integer" }, "message": { "type": "string" } } }, "dto.CompleteAccountRecoveryRequest": { "description": "完成账户恢复(重置密码)", "type": "object", "required": [ "code", "new_password", "recovery_token" ], "properties": { "code": { "description": "验证码", "type": "string" }, "new_password": { "description": "新密码", "type": "string", "minLength": 8 }, "recovery_token": { "description": "恢复令牌", "type": "string" } } }, "dto.CompleteAccountRecoveryResponse": { "type": "object", "properties": { "message": { "type": "string" } } }, "dto.ConsentHistoryResponse": { "description": "用户隐私同意历史", "type": "object", "properties": { "history": { "description": "History", "type": "array", "items": { "$ref": "#/definitions/domain.UserConsent" } }, "user_id": { "description": "User ID", "type": "string", "example": "user-001" } } }, "dto.ConsentRequest": { "description": "同意管理请求参数", "type": "object", "required": [ "scope" ], "properties": { "granted": { "description": "Granted", "type": "boolean" }, "metadata": { "description": "Metadata", "type": "object", "additionalProperties": true }, "scope": { "description": "Scope", "type": "string", "example": "marketing" } } }, "dto.CreateABACPolicyRequest": { "type": "object", "required": [ "condition", "name" ], "properties": { "condition": { "type": "string" }, "description": { "type": "string" }, "effect": { "type": "string" }, "name": { "type": "string" }, "priority": { "type": "integer" } } }, "dto.CreateApiKeyRequest": { "type": "object", "required": [ "name" ], "properties": { "environment": { "type": "string", "enum": [ "live", "test" ] }, "expires_at": { "type": "string" }, "name": { "type": "string" }, "scopes": { "type": "array", "items": { "type": "string" } } } }, "dto.CreateApiKeyResponse": { "type": "object", "properties": { "created_at": { "type": "string" }, "environment": { "type": "string" }, "expires_at": { "type": "string" }, "id": { "type": "string" }, "name": { "type": "string" }, "raw_key": { "type": "string" }, "scopes": { "type": "array", "items": { "type": "string" } }, "status": { "type": "string" } } }, "dto.CreateCertificateRequest": { "description": "为身份提供商上传签名/加密证书", "type": "object", "required": [ "cert_pem", "name", "type" ], "properties": { "cert_pem": { "type": "string", "example": "-----BEGIN CERTIFICATE-----..." }, "name": { "type": "string", "example": "My SAML Signing Cert" }, "type": { "type": "string", "enum": [ "signing", "encryption" ], "example": "signing" } } }, "dto.CreateIDPRequest": { "description": "创建身份提供商请求参数", "type": "object", "required": [ "client_id", "client_secret", "name", "type" ], "properties": { "attribute_mapping": { "description": "字段映射", "type": "object", "additionalProperties": { "type": "string" } }, "auth_url": { "description": "授权端点", "type": "string", "example": "https://example.com/auth" }, "client_id": { "description": "Client ID", "type": "string", "example": "client_123" }, "client_secret": { "description": "Client Secret", "type": "string", "example": "secret_456" }, "config": { "description": "额外配置", "type": "object", "additionalProperties": true }, "display_name": { "description": "前端展示名称", "type": "string", "example": "My OIDC Provider" }, "icon_url": { "description": "图标URL", "type": "string", "example": "https://example.com/icon.png" }, "name": { "description": "显示名称", "type": "string", "example": "My OIDC Provider" }, "scopes": { "description": "权限范围", "type": "array", "items": { "type": "string" }, "example": [ "[openid", "profile", "email]" ] }, "sort_order": { "description": "排序", "type": "integer", "example": 0 }, "token_url": { "description": "Token端点", "type": "string", "example": "https://example.com/token" }, "type": { "description": "类型", "type": "string", "example": "custom" }, "user_info_url": { "description": "用户信息端点", "type": "string", "example": "https://example.com/userinfo" } } }, "dto.CreateUserResponse": { "type": "object", "properties": { "code": { "type": "integer" }, "data": { "$ref": "#/definitions/dto.UserWithIdentitiesResponse" }, "message": { "type": "string" }, "timestamp": { "type": "string" } } }, "dto.DeactivateAccountRequest": { "description": "停用账户请求参数", "type": "object", "properties": { "password": { "description": "Password", "type": "string", "example": "CurrentP@ssw0rd" } } }, "dto.DeactivateAccountResponse": { "type": "object", "properties": { "code": { "type": "integer" }, "message": { "type": "string" } } }, "dto.DeleteAccountRequest": { "description": "删除账户请求参数", "type": "object", "required": [ "password" ], "properties": { "password": { "description": "Password", "type": "string", "example": "CurrentP@ssw0rd" }, "reason": { "description": "Reason", "type": "string", "example": "no longer needed" } } }, "dto.DeleteAccountResponse": { "description": "删除账户结果", "type": "object", "properties": { "deleted_at": { "description": "Deletion time", "type": "string", "example": "2026-04-15T10:00:00Z" }, "message": { "description": "Message", "type": "string" }, "user_id": { "description": "User ID", "type": "string", "example": "user-001" } } }, "dto.DeviceListResponse": { "type": "object", "properties": { "code": { "type": "integer" }, "items": { "description": "统一使用 items", "type": "array", "items": { "$ref": "#/definitions/dto.DeviceResponse" } }, "message": { "type": "string" }, "pagination": { "description": "分页信息(嵌套对象)", "allOf": [ { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.PageInfo" } ] }, "timestamp": { "type": "string" }, "total": { "description": "总条数(平铺,便于直接读取)", "type": "integer" } } }, "dto.DeviceResponse": { "description": "用户设备信息(含安全增强字段)", "type": "object", "properties": { "browser": { "description": "浏览器", "type": "string", "example": "Safari" }, "created_at": { "description": "首次登录", "type": "string", "example": "2026-01-01T00:00:00Z" }, "device_fingerprint": { "description": "设备指纹", "type": "string", "example": "sha256:abc123def" }, "device_name": { "description": "设备名称", "type": "string", "example": "My iPhone" }, "id": { "description": "设备ID", "type": "string", "example": "dev_abc123" }, "ip": { "description": "IP", "type": "string", "example": "192.168.1.1" }, "is_trusted": { "description": "是否信任", "type": "boolean", "example": true }, "last_seen": { "description": "最近使用", "type": "string", "example": "2026-04-15T10:30:00Z" }, "login_count": { "description": "登录次数", "type": "integer", "example": 42 }, "os": { "description": "系统", "type": "string", "example": "iOS 17" }, "session_id": { "description": "关联会话", "type": "string", "example": "sess_123" }, "trust_score": { "description": "信任评分", "type": "integer", "example": 85 }, "type": { "description": "类型", "type": "string", "example": "mobile" }, "user_id": { "description": "用户ID", "type": "string", "example": "usr_abc123" } } }, "dto.DiscoverTenantInfo": { "type": "object", "properties": { "display_name": { "type": "string" }, "id": { "type": "string" }, "membership_approval": { "type": "string" }, "name": { "type": "string" } } }, "dto.EmailStatusResponse": { "type": "object", "properties": { "email": { "type": "string" }, "email_verified": { "type": "boolean" }, "verification_sent": { "type": "boolean" } } }, "dto.EmailVerificationResponse": { "type": "object", "properties": { "expires_in": { "type": "integer" } } }, "dto.EmailVerifiedResponse": { "type": "object", "properties": { "email": { "type": "string" } } }, "dto.ExportMyDataResponse": { "description": "GDPR数据导出结果 GDPR数据导出结果(个人信息聚合数据)", "type": "object", "properties": { "audit_logs": {}, "billing_data": {}, "communication_data": {}, "devices": {}, "export_at": { "type": "string", "example": "2026-04-19T10:00:00Z" }, "notification_data": {}, "oauth_data": {}, "point_data": {}, "profile_data": {}, "session_data": {}, "storage_data": {}, "user": {}, "wallet_data": {} } }, "dto.FieldViolation": { "type": "object", "properties": { "code": { "description": "Code 是错误代码(可选)\n用于程序识别错误类型,如 \"required\", \"format\", \"range\"", "type": "string" }, "description": { "description": "Description 是人类可读的错误描述\n应该说明违反了什么规则,如 \"必须是一个有效的邮箱地址\"", "type": "string" }, "field": { "description": "Field 是错误字段的路径\n使用点号表示嵌套字段,如 \"user.email\" 或 \"addresses[0].city\"", "type": "string" }, "value": { "description": "Value 是导致错误的值(可选,开发模式下使用)\n生产环境可能不返回此字段以避免泄露敏感信息" } } }, "dto.ForgotPasswordRequest": { "description": "忘记密码请求参数", "type": "object", "required": [ "identity" ], "properties": { "identity": { "description": "Email or phone", "type": "string" } } }, "dto.ForgotPasswordResponse": { "description": "忘记密码响应", "type": "object", "properties": { "expires_in": { "description": "Expiration time", "type": "integer" }, "message": { "description": "Message", "type": "string" } } }, "dto.GenerateTicketInput": { "description": "生成一次性票据请求参数", "type": "object", "required": [ "user_id" ], "properties": { "tenant_id": { "description": "租户ID", "type": "string", "example": "tnt_xyz789" }, "user_id": { "description": "用户ID", "type": "string", "example": "usr_abc123" } } }, "dto.GenerateTicketResponse": { "description": "Web3钱包登录票据", "type": "object", "properties": { "expires_in": { "type": "integer", "example": 300 }, "ticket": { "type": "string", "example": "a1b2c3d4e5f6..." } } }, "dto.GetChildrenConsentResponse": { "type": "object", "properties": { "code": { "type": "integer" }, "data": { "type": "object", "properties": { "id": { "type": "string" }, "method": { "type": "string" }, "parent_email": { "type": "string" }, "parent_phone": { "type": "string" }, "recorded_at": { "type": "string" }, "tenant_id": { "type": "string" }, "user_id": { "type": "string" }, "verified": { "type": "boolean" }, "verified_at": { "type": "string" } } }, "message": { "type": "string" } } }, "dto.GetIdentitiesResponse": { "type": "object", "properties": { "code": { "type": "integer" }, "data": { "$ref": "#/definitions/dto.IdentityListData" }, "message": { "type": "string" }, "timestamp": { "type": "string" } } }, "dto.GetMySessionsResponse": { "type": "object", "properties": { "code": { "type": "integer" }, "data": {}, "message": { "type": "string" } } }, "dto.HTTPChangePasswordRequest": { "description": "HTTP修改密码请求", "type": "object", "required": [ "new_password" ], "properties": { "new_password": { "description": "New password", "type": "string", "minLength": 8 }, "old_password": { "description": "Old password (optional for admin reset)", "type": "string" } } }, "dto.HTTPResetPasswordRequest": { "description": "HTTP重置密码请求", "type": "object", "required": [ "new_password", "reset_token" ], "properties": { "force_change": { "description": "Force user to change password on next login", "type": "boolean" }, "new_password": { "description": "New password", "type": "string", "minLength": 8 }, "reset_token": { "description": "Reset token", "type": "string" } } }, "dto.HTTPUserCreateRequest": { "description": "HTTP创建用户请求", "type": "object", "required": [ "password" ], "properties": { "email": { "description": "Email", "type": "string" }, "force_password_change": { "description": "Force user to change password on first login", "type": "boolean" }, "metadata": { "description": "Metadata", "type": "object", "additionalProperties": { "type": "string" } }, "password": { "description": "Password", "type": "string", "minLength": 8 }, "phone": { "description": "Phone", "type": "string" }, "username": { "description": "Username", "type": "string" } } }, "dto.IDPDetailResponse": { "type": "object", "properties": { "code": { "type": "integer" }, "data": { "$ref": "#/definitions/dto.IDPResponse" }, "message": { "type": "string" }, "timestamp": { "type": "string" } } }, "dto.IDPListResponse": { "type": "object", "properties": { "code": { "type": "integer" }, "items": { "description": "统一使用 items", "type": "array", "items": { "$ref": "#/definitions/dto.IDPResponse" } }, "message": { "type": "string" }, "pagination": { "description": "分页信息(嵌套对象)", "allOf": [ { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.PageInfo" } ] }, "timestamp": { "type": "string" }, "total": { "description": "总条数(平铺,便于直接读取)", "type": "integer" } } }, "dto.IDPResponse": { "description": "身份提供商详细信息", "type": "object", "properties": { "attribute_mapping": { "description": "字段映射", "type": "object", "additionalProperties": { "type": "string" } }, "auth_url": { "description": "授权端点", "type": "string", "example": "https://example.com/auth" }, "client_id": { "description": "Client ID", "type": "string", "example": "client_123" }, "config": { "description": "额外配置", "type": "object", "additionalProperties": true }, "created_at": { "description": "创建时间", "type": "string", "example": "2026-01-01T00:00:00Z" }, "display_name": { "description": "前端展示名称", "type": "string", "example": "My OIDC Provider" }, "icon_url": { "description": "图标URL", "type": "string", "example": "https://example.com/icon.png" }, "id": { "description": "提供商ID", "type": "string", "example": "idp_abc123" }, "is_popular": { "description": "常用提供商", "type": "boolean", "example": false }, "is_system": { "description": "系统内置", "type": "boolean", "example": false }, "name": { "description": "显示名称", "type": "string", "example": "My OIDC Provider" }, "scopes": { "description": "权限范围", "type": "array", "items": { "type": "string" }, "example": [ "[openid", "profile", "email]" ] }, "sort_order": { "description": "排序", "type": "integer", "example": 0 }, "status": { "description": "状态", "type": "string", "example": "active" }, "tenant_id": { "description": "租户ID", "type": "string", "example": "tnt_xyz789" }, "token_url": { "description": "Token端点", "type": "string", "example": "https://example.com/token" }, "type": { "description": "类型", "type": "string", "example": "custom" }, "type_display_name": { "description": "类型显示名称", "type": "string", "example": "自定义" }, "updated_at": { "description": "更新时间", "type": "string", "example": "2026-04-10T14:20:00Z" }, "user_info_url": { "description": "用户信息端点", "type": "string", "example": "https://example.com/userinfo" } } }, "dto.IdentifierDiscoveryResponse": { "type": "object", "properties": { "matches": { "type": "array", "items": { "$ref": "#/definitions/dto.TenantMatch" } }, "total": { "type": "integer" } } }, "dto.IdentityListData": { "type": "object", "properties": { "identities": { "type": "array", "items": { "$ref": "#/definitions/dto.IdentityResponse" } } } }, "dto.IdentityResponse": { "description": "用户身份凭证信息", "type": "object", "properties": { "created_at": { "description": "创建时间", "type": "string", "example": "2026-01-01T00:00:00Z" }, "id": { "description": "凭证ID", "type": "string", "example": "id_abc123" }, "identifier": { "description": "标识(脱敏)", "type": "string", "example": "j***@example.com" }, "is_primary": { "description": "是否主凭证", "type": "boolean", "example": true }, "is_verified": { "description": "是否验证", "type": "boolean", "example": true }, "type": { "description": "类型", "type": "string", "example": "email" }, "user_id": { "description": "用户ID", "type": "string", "example": "usr_abc123" }, "verified_at": { "description": "验证时间", "type": "string", "example": "2026-01-10T08:00:00Z" } } }, "dto.ImpersonateRequest": { "type": "object", "properties": { "reason": { "description": "模拟原因", "type": "string" } } }, "dto.ImpersonateResponse": { "type": "object", "properties": { "expires_at": { "type": "string" }, "impersonation_token": { "type": "string" } } }, "dto.ImportOIDCDiscoveryRequest": { "description": "从OIDC discovery URL导入身份提供商配置", "type": "object", "required": [ "discovery_url" ], "properties": { "discovery_url": { "type": "string", "example": "https://idp.example.com/.well-known/openid-configuration" } } }, "dto.ImportSAMLMetadataRequest": { "description": "从SAML metadata URL导入身份提供商配置", "type": "object", "required": [ "metadata_url" ], "properties": { "metadata_url": { "type": "string", "example": "https://idp.example.com/metadata.xml" } } }, "dto.KeyExchangeResponse": { "type": "object", "properties": { "algorithm": { "description": "\"ECDH-P256-HKDF-SHA256-AES256GCM\"", "type": "string" }, "expires_in": { "description": "TTL in seconds", "type": "integer" }, "key_exchange_id": { "type": "string" }, "server_pub_key": { "description": "base64 ECDH P-256 public key", "type": "string" } } }, "dto.ListResponse-any": { "type": "object", "properties": { "code": { "type": "integer" }, "items": { "description": "统一使用 items", "type": "array", "items": {} }, "message": { "type": "string" }, "pagination": { "description": "分页信息(嵌套对象)", "allOf": [ { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.PageInfo" } ] }, "timestamp": { "type": "string" }, "total": { "description": "总条数(平铺,便于直接读取)", "type": "integer" } } }, "dto.ListResponse-domain_AgentInfo": { "type": "object", "properties": { "code": { "type": "integer" }, "items": { "description": "统一使用 items", "type": "array", "items": { "$ref": "#/definitions/domain.AgentInfo" } }, "message": { "type": "string" }, "pagination": { "description": "分页信息(嵌套对象)", "allOf": [ { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.PageInfo" } ] }, "timestamp": { "type": "string" }, "total": { "description": "总条数(平铺,便于直接读取)", "type": "integer" } } }, "dto.ListResponse-domain_FamilyMemberInfo": { "type": "object", "properties": { "code": { "type": "integer" }, "items": { "description": "统一使用 items", "type": "array", "items": { "$ref": "#/definitions/domain.FamilyMemberInfo" } }, "message": { "type": "string" }, "pagination": { "description": "分页信息(嵌套对象)", "allOf": [ { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.PageInfo" } ] }, "timestamp": { "type": "string" }, "total": { "description": "总条数(平铺,便于直接读取)", "type": "integer" } } }, "dto.ListResponse-domain_RobotInfo": { "type": "object", "properties": { "code": { "type": "integer" }, "items": { "description": "统一使用 items", "type": "array", "items": { "$ref": "#/definitions/domain.RobotInfo" } }, "message": { "type": "string" }, "pagination": { "description": "分页信息(嵌套对象)", "allOf": [ { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.PageInfo" } ] }, "timestamp": { "type": "string" }, "total": { "description": "总条数(平铺,便于直接读取)", "type": "integer" } } }, "dto.ListResponse-dto_ABACPolicyResponse": { "type": "object", "properties": { "code": { "type": "integer" }, "items": { "description": "统一使用 items", "type": "array", "items": { "$ref": "#/definitions/dto.ABACPolicyResponse" } }, "message": { "type": "string" }, "pagination": { "description": "分页信息(嵌套对象)", "allOf": [ { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.PageInfo" } ] }, "timestamp": { "type": "string" }, "total": { "description": "总条数(平铺,便于直接读取)", "type": "integer" } } }, "dto.ListResponse-dto_ActivationResponse": { "type": "object", "properties": { "code": { "type": "integer" }, "items": { "description": "统一使用 items", "type": "array", "items": { "$ref": "#/definitions/dto.ActivationResponse" } }, "message": { "type": "string" }, "pagination": { "description": "分页信息(嵌套对象)", "allOf": [ { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.PageInfo" } ] }, "timestamp": { "type": "string" }, "total": { "description": "总条数(平铺,便于直接读取)", "type": "integer" } } }, "dto.ListResponse-gitee_com_linmes_authms_micro-services_identity-service_internal_device_domain_DeviceInfo": { "type": "object", "properties": { "code": { "type": "integer" }, "items": { "description": "统一使用 items", "type": "array", "items": { "$ref": "#/definitions/gitee_com_linmes_authms_micro-services_identity-service_internal_device_domain.DeviceInfo" } }, "message": { "type": "string" }, "pagination": { "description": "分页信息(嵌套对象)", "allOf": [ { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.PageInfo" } ] }, "timestamp": { "type": "string" }, "total": { "description": "总条数(平铺,便于直接读取)", "type": "integer" } } }, "dto.ListResponse-handler_SamlLinkedAccountInfo": { "type": "object", "properties": { "code": { "type": "integer" }, "items": { "description": "统一使用 items", "type": "array", "items": { "$ref": "#/definitions/handler.SamlLinkedAccountInfo" } }, "message": { "type": "string" }, "pagination": { "description": "分页信息(嵌套对象)", "allOf": [ { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.PageInfo" } ] }, "timestamp": { "type": "string" }, "total": { "description": "总条数(平铺,便于直接读取)", "type": "integer" } } }, "dto.LoginByCodeResponse": { "type": "object", "properties": { "access_token": { "type": "string" }, "expires_in": { "type": "integer" }, "is_new_user": { "type": "boolean" }, "refresh_token": { "type": "string" }, "token_type": { "type": "string" }, "user": { "$ref": "#/definitions/dto.UserInfo" } } }, "dto.LoginByEmailCodeRequest": { "type": "object", "required": [ "code", "email" ], "properties": { "captcha_token": { "type": "string" }, "code": { "type": "string" }, "email": { "type": "string" }, "register_if_new": { "type": "boolean" }, "tenant_id": { "type": "string" } } }, "dto.LoginByPhoneCodeRequest": { "type": "object", "required": [ "code", "phone" ], "properties": { "captcha_token": { "type": "string" }, "code": { "type": "string" }, "phone": { "type": "string" }, "register_if_new": { "type": "boolean" }, "tenant_id": { "type": "string" } } }, "dto.LoginHistoryListResponse": { "type": "object", "properties": { "code": { "type": "integer" }, "items": { "description": "统一使用 items", "type": "array", "items": { "$ref": "#/definitions/dto.LoginHistoryResponse" } }, "message": { "type": "string" }, "pagination": { "description": "分页信息(嵌套对象)", "allOf": [ { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.PageInfo" } ] }, "timestamp": { "type": "string" }, "total": { "description": "总条数(平铺,便于直接读取)", "type": "integer" } } }, "dto.LoginHistoryResponse": { "description": "用户登录历史记录", "type": "object", "properties": { "browser": { "description": "浏览器", "type": "string", "example": "Chrome" }, "created_at": { "description": "登录时间", "type": "string", "example": "2026-04-15T10:30:00Z" }, "device_type": { "description": "设备类型", "type": "string", "example": "desktop" }, "fail_reason": { "description": "失败原因", "type": "string", "example": "" }, "id": { "description": "记录ID", "type": "string", "example": "hist_abc123" }, "ip": { "description": "IP地址", "type": "string", "example": "192.168.1.1" }, "location": { "description": "地理位置", "type": "string", "example": "Beijing" }, "login_type": { "description": "登录类型", "type": "string", "example": "password" }, "os": { "description": "操作系统", "type": "string", "example": "Windows 10" }, "session_id": { "description": "会话ID", "type": "string", "example": "sess_123" }, "status": { "description": "状态", "type": "string", "example": "success" }, "tenant_id": { "description": "租户ID", "type": "string", "example": "tnt_xyz789" }, "user_agent": { "description": "User-Agent", "type": "string", "example": "Mozilla/5.0" }, "user_id": { "description": "用户ID", "type": "string", "example": "usr_abc123" } } }, "dto.LoginRequest": { "description": "用户登录请求参数", "type": "object", "required": [ "identity", "password" ], "properties": { "captcha_challenge_id": { "description": "CAPTCHA challenge ID", "type": "string" }, "captcha_provider": { "description": "CAPTCHA provider (pow/turnstile)", "type": "string" }, "captcha_token": { "description": "CAPTCHA verification token (PoW/Turnstile)", "type": "string" }, "client_nonce": { "description": "hash 模式: 客户端随机 nonce", "type": "string" }, "client_pub_key": { "description": "symmetric 模式: 客户端 ECDH 临时公钥", "type": "string" }, "identity": { "description": "Username/Email/Phone", "type": "string" }, "key_exchange_id": { "description": "symmetric 模式: ECDH 密钥交换 ID", "type": "string" }, "key_id": { "description": "asymmetric 模式: 服务端公钥 ID", "type": "string" }, "password": { "description": "Password or hash/ciphertext (取决于 password_transmission)", "type": "string" }, "password_transmission": { "description": "plain|hash|symmetric|asymmetric", "type": "string" }, "tenant_id": { "description": "Tenant ID", "type": "string" } } }, "dto.LoginResponse": { "description": "用户登录结果", "type": "object", "properties": { "access_token": { "description": "Access token", "type": "string" }, "challenge_token": { "description": "MFA challenge token (short-lived, requires MFA verification)", "type": "string" }, "expires_in": { "description": "Expiration time", "type": "integer" }, "mfa_check_reason": { "description": "MFA触发原因描述", "type": "string" }, "must_change_password": { "description": "Password must be changed", "type": "boolean" }, "password_expires_in": { "description": "Days until password expires", "type": "integer" }, "password_warning": { "description": "Password warning: expiring/expired_grace/expired", "type": "string" }, "refresh_token": { "description": "Refresh token", "type": "string" }, "required_mfa_methods": { "description": "MFA推荐方法列表", "type": "array", "items": { "type": "string" } }, "requires_mfa": { "description": "自适应MFA: 需要额外MFA验证", "type": "boolean" }, "risk_assessment": { "description": "Risk assessment", "allOf": [ { "$ref": "#/definitions/dto.RiskAssessmentInfo" } ] }, "risk_level": { "description": "风险等级: low/medium/high", "type": "string" }, "token_type": { "description": "Token type", "type": "string" }, "user": { "description": "User info", "allOf": [ { "$ref": "#/definitions/dto.UserInfo" } ] } } }, "dto.LogoutAllSessionsResponse": { "type": "object", "properties": { "code": { "type": "integer" }, "message": { "type": "string" } } }, "dto.LogoutSessionResponse": { "type": "object", "properties": { "code": { "type": "integer" }, "message": { "type": "string" } } }, "dto.MakerCheckerRecordRequest": { "description": "双人复核记录请求", "type": "object", "required": [ "approver", "operation", "requester" ], "properties": { "approver": { "description": "Approver", "type": "string", "example": "user-002" }, "details": { "description": "Details", "type": "object", "additionalProperties": true }, "operation": { "description": "Operation", "type": "string", "example": "delete_user" }, "requester": { "description": "Requester", "type": "string", "example": "user-001" } } }, "dto.MakerCheckerRecordResponse": { "description": "双人复核记录响应", "type": "object", "properties": { "approver": { "description": "Approver", "type": "string" }, "operation": { "description": "Operation", "type": "string" }, "record_id": { "description": "Record ID", "type": "string" }, "requester": { "description": "Requester", "type": "string" }, "status": { "description": "Status", "type": "string" } } }, "dto.MembershipInfo": { "type": "object", "properties": { "joined_at": { "type": "string" }, "role": { "type": "string" }, "status": { "description": "active / pending / disabled", "type": "string" }, "tenant_id": { "type": "string" }, "tenant_name": { "type": "string" } } }, "dto.MembershipListResponseWrapper": { "type": "object", "properties": { "code": { "type": "integer" }, "items": { "description": "统一使用 items", "type": "array", "items": { "$ref": "#/definitions/dto.MembershipInfo" } }, "message": { "type": "string" }, "pagination": { "description": "分页信息(嵌套对象)", "allOf": [ { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.PageInfo" } ] }, "timestamp": { "type": "string" }, "total": { "description": "总条数(平铺,便于直接读取)", "type": "integer" } } }, "dto.MergeUsersRequest": { "description": "合并用户请求(合并从账户到主账户)", "type": "object", "required": [ "primary_user_id", "secondary_user_id" ], "properties": { "primary_user_id": { "description": "主账户用户ID", "type": "string" }, "secondary_user_id": { "description": "从账户用户ID", "type": "string" } } }, "dto.MyPermissionsResponse": { "type": "object", "properties": { "permissions": { "type": "array", "items": { "type": "string" } } } }, "dto.MyPermissionsResponseWrapper": { "type": "object", "properties": { "code": { "type": "integer" }, "data": { "$ref": "#/definitions/dto.MyPermissionsResponse" }, "message": { "type": "string" }, "timestamp": { "type": "string" } } }, "dto.MyTenantsResponse": { "type": "object", "properties": { "tenants": { "type": "array", "items": { "$ref": "#/definitions/dto.TenantInfo" } } } }, "dto.MyTenantsResponseWrapper": { "type": "object", "properties": { "code": { "type": "integer" }, "data": { "$ref": "#/definitions/dto.MyTenantsResponse" }, "message": { "type": "string" }, "timestamp": { "type": "string" } } }, "dto.NHIPolicyRequest": { "description": "NHI (非人类身份) 策略配置请求", "type": "object", "properties": { "agent_default_ttl": { "type": "string", "example": "1h" }, "agent_max_count": { "type": "integer", "example": 100 }, "device_max_per_owner": { "type": "integer", "example": 10 }, "robot_max_count": { "type": "integer", "example": 100 }, "rotation_days_default": { "type": "integer", "example": 90 } } }, "dto.NHIPolicyResponse": { "description": "NHI (非人类身份) 策略配置", "type": "object", "properties": { "agent_default_ttl": { "type": "string", "example": "1h" }, "agent_max_count": { "type": "integer", "example": 100 }, "device_max_per_owner": { "type": "integer", "example": 10 }, "robot_max_count": { "type": "integer", "example": 100 }, "rotation_days_default": { "type": "integer", "example": 90 }, "updated_at": { "type": "string", "example": "2026-06-09T10:30:00Z" } } }, "dto.NHIPolicyResponseWrapper": { "type": "object", "properties": { "code": { "type": "integer" }, "data": { "$ref": "#/definitions/dto.NHIPolicyResponse" }, "message": { "type": "string" }, "timestamp": { "type": "string" } } }, "dto.OAuthCallbackResponse": { "description": "OAuth/SSO回调响应", "type": "object", "properties": { "access_token": { "description": "Access token", "type": "string" }, "challenge_token": { "description": "MFA challenge token", "type": "string" }, "expires_in": { "description": "Expiration time", "type": "integer" }, "is_new_user": { "description": "Is new user", "type": "boolean" }, "mfa_check_reason": { "description": "MFA check reason", "type": "string" }, "provider": { "description": "Provider", "type": "string" }, "refresh_token": { "description": "Refresh token", "type": "string" }, "required_mfa_methods": { "description": "MFA recommended methods", "type": "array", "items": { "type": "string" } }, "requires_mfa": { "description": "Requires MFA", "type": "boolean" }, "risk_level": { "description": "Risk level", "type": "string" }, "state": { "description": "State", "type": "string" }, "token_type": { "description": "Token type", "type": "string" } } }, "dto.PasskeyAuthBeginRequest": { "type": "object", "properties": { "email": { "type": "string" }, "mediation": { "description": "\"conditional\" 启用条件UI(免填写邮箱自动填充)", "type": "string" }, "tenant_id": { "type": "string" } } }, "dto.PasskeyAuthenticateCompleteRequest": { "type": "object", "required": [ "credential" ], "properties": { "credential": { "$ref": "#/definitions/webauthn.AuthenticationResponse" }, "email": { "description": "条件UI时可为空, 由credential.userHandle标识用户", "type": "string" } } }, "dto.PasswordPolicyResponse": { "description": "密码策略配置", "type": "object", "properties": { "captcha_enabled": { "description": "是否启用CAPTCHA验证", "type": "boolean" }, "change_cooldown_minutes": { "description": "密码修改冷却时间", "type": "integer", "example": 0 }, "expiry_days": { "description": "密码过期天数", "type": "integer", "example": 90 }, "grace_period_days": { "description": "过期宽限天数", "type": "integer", "example": 7 }, "history_count": { "description": "密码历史保留数量", "type": "integer", "example": 5 }, "login_methods": { "type": "array", "items": { "type": "string" } }, "max_length": { "description": "最大长度", "type": "integer", "example": 128 }, "min_length": { "description": "最小长度", "type": "integer", "example": 8 }, "oauth_providers": { "type": "array", "items": { "type": "string" } }, "password_transmission": { "description": "密码传输方式", "type": "string" }, "pepper_enabled": { "description": "US-P13: 服务端Pepper加密启用", "type": "boolean" }, "require_digit": { "description": "需要数字", "type": "boolean", "example": true }, "require_lower": { "description": "需要小写字母", "type": "boolean", "example": true }, "require_special": { "description": "需要特殊字符", "type": "boolean", "example": true }, "require_upper": { "description": "需要大写字母", "type": "boolean", "example": true }, "sso_providers": { "type": "array", "items": { "type": "string" } }, "unicode_allowed": { "description": "是否允许Unicode密码(NFC标准化)", "type": "boolean" } } }, "dto.PasswordStatusResponse": { "type": "object", "properties": { "active": { "description": "密码是否有效", "type": "boolean" }, "must_change_password": { "description": "需要强制修改密码", "type": "boolean" }, "password_changed_at": { "description": "密码最后修改时间", "type": "string" }, "password_expires_in": { "description": "密码剩余天数", "type": "integer" }, "password_warning": { "description": "密码警告: expiring/expired_grace/expired", "type": "string" } } }, "dto.PasswordStrengthCheckItem": { "description": "密码强度检查中的单个检查项", "type": "object", "properties": { "key": { "type": "string", "example": "min_length" }, "label": { "type": "string", "example": "At least 8 characters" }, "passed": { "type": "boolean", "example": true } } }, "dto.PasswordStrengthResponse": { "description": "密码强度检查结果,包含分数和各项检查详情", "type": "object", "properties": { "checks": { "type": "array", "items": { "$ref": "#/definitions/dto.PasswordStrengthCheckItem" } }, "crack_seconds": { "type": "number", "example": 31557600 }, "crack_time": { "type": "string", "example": "centuries" }, "is_strong": { "type": "boolean", "example": false }, "score": { "type": "integer", "example": 75 }, "suggestions": { "type": "array", "items": { "type": "string" }, "example": [ "Add another word or two" ] }, "warning": { "type": "string", "example": "This is a common password" } } }, "dto.PasswordStrengthResponseWrapper": { "type": "object", "properties": { "code": { "type": "integer" }, "data": { "$ref": "#/definitions/dto.PasswordStrengthResponse" }, "message": { "type": "string" }, "timestamp": { "type": "string" } } }, "dto.PhoneStatusResponse": { "type": "object", "properties": { "phone": { "type": "string" }, "phone_verified": { "type": "boolean" }, "verification_sent": { "type": "boolean" } } }, "dto.PhoneVerificationResponse": { "type": "object", "properties": { "expires_in": { "type": "integer" }, "phone": { "type": "string" } } }, "dto.PhoneVerifiedResponse": { "type": "object", "properties": { "phone": { "type": "string" } } }, "dto.Problem": { "type": "object", "properties": { "code": { "description": "Code 是业务错误码\n用于程序处理特定错误场景\n示例:30101001", "type": "integer" }, "detail": { "description": "Detail 是针对此具体错误实例的人类可读解释\n可以包含具体的错误细节,如\"Field 'email' is required\"", "type": "string" }, "errors": { "description": "Errors 是字段级验证错误列表(扩展字段)\n遵循 Web API 标准实践,每个错误包含字段名和错误信息", "type": "array", "items": { "$ref": "#/definitions/dto.FieldViolation" } }, "i18n_args": { "description": "I18nArgs 是国际化参数\n用于动态填充翻译模板", "type": "object", "additionalProperties": {} }, "i18n_key": { "description": "I18nKey 是国际化键\n用于客户端本地化错误消息\n示例:\"error.user_not_found\"", "type": "string" }, "instance": { "description": "Instance 是发生问题的具体URI引用\n通常是请求的URL,可能包含查询参数\n示例:\"/api/v1/users?limit=invalid\"", "type": "string" }, "request_id": { "description": "RequestID 是请求唯一标识\n用于日志关联和问题追踪\n示例:\"req_550e8400-e29b-41d4-a716-446655440000\"", "type": "string" }, "retry_after": { "description": "RetryAfter 用于 429 Too Many Requests 响应\n指示客户端应在多少秒后重试请求(RFC 6585)", "type": "integer" }, "service": { "description": "Service 是服务名\n用于微服务架构中定位错误来源\n示例:\"auth-service\"", "type": "string" }, "span_id": { "description": "SpanID 是当前 span 标识\n用于精确定位分布式链路中的当前节点", "type": "string" }, "status": { "description": "Status 是产生的HTTP状态码\n用于客户端区分问题类型,不随Accept-Language变化\n示例:400, 401, 403, 404, 500", "type": "integer" }, "timestamp": { "description": "Timestamp 是错误发生时间\nISO 8601 格式\n示例:\"2026-04-03T12:00:00Z\"", "type": "string" }, "title": { "description": "Title 是简短、人类可读的问题类型摘要\n相同的 Type 应该始终有相同的 Title(不随实例变化)\n示例:\"Invalid Request Parameters\"", "type": "string" }, "trace_id": { "description": "TraceID 是分布式追踪标识\n遵循 W3C Trace Context 标准\n示例:\"00-0af7651916cd43dd8448eb211c80319c-b7ad6b7169203331-01\"", "type": "string" }, "type": { "description": "Type 是标识问题类型的URI引用\n当该URI被解引用时,应提供人类可读的文档\n示例:\"https://api.example.com/errors/invalid-request\"", "type": "string" } } }, "dto.ProviderCertificateResponse": { "description": "身份提供商证书信息", "type": "object", "properties": { "created_at": { "type": "string", "example": "2026-04-15T10:30:00Z" }, "expires_at": { "type": "string", "example": "2027-04-15T10:30:00Z" }, "fingerprint": { "type": "string", "example": "sha256:abc123def456" }, "id": { "type": "string", "example": "cert_abc123" }, "name": { "type": "string", "example": "My SAML Signing Cert" }, "provider_id": { "type": "string", "example": "idp_xyz789" }, "status": { "type": "string", "example": "active" }, "type": { "type": "string", "example": "signing" } } }, "dto.PublicAuthConfigResponse": { "description": "公开认证配置,包含租户基本信息、密码策略、品牌定制", "type": "object", "properties": { "branding": { "description": "租户品牌定制信息", "allOf": [ { "$ref": "#/definitions/dto.BrandingInfo" } ] }, "breach_check_enabled": { "type": "boolean" }, "captcha_enabled": { "description": "US-S05: CAPTCHA验证启用", "type": "boolean" }, "captcha_provider": { "description": "CAPTCHA provider (pow/turnstile)", "type": "string" }, "cross_tenant_switch_enabled": { "description": "US-Q01: 跨租户切换策略控制 // US-P13: 服务端Pepper加密启用", "type": "boolean" }, "device_fingerprint_enabled": { "type": "boolean" }, "display_name": { "type": "string", "example": "My Tenant" }, "login_methods": { "type": "array", "items": { "type": "string" } }, "magic_link_enabled": { "type": "boolean" }, "max_concurrent_sessions": { "description": "US-F02: 最大并发会话数", "type": "integer" }, "membership_approval": { "type": "string" }, "oauth_client_id": { "type": "string", "example": "app-01KV1ZCSJ5ZJ8G78B4TDG398NK" }, "oauth_providers": { "type": "array", "items": { "type": "string" } }, "passkey_enabled": { "type": "boolean" }, "password_policy": { "$ref": "#/definitions/dto.PasswordPolicyResponse" }, "pepper_enabled": { "type": "boolean" }, "silent_challenge_enabled": { "type": "boolean" }, "sso_providers": { "type": "array", "items": { "type": "string" } }, "tenant_id": { "type": "string", "example": "tnt_xyz789" }, "tenant_name": { "type": "string", "example": "my-tenant" }, "transmission_nonce": { "description": "hash 模式: 服务端抗重放 nonce (5min TTL)", "type": "string" }, "transmission_nonce_expires_at": { "description": "nonce 过期时间 (RFC3339)", "type": "string" }, "transmission_public_key": { "description": "asymmetric 模式: RSA-2048 公钥 PEM", "type": "string" }, "transmission_public_key_id": { "description": "公钥标识符 (用于密钥轮换)", "type": "string" } } }, "dto.QrLoginCancelRequest": { "type": "object", "required": [ "token" ], "properties": { "token": { "type": "string" } } }, "dto.QrLoginConfirmRequest": { "type": "object", "required": [ "token" ], "properties": { "token": { "type": "string" } } }, "dto.QrLoginInitiateResponse": { "type": "object", "properties": { "expires_in": { "type": "integer" }, "number_matching": { "type": "string" }, "session_token": { "type": "string" } } }, "dto.QrLoginScanRequest": { "type": "object", "required": [ "token" ], "properties": { "device_info": { "type": "string" }, "token": { "type": "string" } } }, "dto.QrLoginStatusResponse": { "type": "object", "properties": { "access_token": { "type": "string" }, "expires_in": { "type": "integer" }, "number_matching": { "type": "string" }, "refresh_token": { "type": "string" }, "status": { "type": "string" } } }, "dto.ReAuthenticateDataWrapper": { "type": "object", "properties": { "code": { "type": "integer", "example": 0 }, "data": { "$ref": "#/definitions/dto.ReAuthenticateResponse" }, "message": { "type": "string", "example": "success" } } }, "dto.ReAuthenticateRequest": { "description": "敏感操作前强制重新认证", "type": "object", "required": [ "password" ], "properties": { "mfa_code": { "description": "MFA验证码", "type": "string" }, "password": { "description": "当前密码", "type": "string", "minLength": 1 } } }, "dto.ReAuthenticateResponse": { "description": "重新认证成功响应", "type": "object", "properties": { "expires_in": { "description": "有效期", "type": "integer", "example": 300 }, "message": { "description": "结果消息", "type": "string", "example": "re-authentication successful" }, "step_up_token": { "description": "Step-up token", "type": "string", "example": "stepup_abc..." } } }, "dto.ReapplyRegistrationRequest": { "type": "object", "required": [ "email" ], "properties": { "email": { "description": "Email", "type": "string" }, "invitation_code": { "description": "邀请码", "type": "string" }, "reason": { "description": "申请理由", "type": "string" } } }, "dto.ReapplyRegistrationResponse": { "type": "object", "properties": { "message": { "type": "string" } } }, "dto.ReapplyRegistrationResponseWrapper": { "type": "object", "properties": { "code": { "type": "integer" }, "data": { "$ref": "#/definitions/dto.ReapplyRegistrationResponse" }, "message": { "type": "string" }, "timestamp": { "type": "string" } } }, "dto.RecordConsentResponse": { "type": "object", "properties": { "code": { "type": "integer" }, "data": { "type": "object", "properties": { "granted": { "type": "boolean" }, "id": { "type": "string" }, "ip_address": { "type": "string" }, "recorded_at": { "type": "string" }, "revoked_at": { "type": "string" }, "scope": { "type": "string" }, "tenant_id": { "type": "string" }, "user_agent": { "type": "string" }, "user_id": { "type": "string" }, "version": { "type": "string" } } }, "message": { "type": "string" } } }, "dto.RecordLoginFailureRequest": { "description": "记录登录失败请求", "type": "object", "required": [ "identifier" ], "properties": { "identifier": { "description": "Identifier", "type": "string" }, "ip": { "description": "IP address", "type": "string" } } }, "dto.RecordLoginSuccessRequest": { "description": "记录登录成功请求", "type": "object", "required": [ "user_id" ], "properties": { "ip": { "description": "IP address", "type": "string" }, "user_id": { "description": "User ID", "type": "string" } } }, "dto.RecoverAccountRequest": { "type": "object", "required": [ "identity" ], "properties": { "identity": { "type": "string" } } }, "dto.RecoverAccountResetRequest": { "type": "object", "required": [ "code", "identity", "new_password" ], "properties": { "code": { "type": "string" }, "identity": { "type": "string" }, "new_password": { "type": "string", "maxLength": 32, "minLength": 8 } } }, "dto.RecoverAccountResetResponse": { "type": "object", "properties": { "message": { "type": "string" } } }, "dto.RecoverAccountResponse": { "type": "object", "properties": { "contact_types": { "type": "array", "items": { "type": "string" } }, "expires_in": { "type": "integer" }, "masked_to": { "type": "string" }, "message": { "type": "string" } } }, "dto.RecoveryContactListResponse": { "type": "object", "properties": { "code": { "type": "integer" }, "items": { "description": "统一使用 items", "type": "array", "items": { "$ref": "#/definitions/dto.RecoveryContactResponse" } }, "message": { "type": "string" }, "pagination": { "description": "分页信息(嵌套对象)", "allOf": [ { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.PageInfo" } ] }, "timestamp": { "type": "string" }, "total": { "description": "总条数(平铺,便于直接读取)", "type": "integer" } } }, "dto.RecoveryContactResponse": { "description": "备用联系方式", "type": "object", "properties": { "created_at": { "description": "创建时间", "type": "string", "example": "2026-04-15T10:30:00Z" }, "id": { "description": "联系方式ID", "type": "string", "example": "rc_abc123" }, "type": { "description": "类型", "type": "string", "example": "email" }, "value": { "description": "脱敏值", "type": "string", "example": "ba***@example.com" }, "verified": { "description": "是否已验证", "type": "boolean", "example": true } } }, "dto.RefreshTokenRequest": { "description": "刷新令牌请求参数", "type": "object", "required": [ "refresh_token" ], "properties": { "refresh_token": { "description": "Refresh token", "type": "string" } } }, "dto.RegisterByEmailCodeRequest": { "type": "object", "required": [ "code", "email" ], "properties": { "code": { "type": "string" }, "email": { "type": "string" }, "tenant_id": { "type": "string" }, "username": { "type": "string" } } }, "dto.RegisterByInvitationRequest": { "description": "邀请注册请求参数", "type": "object", "required": [ "invitation_code", "password" ], "properties": { "invitation_code": { "type": "string" }, "password": { "type": "string", "maxLength": 128, "minLength": 8 }, "username": { "type": "string", "maxLength": 32, "minLength": 3 } } }, "dto.RegisterByOAuthRequest": { "description": "OAuth显式补充注册请求参数", "type": "object", "required": [ "agree_terms", "password", "pending_token" ], "properties": { "agree_terms": { "type": "boolean" }, "password": { "type": "string", "maxLength": 128, "minLength": 8 }, "pending_token": { "type": "string" }, "phone": { "type": "string" }, "username": { "type": "string", "maxLength": 32, "minLength": 3 } } }, "dto.RegisterByOAuthResponse": { "type": "object", "properties": { "code": { "type": "integer" }, "data": { "$ref": "#/definitions/dto.LoginByCodeResponse" }, "message": { "type": "string" }, "timestamp": { "type": "string" } } }, "dto.RegisterByPhoneCodeRequest": { "type": "object", "required": [ "code", "phone" ], "properties": { "code": { "type": "string" }, "phone": { "type": "string" }, "tenant_id": { "type": "string" }, "username": { "type": "string" } } }, "dto.RegisterRequest": { "description": "用户注册请求参数", "type": "object", "required": [ "password" ], "properties": { "birth_date": { "description": "Birth date (format: \"2006-01-02\")", "type": "string" }, "client_nonce": { "description": "hash 模式: 客户端随机 nonce", "type": "string" }, "email": { "description": "Email", "type": "string" }, "invitation_code": { "description": "邀请码(invitation_only 模式下必填)", "type": "string" }, "password": { "description": "Password or hash/ciphertext", "type": "string", "maxLength": 256, "minLength": 8 }, "password_transmission": { "description": "plain|hash|symmetric|asymmetric", "type": "string" }, "phone": { "description": "Phone", "type": "string" }, "username": { "description": "Username", "type": "string", "maxLength": 32, "minLength": 3 } } }, "dto.RegisterResponse": { "description": "用户注册结果", "type": "object", "properties": { "membership_status": { "description": "成员状态(审批模式下为 pending)", "type": "string" }, "message": { "description": "Message", "type": "string" }, "status": { "description": "Status", "type": "string" }, "user_id": { "description": "User ID", "type": "string" } } }, "dto.RequestAccountRecoveryRequest": { "description": "通过备用邮箱/安全问题/信任设备发起账户恢复", "type": "object", "required": [ "identity", "method" ], "properties": { "identity": { "description": "已知的身份标识", "type": "string", "example": "john@example.com" }, "method": { "description": "恢复方法", "type": "string", "enum": [ "backup_email", "security_qa", "trusted_device", "sms" ] } } }, "dto.RequestAccountRecoveryResponseWrapper": { "type": "object", "properties": { "code": { "type": "integer" }, "message": { "type": "string" }, "timestamp": { "type": "string" } } }, "dto.RequestActivationRequest": { "type": "object", "required": [ "duration", "justification", "role_id" ], "properties": { "duration": { "type": "string" }, "justification": { "type": "string" }, "role_id": { "type": "string" } } }, "dto.RequestMagicLinkRequest": { "type": "object", "required": [ "email" ], "properties": { "email": { "type": "string" }, "tenant_id": { "type": "string" } } }, "dto.ResendSMSCodeRequest": { "type": "object", "required": [ "phone" ], "properties": { "phone": { "type": "string" } } }, "dto.ResendVerificationEmailRequest": { "type": "object", "required": [ "email" ], "properties": { "email": { "type": "string" } } }, "dto.ResetPasswordRequest": { "description": "重置密码请求参数", "type": "object", "required": [ "code", "identity", "new_password" ], "properties": { "code": { "description": "Verification code", "type": "string" }, "identity": { "description": "Email or phone", "type": "string" }, "new_password": { "description": "New password", "type": "string", "maxLength": 32, "minLength": 8 } } }, "dto.ResetPasswordResponse": { "description": "重置密码响应", "type": "object", "properties": { "message": { "description": "Message", "type": "string" } } }, "dto.RevokeActivationRequest": { "type": "object", "required": [ "reason" ], "properties": { "reason": { "type": "string" } } }, "dto.RevokeConsentResponse": { "type": "object", "properties": { "code": { "type": "integer" }, "message": { "type": "string" } } }, "dto.RiskAssessmentInfo": { "type": "object", "properties": { "level": { "type": "string" }, "recommended_mfa_methods": { "type": "array", "items": { "type": "string" } }, "require_mfa": { "type": "boolean" }, "score": { "type": "integer" } } }, "dto.RiskEventListResponse": { "type": "object", "properties": { "code": { "type": "integer" }, "items": { "description": "统一使用 items", "type": "array", "items": { "$ref": "#/definitions/dto.RiskEventResponse" } }, "message": { "type": "string" }, "pagination": { "description": "分页信息(嵌套对象)", "allOf": [ { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.PageInfo" } ] }, "timestamp": { "type": "string" }, "total": { "description": "总条数(平铺,便于直接读取)", "type": "integer" } } }, "dto.RiskEventResponse": { "type": "object", "properties": { "created_at": { "description": "事件时间", "type": "string" }, "device_id": { "description": "设备ID", "type": "string" }, "event_type": { "description": "事件类型", "type": "string" }, "geo_location": { "description": "地理位置", "type": "string" }, "id": { "description": "事件ID", "type": "string" }, "ip": { "description": "来源IP", "type": "string" }, "metadata": { "description": "元数据", "type": "string" }, "risk_score": { "description": "风险分数", "type": "number" }, "user_id": { "description": "用户ID", "type": "string" } } }, "dto.RotateCertificateRequest": { "description": "吊销旧证书并上传新证书", "type": "object", "required": [ "cert_pem" ], "properties": { "cert_pem": { "type": "string", "example": "-----BEGIN CERTIFICATE-----..." }, "name": { "type": "string", "example": "Rotated SAML Signing Cert" } } }, "dto.SAMLSLODetailResponse": { "type": "object", "properties": { "code": { "type": "integer" }, "data": { "$ref": "#/definitions/dto.SAMLSLOResponse" }, "message": { "type": "string" }, "timestamp": { "type": "string" } } }, "dto.SAMLSLOResponse": { "type": "object", "properties": { "logout_count": { "type": "integer" }, "message": { "type": "string" }, "name_id": { "type": "string" }, "status": { "type": "string", "example": "success" } } }, "dto.SAMLTokenDetailResponse": { "type": "object", "properties": { "code": { "type": "integer" }, "data": { "$ref": "#/definitions/dto.SAMLTokenResponse" }, "message": { "type": "string" }, "timestamp": { "type": "string" } } }, "dto.SAMLTokenResponse": { "type": "object", "properties": { "access_token": { "type": "string" }, "expires_in": { "type": "integer", "example": 3600 }, "relay_state": { "type": "string" }, "token_type": { "type": "string", "example": "Bearer" } } }, "dto.SSOCallbackRequest": { "description": "SSO回调请求", "type": "object", "required": [ "code", "provider", "state" ], "properties": { "code": { "description": "Code", "type": "string", "example": "saml-response-base64" }, "provider": { "description": "Provider", "type": "string", "example": "saml" }, "state": { "description": "State", "type": "string", "example": "random-state" } } }, "dto.SSOCallbackResponse": { "type": "object", "properties": { "code": { "type": "integer" }, "data": { "type": "object", "additionalProperties": true }, "message": { "type": "string" } } }, "dto.SSOInitiateRequest": { "description": "SSO登录启动请求", "type": "object", "required": [ "provider" ], "properties": { "provider": { "description": "Provider", "type": "string", "example": "saml" }, "return_url": { "description": "Return URL", "type": "string", "example": "https://app.example.com/callback" }, "tenant_id": { "description": "Tenant ID", "type": "string", "example": "tenant-001" } } }, "dto.SSOInitiateResponse": { "description": "SSO登录启动响应", "type": "object", "properties": { "auth_url": { "description": "Authorization URL", "type": "string" }, "provider": { "description": "Provider", "type": "string" }, "return_url": { "description": "Return URL", "type": "string" }, "state": { "description": "State parameter", "type": "string" }, "tenant_id": { "description": "Tenant ID", "type": "string" } } }, "dto.SamlProviderItem": { "type": "object", "properties": { "allow_idp_initiated": { "type": "boolean", "example": false }, "certificate_expiry": { "type": "string" }, "created_at": { "type": "string", "example": "2026-05-31T10:00:00Z" }, "default_redirect_uri": { "type": "string", "example": "https://app.example.com" }, "enabled": { "type": "boolean", "example": true }, "entity_id": { "type": "string", "example": "https://login.microsoftonline.com/example/saml2" }, "force_authn": { "type": "boolean", "example": false }, "has_backup_cert": { "type": "boolean", "example": false }, "id": { "type": "string", "example": "01JNXXXXX..." }, "name": { "type": "string", "example": "Azure AD" }, "name_id_format": { "type": "string", "example": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" }, "slo_url": { "type": "string", "example": "https://login.microsoftonline.com/example/saml2/slo" }, "sso_url": { "type": "string", "example": "https://login.microsoftonline.com/example/saml2" }, "tenant_id": { "type": "string", "example": "01JNYYYYY..." }, "updated_at": { "type": "string", "example": "2026-05-31T10:00:00Z" }, "want_authn_signed": { "type": "boolean", "example": true } } }, "dto.SamlProviderItemDetailResponse": { "type": "object", "properties": { "code": { "type": "integer" }, "data": { "$ref": "#/definitions/dto.SamlProviderItem" }, "message": { "type": "string" }, "timestamp": { "type": "string" } } }, "dto.SamlProviderListData": { "type": "object", "properties": { "providers": { "type": "array", "items": { "$ref": "#/definitions/dto.SamlProviderItem" } } } }, "dto.SamlProviderListDetailResponse": { "type": "object", "properties": { "code": { "type": "integer" }, "data": { "$ref": "#/definitions/dto.SamlProviderListData" }, "message": { "type": "string" }, "timestamp": { "type": "string" } } }, "dto.SamlProviderRequest": { "type": "object", "required": [ "certificate", "entity_id", "name", "sso_url" ], "properties": { "allow_idp_initiated": { "type": "boolean", "example": false }, "certificate": { "type": "string", "example": "-----BEGIN CERTIFICATE-----\nMIID\n-----END CERTIFICATE-----" }, "certificate_backup": { "type": "string", "example": "-----BEGIN CERTIFICATE-----\nMIID\n-----END CERTIFICATE-----" }, "default_redirect_uri": { "type": "string", "example": "https://app.example.com" }, "enabled": { "type": "boolean", "example": true }, "entity_id": { "type": "string", "example": "https://login.microsoftonline.com/example/saml2" }, "force_authn": { "type": "boolean", "example": false }, "name": { "type": "string", "example": "Azure AD" }, "name_id_format": { "type": "string", "example": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" }, "should_clear_backup": { "type": "boolean", "example": false }, "slo_url": { "type": "string", "example": "https://login.microsoftonline.com/example/saml2/slo" }, "sso_url": { "type": "string", "example": "https://login.microsoftonline.com/example/saml2" }, "want_authn_signed": { "type": "boolean", "example": true } } }, "dto.SecurityEventDismissRequest": { "description": "标记安全事件为已处理", "type": "object", "properties": { "reason": { "description": "处理原因", "type": "string", "example": "This was me, recognized device" } } }, "dto.SecurityEventListResponse": { "type": "object", "properties": { "code": { "type": "integer" }, "items": { "description": "统一使用 items", "type": "array", "items": { "$ref": "#/definitions/dto.SecurityEventResponse" } }, "message": { "type": "string" }, "pagination": { "description": "分页信息(嵌套对象)", "allOf": [ { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.PageInfo" } ] }, "timestamp": { "type": "string" }, "total": { "description": "总条数(平铺,便于直接读取)", "type": "integer" } } }, "dto.SecurityEventResponse": { "description": "用户安全事件", "type": "object", "properties": { "created_at": { "description": "事件时间", "type": "string", "example": "2026-04-15T10:30:00Z" }, "description": { "description": "描述", "type": "string", "example": "New login from Beijing, CN" }, "dismissed": { "description": "是否已处理", "type": "boolean", "example": false }, "id": { "description": "事件ID", "type": "string", "example": "evt_abc123" }, "ip": { "description": "来源IP", "type": "string", "example": "203.0.113.1" }, "location": { "description": "来源位置", "type": "string", "example": "Beijing, CN" }, "severity": { "description": "严重级别", "type": "string", "example": "medium" }, "type": { "description": "事件类型", "type": "string", "example": "anomalous_login" } } }, "dto.SecurityStatusResponse": { "description": "用户账户安全状态", "type": "object", "properties": { "can_login": { "description": "是否可以登录", "type": "boolean", "example": true }, "email_verified": { "description": "邮箱验证", "type": "boolean", "example": true }, "is_locked": { "description": "是否锁定", "type": "boolean", "example": false }, "lock_until": { "description": "锁定截止", "type": "string", "example": "2026-04-15T12:00:00Z" }, "login_fail_count": { "description": "失败次数", "type": "integer", "example": 0 }, "max_attempts": { "description": "最大尝试次数", "type": "integer", "example": 5 }, "mfa_enabled": { "description": "MFA启用", "type": "boolean", "example": true }, "phone_verified": { "description": "手机验证", "type": "boolean", "example": true } } }, "dto.SecurityStatusResponse2": { "type": "object", "properties": { "code": { "type": "integer" }, "data": { "$ref": "#/definitions/dto.SecurityStatusResponse" }, "message": { "type": "string" }, "timestamp": { "type": "string" } } }, "dto.SelfTrustDeviceRequest": { "description": "信任设备请求参数", "type": "object", "properties": { "trusted": { "description": "Is trusted", "type": "boolean", "example": true } } }, "dto.SendLoginCodeRequest": { "type": "object", "properties": { "email": { "type": "string" }, "phone": { "type": "string" } } }, "dto.SendLoginCodeResponse": { "type": "object", "properties": { "channel": { "description": "\"email\" or \"sms\"", "type": "string" }, "expires_in": { "description": "TTL in seconds", "type": "integer" }, "target": { "description": "masked email or phone", "type": "string" } } }, "dto.SendSMSCodeRequest": { "type": "object", "required": [ "phone" ], "properties": { "phone": { "type": "string" } } }, "dto.SendVerificationEmailRequest": { "type": "object", "required": [ "email" ], "properties": { "email": { "type": "string" } } }, "dto.SimpleResponseWrapper": { "type": "object", "properties": { "code": { "type": "integer" }, "message": { "type": "string" } } }, "dto.StopImpersonationResponse": { "type": "object", "properties": { "access_token": { "type": "string" }, "expires_in": { "type": "integer" }, "refresh_token": { "type": "string" }, "token_type": { "type": "string" } } }, "dto.SwitchTenantRequest": { "type": "object", "required": [ "tenant_id" ], "properties": { "tenant_id": { "type": "string" } } }, "dto.SwitchTenantResponse": { "type": "object", "properties": { "access_token": { "type": "string" }, "expires_in": { "type": "integer" }, "refresh_token": { "type": "string" }, "token_type": { "type": "string" }, "user": { "$ref": "#/definitions/dto.UserInfo" } } }, "dto.SwitchTenantResponseWrapper": { "type": "object", "properties": { "code": { "type": "integer" }, "data": { "$ref": "#/definitions/dto.SwitchTenantResponse" }, "message": { "type": "string" }, "timestamp": { "type": "string" } } }, "dto.TenantAuthPolicyListResponse": { "type": "object", "properties": { "code": { "type": "integer" }, "items": { "description": "统一使用 items", "type": "array", "items": { "$ref": "#/definitions/dto.TenantAuthPolicyResponse" } }, "message": { "type": "string" }, "pagination": { "description": "分页信息(嵌套对象)", "allOf": [ { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.PageInfo" } ] }, "timestamp": { "type": "string" }, "total": { "description": "总条数(平铺,便于直接读取)", "type": "integer" } } }, "dto.TenantAuthPolicyRequest": { "type": "object", "properties": { "captcha_enabled": { "type": "boolean" }, "change_cooldown_minutes": { "type": "integer" }, "check_breached_passwords": { "description": "Security Features", "type": "boolean" }, "cross_tenant_switch_enabled": { "type": "boolean" }, "device_fingerprint_enabled": { "type": "boolean" }, "device_trust_duration_hours": { "type": "integer" }, "expiry_days": { "description": "Password Lifecycle", "type": "integer" }, "force_change_on_first_login": { "type": "boolean" }, "grace_period_days": { "type": "integer" }, "history_count": { "type": "integer" }, "lockout_attempts": { "description": "Rate Limit / Lockout", "type": "integer" }, "lockout_duration_minutes": { "type": "integer" }, "login_methods": { "description": "Login Methods", "type": "array", "items": { "type": "string" } }, "magic_link_enabled": { "type": "boolean" }, "max_devices_per_user": { "description": "Device", "type": "integer" }, "max_length": { "type": "integer" }, "mfa_enabled": { "description": "MFA", "type": "boolean" }, "mfa_enforce_for_all": { "type": "boolean" }, "mfa_methods": { "type": "array", "items": { "type": "string" } }, "mfa_required_user_role": { "type": "string" }, "min_length": { "description": "Password Complexity", "type": "integer" }, "oauth_providers": { "type": "array", "items": { "type": "string" } }, "passkey_enabled": { "type": "boolean" }, "passkey_max_credentials": { "type": "integer" }, "passkey_user_verification": { "description": "Passkey", "type": "string" }, "password_transmission": { "type": "string" }, "pepper_enabled": { "type": "boolean" }, "refresh_token_rotation": { "type": "boolean" }, "remember_me_days": { "type": "integer" }, "require_digits": { "type": "boolean" }, "require_lowercase": { "type": "boolean" }, "require_special_chars": { "type": "boolean" }, "require_uppercase": { "type": "boolean" }, "session_bind_to_device": { "type": "boolean" }, "session_concurrent_limit": { "type": "integer" }, "session_idle_ttl_minutes": { "type": "integer" }, "session_ttl_minutes": { "description": "Session", "type": "integer" }, "silent_challenge_enabled": { "type": "boolean" }, "sso_providers": { "type": "array", "items": { "type": "string" } }, "web3_enabled": { "description": "Web3", "type": "boolean" } } }, "dto.TenantAuthPolicyResponse": { "type": "object", "properties": { "captcha_enabled": { "type": "boolean" }, "change_cooldown_minutes": { "type": "integer" }, "check_breached_passwords": { "description": "Security Features", "type": "boolean" }, "created_at": { "type": "string" }, "cross_tenant_switch_enabled": { "type": "boolean" }, "device_fingerprint_enabled": { "type": "boolean" }, "device_trust_duration_hours": { "type": "integer" }, "expiry_days": { "description": "Password Lifecycle", "type": "integer" }, "force_change_on_first_login": { "type": "boolean" }, "grace_period_days": { "type": "integer" }, "history_count": { "type": "integer" }, "lockout_attempts": { "description": "Rate Limit", "type": "integer" }, "lockout_duration_minutes": { "type": "integer" }, "login_methods": { "description": "Login Methods", "type": "array", "items": { "type": "string" } }, "magic_link_enabled": { "type": "boolean" }, "max_devices_per_user": { "description": "Device", "type": "integer" }, "max_length": { "type": "integer" }, "mfa_enabled": { "description": "MFA", "type": "boolean" }, "mfa_enforce_for_all": { "type": "boolean" }, "mfa_methods": { "type": "array", "items": { "type": "string" } }, "mfa_required_user_role": { "type": "string" }, "min_length": { "description": "Password Complexity", "type": "integer" }, "oauth_providers": { "type": "array", "items": { "type": "string" } }, "passkey_enabled": { "type": "boolean" }, "passkey_max_credentials": { "type": "integer" }, "passkey_user_verification": { "description": "Passkey", "type": "string" }, "password_transmission": { "type": "string" }, "pepper_enabled": { "type": "boolean" }, "refresh_token_rotation": { "type": "boolean" }, "remember_me_days": { "type": "integer" }, "require_digits": { "type": "boolean" }, "require_lowercase": { "type": "boolean" }, "require_special_chars": { "type": "boolean" }, "require_uppercase": { "type": "boolean" }, "session_bind_to_device": { "type": "boolean" }, "session_concurrent_limit": { "type": "integer" }, "session_idle_ttl_minutes": { "type": "integer" }, "session_ttl_minutes": { "description": "Session", "type": "integer" }, "silent_challenge_enabled": { "type": "boolean" }, "sso_providers": { "type": "array", "items": { "type": "string" } }, "tenant_id": { "type": "string" }, "updated_at": { "type": "string" }, "web3_enabled": { "description": "Web3", "type": "boolean" } } }, "dto.TenantInfo": { "type": "object", "properties": { "id": { "type": "string" }, "name": { "type": "string" }, "role": { "type": "string" } } }, "dto.TenantMatch": { "type": "object", "properties": { "display_name": { "type": "string" }, "login_methods": { "type": "array", "items": { "type": "string" } }, "oauth_providers": { "type": "array", "items": { "type": "string" } }, "slug": { "type": "string" }, "tenant_id": { "type": "string" }, "tenant_name": { "type": "string" } } }, "dto.TicketSigninRequest": { "description": "票据签名登录请求参数", "type": "object", "required": [ "ticket" ], "properties": { "ticket": { "description": "一次性票据", "type": "string", "example": "a1b2c3d4..." } } }, "dto.TrustDeviceRequest": { "description": "信任设备请求参数", "type": "object", "required": [ "trust" ], "properties": { "trust": { "description": "是否信任", "type": "boolean" } } }, "dto.UnbindOAuthRequest": { "description": "解绑OAuth账户请求", "type": "object", "required": [ "provider" ], "properties": { "provider": { "description": "Provider", "type": "string" } } }, "dto.UnlockAccountRequest": { "description": "解锁账户请求参数", "type": "object", "properties": { "reason": { "description": "解锁原因", "type": "string" } } }, "dto.UpdateABACPolicyRequest": { "type": "object", "properties": { "condition": { "type": "string" }, "description": { "type": "string" }, "effect": { "type": "string" }, "enabled": { "type": "boolean" }, "name": { "type": "string" }, "priority": { "type": "integer" } } }, "dto.UpdateApiKeyScopesRequest": { "type": "object", "required": [ "scopes" ], "properties": { "scopes": { "type": "array", "items": { "type": "string" } } } }, "dto.UpdateApiKeyStatusRequest": { "type": "object", "required": [ "status" ], "properties": { "status": { "type": "string", "enum": [ "active", "inactive" ] } } }, "dto.UpdateAuthConfigRequest": { "description": "更新全局认证安全配置", "type": "object", "properties": { "breach_check_enabled": { "type": "boolean" }, "captcha_enabled": { "type": "boolean" }, "change_cooldown_minutes": { "description": "密码修改冷却时间(分钟)", "type": "integer" }, "cross_tenant_switch_enabled": { "description": "跨租户切换策略控制", "type": "boolean" }, "device_fingerprint_enabled": { "type": "boolean" }, "expiry_days": { "description": "密码过期天数", "type": "integer" }, "grace_period_days": { "description": "过期宽限天数", "type": "integer" }, "history_count": { "description": "密码历史保留数量", "type": "integer" }, "lock_duration_sec": { "description": "账户锁定时间(秒)", "type": "integer" }, "login_methods": { "type": "array", "items": { "type": "string" } }, "magic_link_enabled": { "type": "boolean" }, "max_length": { "description": "最大长度", "type": "integer" }, "max_login_attempts": { "description": "最大登录失败次数", "type": "integer" }, "membership_approval": { "type": "string" }, "min_length": { "description": "最小长度", "type": "integer" }, "oauth_providers": { "type": "array", "items": { "type": "string" } }, "passkey_enabled": { "type": "boolean" }, "password_transmission": { "description": "密码传输方式", "type": "string" }, "pepper_enabled": { "type": "boolean" }, "require_digit": { "description": "需要数字", "type": "boolean" }, "require_lower": { "description": "需要小写字母", "type": "boolean" }, "require_special": { "description": "需要特殊字符", "type": "boolean" }, "require_upper": { "description": "需要大写字母", "type": "boolean" }, "silent_challenge_enabled": { "type": "boolean" }, "sso_providers": { "type": "array", "items": { "type": "string" } } } }, "dto.UpdateCurrentUserAuthResponse": { "type": "object", "properties": { "code": { "type": "integer" }, "message": { "type": "string" } } }, "dto.UpdateIDPRequest": { "description": "更新身份提供商请求参数", "type": "object", "properties": { "attribute_mapping": { "description": "字段映射", "type": "object", "additionalProperties": { "type": "string" } }, "auth_url": { "description": "授权端点", "type": "string", "example": "https://example.com/auth" }, "client_id": { "description": "Client ID", "type": "string", "example": "client_123" }, "client_secret": { "description": "Client Secret", "type": "string", "example": "secret_456" }, "config": { "description": "额外配置", "type": "object", "additionalProperties": true }, "display_name": { "description": "前端展示名称", "type": "string", "example": "My OIDC Provider" }, "icon_url": { "description": "图标URL", "type": "string", "example": "https://example.com/icon.png" }, "name": { "description": "显示名称", "type": "string", "example": "My OIDC Provider" }, "scopes": { "description": "权限范围", "type": "array", "items": { "type": "string" }, "example": [ "[openid", "profile", "email]" ] }, "sort_order": { "description": "排序", "type": "integer", "example": 0 }, "status": { "description": "状态", "type": "string", "example": "active" }, "token_url": { "description": "Token端点", "type": "string", "example": "https://example.com/token" }, "user_info_url": { "description": "用户信息端点", "type": "string", "example": "https://example.com/userinfo" } } }, "dto.UpdateJITConfigRequest": { "description": "更新身份提供商的JIT(Just-In-Time)用户自动创建策略配置", "type": "object", "properties": { "attribute_mapping_id": { "type": "string", "example": "attr_map_001" }, "auto_create_user": { "type": "boolean", "example": true }, "default_role": { "type": "string", "example": "member" }, "enabled": { "type": "boolean", "example": true } } }, "dto.UpdatePasswordPolicyRequest": { "description": "运行时更新密码策略请求", "type": "object", "properties": { "change_cooldown_minutes": { "description": "密码修改冷却时间(分钟)", "type": "integer" }, "expiry_days": { "description": "密码过期天数", "type": "integer" }, "grace_period_days": { "description": "过期宽限天数", "type": "integer" }, "history_count": { "description": "密码历史保留数量", "type": "integer" }, "lock_duration_sec": { "description": "账户锁定时间(秒)", "type": "integer" }, "max_length": { "description": "最大长度", "type": "integer" }, "max_login_attempts": { "description": "最大登录失败次数", "type": "integer" }, "min_length": { "description": "最小长度", "type": "integer" }, "password_transmission": { "description": "密码传输方式", "type": "string" }, "require_digit": { "description": "需要数字", "type": "boolean" }, "require_lower": { "description": "需要小写字母", "type": "boolean" }, "require_special": { "description": "需要特殊字符", "type": "boolean" }, "require_upper": { "description": "需要大写字母", "type": "boolean" } } }, "dto.UpdateUserAuthRequest": { "description": "更新当前认证用户请求", "type": "object", "properties": { "mfa_enabled": { "description": "MFAEnabled", "type": "boolean" }, "username": { "description": "Username", "type": "string" } } }, "dto.UpdateUserResponse": { "type": "object", "properties": { "code": { "type": "integer" }, "data": { "$ref": "#/definitions/dto.AuthUserResponse" }, "message": { "type": "string" }, "timestamp": { "type": "string" } } }, "dto.UserDetailResponse": { "type": "object", "properties": { "code": { "type": "integer" }, "data": { "$ref": "#/definitions/dto.UserWithIdentitiesResponse" }, "message": { "type": "string" }, "timestamp": { "type": "string" } } }, "dto.UserInfo": { "description": "用户基本信息", "type": "object", "properties": { "created_at": { "description": "Account creation time", "type": "string" }, "email": { "description": "Email", "type": "string" }, "id": { "description": "User ID", "type": "string" }, "must_change_password": { "description": "Password must be changed", "type": "boolean" }, "password_expires_in": { "description": "Days until password expires", "type": "integer" }, "password_warning": { "description": "Password warning: expiring/expired_grace/expired", "type": "string" }, "phone": { "description": "Phone", "type": "string" }, "status": { "description": "Status", "type": "string" }, "username": { "description": "Username", "type": "string" } } }, "dto.UserInfoResponseWrapper": { "type": "object", "properties": { "code": { "type": "integer" }, "data": { "$ref": "#/definitions/dto.UserInfo" }, "message": { "type": "string" }, "timestamp": { "type": "string" } } }, "dto.UserListResponse": { "type": "object", "properties": { "code": { "type": "integer" }, "items": { "description": "统一使用 items", "type": "array", "items": { "$ref": "#/definitions/dto.AuthUserResponse" } }, "message": { "type": "string" }, "pagination": { "description": "分页信息(嵌套对象)", "allOf": [ { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.PageInfo" } ] }, "timestamp": { "type": "string" }, "total": { "description": "总条数(平铺,便于直接读取)", "type": "integer" } } }, "dto.UserUpdateRequest": { "description": "更新用户请求参数", "type": "object", "properties": { "age_group": { "description": "年龄段", "type": "string" }, "birth_date": { "description": "出生日期", "type": "string" }, "department_id": { "description": "部门ID", "type": "string" }, "email": { "description": "邮箱", "type": "string" }, "is_minor": { "description": "是否未成年", "type": "boolean" }, "nickname": { "description": "昵称", "type": "string" }, "pending_parental_consent": { "description": "是否等待家长同意", "type": "boolean" }, "phone": { "description": "手机号", "type": "string" }, "role": { "description": "角色", "type": "string" } } }, "dto.UserWithIdentitiesResponse": { "type": "object", "properties": { "identities": { "type": "array", "items": { "$ref": "#/definitions/dto.IdentityResponse" } }, "user": { "$ref": "#/definitions/dto.AuthUserResponse" } } }, "dto.ValidateKeyRequest": { "type": "object", "required": [ "api_key" ], "properties": { "api_key": { "type": "string" } } }, "dto.ValidateKeyResult": { "type": "object", "properties": { "ip_restrictions": { "type": "array", "items": { "$ref": "#/definitions/dto.ipRestrictionDTO" } }, "key_id": { "type": "string" }, "scopes": { "type": "array", "items": { "type": "string" } }, "status": { "type": "string" }, "tenant_id": { "type": "string" }, "user_id": { "type": "string" } } }, "dto.VerifyAccountRecoveryRequest": { "description": "验证账户恢复验证码", "type": "object", "required": [ "code", "recovery_token" ], "properties": { "code": { "description": "验证码", "type": "string" }, "recovery_token": { "description": "恢复令牌", "type": "string" } } }, "dto.VerifyChangeRequest": { "description": "验证邮箱/手机号变更", "type": "object", "required": [ "code" ], "properties": { "code": { "description": "验证码", "type": "string" } } }, "dto.VerifyEmailRequest": { "type": "object", "required": [ "code", "email" ], "properties": { "code": { "type": "string" }, "email": { "type": "string" } } }, "dto.VerifyMFAChallengeRequest": { "type": "object", "required": [ "challenge_token", "code" ], "properties": { "challenge_token": { "type": "string" }, "code": { "type": "string" }, "mfa_method": { "description": "totp/sms/email/push — default totp; for push, code is challenge_id", "type": "string" } } }, "dto.VerifyPasswordData": { "type": "object", "properties": { "user_id": { "type": "string" }, "valid": { "type": "boolean" } } }, "dto.VerifyPasswordRequest": { "description": "验证密码请求", "type": "object", "required": [ "identifier", "password" ], "properties": { "identifier": { "description": "Identifier", "type": "string" }, "password": { "description": "Password", "type": "string" } } }, "dto.VerifyPasswordResponse": { "type": "object", "properties": { "code": { "type": "integer" }, "data": { "$ref": "#/definitions/dto.VerifyPasswordData" }, "message": { "type": "string" }, "timestamp": { "type": "string" } } }, "dto.VerifyPhoneRequest": { "type": "object", "required": [ "code", "phone" ], "properties": { "code": { "type": "string" }, "phone": { "type": "string" } } }, "dto.VerifyResetCodeRequest": { "description": "验证重置码请求参数", "type": "object", "required": [ "code", "identity" ], "properties": { "code": { "description": "Verification code", "type": "string" }, "identity": { "description": "Email or phone", "type": "string" } } }, "dto.Web3VerifyRequest": { "type": "object", "required": [ "address", "message", "signature" ], "properties": { "address": { "type": "string", "example": "0xAb5801a7D398351b8bE11C439e05C5B3259aeC9B" }, "message": { "type": "string", "example": "Sign this message to verify wallet ownership." }, "signature": { "type": "string", "example": "0x1234abc..." } } }, "dto.Web3VerifyResponse": { "type": "object", "properties": { "address": { "type": "string", "example": "0xAb5801a7D398351b8bE11C439e05C5B3259aeC9B" }, "message": { "type": "string", "example": "Signature verification successful" }, "verified": { "type": "boolean", "example": true } } }, "dto.WebAuthnAuthenticatorSelection": { "type": "object", "properties": { "authenticatorAttachment": { "type": "string" }, "residentKey": { "type": "string" }, "userVerification": { "type": "string" } } }, "dto.WebAuthnCredentialDescriptor": { "type": "object", "properties": { "id": { "type": "string" }, "transports": { "type": "array", "items": { "type": "string" } }, "type": { "type": "string" } } }, "dto.WebAuthnCredentialParameter": { "type": "object", "properties": { "alg": { "type": "integer" }, "type": { "type": "string" } } }, "dto.WebAuthnLoginOptionsResponse": { "type": "object", "properties": { "allowCredentials": { "type": "array", "items": { "$ref": "#/definitions/dto.WebAuthnCredentialDescriptor" } }, "challenge": { "type": "string" }, "rpId": { "type": "string" }, "timeout": { "type": "integer" }, "userVerification": { "type": "string" } } }, "dto.WebAuthnLoginResponse": { "type": "object", "properties": { "publicKey": { "$ref": "#/definitions/dto.WebAuthnLoginOptionsResponse" } } }, "dto.WebAuthnLoginResponseWrapper": { "type": "object", "properties": { "code": { "type": "integer" }, "data": { "$ref": "#/definitions/dto.WebAuthnLoginResponse" }, "message": { "type": "string" }, "timestamp": { "type": "string" } } }, "dto.WebAuthnRPEntity": { "type": "object", "properties": { "id": { "type": "string" }, "name": { "type": "string" } } }, "dto.WebAuthnRegistrationOptionsResponse": { "description": "WebAuthn navigator.credentials.create() 的 publicKey 参数", "type": "object", "properties": { "attestation": { "type": "string" }, "authenticatorSelection": { "$ref": "#/definitions/dto.WebAuthnAuthenticatorSelection" }, "challenge": { "type": "string" }, "pubKeyCredParams": { "type": "array", "items": { "$ref": "#/definitions/dto.WebAuthnCredentialParameter" } }, "rp": { "$ref": "#/definitions/dto.WebAuthnRPEntity" }, "timeout": { "type": "integer" }, "user": { "$ref": "#/definitions/dto.WebAuthnUserEntity" } } }, "dto.WebAuthnRegistrationResponse": { "type": "object", "properties": { "publicKey": { "$ref": "#/definitions/dto.WebAuthnRegistrationOptionsResponse" } } }, "dto.WebAuthnRegistrationResponseWrapper": { "type": "object", "properties": { "code": { "type": "integer" }, "data": { "$ref": "#/definitions/dto.WebAuthnRegistrationResponse" }, "message": { "type": "string" }, "timestamp": { "type": "string" } } }, "dto.WebAuthnUserEntity": { "type": "object", "properties": { "displayName": { "type": "string" }, "id": { "type": "string" }, "name": { "type": "string" } } }, "dto.ipRestrictionDTO": { "type": "object", "properties": { "id": { "type": "string" }, "label": { "type": "string" }, "status": { "type": "string" }, "value": { "type": "string" } } }, "gitee_com_linmes_authms_base_dto.DataResponse-any": { "type": "object", "properties": { "code": { "type": "integer" }, "data": {}, "message": { "type": "string" }, "timestamp": { "type": "string" } } }, "gitee_com_linmes_authms_base_dto.DataResponse-array_dto_ActivationResponse": { "type": "object", "properties": { "code": { "type": "integer" }, "data": { "type": "array", "items": { "$ref": "#/definitions/dto.ActivationResponse" } }, "message": { "type": "string" }, "timestamp": { "type": "string" } } }, "gitee_com_linmes_authms_base_dto.DataResponse-array_dto_DiscoverTenantInfo": { "type": "object", "properties": { "code": { "type": "integer" }, "data": { "type": "array", "items": { "$ref": "#/definitions/dto.DiscoverTenantInfo" } }, "message": { "type": "string" }, "timestamp": { "type": "string" } } }, "gitee_com_linmes_authms_base_dto.DataResponse-domain_AgentInfo": { "type": "object", "properties": { "code": { "type": "integer" }, "data": { "$ref": "#/definitions/domain.AgentInfo" }, "message": { "type": "string" }, "timestamp": { "type": "string" } } }, "gitee_com_linmes_authms_base_dto.DataResponse-domain_FamilyMemberInfo": { "type": "object", "properties": { "code": { "type": "integer" }, "data": { "$ref": "#/definitions/domain.FamilyMemberInfo" }, "message": { "type": "string" }, "timestamp": { "type": "string" } } }, "gitee_com_linmes_authms_base_dto.DataResponse-domain_RobotInfo": { "type": "object", "properties": { "code": { "type": "integer" }, "data": { "$ref": "#/definitions/domain.RobotInfo" }, "message": { "type": "string" }, "timestamp": { "type": "string" } } }, "gitee_com_linmes_authms_base_dto.DataResponse-dto_ABACPolicyResponse": { "type": "object", "properties": { "code": { "type": "integer" }, "data": { "$ref": "#/definitions/dto.ABACPolicyResponse" }, "message": { "type": "string" }, "timestamp": { "type": "string" } } }, "gitee_com_linmes_authms_base_dto.DataResponse-dto_ActivationResponse": { "type": "object", "properties": { "code": { "type": "integer" }, "data": { "$ref": "#/definitions/dto.ActivationResponse" }, "message": { "type": "string" }, "timestamp": { "type": "string" } } }, "gitee_com_linmes_authms_base_dto.DataResponse-dto_CleanupExpiredResponse": { "type": "object", "properties": { "code": { "type": "integer" }, "data": { "$ref": "#/definitions/dto.CleanupExpiredResponse" }, "message": { "type": "string" }, "timestamp": { "type": "string" } } }, "gitee_com_linmes_authms_base_dto.DataResponse-dto_IdentifierDiscoveryResponse": { "type": "object", "properties": { "code": { "type": "integer" }, "data": { "$ref": "#/definitions/dto.IdentifierDiscoveryResponse" }, "message": { "type": "string" }, "timestamp": { "type": "string" } } }, "gitee_com_linmes_authms_base_dto.DataResponse-dto_ImpersonateResponse": { "type": "object", "properties": { "code": { "type": "integer" }, "data": { "$ref": "#/definitions/dto.ImpersonateResponse" }, "message": { "type": "string" }, "timestamp": { "type": "string" } } }, "gitee_com_linmes_authms_base_dto.DataResponse-dto_KeyExchangeResponse": { "type": "object", "properties": { "code": { "type": "integer" }, "data": { "$ref": "#/definitions/dto.KeyExchangeResponse" }, "message": { "type": "string" }, "timestamp": { "type": "string" } } }, "gitee_com_linmes_authms_base_dto.DataResponse-dto_PasswordStrengthResponse": { "type": "object", "properties": { "code": { "type": "integer" }, "data": { "$ref": "#/definitions/dto.PasswordStrengthResponse" }, "message": { "type": "string" }, "timestamp": { "type": "string" } } }, "gitee_com_linmes_authms_base_dto.DataResponse-dto_PublicAuthConfigResponse": { "type": "object", "properties": { "code": { "type": "integer" }, "data": { "$ref": "#/definitions/dto.PublicAuthConfigResponse" }, "message": { "type": "string" }, "timestamp": { "type": "string" } } }, "gitee_com_linmes_authms_base_dto.DataResponse-dto_QrLoginInitiateResponse": { "type": "object", "properties": { "code": { "type": "integer" }, "data": { "$ref": "#/definitions/dto.QrLoginInitiateResponse" }, "message": { "type": "string" }, "timestamp": { "type": "string" } } }, "gitee_com_linmes_authms_base_dto.DataResponse-dto_QrLoginStatusResponse": { "type": "object", "properties": { "code": { "type": "integer" }, "data": { "$ref": "#/definitions/dto.QrLoginStatusResponse" }, "message": { "type": "string" }, "timestamp": { "type": "string" } } }, "gitee_com_linmes_authms_base_dto.DataResponse-dto_SendLoginCodeResponse": { "type": "object", "properties": { "code": { "type": "integer" }, "data": { "$ref": "#/definitions/dto.SendLoginCodeResponse" }, "message": { "type": "string" }, "timestamp": { "type": "string" } } }, "gitee_com_linmes_authms_base_dto.DataResponse-dto_StopImpersonationResponse": { "type": "object", "properties": { "code": { "type": "integer" }, "data": { "$ref": "#/definitions/dto.StopImpersonationResponse" }, "message": { "type": "string" }, "timestamp": { "type": "string" } } }, "gitee_com_linmes_authms_base_dto.DataResponse-dto_Web3VerifyResponse": { "type": "object", "properties": { "code": { "type": "integer" }, "data": { "$ref": "#/definitions/dto.Web3VerifyResponse" }, "message": { "type": "string" }, "timestamp": { "type": "string" } } }, "gitee_com_linmes_authms_base_dto.DataResponse-gitee_com_linmes_authms_micro-services_identity-service_internal_device_domain_DeviceInfo": { "type": "object", "properties": { "code": { "type": "integer" }, "data": { "$ref": "#/definitions/gitee_com_linmes_authms_micro-services_identity-service_internal_device_domain.DeviceInfo" }, "message": { "type": "string" }, "timestamp": { "type": "string" } } }, "gitee_com_linmes_authms_base_dto.DataResponse-handler_IssueIntentTokenResponse": { "type": "object", "properties": { "code": { "type": "integer" }, "data": { "$ref": "#/definitions/handler.IssueIntentTokenResponse" }, "message": { "type": "string" }, "timestamp": { "type": "string" } } }, "gitee_com_linmes_authms_base_dto.DataResponse-handler_rebacCheckResponse": { "type": "object", "properties": { "code": { "type": "integer" }, "data": { "$ref": "#/definitions/handler.rebacCheckResponse" }, "message": { "type": "string" }, "timestamp": { "type": "string" } } }, "gitee_com_linmes_authms_base_dto.DataResponse-string": { "type": "object", "properties": { "code": { "type": "integer" }, "data": { "type": "string" }, "message": { "type": "string" }, "timestamp": { "type": "string" } } }, "gitee_com_linmes_authms_base_dto.PageInfo": { "type": "object", "properties": { "has_next": { "description": "HasNext indicates whether there is a next page", "type": "boolean" }, "has_prev": { "description": "HasPrev indicates whether there is a previous page", "type": "boolean" }, "page": { "description": "Page is the current page number (1-based)", "type": "integer" }, "page_size": { "description": "PageSize is the number of items per page", "type": "integer" }, "total": { "description": "Total is the total number of items across all pages", "type": "integer" }, "total_pages": { "description": "TotalPages is the total number of pages", "type": "integer" } } }, "gitee_com_linmes_authms_base_dto.SimpleResponse": { "type": "object", "properties": { "code": { "type": "integer" }, "message": { "type": "string" }, "timestamp": { "type": "string" } } }, "gitee_com_linmes_authms_micro-services_identity-service_internal_device_domain.DeviceInfo": { "type": "object", "properties": { "created_at": { "type": "string" }, "firmware_ver": { "type": "string" }, "hardware_id": { "type": "string" }, "identity_id": { "type": "string" }, "manufacturer": { "type": "string" }, "name": { "type": "string" }, "owner_id": { "type": "string" }, "pairing_code": { "type": "string" }, "status": { "type": "string" }, "updated_at": { "type": "string" }, "workload_subtype": { "type": "string" } } }, "gitee_com_linmes_authms_micro-services_identity-service_internal_handler_dto.DataResponse": { "type": "object", "properties": { "code": { "type": "integer" }, "data": { "type": "object", "additionalProperties": true }, "message": { "type": "string" } } }, "gitee_com_linmes_authms_micro-services_identity-service_internal_handler_dto.UpdateAttributeMappingRequest": { "description": "更新身份提供商的字段映射配置", "type": "object", "required": [ "mappings" ], "properties": { "mappings": { "type": "object", "additionalProperties": { "type": "string" } } } }, "gitee_com_linmes_authms_micro-services_identity-service_internal_saml_handler_dto.UpdateAttributeMappingRequest": { "type": "object", "required": [ "mappings" ], "properties": { "mappings": { "type": "object", "additionalProperties": { "type": "string" } } } }, "handler.BackchannelLogoutRequest": { "type": "object", "properties": { "logout_token": { "type": "string" } } }, "handler.CheckPublicPasswordStrengthRequest": { "type": "object", "required": [ "password" ], "properties": { "password": { "type": "string", "example": "MyP@ssw0rd!" } } }, "handler.IssueIntentTokenRequest": { "type": "object", "properties": { "actions": { "type": "array", "items": { "type": "string" } }, "allowed_zones": { "type": "array", "items": { "type": "string" } }, "max_speed": { "type": "number" } } }, "handler.IssueIntentTokenResponse": { "type": "object", "properties": { "intent_token": { "type": "string" } } }, "handler.RevokeIntentTokenRequest": { "type": "object", "properties": { "intent_token": { "type": "string" } } }, "handler.SamlLinkedAccountInfo": { "type": "object", "properties": { "email": { "type": "string" }, "id": { "type": "string" }, "linked_at": { "type": "string" }, "name_id": { "type": "string" }, "provider_id": { "type": "string" }, "provider_name": { "type": "string" } } }, "handler.SelfServicePasswordStrengthRequest": { "type": "object", "required": [ "password" ], "properties": { "password": { "type": "string", "example": "MyP@ssw0rd!" } } }, "handler.beginLoginRequest": { "type": "object", "required": [ "password" ], "properties": { "password": { "type": "string", "minLength": 1 } } }, "handler.beginRegistrationRequest": { "type": "object", "required": [ "password", "user_name" ], "properties": { "display_name": { "type": "string" }, "password": { "type": "string", "minLength": 1 }, "user_name": { "type": "string" } } }, "handler.completeLoginRequest": { "type": "object", "properties": { "id": { "type": "string" }, "raw_id": { "type": "string" }, "response": { "type": "object", "properties": { "authenticator_data": { "type": "string" }, "client_data_json": { "type": "string" }, "signature": { "type": "string" }, "user_handle": { "description": "base64url, 条件UI返回的用户标识", "type": "string" } } }, "type": { "type": "string" }, "user_id": { "type": "string" } } }, "handler.completeRegistrationRequest": { "type": "object", "required": [ "credential" ], "properties": { "credential": { "$ref": "#/definitions/webauthn.CredentialCreation" } } }, "handler.rebacCheckRequest": { "type": "object", "required": [ "object_id", "object_type", "relation", "subject_id", "subject_type" ], "properties": { "object_id": { "type": "string" }, "object_type": { "type": "string" }, "relation": { "type": "string" }, "subject_id": { "type": "string" }, "subject_type": { "type": "string" } } }, "handler.rebacCheckResponse": { "type": "object", "properties": { "allowed": { "type": "boolean" } } }, "webauthn.AuthenticationResponse": { "type": "object", "properties": { "id": { "type": "string" }, "raw_id": { "type": "string" }, "response": { "type": "object", "properties": { "authenticator_data": { "type": "string" }, "client_data_json": { "type": "string" }, "signature": { "type": "string" }, "user_handle": { "description": "base64url, 条件UI返回的用户标识", "type": "string" } } }, "type": { "type": "string" }, "user_id": { "type": "string" } } }, "webauthn.CredentialCreation": { "type": "object", "properties": { "id": { "type": "string" }, "raw_id": { "type": "string" }, "response": { "type": "object", "properties": { "attestation_object": { "type": "string" }, "client_data_json": { "type": "string" } } }, "type": { "type": "string" } } } }, "securityDefinitions": { "bearerAuth": { "description": "Type \"Bearer\" followed by a space and JWT token.", "type": "apiKey", "name": "Authorization", "in": "header" } }, "tags": [ { "description": "用户身份认证相关接口:登录、注册、密码管理、令牌刷新", "name": "身份认证" }, { "description": "API 密钥管理:创建、轮换、撤销", "name": "API Key" }, { "description": "多因素认证:TOTP、短信、邮件、生物识别、Push", "name": "多因素认证" }, { "description": "SAML 2.0 认证接口", "name": "SAML" }, { "description": "SAML 管理接口:IdP/SP 配置", "name": "SAML Admin" }, { "description": "跨域身份管理系统:用户和组同步", "name": "SCIM" }, { "description": "WebAuthn/FIDO2 无密码认证", "name": "WebAuthn" }, { "description": "外部身份提供商管理:OAuth/SAML/SCIM 配置", "name": "身份提供商" }, { "description": "OAuth 2.0 / OIDC 标准接口:授权码、令牌、自省、撤销", "name": "OAuth" }, { "description": "管理员接口:用户管理、系统配置、安全策略", "name": "Admin" }, { "description": "管理员机器人管理接口", "name": "Admin/Robots" }, { "description": "管理员物联网设备管理接口", "name": "Admin/IoTs" }, { "description": "管理员AI代理/服务账户管理接口", "name": "Admin/Agents" }, { "description": "物联网设备自管理接口", "name": "IoTs" }, { "description": "安全策略配置:密码策略、MFA策略、登录限制", "name": "安全策略" }, { "description": "未成年人账户管理:家长控制、年龄验证、合规", "name": "未成年人管理" }, { "description": "认证策略配置:授权策略、访问控制规则", "name": "认证策略管理" }, { "description": "账户恢复:忘记密码、账户找回、身份验证", "name": "账户恢复" } ] }