IAM/iam-service
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ce12b997f45a893ccdf534553a8ecbaa5a029a19
iam-service/docs/SCALAR_GUIDE.md
shay7sev ce12b997f4 fix(handlers): add handlers
2026-01-30 16:31:53 +08:00

156 lines
3.9 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# IAM Service — Scalar 调用顺序指南
## Authentication认证方式
本服务使用 **JWT Bearer Token**
- 登录成功后拿到 `access_token`
- 后续请求在 Header 中带:
- `Authorization: Bearer <access_token>`
- 租户上下文:
- 保护接口默认从 Token claim 的 `tenant_id` 推导租户
- 可选兼容 `X-Tenant-ID: <uuid>`,若同时提供 Header 与 Token则必须一致否则返回 403
## 通用响应结构
成功响应:
```json
{ "code": 0, "message": "Success|Created|Accepted", "data": {}, "trace_id": null }
```
错误响应(示例):
```json
{ "code": 20006, "message": "Missing authorization header", "details": null, "trace_id": null }
```
常见错误码(节选):
- 20006缺少必要 Header如 Authorization
- 20003无权限403
- 20005账号或密码错误
- 30000请求参数错误400
- 30002资源不存在404
- 30003资源冲突409
- 40000请求过于频繁429
- 10001数据库错误500
## Step-by-step可复制流程
### Step 0创建租户可选
**POST** `/tenants/register`
- Header
- Body
```json
{ "name": "Tenant A", "config": { "theme": { "primary": "#1d4ed8" } } }
```
成功201`data.id` 取出租户 ID
```json
{ "code": 0, "message": "Created", "data": { "id": "<tenant_id>", "name": "Tenant A", "status": "active", "config": {} }, "trace_id": null }
```
下一步依赖:`tenant_id`(用于注册/登录时的 `X-Tenant-ID`)。
### Step 1注册用户
**POST** `/auth/register`
- 必需 Header`X-Tenant-ID: <tenant_id>`
- Body
```json
{ "email": "user@example.com", "password": "securePassword123" }
```
成功201`data.id` 取出 `user_id`(后续可用于用户管理接口):
```json
{ "code": 0, "message": "Created", "data": { "id": "<user_id>", "email": "user@example.com" }, "trace_id": null }
```
### Step 2登录获取访问令牌Authentication 入口)
**POST** `/auth/login`
- 必需 Header`X-Tenant-ID: <tenant_id>`
- Body
```json
{ "email": "user@example.com", "password": "securePassword123" }
```
成功200`data.access_token` 取出访问令牌:
```json
{ "code": 0, "message": "Success", "data": { "access_token": "<jwt>", "refresh_token": "<opaque>", "token_type": "Bearer", "expires_in": 900 }, "trace_id": null }
```
下一步依赖:`access_token`
### Step 3获取当前租户信息Tenant
**GET** `/tenants/me`
- 必需 Header`Authorization: Bearer <access_token>`
- 可选 Header`X-Tenant-ID: <tenant_id>`(如提供必须与 token tenant_id 一致)
成功200
```json
{ "code": 0, "message": "Success", "data": { "id": "<tenant_id>", "name": "Tenant A", "status": "active", "config": {} }, "trace_id": null }
```
### Step 4查看当前用户权限Me
**GET** `/me/permissions`
- 必需 Header`Authorization: Bearer <access_token>`
成功200
```json
{ "code": 0, "message": "Success", "data": ["tenant:read","tenant:write"], "trace_id": null }
```
下一步依赖:确认具备目标权限(例如 `user:read` / `role:read`)。
### Step 5列出用户User
**GET** `/users?page=1&page_size=20`
- 必需 Header`Authorization: Bearer <access_token>`
- 分页规则:
- `page` 默认 1必须 >= 1
- `page_size` 默认 20范围 1..=200
成功200
```json
{ "code": 0, "message": "Success", "data": [{ "id": "<user_id>", "email": "user@example.com" }], "trace_id": null }
```
### Step 6列出角色Role
**GET** `/roles`
- 必需 Header`Authorization: Bearer <access_token>`
成功200
```json
{ "code": 0, "message": "Success", "data": [{ "id": "<role_id>", "name": "Admin", "description": "..." }], "trace_id": null }
```
## 限流说明Auth
- `/auth/login`:约 2 req/sburst 10同一 IP
- `/auth/register`:约 1 req/sburst 5同一 IP
- 触发后返回HTTP 429 + `code=40000`
Reference in New Issue View Git Blame Copy Permalink