示例

POST /auth/login
POST /auth/register
POST /auth/logout
POST /auth/refresh


POST /otp/send

json

{
  "type": "password",
  "identifier": "xxx",
  "password": "xxx"
}

json

{
  "type": "otp",
  "channel": "email",
  "identifier": "user@example.com",
  "code": "123456"
}

OTP

频率限制
IP 限制
设备限制
黑名单

POST /otp/send

json

{
  "channel": "email",
  "identifier": "xxx",
  "code": "123456",
  "scene": "login"
}

type OTPRecord struct {
	ID         string    // otp_id（对外用）
	Identifier string    // 手机 / 邮箱
	Scene      string    // login / register / reset_password

	CodeHash   string    // 验证码 hash（不要存明文）
 
	Attempt    int       // 尝试次数
	MaxAttempt int 
}

POST /otp/verify

otp:vt:{token}

Proof 证明

verification_token

json

{
  "id": "token_id",
  "identifier": "user@example.com",
  "channel": "email",
  "scene": "login",

  "issued_at": 1710000000, // 发布时间
  "expire_at": 1710000300,

  "used": false

  extra:{}
}

示例 ​

login ​

OTP ​

示例

login

OTP