insforge 1.2.10 → 1.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.claude-plugin/marketplace.json +20 -20
- package/.dockerignore +60 -60
- package/.env.example +83 -77
- package/.github/ISSUE_TEMPLATE/bug_report.yml +36 -36
- package/.github/ISSUE_TEMPLATE/config.yml +11 -11
- package/.github/ISSUE_TEMPLATE/feature_request.yml +26 -26
- package/.github/PULL_REQUEST_TEMPLATE.md +7 -7
- package/.github/copilot-instructions.md +146 -146
- package/.github/workflows/build-image.yml +65 -65
- package/.github/workflows/ci-premerge-check.yml +23 -23
- package/.github/workflows/e2e.yml +63 -63
- package/.github/workflows/lint-and-format.yml +32 -32
- package/.prettierignore +64 -64
- package/CHANGELOG.md +44 -44
- package/CLAUDE_PLUGIN.md +104 -104
- package/CODE_OF_CONDUCT.md +128 -128
- package/CONTRIBUTING.md +125 -125
- package/Dockerfile +30 -30
- package/GITHUB_OAUTH_SETUP.md +49 -49
- package/GOOGLE_OAUTH_SETUP.md +148 -148
- package/LICENSE +201 -201
- package/README.md +182 -182
- package/assets/Dark.svg +23 -23
- package/auth/package.json +28 -28
- package/auth/src/lib/broadcastService.ts +117 -115
- package/auth/src/pages/SignInPage.tsx +60 -57
- package/auth/src/pages/SignUpPage.tsx +60 -57
- package/auth/tsconfig.json +32 -32
- package/auth/tsconfig.node.json +11 -11
- package/backend/package.json +78 -75
- package/backend/src/api/routes/ai/index.routes.ts +3 -3
- package/backend/src/api/routes/auth/index.routes.ts +667 -570
- package/backend/src/api/routes/auth/oauth.routes.ts +473 -448
- package/backend/src/api/routes/database/advance.routes.ts +37 -16
- package/backend/src/api/routes/database/index.routes.ts +78 -1
- package/backend/src/api/routes/database/records.routes.ts +10 -10
- package/backend/src/api/routes/database/tables.routes.ts +0 -14
- package/backend/src/api/routes/docs/index.routes.ts +75 -76
- package/backend/src/api/routes/email/index.routes.ts +35 -0
- package/backend/src/api/routes/functions/index.routes.ts +18 -12
- package/backend/src/api/routes/metadata/index.routes.ts +12 -0
- package/backend/src/api/routes/realtime/channels.routes.ts +81 -0
- package/backend/src/api/routes/realtime/index.routes.ts +12 -0
- package/backend/src/api/routes/realtime/messages.routes.ts +48 -0
- package/backend/src/api/routes/realtime/permissions.routes.ts +19 -0
- package/backend/src/api/routes/storage/index.routes.ts +18 -12
- package/backend/src/api/routes/usage/index.routes.ts +6 -4
- package/backend/src/infra/database/database.manager.ts +14 -1
- package/backend/src/infra/database/migrations/000_create-base-tables.sql +141 -141
- package/backend/src/infra/database/migrations/001_create-helper-functions.sql +40 -40
- package/backend/src/infra/database/migrations/002_rename-auth-tables.sql +29 -29
- package/backend/src/infra/database/migrations/003_create-users-table.sql +55 -55
- package/backend/src/infra/database/migrations/004_add-reload-postgrest-func.sql +23 -23
- package/backend/src/infra/database/migrations/005_enable-project-admin-modify-users.sql +29 -29
- package/backend/src/infra/database/migrations/006_modify-ai-usage-table.sql +24 -24
- package/backend/src/infra/database/migrations/007_drop-metadata-table.sql +1 -1
- package/backend/src/infra/database/migrations/008_add-system-tables.sql +76 -76
- package/backend/src/infra/database/migrations/009_add-function-secrets.sql +23 -23
- package/backend/src/infra/database/migrations/010_modify-ai-config-modalities.sql +93 -93
- package/backend/src/infra/database/migrations/011_refactor-secrets-table.sql +15 -15
- package/backend/src/infra/database/migrations/012_add-storage-uploaded-by.sql +7 -7
- package/backend/src/infra/database/migrations/013_create-auth-schema-functions.sql +44 -44
- package/backend/src/infra/database/migrations/014_add-updated-at-trigger-user-table.sql +7 -7
- package/backend/src/infra/database/migrations/015_create-auth-config-and-email-otp-tables.sql +59 -59
- package/backend/src/infra/database/migrations/016_update-auth-config-and-email-otp.sql +24 -24
- package/backend/src/infra/database/migrations/017_create-realtime-schema.sql +233 -0
- package/backend/src/infra/realtime/realtime.manager.ts +246 -0
- package/backend/src/infra/realtime/webhook-sender.ts +82 -0
- package/backend/src/infra/security/token.manager.ts +219 -125
- package/backend/src/infra/socket/socket.manager.ts +198 -64
- package/backend/src/providers/ai/openrouter.provider.ts +12 -9
- package/backend/src/providers/email/base.provider.ts +4 -7
- package/backend/src/providers/email/cloud.provider.ts +84 -0
- package/backend/src/providers/oauth/apple.provider.ts +266 -0
- package/backend/src/providers/oauth/index.ts +1 -0
- package/backend/src/server.ts +317 -284
- package/backend/src/services/ai/ai-model.service.ts +5 -5
- package/backend/src/services/ai/chat-completion.service.ts +4 -4
- package/backend/src/services/ai/image-generation.service.ts +3 -3
- package/backend/src/services/auth/auth.service.ts +14 -0
- package/backend/src/services/database/database-table.service.ts +0 -9
- package/backend/src/services/database/database.service.ts +127 -0
- package/backend/src/services/email/email.service.ts +5 -7
- package/backend/src/services/realtime/index.ts +3 -0
- package/backend/src/services/realtime/realtime-auth.service.ts +104 -0
- package/backend/src/services/realtime/realtime-channel.service.ts +237 -0
- package/backend/src/services/realtime/realtime-message.service.ts +260 -0
- package/backend/src/types/auth.ts +11 -0
- package/backend/src/types/realtime.ts +18 -0
- package/backend/src/types/socket.ts +7 -31
- package/backend/src/utils/cookies.ts +35 -0
- package/backend/src/utils/s3-config-loader.ts +64 -0
- package/backend/src/utils/seed.ts +301 -298
- package/backend/src/utils/sql-parser.ts +90 -0
- package/backend/tests/README.md +133 -133
- package/backend/tests/cleanup-all-test-data.sh +230 -230
- package/backend/tests/cloud/test-s3-multitenant.sh +131 -131
- package/backend/tests/local/comprehensive-curl-tests.sh +155 -155
- package/backend/tests/local/test-ai-config.sh +129 -129
- package/backend/tests/local/test-ai-usage.sh +80 -80
- package/backend/tests/local/test-auth-router.sh +143 -143
- package/backend/tests/local/test-database-router.sh +222 -222
- package/backend/tests/local/test-e2e.sh +240 -240
- package/backend/tests/local/test-fk-errors.sh +96 -96
- package/backend/tests/local/test-functions.sh +123 -123
- package/backend/tests/local/test-id-field.sh +200 -200
- package/backend/tests/local/test-logs.sh +132 -132
- package/backend/tests/local/test-public-bucket.sh +264 -264
- package/backend/tests/local/test-secrets.sh +249 -249
- package/backend/tests/local/test-serverless-functions.sh.disabled +325 -325
- package/backend/tests/local/test-traditional-rest.sh +208 -208
- package/backend/tests/manual/README.md +50 -50
- package/backend/tests/manual/create-large-table-simple.sql +10 -10
- package/backend/tests/manual/seed-large-table.sql +100 -100
- package/backend/tests/manual/setup-large-table-extras.sql +33 -33
- package/backend/tests/manual/test-bulk-upsert.sh +409 -409
- package/backend/tests/manual/test-database-advance.sh +296 -296
- package/backend/tests/manual/test-postgrest-stability.sh +191 -191
- package/backend/tests/manual/test-rawsql-export-import.sh +411 -411
- package/backend/tests/manual/test-rawsql-modes.sh +244 -244
- package/backend/tests/manual/test-universal-storage.sh +263 -263
- package/backend/tests/manual/test-users.sql +17 -17
- package/backend/tests/run-all-tests.sh +139 -139
- package/backend/tests/setup.ts +0 -0
- package/backend/tests/test-config.sh +338 -338
- package/backend/tests/unit/analyze-query.test.ts +697 -0
- package/backend/tsconfig.json +22 -22
- package/claude-plugin/.claude-plugin/plugin.json +24 -24
- package/claude-plugin/README.md +133 -133
- package/claude-plugin/skills/insforge-schema-patterns/SKILL.md +270 -270
- package/docker-compose.prod.yml +204 -200
- package/docker-compose.yml +232 -228
- package/docker-init/db/db-init.sql +97 -97
- package/docker-init/db/jwt.sql +5 -5
- package/docker-init/db/postgresql.conf +16 -16
- package/docker-init/logs/vector.yml +236 -236
- package/docs/README.md +44 -44
- package/docs/agent-docs/real-time.md +269 -0
- package/docs/changelog.mdx +119 -67
- package/docs/core-concepts/ai/architecture.mdx +372 -372
- package/docs/core-concepts/ai/sdk.mdx +213 -213
- package/docs/core-concepts/authentication/architecture.mdx +278 -278
- package/docs/core-concepts/authentication/sdk.mdx +414 -414
- package/docs/core-concepts/authentication/ui-components/customization.mdx +529 -529
- package/docs/core-concepts/authentication/ui-components/nextjs.mdx +221 -221
- package/docs/core-concepts/authentication/ui-components/react-router.mdx +184 -184
- package/docs/core-concepts/authentication/ui-components/react.mdx +129 -129
- package/docs/core-concepts/database/architecture.mdx +255 -255
- package/docs/core-concepts/database/sdk.mdx +382 -382
- package/docs/core-concepts/email/architecture.mdx +101 -0
- package/docs/core-concepts/email/sdk.mdx +53 -0
- package/docs/core-concepts/functions/architecture.mdx +105 -105
- package/docs/core-concepts/functions/sdk.mdx +184 -184
- package/docs/core-concepts/realtime/architecture.mdx +446 -0
- package/docs/core-concepts/realtime/sdk.mdx +409 -0
- package/docs/core-concepts/storage/architecture.mdx +243 -243
- package/docs/core-concepts/storage/sdk.mdx +253 -253
- package/docs/deployment/README.md +94 -94
- package/docs/deployment/deploy-to-aws-ec2.md +564 -564
- package/docs/deployment/deploy-to-azure-virtual-machines.md +312 -312
- package/docs/deployment/deploy-to-google-cloud-compute-engine.md +613 -613
- package/docs/deployment/deploy-to-render.md +441 -441
- package/docs/deprecated/insforge-auth-api.md +214 -214
- package/docs/deprecated/insforge-auth-sdk.md +99 -99
- package/docs/deprecated/insforge-db-api.md +358 -358
- package/docs/deprecated/insforge-db-sdk.md +139 -139
- package/docs/deprecated/insforge-debug-sdk.md +156 -156
- package/docs/deprecated/insforge-debug.md +64 -64
- package/docs/deprecated/insforge-instructions.md +123 -123
- package/docs/deprecated/insforge-project.md +117 -117
- package/docs/deprecated/insforge-storage-api.md +278 -278
- package/docs/deprecated/insforge-storage-sdk.md +158 -158
- package/docs/docs.json +232 -210
- package/docs/examples/framework-guides/nextjs.mdx +131 -131
- package/docs/examples/framework-guides/nuxt.mdx +165 -165
- package/docs/examples/framework-guides/react.mdx +165 -165
- package/docs/examples/framework-guides/svelte.mdx +153 -153
- package/docs/examples/framework-guides/vue.mdx +159 -159
- package/docs/examples/overview.mdx +67 -67
- package/docs/favicon.svg +19 -19
- package/docs/images/changelog/dec-2025/ai-integration.png +0 -0
- package/docs/images/changelog/dec-2025/ai-models.webp +0 -0
- package/docs/images/changelog/dec-2025/alipay-payment.webp +0 -0
- package/docs/images/changelog/dec-2025/apple-login.jpg +0 -0
- package/docs/images/changelog/dec-2025/mcp-installer.png +0 -0
- package/docs/images/changelog/dec-2025/realtime-module.jpg +0 -0
- package/docs/images/icons/ai.svg +4 -4
- package/docs/images/logos/nextjs.svg +4 -4
- package/docs/images/logos/nuxt.svg +4 -4
- package/docs/images/logos/react.svg +5 -5
- package/docs/images/logos/svelte.svg +4 -4
- package/docs/images/logos/vue.svg +5 -5
- package/docs/insforge-instructions-sdk.md +89 -88
- package/docs/introduction.mdx +45 -45
- package/docs/logo/dark.svg +22 -22
- package/docs/logo/light.svg +20 -20
- package/docs/partnership.mdx +651 -646
- package/docs/quickstart.mdx +82 -82
- package/docs/showcase.mdx +52 -52
- package/docs/snippets/sdk-installation.mdx +21 -21
- package/docs/snippets/service-icons.mdx +27 -27
- package/examples/oauth/frontend-oauth-example.html +250 -250
- package/examples/response-examples.md +443 -443
- package/frontend/components.json +17 -17
- package/frontend/package.json +69 -69
- package/frontend/src/assets/icons/checkbox_checked.svg +6 -6
- package/frontend/src/assets/icons/checkbox_undetermined.svg +6 -6
- package/frontend/src/assets/icons/checked.svg +3 -3
- package/frontend/src/assets/icons/connected.svg +3 -3
- package/frontend/src/assets/icons/error.svg +3 -3
- package/frontend/src/assets/icons/loader.svg +9 -9
- package/frontend/src/assets/icons/pencil.svg +4 -4
- package/frontend/src/assets/icons/refresh.svg +4 -4
- package/frontend/src/assets/icons/step_active.svg +3 -3
- package/frontend/src/assets/icons/step_inactive.svg +11 -11
- package/frontend/src/assets/icons/warning.svg +3 -3
- package/frontend/src/assets/logos/apple.svg +3 -3
- package/frontend/src/assets/logos/claude_code.svg +3 -3
- package/frontend/src/assets/logos/cline.svg +6 -6
- package/frontend/src/assets/logos/cursor.svg +20 -20
- package/frontend/src/assets/logos/discord.svg +8 -8
- package/frontend/src/assets/logos/facebook.svg +3 -3
- package/frontend/src/assets/logos/gemini.svg +19 -19
- package/frontend/src/assets/logos/github.svg +5 -5
- package/frontend/src/assets/logos/google.svg +13 -13
- package/frontend/src/assets/logos/grok.svg +10 -10
- package/frontend/src/assets/logos/insforge_dark.svg +15 -15
- package/frontend/src/assets/logos/insforge_light.svg +15 -15
- package/frontend/src/assets/logos/instagram.svg +1 -1
- package/frontend/src/assets/logos/linkedin.svg +3 -3
- package/frontend/src/assets/logos/openai.svg +10 -10
- package/frontend/src/assets/logos/roo_code.svg +9 -9
- package/frontend/src/assets/logos/spotify.svg +16 -16
- package/frontend/src/assets/logos/tiktok.svg +5 -5
- package/frontend/src/assets/logos/trae.svg +3 -3
- package/frontend/src/assets/logos/windsurf.svg +10 -10
- package/frontend/src/assets/logos/x.svg +3 -3
- package/frontend/src/components/layout/AppHeader.tsx +9 -10
- package/frontend/src/features/auth/components/OAuthConfigDialog.tsx +1 -0
- package/frontend/src/features/auth/components/UsersDataGrid.tsx +6 -0
- package/frontend/src/features/auth/helpers.tsx +8 -0
- package/frontend/src/features/auth/{page → pages}/UsersPage.tsx +0 -28
- package/frontend/src/features/database/components/SQLModal.tsx +75 -0
- package/frontend/src/features/database/components/TableForm.tsx +0 -4
- package/frontend/src/features/database/hooks/useDatabase.ts +66 -0
- package/frontend/src/features/database/hooks/useTables.ts +32 -28
- package/frontend/src/features/database/index.ts +1 -0
- package/frontend/src/features/database/{page → pages}/FunctionsPage.tsx +29 -37
- package/frontend/src/features/database/{page → pages}/IndexesPage.tsx +35 -47
- package/frontend/src/features/database/{page → pages}/PoliciesPage.tsx +43 -54
- package/frontend/src/features/database/{page → pages}/TablesPage.tsx +0 -42
- package/frontend/src/features/database/{page → pages}/TriggersPage.tsx +35 -47
- package/frontend/src/features/database/services/advance.service.ts +0 -26
- package/frontend/src/features/database/services/database.service.ts +55 -0
- package/frontend/src/features/database/services/table.service.ts +0 -6
- package/frontend/src/features/functions/{page → pages}/FunctionsPage.tsx +21 -44
- package/frontend/src/features/functions/{page → pages}/SecretsPage.tsx +11 -9
- package/frontend/src/features/logs/hooks/useMcpUsage.ts +13 -66
- package/frontend/src/features/realtime/components/ChannelRow.tsx +83 -0
- package/frontend/src/features/realtime/components/EditChannelModal.tsx +246 -0
- package/frontend/src/features/realtime/components/MessageRow.tsx +85 -0
- package/frontend/src/features/realtime/components/RealtimeEmptyState.tsx +30 -0
- package/frontend/src/features/realtime/hooks/useRealtime.ts +218 -0
- package/frontend/src/features/realtime/index.ts +11 -0
- package/frontend/src/features/realtime/pages/RealtimeChannelsPage.tsx +172 -0
- package/frontend/src/features/realtime/pages/RealtimeMessagesPage.tsx +211 -0
- package/frontend/src/features/realtime/pages/RealtimePermissionsPage.tsx +191 -0
- package/frontend/src/features/realtime/services/realtime.service.ts +107 -0
- package/frontend/src/features/storage/{page → pages}/StoragePage.tsx +1 -29
- package/frontend/src/features/visualizer/components/SchemaVisualizer.tsx +3 -3
- package/frontend/src/features/visualizer/{page → pages}/VisualizerPage.tsx +1 -35
- package/frontend/src/lib/contexts/SocketContext.tsx +119 -75
- package/frontend/src/lib/routing/AppRoutes.tsx +35 -20
- package/frontend/src/lib/utils/cloudMessaging.ts +1 -1
- package/frontend/src/lib/utils/menuItems.ts +24 -0
- package/frontend/src/lib/utils/utils.ts +14 -1
- package/frontend/tsconfig.json +25 -25
- package/frontend/tsconfig.node.json +9 -9
- package/functions/deno.json +24 -24
- package/functions/server.ts +315 -315
- package/i18n/README.ar.md +130 -130
- package/i18n/README.de.md +130 -130
- package/i18n/README.es.md +154 -154
- package/i18n/README.fr.md +134 -134
- package/i18n/README.hi.md +129 -129
- package/i18n/README.ja.md +174 -174
- package/i18n/README.ko.md +136 -136
- package/i18n/README.pt-BR.md +131 -131
- package/i18n/README.ru.md +129 -129
- package/i18n/README.zh-CN.md +133 -133
- package/openapi/ai.yaml +715 -715
- package/openapi/auth.yaml +1244 -1244
- package/openapi/email.yaml +158 -0
- package/openapi/functions.yaml +475 -475
- package/openapi/health.yaml +29 -29
- package/openapi/logs.yaml +223 -223
- package/openapi/metadata.yaml +177 -177
- package/openapi/realtime.yaml +699 -0
- package/openapi/records.yaml +381 -381
- package/openapi/secrets.yaml +370 -370
- package/openapi/storage.yaml +875 -875
- package/openapi/tables.yaml +463 -463
- package/package.json +97 -97
- package/shared-schemas/package.json +31 -31
- package/shared-schemas/src/ai.schema.ts +63 -59
- package/shared-schemas/src/auth-api.schema.ts +352 -339
- package/shared-schemas/src/auth.schema.ts +1 -1
- package/shared-schemas/src/database-api.schema.ts +32 -1
- package/shared-schemas/src/database.schema.ts +39 -0
- package/shared-schemas/src/docs.schema.ts +26 -0
- package/shared-schemas/src/email-api.schema.ts +30 -0
- package/shared-schemas/src/index.ts +4 -0
- package/shared-schemas/src/metadata.schema.ts +9 -0
- package/shared-schemas/src/realtime-api.schema.ts +111 -0
- package/shared-schemas/src/realtime.schema.ts +143 -0
- package/shared-schemas/tsconfig.json +21 -21
- package/tsconfig.json +7 -7
- package/zeabur/README.md +13 -13
- package/zeabur/template.yml +1032 -1032
- package/.cursor/rules/cursor-rules.mdc +0 -94
- package/frontend/src/features/database/hooks/useFullMetadata.ts +0 -18
- package/test-gemini.sh +0 -35
- package/test-usage-admin.sh +0 -57
- package/test-usage.sh +0 -50
- /package/frontend/src/features/ai/{page → pages}/AIPage.tsx +0 -0
- /package/frontend/src/features/auth/{page → pages}/AuthMethodsPage.tsx +0 -0
- /package/frontend/src/features/auth/{page → pages}/ConfigurationPage.tsx +0 -0
- /package/frontend/src/features/dashboard/{page → pages}/DashboardPage.tsx +0 -0
- /package/frontend/src/features/database/{page → pages}/SQLEditorPage.tsx +0 -0
- /package/frontend/src/features/database/{page → pages}/TemplatesPage.tsx +0 -0
- /package/frontend/src/features/login/{page → pages}/CloudLoginPage.tsx +0 -0
- /package/frontend/src/features/login/{page → pages}/LoginPage.tsx +0 -0
- /package/frontend/src/features/logs/{page → pages}/AuditsPage.tsx +0 -0
- /package/frontend/src/features/logs/{page → pages}/LogsPage.tsx +0 -0
- /package/frontend/src/features/logs/{page → pages}/MCPLogsPage.tsx +0 -0
package/openapi/auth.yaml
CHANGED
|
@@ -1,1244 +1,1244 @@
|
|
|
1
|
-
openapi: 3.0.3
|
|
2
|
-
info:
|
|
3
|
-
title: Insforge Authentication API
|
|
4
|
-
version: 2.0.0
|
|
5
|
-
description: Authentication endpoints with separated auth and profile tables
|
|
6
|
-
|
|
7
|
-
paths:
|
|
8
|
-
/api/auth/public-config:
|
|
9
|
-
get:
|
|
10
|
-
summary: Get public authentication configuration
|
|
11
|
-
description: Get all public authentication configuration including OAuth providers and email auth settings (public endpoint)
|
|
12
|
-
tags:
|
|
13
|
-
- Client
|
|
14
|
-
responses:
|
|
15
|
-
'200':
|
|
16
|
-
description: Public authentication configuration
|
|
17
|
-
content:
|
|
18
|
-
application/json:
|
|
19
|
-
schema:
|
|
20
|
-
type: object
|
|
21
|
-
properties:
|
|
22
|
-
oAuthProviders:
|
|
23
|
-
type: array
|
|
24
|
-
items:
|
|
25
|
-
type: object
|
|
26
|
-
properties:
|
|
27
|
-
provider:
|
|
28
|
-
type: string
|
|
29
|
-
enum: [google, github, discord, linkedin, facebook, microsoft]
|
|
30
|
-
useSharedKey:
|
|
31
|
-
type: boolean
|
|
32
|
-
requireEmailVerification:
|
|
33
|
-
type: boolean
|
|
34
|
-
passwordMinLength:
|
|
35
|
-
type: integer
|
|
36
|
-
minimum: 4
|
|
37
|
-
maximum: 128
|
|
38
|
-
requireNumber:
|
|
39
|
-
type: boolean
|
|
40
|
-
requireLowercase:
|
|
41
|
-
type: boolean
|
|
42
|
-
requireUppercase:
|
|
43
|
-
type: boolean
|
|
44
|
-
requireSpecialChar:
|
|
45
|
-
type: boolean
|
|
46
|
-
verifyEmailRedirectTo:
|
|
47
|
-
type: string
|
|
48
|
-
nullable: true
|
|
49
|
-
description: URL to redirect users after successful email verification (if not set, shows default success page)
|
|
50
|
-
resetPasswordRedirectTo:
|
|
51
|
-
type: string
|
|
52
|
-
nullable: true
|
|
53
|
-
description: URL to redirect users after successful password reset (if not set, shows default success page)
|
|
54
|
-
verifyEmailMethod:
|
|
55
|
-
type: string
|
|
56
|
-
enum: [code, link]
|
|
57
|
-
description: Method for email verification (code = 6-digit OTP, link = magic link)
|
|
58
|
-
resetPasswordMethod:
|
|
59
|
-
type: string
|
|
60
|
-
enum: [code, link]
|
|
61
|
-
description: Method for password reset (code = 6-digit OTP + exchange flow, link = magic link)
|
|
62
|
-
|
|
63
|
-
/api/auth/config:
|
|
64
|
-
get:
|
|
65
|
-
summary: Get authentication configuration
|
|
66
|
-
description: Get current authentication settings including all configuration options (admin only)
|
|
67
|
-
tags:
|
|
68
|
-
- Admin
|
|
69
|
-
security:
|
|
70
|
-
- bearerAuth: []
|
|
71
|
-
responses:
|
|
72
|
-
'200':
|
|
73
|
-
description: Authentication configuration
|
|
74
|
-
content:
|
|
75
|
-
application/json:
|
|
76
|
-
schema:
|
|
77
|
-
type: object
|
|
78
|
-
properties:
|
|
79
|
-
id:
|
|
80
|
-
type: string
|
|
81
|
-
format: uuid
|
|
82
|
-
requireEmailVerification:
|
|
83
|
-
type: boolean
|
|
84
|
-
passwordMinLength:
|
|
85
|
-
type: integer
|
|
86
|
-
minimum: 4
|
|
87
|
-
maximum: 128
|
|
88
|
-
requireNumber:
|
|
89
|
-
type: boolean
|
|
90
|
-
requireLowercase:
|
|
91
|
-
type: boolean
|
|
92
|
-
requireUppercase:
|
|
93
|
-
type: boolean
|
|
94
|
-
requireSpecialChar:
|
|
95
|
-
type: boolean
|
|
96
|
-
verifyEmailRedirectTo:
|
|
97
|
-
type: string
|
|
98
|
-
nullable: true
|
|
99
|
-
description: URL to redirect users after successful email verification (if not set, shows default success page)
|
|
100
|
-
resetPasswordRedirectTo:
|
|
101
|
-
type: string
|
|
102
|
-
nullable: true
|
|
103
|
-
description: URL to redirect users after successful password reset (if not set, shows default success page)
|
|
104
|
-
verifyEmailMethod:
|
|
105
|
-
type: string
|
|
106
|
-
enum: [code, link]
|
|
107
|
-
description: Method for email verification (code = 6-digit OTP, link = magic link)
|
|
108
|
-
resetPasswordMethod:
|
|
109
|
-
type: string
|
|
110
|
-
enum: [code, link]
|
|
111
|
-
description: Method for password reset (code = 6-digit OTP + exchange flow, link = magic link)
|
|
112
|
-
signInRedirectTo:
|
|
113
|
-
type: string
|
|
114
|
-
nullable: true
|
|
115
|
-
description: URL to redirect users after successful sign in
|
|
116
|
-
createdAt:
|
|
117
|
-
type: string
|
|
118
|
-
format: date-time
|
|
119
|
-
updatedAt:
|
|
120
|
-
type: string
|
|
121
|
-
format: date-time
|
|
122
|
-
'401':
|
|
123
|
-
description: Unauthorized
|
|
124
|
-
'403':
|
|
125
|
-
description: Forbidden - Admin only
|
|
126
|
-
|
|
127
|
-
put:
|
|
128
|
-
summary: Update authentication configuration
|
|
129
|
-
description: Update authentication settings (admin only)
|
|
130
|
-
tags:
|
|
131
|
-
- Admin
|
|
132
|
-
security:
|
|
133
|
-
- bearerAuth: []
|
|
134
|
-
requestBody:
|
|
135
|
-
required: true
|
|
136
|
-
content:
|
|
137
|
-
application/json:
|
|
138
|
-
schema:
|
|
139
|
-
type: object
|
|
140
|
-
properties:
|
|
141
|
-
requireEmailVerification:
|
|
142
|
-
type: boolean
|
|
143
|
-
passwordMinLength:
|
|
144
|
-
type: integer
|
|
145
|
-
minimum: 4
|
|
146
|
-
maximum: 128
|
|
147
|
-
requireNumber:
|
|
148
|
-
type: boolean
|
|
149
|
-
requireLowercase:
|
|
150
|
-
type: boolean
|
|
151
|
-
requireUppercase:
|
|
152
|
-
type: boolean
|
|
153
|
-
requireSpecialChar:
|
|
154
|
-
type: boolean
|
|
155
|
-
verifyEmailRedirectTo:
|
|
156
|
-
type: string
|
|
157
|
-
nullable: true
|
|
158
|
-
description: URL to redirect users after successful email verification (if not set, shows default success page)
|
|
159
|
-
resetPasswordRedirectTo:
|
|
160
|
-
type: string
|
|
161
|
-
nullable: true
|
|
162
|
-
description: URL to redirect users after successful password reset (if not set, shows default success page)
|
|
163
|
-
verifyEmailMethod:
|
|
164
|
-
type: string
|
|
165
|
-
enum: [code, link]
|
|
166
|
-
description: Method for email verification (code = 6-digit OTP, link = magic link)
|
|
167
|
-
resetPasswordMethod:
|
|
168
|
-
type: string
|
|
169
|
-
enum: [code, link]
|
|
170
|
-
description: Method for password reset (code = 6-digit OTP + exchange flow, link = magic link)
|
|
171
|
-
signInRedirectTo:
|
|
172
|
-
type: string
|
|
173
|
-
nullable: true
|
|
174
|
-
description: URL to redirect users after successful sign in
|
|
175
|
-
responses:
|
|
176
|
-
'200':
|
|
177
|
-
description: Configuration updated successfully
|
|
178
|
-
content:
|
|
179
|
-
application/json:
|
|
180
|
-
schema:
|
|
181
|
-
type: object
|
|
182
|
-
properties:
|
|
183
|
-
id:
|
|
184
|
-
type: string
|
|
185
|
-
format: uuid
|
|
186
|
-
requireEmailVerification:
|
|
187
|
-
type: boolean
|
|
188
|
-
passwordMinLength:
|
|
189
|
-
type: integer
|
|
190
|
-
minimum: 4
|
|
191
|
-
maximum: 128
|
|
192
|
-
requireNumber:
|
|
193
|
-
type: boolean
|
|
194
|
-
requireLowercase:
|
|
195
|
-
type: boolean
|
|
196
|
-
requireUppercase:
|
|
197
|
-
type: boolean
|
|
198
|
-
requireSpecialChar:
|
|
199
|
-
type: boolean
|
|
200
|
-
verifyEmailRedirectTo:
|
|
201
|
-
type: string
|
|
202
|
-
nullable: true
|
|
203
|
-
description: URL to redirect users after successful email verification (if not set, shows default success page)
|
|
204
|
-
resetPasswordRedirectTo:
|
|
205
|
-
type: string
|
|
206
|
-
nullable: true
|
|
207
|
-
description: URL to redirect users after successful password reset (if not set, shows default success page)
|
|
208
|
-
verifyEmailMethod:
|
|
209
|
-
type: string
|
|
210
|
-
enum: [code, link]
|
|
211
|
-
resetPasswordMethod:
|
|
212
|
-
type: string
|
|
213
|
-
enum: [code, link]
|
|
214
|
-
signInRedirectTo:
|
|
215
|
-
type: string
|
|
216
|
-
nullable: true
|
|
217
|
-
createdAt:
|
|
218
|
-
type: string
|
|
219
|
-
format: date-time
|
|
220
|
-
updatedAt:
|
|
221
|
-
type: string
|
|
222
|
-
format: date-time
|
|
223
|
-
'400':
|
|
224
|
-
description: Invalid request
|
|
225
|
-
'401':
|
|
226
|
-
description: Unauthorized
|
|
227
|
-
'403':
|
|
228
|
-
description: Forbidden - Admin only
|
|
229
|
-
|
|
230
|
-
/api/auth/users:
|
|
231
|
-
post:
|
|
232
|
-
summary: Register new user
|
|
233
|
-
description: Creates a new user account
|
|
234
|
-
tags:
|
|
235
|
-
- Client
|
|
236
|
-
requestBody:
|
|
237
|
-
required: true
|
|
238
|
-
content:
|
|
239
|
-
application/json:
|
|
240
|
-
schema:
|
|
241
|
-
type: object
|
|
242
|
-
required:
|
|
243
|
-
- email
|
|
244
|
-
- password
|
|
245
|
-
properties:
|
|
246
|
-
email:
|
|
247
|
-
type: string
|
|
248
|
-
format: email
|
|
249
|
-
example: user@example.com
|
|
250
|
-
password:
|
|
251
|
-
type: string
|
|
252
|
-
description: Password meeting configured requirements (check /api/auth/email/config for current requirements)
|
|
253
|
-
example: securepassword123
|
|
254
|
-
name:
|
|
255
|
-
type: string
|
|
256
|
-
example: John Doe
|
|
257
|
-
responses:
|
|
258
|
-
'200':
|
|
259
|
-
description: User created successfully
|
|
260
|
-
content:
|
|
261
|
-
application/json:
|
|
262
|
-
schema:
|
|
263
|
-
type: object
|
|
264
|
-
properties:
|
|
265
|
-
user:
|
|
266
|
-
$ref: '#/components/schemas/UserResponse'
|
|
267
|
-
accessToken:
|
|
268
|
-
type: string
|
|
269
|
-
nullable: true
|
|
270
|
-
description: JWT authentication token (null if email verification required)
|
|
271
|
-
requireEmailVerification:
|
|
272
|
-
type: boolean
|
|
273
|
-
description: Whether email verification is required before login
|
|
274
|
-
redirectTo:
|
|
275
|
-
type: string
|
|
276
|
-
format: uri
|
|
277
|
-
description: Optional URL to redirect user after registration (only present if email verification not required)
|
|
278
|
-
'400':
|
|
279
|
-
description: Invalid request
|
|
280
|
-
'409':
|
|
281
|
-
description: User already exists
|
|
282
|
-
|
|
283
|
-
get:
|
|
284
|
-
summary: List all users (admin only)
|
|
285
|
-
description: Returns paginated list of users
|
|
286
|
-
tags:
|
|
287
|
-
- Admin
|
|
288
|
-
security:
|
|
289
|
-
- bearerAuth: []
|
|
290
|
-
parameters:
|
|
291
|
-
- name: offset
|
|
292
|
-
in: query
|
|
293
|
-
schema:
|
|
294
|
-
type: string
|
|
295
|
-
default: '0'
|
|
296
|
-
description: Number of records to skip
|
|
297
|
-
- name: limit
|
|
298
|
-
in: query
|
|
299
|
-
schema:
|
|
300
|
-
type: string
|
|
301
|
-
default: '10'
|
|
302
|
-
description: Maximum number of records to return
|
|
303
|
-
- name: search
|
|
304
|
-
in: query
|
|
305
|
-
schema:
|
|
306
|
-
type: string
|
|
307
|
-
description: Search by email or name
|
|
308
|
-
responses:
|
|
309
|
-
'200':
|
|
310
|
-
description: List of users
|
|
311
|
-
content:
|
|
312
|
-
application/json:
|
|
313
|
-
schema:
|
|
314
|
-
type: object
|
|
315
|
-
properties:
|
|
316
|
-
data:
|
|
317
|
-
type: array
|
|
318
|
-
items:
|
|
319
|
-
$ref: '#/components/schemas/UserResponse'
|
|
320
|
-
pagination:
|
|
321
|
-
type: object
|
|
322
|
-
properties:
|
|
323
|
-
offset:
|
|
324
|
-
type: integer
|
|
325
|
-
limit:
|
|
326
|
-
type: integer
|
|
327
|
-
total:
|
|
328
|
-
type: integer
|
|
329
|
-
'401':
|
|
330
|
-
description: Unauthorized
|
|
331
|
-
'403':
|
|
332
|
-
description: Forbidden - Admin only
|
|
333
|
-
|
|
334
|
-
delete:
|
|
335
|
-
summary: Delete users (admin only)
|
|
336
|
-
description: Delete multiple users by their IDs
|
|
337
|
-
tags:
|
|
338
|
-
- Admin
|
|
339
|
-
security:
|
|
340
|
-
- bearerAuth: []
|
|
341
|
-
requestBody:
|
|
342
|
-
required: true
|
|
343
|
-
content:
|
|
344
|
-
application/json:
|
|
345
|
-
schema:
|
|
346
|
-
type: object
|
|
347
|
-
properties:
|
|
348
|
-
userIds:
|
|
349
|
-
type: array
|
|
350
|
-
items:
|
|
351
|
-
type: string
|
|
352
|
-
required:
|
|
353
|
-
- userIds
|
|
354
|
-
responses:
|
|
355
|
-
'200':
|
|
356
|
-
description: Users deleted successfully
|
|
357
|
-
content:
|
|
358
|
-
application/json:
|
|
359
|
-
schema:
|
|
360
|
-
type: object
|
|
361
|
-
properties:
|
|
362
|
-
message:
|
|
363
|
-
type: string
|
|
364
|
-
deletedCount:
|
|
365
|
-
type: integer
|
|
366
|
-
'401':
|
|
367
|
-
description: Unauthorized
|
|
368
|
-
'403':
|
|
369
|
-
description: Forbidden - Admin only
|
|
370
|
-
|
|
371
|
-
/api/auth/users/{userId}:
|
|
372
|
-
get:
|
|
373
|
-
summary: Get specific user
|
|
374
|
-
description: Get user details by ID (admin only)
|
|
375
|
-
tags:
|
|
376
|
-
- Admin
|
|
377
|
-
security:
|
|
378
|
-
- bearerAuth: []
|
|
379
|
-
parameters:
|
|
380
|
-
- name: userId
|
|
381
|
-
in: path
|
|
382
|
-
required: true
|
|
383
|
-
schema:
|
|
384
|
-
type: string
|
|
385
|
-
format: uuid
|
|
386
|
-
description: User ID
|
|
387
|
-
responses:
|
|
388
|
-
'200':
|
|
389
|
-
description: User details
|
|
390
|
-
content:
|
|
391
|
-
application/json:
|
|
392
|
-
schema:
|
|
393
|
-
$ref: '#/components/schemas/UserResponse'
|
|
394
|
-
'400':
|
|
395
|
-
description: Invalid user ID format
|
|
396
|
-
'401':
|
|
397
|
-
description: Unauthorized
|
|
398
|
-
'403':
|
|
399
|
-
description: Forbidden - Admin only
|
|
400
|
-
'404':
|
|
401
|
-
description: User not found
|
|
402
|
-
|
|
403
|
-
/api/auth/sessions:
|
|
404
|
-
post:
|
|
405
|
-
summary: User login
|
|
406
|
-
description: Authenticates user and returns access token
|
|
407
|
-
tags:
|
|
408
|
-
- Client
|
|
409
|
-
requestBody:
|
|
410
|
-
required: true
|
|
411
|
-
content:
|
|
412
|
-
application/json:
|
|
413
|
-
schema:
|
|
414
|
-
type: object
|
|
415
|
-
required:
|
|
416
|
-
- email
|
|
417
|
-
- password
|
|
418
|
-
properties:
|
|
419
|
-
email:
|
|
420
|
-
type: string
|
|
421
|
-
format: email
|
|
422
|
-
password:
|
|
423
|
-
type: string
|
|
424
|
-
responses:
|
|
425
|
-
'200':
|
|
426
|
-
description: Login successful
|
|
427
|
-
content:
|
|
428
|
-
application/json:
|
|
429
|
-
schema:
|
|
430
|
-
type: object
|
|
431
|
-
properties:
|
|
432
|
-
user:
|
|
433
|
-
$ref: '#/components/schemas/UserResponse'
|
|
434
|
-
accessToken:
|
|
435
|
-
type: string
|
|
436
|
-
redirectTo:
|
|
437
|
-
type: string
|
|
438
|
-
format: uri
|
|
439
|
-
description: Optional URL to redirect user after login (if configured)
|
|
440
|
-
'401':
|
|
441
|
-
description: Invalid credentials
|
|
442
|
-
'403':
|
|
443
|
-
description: Email verification required
|
|
444
|
-
|
|
445
|
-
/api/auth/sessions/current:
|
|
446
|
-
get:
|
|
447
|
-
summary: Get current user
|
|
448
|
-
description: Returns the currently authenticated user's basic info from JWT token
|
|
449
|
-
tags:
|
|
450
|
-
- Client
|
|
451
|
-
security:
|
|
452
|
-
- bearerAuth: []
|
|
453
|
-
responses:
|
|
454
|
-
'200':
|
|
455
|
-
description: Current user info
|
|
456
|
-
content:
|
|
457
|
-
application/json:
|
|
458
|
-
schema:
|
|
459
|
-
type: object
|
|
460
|
-
properties:
|
|
461
|
-
user:
|
|
462
|
-
type: object
|
|
463
|
-
properties:
|
|
464
|
-
id:
|
|
465
|
-
type: string
|
|
466
|
-
format: uuid
|
|
467
|
-
email:
|
|
468
|
-
type: string
|
|
469
|
-
format: email
|
|
470
|
-
role:
|
|
471
|
-
type: string
|
|
472
|
-
enum: [authenticated, project_admin]
|
|
473
|
-
'401':
|
|
474
|
-
description: Unauthorized
|
|
475
|
-
|
|
476
|
-
/api/auth/admin/sessions:
|
|
477
|
-
post:
|
|
478
|
-
summary: Admin login
|
|
479
|
-
description: Authenticates admin user for dashboard access
|
|
480
|
-
tags:
|
|
481
|
-
- Admin
|
|
482
|
-
requestBody:
|
|
483
|
-
required: true
|
|
484
|
-
content:
|
|
485
|
-
application/json:
|
|
486
|
-
schema:
|
|
487
|
-
type: object
|
|
488
|
-
required:
|
|
489
|
-
- email
|
|
490
|
-
- password
|
|
491
|
-
properties:
|
|
492
|
-
email:
|
|
493
|
-
type: string
|
|
494
|
-
format: email
|
|
495
|
-
password:
|
|
496
|
-
type: string
|
|
497
|
-
responses:
|
|
498
|
-
'200':
|
|
499
|
-
description: Admin login successful
|
|
500
|
-
content:
|
|
501
|
-
application/json:
|
|
502
|
-
schema:
|
|
503
|
-
type: object
|
|
504
|
-
properties:
|
|
505
|
-
user:
|
|
506
|
-
$ref: '#/components/schemas/UserResponse'
|
|
507
|
-
accessToken:
|
|
508
|
-
type: string
|
|
509
|
-
'401':
|
|
510
|
-
description: Invalid credentials
|
|
511
|
-
'403':
|
|
512
|
-
description: User is not an admin
|
|
513
|
-
|
|
514
|
-
/api/auth/admin/sessions/exchange:
|
|
515
|
-
post:
|
|
516
|
-
summary: Exchange cloud provider authorization code for admin session
|
|
517
|
-
description: Verifies an authorization code/JWT from from Insforge Cloud platform and issues an internal admin session token with project_admin role
|
|
518
|
-
tags:
|
|
519
|
-
- Admin
|
|
520
|
-
requestBody:
|
|
521
|
-
required: true
|
|
522
|
-
content:
|
|
523
|
-
application/json:
|
|
524
|
-
schema:
|
|
525
|
-
type: object
|
|
526
|
-
required:
|
|
527
|
-
- code
|
|
528
|
-
properties:
|
|
529
|
-
code:
|
|
530
|
-
type: string
|
|
531
|
-
description: Authorization code or JWT from the Insforge
|
|
532
|
-
example: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
|
|
533
|
-
responses:
|
|
534
|
-
'200':
|
|
535
|
-
description: Cloud authorization verified, admin session created
|
|
536
|
-
content:
|
|
537
|
-
application/json:
|
|
538
|
-
schema:
|
|
539
|
-
type: object
|
|
540
|
-
properties:
|
|
541
|
-
user:
|
|
542
|
-
$ref: '#/components/schemas/UserResponse'
|
|
543
|
-
accessToken:
|
|
544
|
-
type: string
|
|
545
|
-
description: Internal JWT for admin authentication
|
|
546
|
-
'400':
|
|
547
|
-
description: Invalid authorization code or JWT verification failed
|
|
548
|
-
content:
|
|
549
|
-
application/json:
|
|
550
|
-
schema:
|
|
551
|
-
$ref: '#/components/schemas/ErrorResponse'
|
|
552
|
-
|
|
553
|
-
/api/auth/tokens/anon:
|
|
554
|
-
post:
|
|
555
|
-
summary: Generate anonymous token
|
|
556
|
-
description: Generate a non-expiring anonymous JWT token for public API access (admin only)
|
|
557
|
-
tags:
|
|
558
|
-
- Admin
|
|
559
|
-
security:
|
|
560
|
-
- bearerAuth: []
|
|
561
|
-
responses:
|
|
562
|
-
'200':
|
|
563
|
-
description: Anonymous token generated successfully
|
|
564
|
-
content:
|
|
565
|
-
application/json:
|
|
566
|
-
schema:
|
|
567
|
-
type: object
|
|
568
|
-
properties:
|
|
569
|
-
accessToken:
|
|
570
|
-
type: string
|
|
571
|
-
description: Non-expiring anonymous JWT token
|
|
572
|
-
example: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
|
|
573
|
-
message:
|
|
574
|
-
type: string
|
|
575
|
-
description: Success message
|
|
576
|
-
example: "Anonymous token generated successfully (never expires)"
|
|
577
|
-
'401':
|
|
578
|
-
description: Unauthorized - requires authentication
|
|
579
|
-
'403':
|
|
580
|
-
description: Forbidden - admin access required
|
|
581
|
-
|
|
582
|
-
/api/auth/email/send-verification:
|
|
583
|
-
post:
|
|
584
|
-
summary: Send email verification (code or link based on config)
|
|
585
|
-
description: Send email verification using the method configured in auth settings (verifyEmailMethod). When method is 'code', sends a 6-digit numeric code. When method is 'link', sends a magic link. Prevents user enumeration by returning success even if email doesn't exist.
|
|
586
|
-
tags:
|
|
587
|
-
- Client
|
|
588
|
-
requestBody:
|
|
589
|
-
required: true
|
|
590
|
-
content:
|
|
591
|
-
application/json:
|
|
592
|
-
schema:
|
|
593
|
-
type: object
|
|
594
|
-
required:
|
|
595
|
-
- email
|
|
596
|
-
properties:
|
|
597
|
-
email:
|
|
598
|
-
type: string
|
|
599
|
-
format: email
|
|
600
|
-
example: user@example.com
|
|
601
|
-
responses:
|
|
602
|
-
'202':
|
|
603
|
-
description: Verification email sent (if email exists). Message varies based on configured method.
|
|
604
|
-
content:
|
|
605
|
-
application/json:
|
|
606
|
-
schema:
|
|
607
|
-
type: object
|
|
608
|
-
properties:
|
|
609
|
-
success:
|
|
610
|
-
type: boolean
|
|
611
|
-
message:
|
|
612
|
-
type: string
|
|
613
|
-
example: "If your email is registered, we have sent you a verification code/link. Please check your inbox."
|
|
614
|
-
'400':
|
|
615
|
-
description: Invalid request
|
|
616
|
-
|
|
617
|
-
/api/auth/email/verify:
|
|
618
|
-
post:
|
|
619
|
-
summary: Verify email with code or link
|
|
620
|
-
description: |
|
|
621
|
-
Verify email address using the method configured in auth settings (verifyEmailMethod):
|
|
622
|
-
- Code verification: Provide both `email` and `otp` (6-digit numeric code)
|
|
623
|
-
- Link verification: Provide only `otp` (64-character hex token from magic link)
|
|
624
|
-
|
|
625
|
-
Successfully verified users will receive a session token.
|
|
626
|
-
|
|
627
|
-
The email verification link sent to users always points to the backend API endpoint.
|
|
628
|
-
If `verifyEmailRedirectTo` is configured, the backend will redirect to that URL after successful verification.
|
|
629
|
-
Otherwise, a default success page is displayed.
|
|
630
|
-
tags:
|
|
631
|
-
- Client
|
|
632
|
-
requestBody:
|
|
633
|
-
required: true
|
|
634
|
-
content:
|
|
635
|
-
application/json:
|
|
636
|
-
schema:
|
|
637
|
-
type: object
|
|
638
|
-
required:
|
|
639
|
-
- otp
|
|
640
|
-
properties:
|
|
641
|
-
email:
|
|
642
|
-
type: string
|
|
643
|
-
format: email
|
|
644
|
-
description: Required for numeric code verification, omit for magic link verification
|
|
645
|
-
example: user@example.com
|
|
646
|
-
otp:
|
|
647
|
-
type: string
|
|
648
|
-
description: Either a 6-digit numeric code or a 64-character hex token from magic link
|
|
649
|
-
example: "123456"
|
|
650
|
-
responses:
|
|
651
|
-
'200':
|
|
652
|
-
description: Email verified successfully, session created
|
|
653
|
-
content:
|
|
654
|
-
application/json:
|
|
655
|
-
schema:
|
|
656
|
-
type: object
|
|
657
|
-
properties:
|
|
658
|
-
user:
|
|
659
|
-
$ref: '#/components/schemas/UserResponse'
|
|
660
|
-
accessToken:
|
|
661
|
-
type: string
|
|
662
|
-
description: JWT authentication token
|
|
663
|
-
redirectTo:
|
|
664
|
-
type: string
|
|
665
|
-
format: uri
|
|
666
|
-
description: Optional URL to redirect user after verification (only present if configured)
|
|
667
|
-
'400':
|
|
668
|
-
description: Invalid verification code or token
|
|
669
|
-
'401':
|
|
670
|
-
description: Verification code/token expired or invalid
|
|
671
|
-
|
|
672
|
-
/api/auth/email/send-reset-password:
|
|
673
|
-
post:
|
|
674
|
-
summary: Send password reset (code or link based on config)
|
|
675
|
-
description: Send password reset email using the method configured in auth settings (resetPasswordMethod). When method is 'code', sends a 6-digit numeric code for two-step flow. When method is 'link', sends a magic link. Prevents user enumeration by returning success even if email doesn't exist.
|
|
676
|
-
tags:
|
|
677
|
-
- Client
|
|
678
|
-
requestBody:
|
|
679
|
-
required: true
|
|
680
|
-
content:
|
|
681
|
-
application/json:
|
|
682
|
-
schema:
|
|
683
|
-
type: object
|
|
684
|
-
required:
|
|
685
|
-
- email
|
|
686
|
-
properties:
|
|
687
|
-
email:
|
|
688
|
-
type: string
|
|
689
|
-
format: email
|
|
690
|
-
example: user@example.com
|
|
691
|
-
responses:
|
|
692
|
-
'202':
|
|
693
|
-
description: Password reset email sent (if email exists). Message varies based on configured method.
|
|
694
|
-
content:
|
|
695
|
-
application/json:
|
|
696
|
-
schema:
|
|
697
|
-
type: object
|
|
698
|
-
properties:
|
|
699
|
-
success:
|
|
700
|
-
type: boolean
|
|
701
|
-
message:
|
|
702
|
-
type: string
|
|
703
|
-
example: "If your email is registered, we have sent you a password reset code/link. Please check your inbox."
|
|
704
|
-
'400':
|
|
705
|
-
description: Invalid request
|
|
706
|
-
|
|
707
|
-
/api/auth/email/exchange-reset-password-token:
|
|
708
|
-
post:
|
|
709
|
-
summary: Exchange reset password code for reset token
|
|
710
|
-
description: |
|
|
711
|
-
Step 1 of two-step password reset flow (only used when resetPasswordMethod is 'code'):
|
|
712
|
-
1. Verify the 6-digit code sent to user's email
|
|
713
|
-
2. Return a reset token that can be used to actually reset the password
|
|
714
|
-
|
|
715
|
-
This endpoint is not used when resetPasswordMethod is 'link' (magic link flow is direct).
|
|
716
|
-
tags:
|
|
717
|
-
- Client
|
|
718
|
-
requestBody:
|
|
719
|
-
required: true
|
|
720
|
-
content:
|
|
721
|
-
application/json:
|
|
722
|
-
schema:
|
|
723
|
-
type: object
|
|
724
|
-
required:
|
|
725
|
-
- email
|
|
726
|
-
- code
|
|
727
|
-
properties:
|
|
728
|
-
email:
|
|
729
|
-
type: string
|
|
730
|
-
format: email
|
|
731
|
-
example: user@example.com
|
|
732
|
-
code:
|
|
733
|
-
type: string
|
|
734
|
-
description: 6-digit numeric code from email
|
|
735
|
-
example: "123456"
|
|
736
|
-
responses:
|
|
737
|
-
'200':
|
|
738
|
-
description: Code verified successfully, reset token returned
|
|
739
|
-
content:
|
|
740
|
-
application/json:
|
|
741
|
-
schema:
|
|
742
|
-
type: object
|
|
743
|
-
properties:
|
|
744
|
-
token:
|
|
745
|
-
type: string
|
|
746
|
-
description: Reset token to be used in reset-password endpoint
|
|
747
|
-
expiresAt:
|
|
748
|
-
type: string
|
|
749
|
-
format: date-time
|
|
750
|
-
description: Token expiration timestamp
|
|
751
|
-
'400':
|
|
752
|
-
description: Invalid request
|
|
753
|
-
'401':
|
|
754
|
-
description: Invalid or expired code
|
|
755
|
-
|
|
756
|
-
/api/auth/email/reset-password:
|
|
757
|
-
post:
|
|
758
|
-
summary: Reset password with token
|
|
759
|
-
description: |
|
|
760
|
-
Reset user password with a token. The token can be:
|
|
761
|
-
- Magic link token (64-character hex token from send-reset-password when method is 'link')
|
|
762
|
-
- Reset token (from exchange-reset-password-token after code verification when method is 'code')
|
|
763
|
-
|
|
764
|
-
Both token types use RESET_PASSWORD purpose and are verified the same way.
|
|
765
|
-
|
|
766
|
-
Flow summary:
|
|
767
|
-
- Code method: send-reset-password → exchange-reset-password-token → reset-password (with resetToken)
|
|
768
|
-
- Link method: send-reset-password → reset-password (with link token directly)
|
|
769
|
-
tags:
|
|
770
|
-
- Client
|
|
771
|
-
requestBody:
|
|
772
|
-
required: true
|
|
773
|
-
content:
|
|
774
|
-
application/json:
|
|
775
|
-
schema:
|
|
776
|
-
type: object
|
|
777
|
-
required:
|
|
778
|
-
- newPassword
|
|
779
|
-
- otp
|
|
780
|
-
properties:
|
|
781
|
-
newPassword:
|
|
782
|
-
type: string
|
|
783
|
-
description: New password meeting configured requirements
|
|
784
|
-
example: newSecurePassword123
|
|
785
|
-
otp:
|
|
786
|
-
type: string
|
|
787
|
-
description: Reset token (either from magic link or from exchange-reset-password-token endpoint)
|
|
788
|
-
example: "a1b2c3d4..."
|
|
789
|
-
responses:
|
|
790
|
-
'200':
|
|
791
|
-
description: Password reset successfully
|
|
792
|
-
content:
|
|
793
|
-
application/json:
|
|
794
|
-
schema:
|
|
795
|
-
type: object
|
|
796
|
-
properties:
|
|
797
|
-
message:
|
|
798
|
-
type: string
|
|
799
|
-
example: "Password reset successfully"
|
|
800
|
-
'400':
|
|
801
|
-
description: Invalid request or password requirements not met
|
|
802
|
-
'401':
|
|
803
|
-
description: Verification code/token expired or invalid
|
|
804
|
-
|
|
805
|
-
/api/auth/oauth/configs:
|
|
806
|
-
get:
|
|
807
|
-
summary: List all OAuth configurations
|
|
808
|
-
description: Get all configured OAuth providers (admin only)
|
|
809
|
-
tags:
|
|
810
|
-
- Admin
|
|
811
|
-
security:
|
|
812
|
-
- bearerAuth: []
|
|
813
|
-
responses:
|
|
814
|
-
'200':
|
|
815
|
-
description: List of OAuth configurations
|
|
816
|
-
content:
|
|
817
|
-
application/json:
|
|
818
|
-
schema:
|
|
819
|
-
type: object
|
|
820
|
-
properties:
|
|
821
|
-
data:
|
|
822
|
-
type: array
|
|
823
|
-
items:
|
|
824
|
-
$ref: '#/components/schemas/OAuthConfig'
|
|
825
|
-
count:
|
|
826
|
-
type: integer
|
|
827
|
-
'401':
|
|
828
|
-
description: Unauthorized
|
|
829
|
-
'403':
|
|
830
|
-
description: Forbidden - Admin only
|
|
831
|
-
|
|
832
|
-
post:
|
|
833
|
-
summary: Create OAuth configuration
|
|
834
|
-
description: Create a new OAuth provider configuration (admin only)
|
|
835
|
-
tags:
|
|
836
|
-
- Admin
|
|
837
|
-
security:
|
|
838
|
-
- bearerAuth: []
|
|
839
|
-
requestBody:
|
|
840
|
-
required: true
|
|
841
|
-
content:
|
|
842
|
-
application/json:
|
|
843
|
-
schema:
|
|
844
|
-
type: object
|
|
845
|
-
required:
|
|
846
|
-
- provider
|
|
847
|
-
properties:
|
|
848
|
-
provider:
|
|
849
|
-
type: string
|
|
850
|
-
enum: [google, github, discord, linkedin, facebook, microsoft]
|
|
851
|
-
clientId:
|
|
852
|
-
type: string
|
|
853
|
-
clientSecret:
|
|
854
|
-
type: string
|
|
855
|
-
redirectUri:
|
|
856
|
-
type: string
|
|
857
|
-
scopes:
|
|
858
|
-
type: array
|
|
859
|
-
items:
|
|
860
|
-
type: string
|
|
861
|
-
useSharedKey:
|
|
862
|
-
type: boolean
|
|
863
|
-
responses:
|
|
864
|
-
'200':
|
|
865
|
-
description: OAuth configuration created
|
|
866
|
-
content:
|
|
867
|
-
application/json:
|
|
868
|
-
schema:
|
|
869
|
-
$ref: '#/components/schemas/OAuthConfig'
|
|
870
|
-
'400':
|
|
871
|
-
description: Invalid request
|
|
872
|
-
'401':
|
|
873
|
-
description: Unauthorized
|
|
874
|
-
'403':
|
|
875
|
-
description: Forbidden - Admin only
|
|
876
|
-
|
|
877
|
-
/api/auth/oauth/{provider}/config:
|
|
878
|
-
get:
|
|
879
|
-
summary: Get OAuth configuration for specific provider
|
|
880
|
-
description: Get OAuth configuration including client secret (admin only)
|
|
881
|
-
tags:
|
|
882
|
-
- Admin
|
|
883
|
-
security:
|
|
884
|
-
- bearerAuth: []
|
|
885
|
-
parameters:
|
|
886
|
-
- name: provider
|
|
887
|
-
in: path
|
|
888
|
-
required: true
|
|
889
|
-
schema:
|
|
890
|
-
type: string
|
|
891
|
-
enum: [google, github, discord, linkedin, facebook, microsoft]
|
|
892
|
-
responses:
|
|
893
|
-
'200':
|
|
894
|
-
description: OAuth configuration
|
|
895
|
-
content:
|
|
896
|
-
application/json:
|
|
897
|
-
schema:
|
|
898
|
-
allOf:
|
|
899
|
-
- $ref: '#/components/schemas/OAuthConfig'
|
|
900
|
-
- type: object
|
|
901
|
-
properties:
|
|
902
|
-
clientSecret:
|
|
903
|
-
type: string
|
|
904
|
-
'401':
|
|
905
|
-
description: Unauthorized
|
|
906
|
-
'403':
|
|
907
|
-
description: Forbidden - Admin only
|
|
908
|
-
'404':
|
|
909
|
-
description: Configuration not found
|
|
910
|
-
|
|
911
|
-
put:
|
|
912
|
-
summary: Update OAuth configuration
|
|
913
|
-
description: Update OAuth provider configuration (admin only)
|
|
914
|
-
tags:
|
|
915
|
-
- Admin
|
|
916
|
-
security:
|
|
917
|
-
- bearerAuth: []
|
|
918
|
-
parameters:
|
|
919
|
-
- name: provider
|
|
920
|
-
in: path
|
|
921
|
-
required: true
|
|
922
|
-
schema:
|
|
923
|
-
type: string
|
|
924
|
-
enum: [google, github, discord, linkedin, facebook, microsoft]
|
|
925
|
-
requestBody:
|
|
926
|
-
required: true
|
|
927
|
-
content:
|
|
928
|
-
application/json:
|
|
929
|
-
schema:
|
|
930
|
-
type: object
|
|
931
|
-
properties:
|
|
932
|
-
clientId:
|
|
933
|
-
type: string
|
|
934
|
-
clientSecret:
|
|
935
|
-
type: string
|
|
936
|
-
redirectUri:
|
|
937
|
-
type: string
|
|
938
|
-
scopes:
|
|
939
|
-
type: array
|
|
940
|
-
items:
|
|
941
|
-
type: string
|
|
942
|
-
useSharedKey:
|
|
943
|
-
type: boolean
|
|
944
|
-
responses:
|
|
945
|
-
'200':
|
|
946
|
-
description: Configuration updated
|
|
947
|
-
content:
|
|
948
|
-
application/json:
|
|
949
|
-
schema:
|
|
950
|
-
$ref: '#/components/schemas/OAuthConfig'
|
|
951
|
-
'400':
|
|
952
|
-
description: Invalid request
|
|
953
|
-
'401':
|
|
954
|
-
description: Unauthorized
|
|
955
|
-
'403':
|
|
956
|
-
description: Forbidden - Admin only
|
|
957
|
-
'404':
|
|
958
|
-
description: Configuration not found
|
|
959
|
-
|
|
960
|
-
delete:
|
|
961
|
-
summary: Delete OAuth configuration
|
|
962
|
-
description: Delete OAuth provider configuration (admin only)
|
|
963
|
-
tags:
|
|
964
|
-
- Admin
|
|
965
|
-
security:
|
|
966
|
-
- bearerAuth: []
|
|
967
|
-
parameters:
|
|
968
|
-
- name: provider
|
|
969
|
-
in: path
|
|
970
|
-
required: true
|
|
971
|
-
schema:
|
|
972
|
-
type: string
|
|
973
|
-
enum: [google, github, discord, linkedin, facebook, microsoft]
|
|
974
|
-
responses:
|
|
975
|
-
'200':
|
|
976
|
-
description: Configuration deleted
|
|
977
|
-
content:
|
|
978
|
-
application/json:
|
|
979
|
-
schema:
|
|
980
|
-
type: object
|
|
981
|
-
properties:
|
|
982
|
-
success:
|
|
983
|
-
type: boolean
|
|
984
|
-
message:
|
|
985
|
-
type: string
|
|
986
|
-
'401':
|
|
987
|
-
description: Unauthorized
|
|
988
|
-
'403':
|
|
989
|
-
description: Forbidden - Admin only
|
|
990
|
-
'404':
|
|
991
|
-
description: Configuration not found
|
|
992
|
-
|
|
993
|
-
/api/auth/oauth/{provider}:
|
|
994
|
-
get:
|
|
995
|
-
summary: Initiate OAuth flow
|
|
996
|
-
description: Generate OAuth authorization URL for any supported provider
|
|
997
|
-
tags:
|
|
998
|
-
- Client
|
|
999
|
-
parameters:
|
|
1000
|
-
- name: provider
|
|
1001
|
-
in: path
|
|
1002
|
-
required: true
|
|
1003
|
-
schema:
|
|
1004
|
-
type: string
|
|
1005
|
-
enum: [google, github, discord, linkedin, facebook, microsoft]
|
|
1006
|
-
- name: redirect_uri
|
|
1007
|
-
in: query
|
|
1008
|
-
required: true
|
|
1009
|
-
schema:
|
|
1010
|
-
type: string
|
|
1011
|
-
format: uri
|
|
1012
|
-
description: URL to redirect after authentication
|
|
1013
|
-
responses:
|
|
1014
|
-
'200':
|
|
1015
|
-
description: OAuth authorization URL
|
|
1016
|
-
content:
|
|
1017
|
-
application/json:
|
|
1018
|
-
schema:
|
|
1019
|
-
type: object
|
|
1020
|
-
properties:
|
|
1021
|
-
authUrl:
|
|
1022
|
-
type: string
|
|
1023
|
-
format: uri
|
|
1024
|
-
'400':
|
|
1025
|
-
description: Invalid request or provider not supported
|
|
1026
|
-
'500':
|
|
1027
|
-
description: OAuth not configured
|
|
1028
|
-
|
|
1029
|
-
/api/auth/oauth/shared/callback/{state}:
|
|
1030
|
-
get:
|
|
1031
|
-
summary: Shared OAuth callback handler
|
|
1032
|
-
description: Handles OAuth callbacks from InsForge Cloud shared OAuth
|
|
1033
|
-
tags:
|
|
1034
|
-
- Client
|
|
1035
|
-
parameters:
|
|
1036
|
-
- name: state
|
|
1037
|
-
in: path
|
|
1038
|
-
required: true
|
|
1039
|
-
schema:
|
|
1040
|
-
type: string
|
|
1041
|
-
description: JWT state parameter
|
|
1042
|
-
- name: success
|
|
1043
|
-
in: query
|
|
1044
|
-
schema:
|
|
1045
|
-
type: string
|
|
1046
|
-
description: Success flag
|
|
1047
|
-
- name: error
|
|
1048
|
-
in: query
|
|
1049
|
-
schema:
|
|
1050
|
-
type: string
|
|
1051
|
-
description: Error message
|
|
1052
|
-
- name: payload
|
|
1053
|
-
in: query
|
|
1054
|
-
schema:
|
|
1055
|
-
type: string
|
|
1056
|
-
description: Base64 encoded user payload
|
|
1057
|
-
responses:
|
|
1058
|
-
'302':
|
|
1059
|
-
description: Redirect to application with access token or error
|
|
1060
|
-
headers:
|
|
1061
|
-
Location:
|
|
1062
|
-
schema:
|
|
1063
|
-
type: string
|
|
1064
|
-
format: uri
|
|
1065
|
-
|
|
1066
|
-
/api/auth/oauth/{provider}/callback:
|
|
1067
|
-
get:
|
|
1068
|
-
summary: Provider-specific OAuth callback
|
|
1069
|
-
description: OAuth callback endpoint for provider-specific flows
|
|
1070
|
-
tags:
|
|
1071
|
-
- Client
|
|
1072
|
-
parameters:
|
|
1073
|
-
- name: provider
|
|
1074
|
-
in: path
|
|
1075
|
-
required: true
|
|
1076
|
-
schema:
|
|
1077
|
-
type: string
|
|
1078
|
-
enum: [google, github, discord, linkedin, facebook, microsoft]
|
|
1079
|
-
- name: code
|
|
1080
|
-
in: query
|
|
1081
|
-
schema:
|
|
1082
|
-
type: string
|
|
1083
|
-
description: Authorization code from OAuth provider
|
|
1084
|
-
- name: state
|
|
1085
|
-
in: query
|
|
1086
|
-
required: true
|
|
1087
|
-
schema:
|
|
1088
|
-
type: string
|
|
1089
|
-
description: JWT state with redirect URI
|
|
1090
|
-
- name: token
|
|
1091
|
-
in: query
|
|
1092
|
-
schema:
|
|
1093
|
-
type: string
|
|
1094
|
-
description: Direct ID token (for some providers)
|
|
1095
|
-
responses:
|
|
1096
|
-
'302':
|
|
1097
|
-
description: Redirect to application with access token
|
|
1098
|
-
headers:
|
|
1099
|
-
Location:
|
|
1100
|
-
schema:
|
|
1101
|
-
type: string
|
|
1102
|
-
format: uri
|
|
1103
|
-
description: Redirect URL with access_token, user_id, email, and name query params
|
|
1104
|
-
|
|
1105
|
-
components:
|
|
1106
|
-
securitySchemes:
|
|
1107
|
-
bearerAuth:
|
|
1108
|
-
type: http
|
|
1109
|
-
scheme: bearer
|
|
1110
|
-
bearerFormat: JWT
|
|
1111
|
-
apiKey:
|
|
1112
|
-
type: apiKey
|
|
1113
|
-
in: header
|
|
1114
|
-
name: x-api-key
|
|
1115
|
-
|
|
1116
|
-
schemas:
|
|
1117
|
-
UserResponse:
|
|
1118
|
-
type: object
|
|
1119
|
-
properties:
|
|
1120
|
-
id:
|
|
1121
|
-
type: string
|
|
1122
|
-
format: uuid
|
|
1123
|
-
email:
|
|
1124
|
-
type: string
|
|
1125
|
-
format: email
|
|
1126
|
-
name:
|
|
1127
|
-
type: string
|
|
1128
|
-
emailVerified:
|
|
1129
|
-
type: boolean
|
|
1130
|
-
identities:
|
|
1131
|
-
type: array
|
|
1132
|
-
items:
|
|
1133
|
-
type: object
|
|
1134
|
-
properties:
|
|
1135
|
-
provider:
|
|
1136
|
-
type: string
|
|
1137
|
-
providerType:
|
|
1138
|
-
type: string
|
|
1139
|
-
createdAt:
|
|
1140
|
-
type: string
|
|
1141
|
-
format: date-time
|
|
1142
|
-
updatedAt:
|
|
1143
|
-
type: string
|
|
1144
|
-
format: date-time
|
|
1145
|
-
|
|
1146
|
-
OAuthConfig:
|
|
1147
|
-
type: object
|
|
1148
|
-
properties:
|
|
1149
|
-
id:
|
|
1150
|
-
type: string
|
|
1151
|
-
format: uuid
|
|
1152
|
-
provider:
|
|
1153
|
-
type: string
|
|
1154
|
-
enum: [google, github, discord, linkedin, facebook, microsoft]
|
|
1155
|
-
clientId:
|
|
1156
|
-
type: string
|
|
1157
|
-
nullable: true
|
|
1158
|
-
redirectUri:
|
|
1159
|
-
type: string
|
|
1160
|
-
nullable: true
|
|
1161
|
-
scopes:
|
|
1162
|
-
type: array
|
|
1163
|
-
items:
|
|
1164
|
-
type: string
|
|
1165
|
-
nullable: true
|
|
1166
|
-
useSharedKey:
|
|
1167
|
-
type: boolean
|
|
1168
|
-
createdAt:
|
|
1169
|
-
type: string
|
|
1170
|
-
format: date-time
|
|
1171
|
-
updatedAt:
|
|
1172
|
-
type: string
|
|
1173
|
-
format: date-time
|
|
1174
|
-
|
|
1175
|
-
AuthRecord:
|
|
1176
|
-
type: object
|
|
1177
|
-
properties:
|
|
1178
|
-
id:
|
|
1179
|
-
type: string
|
|
1180
|
-
format: uuid
|
|
1181
|
-
email:
|
|
1182
|
-
type: string
|
|
1183
|
-
format: email
|
|
1184
|
-
passwordHash:
|
|
1185
|
-
type: string
|
|
1186
|
-
description: SHA256 hash of password
|
|
1187
|
-
createdAt:
|
|
1188
|
-
type: string
|
|
1189
|
-
format: date-time
|
|
1190
|
-
updatedAt:
|
|
1191
|
-
type: string
|
|
1192
|
-
format: date-time
|
|
1193
|
-
|
|
1194
|
-
ProfileRecord:
|
|
1195
|
-
type: object
|
|
1196
|
-
properties:
|
|
1197
|
-
id:
|
|
1198
|
-
type: string
|
|
1199
|
-
format: uuid
|
|
1200
|
-
authId:
|
|
1201
|
-
type: string
|
|
1202
|
-
format: uuid
|
|
1203
|
-
description: Foreign key to auth table
|
|
1204
|
-
name:
|
|
1205
|
-
type: string
|
|
1206
|
-
avatar_url:
|
|
1207
|
-
type: string
|
|
1208
|
-
nullable: true
|
|
1209
|
-
bio:
|
|
1210
|
-
type: string
|
|
1211
|
-
nullable: true
|
|
1212
|
-
metadata:
|
|
1213
|
-
type: object
|
|
1214
|
-
description: JSONB field for flexible data
|
|
1215
|
-
createdAt:
|
|
1216
|
-
type: string
|
|
1217
|
-
format: date-time
|
|
1218
|
-
updatedAt:
|
|
1219
|
-
type: string
|
|
1220
|
-
format: date-time
|
|
1221
|
-
|
|
1222
|
-
ErrorResponse:
|
|
1223
|
-
type: object
|
|
1224
|
-
required:
|
|
1225
|
-
- error
|
|
1226
|
-
- message
|
|
1227
|
-
- statusCode
|
|
1228
|
-
properties:
|
|
1229
|
-
error:
|
|
1230
|
-
type: string
|
|
1231
|
-
description: Error code for programmatic handling
|
|
1232
|
-
example: "VALIDATION_ERROR"
|
|
1233
|
-
message:
|
|
1234
|
-
type: string
|
|
1235
|
-
description: Human-readable error message
|
|
1236
|
-
example: "Email is already in use"
|
|
1237
|
-
statusCode:
|
|
1238
|
-
type: integer
|
|
1239
|
-
description: HTTP status code
|
|
1240
|
-
example: 400
|
|
1241
|
-
nextActions:
|
|
1242
|
-
type: string
|
|
1243
|
-
description: Suggested action to resolve the error
|
|
1244
|
-
example: "Please use a different email address"
|
|
1
|
+
openapi: 3.0.3
|
|
2
|
+
info:
|
|
3
|
+
title: Insforge Authentication API
|
|
4
|
+
version: 2.0.0
|
|
5
|
+
description: Authentication endpoints with separated auth and profile tables
|
|
6
|
+
|
|
7
|
+
paths:
|
|
8
|
+
/api/auth/public-config:
|
|
9
|
+
get:
|
|
10
|
+
summary: Get public authentication configuration
|
|
11
|
+
description: Get all public authentication configuration including OAuth providers and email auth settings (public endpoint)
|
|
12
|
+
tags:
|
|
13
|
+
- Client
|
|
14
|
+
responses:
|
|
15
|
+
'200':
|
|
16
|
+
description: Public authentication configuration
|
|
17
|
+
content:
|
|
18
|
+
application/json:
|
|
19
|
+
schema:
|
|
20
|
+
type: object
|
|
21
|
+
properties:
|
|
22
|
+
oAuthProviders:
|
|
23
|
+
type: array
|
|
24
|
+
items:
|
|
25
|
+
type: object
|
|
26
|
+
properties:
|
|
27
|
+
provider:
|
|
28
|
+
type: string
|
|
29
|
+
enum: [google, github, discord, linkedin, facebook, microsoft]
|
|
30
|
+
useSharedKey:
|
|
31
|
+
type: boolean
|
|
32
|
+
requireEmailVerification:
|
|
33
|
+
type: boolean
|
|
34
|
+
passwordMinLength:
|
|
35
|
+
type: integer
|
|
36
|
+
minimum: 4
|
|
37
|
+
maximum: 128
|
|
38
|
+
requireNumber:
|
|
39
|
+
type: boolean
|
|
40
|
+
requireLowercase:
|
|
41
|
+
type: boolean
|
|
42
|
+
requireUppercase:
|
|
43
|
+
type: boolean
|
|
44
|
+
requireSpecialChar:
|
|
45
|
+
type: boolean
|
|
46
|
+
verifyEmailRedirectTo:
|
|
47
|
+
type: string
|
|
48
|
+
nullable: true
|
|
49
|
+
description: URL to redirect users after successful email verification (if not set, shows default success page)
|
|
50
|
+
resetPasswordRedirectTo:
|
|
51
|
+
type: string
|
|
52
|
+
nullable: true
|
|
53
|
+
description: URL to redirect users after successful password reset (if not set, shows default success page)
|
|
54
|
+
verifyEmailMethod:
|
|
55
|
+
type: string
|
|
56
|
+
enum: [code, link]
|
|
57
|
+
description: Method for email verification (code = 6-digit OTP, link = magic link)
|
|
58
|
+
resetPasswordMethod:
|
|
59
|
+
type: string
|
|
60
|
+
enum: [code, link]
|
|
61
|
+
description: Method for password reset (code = 6-digit OTP + exchange flow, link = magic link)
|
|
62
|
+
|
|
63
|
+
/api/auth/config:
|
|
64
|
+
get:
|
|
65
|
+
summary: Get authentication configuration
|
|
66
|
+
description: Get current authentication settings including all configuration options (admin only)
|
|
67
|
+
tags:
|
|
68
|
+
- Admin
|
|
69
|
+
security:
|
|
70
|
+
- bearerAuth: []
|
|
71
|
+
responses:
|
|
72
|
+
'200':
|
|
73
|
+
description: Authentication configuration
|
|
74
|
+
content:
|
|
75
|
+
application/json:
|
|
76
|
+
schema:
|
|
77
|
+
type: object
|
|
78
|
+
properties:
|
|
79
|
+
id:
|
|
80
|
+
type: string
|
|
81
|
+
format: uuid
|
|
82
|
+
requireEmailVerification:
|
|
83
|
+
type: boolean
|
|
84
|
+
passwordMinLength:
|
|
85
|
+
type: integer
|
|
86
|
+
minimum: 4
|
|
87
|
+
maximum: 128
|
|
88
|
+
requireNumber:
|
|
89
|
+
type: boolean
|
|
90
|
+
requireLowercase:
|
|
91
|
+
type: boolean
|
|
92
|
+
requireUppercase:
|
|
93
|
+
type: boolean
|
|
94
|
+
requireSpecialChar:
|
|
95
|
+
type: boolean
|
|
96
|
+
verifyEmailRedirectTo:
|
|
97
|
+
type: string
|
|
98
|
+
nullable: true
|
|
99
|
+
description: URL to redirect users after successful email verification (if not set, shows default success page)
|
|
100
|
+
resetPasswordRedirectTo:
|
|
101
|
+
type: string
|
|
102
|
+
nullable: true
|
|
103
|
+
description: URL to redirect users after successful password reset (if not set, shows default success page)
|
|
104
|
+
verifyEmailMethod:
|
|
105
|
+
type: string
|
|
106
|
+
enum: [code, link]
|
|
107
|
+
description: Method for email verification (code = 6-digit OTP, link = magic link)
|
|
108
|
+
resetPasswordMethod:
|
|
109
|
+
type: string
|
|
110
|
+
enum: [code, link]
|
|
111
|
+
description: Method for password reset (code = 6-digit OTP + exchange flow, link = magic link)
|
|
112
|
+
signInRedirectTo:
|
|
113
|
+
type: string
|
|
114
|
+
nullable: true
|
|
115
|
+
description: URL to redirect users after successful sign in
|
|
116
|
+
createdAt:
|
|
117
|
+
type: string
|
|
118
|
+
format: date-time
|
|
119
|
+
updatedAt:
|
|
120
|
+
type: string
|
|
121
|
+
format: date-time
|
|
122
|
+
'401':
|
|
123
|
+
description: Unauthorized
|
|
124
|
+
'403':
|
|
125
|
+
description: Forbidden - Admin only
|
|
126
|
+
|
|
127
|
+
put:
|
|
128
|
+
summary: Update authentication configuration
|
|
129
|
+
description: Update authentication settings (admin only)
|
|
130
|
+
tags:
|
|
131
|
+
- Admin
|
|
132
|
+
security:
|
|
133
|
+
- bearerAuth: []
|
|
134
|
+
requestBody:
|
|
135
|
+
required: true
|
|
136
|
+
content:
|
|
137
|
+
application/json:
|
|
138
|
+
schema:
|
|
139
|
+
type: object
|
|
140
|
+
properties:
|
|
141
|
+
requireEmailVerification:
|
|
142
|
+
type: boolean
|
|
143
|
+
passwordMinLength:
|
|
144
|
+
type: integer
|
|
145
|
+
minimum: 4
|
|
146
|
+
maximum: 128
|
|
147
|
+
requireNumber:
|
|
148
|
+
type: boolean
|
|
149
|
+
requireLowercase:
|
|
150
|
+
type: boolean
|
|
151
|
+
requireUppercase:
|
|
152
|
+
type: boolean
|
|
153
|
+
requireSpecialChar:
|
|
154
|
+
type: boolean
|
|
155
|
+
verifyEmailRedirectTo:
|
|
156
|
+
type: string
|
|
157
|
+
nullable: true
|
|
158
|
+
description: URL to redirect users after successful email verification (if not set, shows default success page)
|
|
159
|
+
resetPasswordRedirectTo:
|
|
160
|
+
type: string
|
|
161
|
+
nullable: true
|
|
162
|
+
description: URL to redirect users after successful password reset (if not set, shows default success page)
|
|
163
|
+
verifyEmailMethod:
|
|
164
|
+
type: string
|
|
165
|
+
enum: [code, link]
|
|
166
|
+
description: Method for email verification (code = 6-digit OTP, link = magic link)
|
|
167
|
+
resetPasswordMethod:
|
|
168
|
+
type: string
|
|
169
|
+
enum: [code, link]
|
|
170
|
+
description: Method for password reset (code = 6-digit OTP + exchange flow, link = magic link)
|
|
171
|
+
signInRedirectTo:
|
|
172
|
+
type: string
|
|
173
|
+
nullable: true
|
|
174
|
+
description: URL to redirect users after successful sign in
|
|
175
|
+
responses:
|
|
176
|
+
'200':
|
|
177
|
+
description: Configuration updated successfully
|
|
178
|
+
content:
|
|
179
|
+
application/json:
|
|
180
|
+
schema:
|
|
181
|
+
type: object
|
|
182
|
+
properties:
|
|
183
|
+
id:
|
|
184
|
+
type: string
|
|
185
|
+
format: uuid
|
|
186
|
+
requireEmailVerification:
|
|
187
|
+
type: boolean
|
|
188
|
+
passwordMinLength:
|
|
189
|
+
type: integer
|
|
190
|
+
minimum: 4
|
|
191
|
+
maximum: 128
|
|
192
|
+
requireNumber:
|
|
193
|
+
type: boolean
|
|
194
|
+
requireLowercase:
|
|
195
|
+
type: boolean
|
|
196
|
+
requireUppercase:
|
|
197
|
+
type: boolean
|
|
198
|
+
requireSpecialChar:
|
|
199
|
+
type: boolean
|
|
200
|
+
verifyEmailRedirectTo:
|
|
201
|
+
type: string
|
|
202
|
+
nullable: true
|
|
203
|
+
description: URL to redirect users after successful email verification (if not set, shows default success page)
|
|
204
|
+
resetPasswordRedirectTo:
|
|
205
|
+
type: string
|
|
206
|
+
nullable: true
|
|
207
|
+
description: URL to redirect users after successful password reset (if not set, shows default success page)
|
|
208
|
+
verifyEmailMethod:
|
|
209
|
+
type: string
|
|
210
|
+
enum: [code, link]
|
|
211
|
+
resetPasswordMethod:
|
|
212
|
+
type: string
|
|
213
|
+
enum: [code, link]
|
|
214
|
+
signInRedirectTo:
|
|
215
|
+
type: string
|
|
216
|
+
nullable: true
|
|
217
|
+
createdAt:
|
|
218
|
+
type: string
|
|
219
|
+
format: date-time
|
|
220
|
+
updatedAt:
|
|
221
|
+
type: string
|
|
222
|
+
format: date-time
|
|
223
|
+
'400':
|
|
224
|
+
description: Invalid request
|
|
225
|
+
'401':
|
|
226
|
+
description: Unauthorized
|
|
227
|
+
'403':
|
|
228
|
+
description: Forbidden - Admin only
|
|
229
|
+
|
|
230
|
+
/api/auth/users:
|
|
231
|
+
post:
|
|
232
|
+
summary: Register new user
|
|
233
|
+
description: Creates a new user account
|
|
234
|
+
tags:
|
|
235
|
+
- Client
|
|
236
|
+
requestBody:
|
|
237
|
+
required: true
|
|
238
|
+
content:
|
|
239
|
+
application/json:
|
|
240
|
+
schema:
|
|
241
|
+
type: object
|
|
242
|
+
required:
|
|
243
|
+
- email
|
|
244
|
+
- password
|
|
245
|
+
properties:
|
|
246
|
+
email:
|
|
247
|
+
type: string
|
|
248
|
+
format: email
|
|
249
|
+
example: user@example.com
|
|
250
|
+
password:
|
|
251
|
+
type: string
|
|
252
|
+
description: Password meeting configured requirements (check /api/auth/email/config for current requirements)
|
|
253
|
+
example: securepassword123
|
|
254
|
+
name:
|
|
255
|
+
type: string
|
|
256
|
+
example: John Doe
|
|
257
|
+
responses:
|
|
258
|
+
'200':
|
|
259
|
+
description: User created successfully
|
|
260
|
+
content:
|
|
261
|
+
application/json:
|
|
262
|
+
schema:
|
|
263
|
+
type: object
|
|
264
|
+
properties:
|
|
265
|
+
user:
|
|
266
|
+
$ref: '#/components/schemas/UserResponse'
|
|
267
|
+
accessToken:
|
|
268
|
+
type: string
|
|
269
|
+
nullable: true
|
|
270
|
+
description: JWT authentication token (null if email verification required)
|
|
271
|
+
requireEmailVerification:
|
|
272
|
+
type: boolean
|
|
273
|
+
description: Whether email verification is required before login
|
|
274
|
+
redirectTo:
|
|
275
|
+
type: string
|
|
276
|
+
format: uri
|
|
277
|
+
description: Optional URL to redirect user after registration (only present if email verification not required)
|
|
278
|
+
'400':
|
|
279
|
+
description: Invalid request
|
|
280
|
+
'409':
|
|
281
|
+
description: User already exists
|
|
282
|
+
|
|
283
|
+
get:
|
|
284
|
+
summary: List all users (admin only)
|
|
285
|
+
description: Returns paginated list of users
|
|
286
|
+
tags:
|
|
287
|
+
- Admin
|
|
288
|
+
security:
|
|
289
|
+
- bearerAuth: []
|
|
290
|
+
parameters:
|
|
291
|
+
- name: offset
|
|
292
|
+
in: query
|
|
293
|
+
schema:
|
|
294
|
+
type: string
|
|
295
|
+
default: '0'
|
|
296
|
+
description: Number of records to skip
|
|
297
|
+
- name: limit
|
|
298
|
+
in: query
|
|
299
|
+
schema:
|
|
300
|
+
type: string
|
|
301
|
+
default: '10'
|
|
302
|
+
description: Maximum number of records to return
|
|
303
|
+
- name: search
|
|
304
|
+
in: query
|
|
305
|
+
schema:
|
|
306
|
+
type: string
|
|
307
|
+
description: Search by email or name
|
|
308
|
+
responses:
|
|
309
|
+
'200':
|
|
310
|
+
description: List of users
|
|
311
|
+
content:
|
|
312
|
+
application/json:
|
|
313
|
+
schema:
|
|
314
|
+
type: object
|
|
315
|
+
properties:
|
|
316
|
+
data:
|
|
317
|
+
type: array
|
|
318
|
+
items:
|
|
319
|
+
$ref: '#/components/schemas/UserResponse'
|
|
320
|
+
pagination:
|
|
321
|
+
type: object
|
|
322
|
+
properties:
|
|
323
|
+
offset:
|
|
324
|
+
type: integer
|
|
325
|
+
limit:
|
|
326
|
+
type: integer
|
|
327
|
+
total:
|
|
328
|
+
type: integer
|
|
329
|
+
'401':
|
|
330
|
+
description: Unauthorized
|
|
331
|
+
'403':
|
|
332
|
+
description: Forbidden - Admin only
|
|
333
|
+
|
|
334
|
+
delete:
|
|
335
|
+
summary: Delete users (admin only)
|
|
336
|
+
description: Delete multiple users by their IDs
|
|
337
|
+
tags:
|
|
338
|
+
- Admin
|
|
339
|
+
security:
|
|
340
|
+
- bearerAuth: []
|
|
341
|
+
requestBody:
|
|
342
|
+
required: true
|
|
343
|
+
content:
|
|
344
|
+
application/json:
|
|
345
|
+
schema:
|
|
346
|
+
type: object
|
|
347
|
+
properties:
|
|
348
|
+
userIds:
|
|
349
|
+
type: array
|
|
350
|
+
items:
|
|
351
|
+
type: string
|
|
352
|
+
required:
|
|
353
|
+
- userIds
|
|
354
|
+
responses:
|
|
355
|
+
'200':
|
|
356
|
+
description: Users deleted successfully
|
|
357
|
+
content:
|
|
358
|
+
application/json:
|
|
359
|
+
schema:
|
|
360
|
+
type: object
|
|
361
|
+
properties:
|
|
362
|
+
message:
|
|
363
|
+
type: string
|
|
364
|
+
deletedCount:
|
|
365
|
+
type: integer
|
|
366
|
+
'401':
|
|
367
|
+
description: Unauthorized
|
|
368
|
+
'403':
|
|
369
|
+
description: Forbidden - Admin only
|
|
370
|
+
|
|
371
|
+
/api/auth/users/{userId}:
|
|
372
|
+
get:
|
|
373
|
+
summary: Get specific user
|
|
374
|
+
description: Get user details by ID (admin only)
|
|
375
|
+
tags:
|
|
376
|
+
- Admin
|
|
377
|
+
security:
|
|
378
|
+
- bearerAuth: []
|
|
379
|
+
parameters:
|
|
380
|
+
- name: userId
|
|
381
|
+
in: path
|
|
382
|
+
required: true
|
|
383
|
+
schema:
|
|
384
|
+
type: string
|
|
385
|
+
format: uuid
|
|
386
|
+
description: User ID
|
|
387
|
+
responses:
|
|
388
|
+
'200':
|
|
389
|
+
description: User details
|
|
390
|
+
content:
|
|
391
|
+
application/json:
|
|
392
|
+
schema:
|
|
393
|
+
$ref: '#/components/schemas/UserResponse'
|
|
394
|
+
'400':
|
|
395
|
+
description: Invalid user ID format
|
|
396
|
+
'401':
|
|
397
|
+
description: Unauthorized
|
|
398
|
+
'403':
|
|
399
|
+
description: Forbidden - Admin only
|
|
400
|
+
'404':
|
|
401
|
+
description: User not found
|
|
402
|
+
|
|
403
|
+
/api/auth/sessions:
|
|
404
|
+
post:
|
|
405
|
+
summary: User login
|
|
406
|
+
description: Authenticates user and returns access token
|
|
407
|
+
tags:
|
|
408
|
+
- Client
|
|
409
|
+
requestBody:
|
|
410
|
+
required: true
|
|
411
|
+
content:
|
|
412
|
+
application/json:
|
|
413
|
+
schema:
|
|
414
|
+
type: object
|
|
415
|
+
required:
|
|
416
|
+
- email
|
|
417
|
+
- password
|
|
418
|
+
properties:
|
|
419
|
+
email:
|
|
420
|
+
type: string
|
|
421
|
+
format: email
|
|
422
|
+
password:
|
|
423
|
+
type: string
|
|
424
|
+
responses:
|
|
425
|
+
'200':
|
|
426
|
+
description: Login successful
|
|
427
|
+
content:
|
|
428
|
+
application/json:
|
|
429
|
+
schema:
|
|
430
|
+
type: object
|
|
431
|
+
properties:
|
|
432
|
+
user:
|
|
433
|
+
$ref: '#/components/schemas/UserResponse'
|
|
434
|
+
accessToken:
|
|
435
|
+
type: string
|
|
436
|
+
redirectTo:
|
|
437
|
+
type: string
|
|
438
|
+
format: uri
|
|
439
|
+
description: Optional URL to redirect user after login (if configured)
|
|
440
|
+
'401':
|
|
441
|
+
description: Invalid credentials
|
|
442
|
+
'403':
|
|
443
|
+
description: Email verification required
|
|
444
|
+
|
|
445
|
+
/api/auth/sessions/current:
|
|
446
|
+
get:
|
|
447
|
+
summary: Get current user
|
|
448
|
+
description: Returns the currently authenticated user's basic info from JWT token
|
|
449
|
+
tags:
|
|
450
|
+
- Client
|
|
451
|
+
security:
|
|
452
|
+
- bearerAuth: []
|
|
453
|
+
responses:
|
|
454
|
+
'200':
|
|
455
|
+
description: Current user info
|
|
456
|
+
content:
|
|
457
|
+
application/json:
|
|
458
|
+
schema:
|
|
459
|
+
type: object
|
|
460
|
+
properties:
|
|
461
|
+
user:
|
|
462
|
+
type: object
|
|
463
|
+
properties:
|
|
464
|
+
id:
|
|
465
|
+
type: string
|
|
466
|
+
format: uuid
|
|
467
|
+
email:
|
|
468
|
+
type: string
|
|
469
|
+
format: email
|
|
470
|
+
role:
|
|
471
|
+
type: string
|
|
472
|
+
enum: [authenticated, project_admin]
|
|
473
|
+
'401':
|
|
474
|
+
description: Unauthorized
|
|
475
|
+
|
|
476
|
+
/api/auth/admin/sessions:
|
|
477
|
+
post:
|
|
478
|
+
summary: Admin login
|
|
479
|
+
description: Authenticates admin user for dashboard access
|
|
480
|
+
tags:
|
|
481
|
+
- Admin
|
|
482
|
+
requestBody:
|
|
483
|
+
required: true
|
|
484
|
+
content:
|
|
485
|
+
application/json:
|
|
486
|
+
schema:
|
|
487
|
+
type: object
|
|
488
|
+
required:
|
|
489
|
+
- email
|
|
490
|
+
- password
|
|
491
|
+
properties:
|
|
492
|
+
email:
|
|
493
|
+
type: string
|
|
494
|
+
format: email
|
|
495
|
+
password:
|
|
496
|
+
type: string
|
|
497
|
+
responses:
|
|
498
|
+
'200':
|
|
499
|
+
description: Admin login successful
|
|
500
|
+
content:
|
|
501
|
+
application/json:
|
|
502
|
+
schema:
|
|
503
|
+
type: object
|
|
504
|
+
properties:
|
|
505
|
+
user:
|
|
506
|
+
$ref: '#/components/schemas/UserResponse'
|
|
507
|
+
accessToken:
|
|
508
|
+
type: string
|
|
509
|
+
'401':
|
|
510
|
+
description: Invalid credentials
|
|
511
|
+
'403':
|
|
512
|
+
description: User is not an admin
|
|
513
|
+
|
|
514
|
+
/api/auth/admin/sessions/exchange:
|
|
515
|
+
post:
|
|
516
|
+
summary: Exchange cloud provider authorization code for admin session
|
|
517
|
+
description: Verifies an authorization code/JWT from from Insforge Cloud platform and issues an internal admin session token with project_admin role
|
|
518
|
+
tags:
|
|
519
|
+
- Admin
|
|
520
|
+
requestBody:
|
|
521
|
+
required: true
|
|
522
|
+
content:
|
|
523
|
+
application/json:
|
|
524
|
+
schema:
|
|
525
|
+
type: object
|
|
526
|
+
required:
|
|
527
|
+
- code
|
|
528
|
+
properties:
|
|
529
|
+
code:
|
|
530
|
+
type: string
|
|
531
|
+
description: Authorization code or JWT from the Insforge
|
|
532
|
+
example: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
|
|
533
|
+
responses:
|
|
534
|
+
'200':
|
|
535
|
+
description: Cloud authorization verified, admin session created
|
|
536
|
+
content:
|
|
537
|
+
application/json:
|
|
538
|
+
schema:
|
|
539
|
+
type: object
|
|
540
|
+
properties:
|
|
541
|
+
user:
|
|
542
|
+
$ref: '#/components/schemas/UserResponse'
|
|
543
|
+
accessToken:
|
|
544
|
+
type: string
|
|
545
|
+
description: Internal JWT for admin authentication
|
|
546
|
+
'400':
|
|
547
|
+
description: Invalid authorization code or JWT verification failed
|
|
548
|
+
content:
|
|
549
|
+
application/json:
|
|
550
|
+
schema:
|
|
551
|
+
$ref: '#/components/schemas/ErrorResponse'
|
|
552
|
+
|
|
553
|
+
/api/auth/tokens/anon:
|
|
554
|
+
post:
|
|
555
|
+
summary: Generate anonymous token
|
|
556
|
+
description: Generate a non-expiring anonymous JWT token for public API access (admin only)
|
|
557
|
+
tags:
|
|
558
|
+
- Admin
|
|
559
|
+
security:
|
|
560
|
+
- bearerAuth: []
|
|
561
|
+
responses:
|
|
562
|
+
'200':
|
|
563
|
+
description: Anonymous token generated successfully
|
|
564
|
+
content:
|
|
565
|
+
application/json:
|
|
566
|
+
schema:
|
|
567
|
+
type: object
|
|
568
|
+
properties:
|
|
569
|
+
accessToken:
|
|
570
|
+
type: string
|
|
571
|
+
description: Non-expiring anonymous JWT token
|
|
572
|
+
example: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
|
|
573
|
+
message:
|
|
574
|
+
type: string
|
|
575
|
+
description: Success message
|
|
576
|
+
example: "Anonymous token generated successfully (never expires)"
|
|
577
|
+
'401':
|
|
578
|
+
description: Unauthorized - requires authentication
|
|
579
|
+
'403':
|
|
580
|
+
description: Forbidden - admin access required
|
|
581
|
+
|
|
582
|
+
/api/auth/email/send-verification:
|
|
583
|
+
post:
|
|
584
|
+
summary: Send email verification (code or link based on config)
|
|
585
|
+
description: Send email verification using the method configured in auth settings (verifyEmailMethod). When method is 'code', sends a 6-digit numeric code. When method is 'link', sends a magic link. Prevents user enumeration by returning success even if email doesn't exist.
|
|
586
|
+
tags:
|
|
587
|
+
- Client
|
|
588
|
+
requestBody:
|
|
589
|
+
required: true
|
|
590
|
+
content:
|
|
591
|
+
application/json:
|
|
592
|
+
schema:
|
|
593
|
+
type: object
|
|
594
|
+
required:
|
|
595
|
+
- email
|
|
596
|
+
properties:
|
|
597
|
+
email:
|
|
598
|
+
type: string
|
|
599
|
+
format: email
|
|
600
|
+
example: user@example.com
|
|
601
|
+
responses:
|
|
602
|
+
'202':
|
|
603
|
+
description: Verification email sent (if email exists). Message varies based on configured method.
|
|
604
|
+
content:
|
|
605
|
+
application/json:
|
|
606
|
+
schema:
|
|
607
|
+
type: object
|
|
608
|
+
properties:
|
|
609
|
+
success:
|
|
610
|
+
type: boolean
|
|
611
|
+
message:
|
|
612
|
+
type: string
|
|
613
|
+
example: "If your email is registered, we have sent you a verification code/link. Please check your inbox."
|
|
614
|
+
'400':
|
|
615
|
+
description: Invalid request
|
|
616
|
+
|
|
617
|
+
/api/auth/email/verify:
|
|
618
|
+
post:
|
|
619
|
+
summary: Verify email with code or link
|
|
620
|
+
description: |
|
|
621
|
+
Verify email address using the method configured in auth settings (verifyEmailMethod):
|
|
622
|
+
- Code verification: Provide both `email` and `otp` (6-digit numeric code)
|
|
623
|
+
- Link verification: Provide only `otp` (64-character hex token from magic link)
|
|
624
|
+
|
|
625
|
+
Successfully verified users will receive a session token.
|
|
626
|
+
|
|
627
|
+
The email verification link sent to users always points to the backend API endpoint.
|
|
628
|
+
If `verifyEmailRedirectTo` is configured, the backend will redirect to that URL after successful verification.
|
|
629
|
+
Otherwise, a default success page is displayed.
|
|
630
|
+
tags:
|
|
631
|
+
- Client
|
|
632
|
+
requestBody:
|
|
633
|
+
required: true
|
|
634
|
+
content:
|
|
635
|
+
application/json:
|
|
636
|
+
schema:
|
|
637
|
+
type: object
|
|
638
|
+
required:
|
|
639
|
+
- otp
|
|
640
|
+
properties:
|
|
641
|
+
email:
|
|
642
|
+
type: string
|
|
643
|
+
format: email
|
|
644
|
+
description: Required for numeric code verification, omit for magic link verification
|
|
645
|
+
example: user@example.com
|
|
646
|
+
otp:
|
|
647
|
+
type: string
|
|
648
|
+
description: Either a 6-digit numeric code or a 64-character hex token from magic link
|
|
649
|
+
example: "123456"
|
|
650
|
+
responses:
|
|
651
|
+
'200':
|
|
652
|
+
description: Email verified successfully, session created
|
|
653
|
+
content:
|
|
654
|
+
application/json:
|
|
655
|
+
schema:
|
|
656
|
+
type: object
|
|
657
|
+
properties:
|
|
658
|
+
user:
|
|
659
|
+
$ref: '#/components/schemas/UserResponse'
|
|
660
|
+
accessToken:
|
|
661
|
+
type: string
|
|
662
|
+
description: JWT authentication token
|
|
663
|
+
redirectTo:
|
|
664
|
+
type: string
|
|
665
|
+
format: uri
|
|
666
|
+
description: Optional URL to redirect user after verification (only present if configured)
|
|
667
|
+
'400':
|
|
668
|
+
description: Invalid verification code or token
|
|
669
|
+
'401':
|
|
670
|
+
description: Verification code/token expired or invalid
|
|
671
|
+
|
|
672
|
+
/api/auth/email/send-reset-password:
|
|
673
|
+
post:
|
|
674
|
+
summary: Send password reset (code or link based on config)
|
|
675
|
+
description: Send password reset email using the method configured in auth settings (resetPasswordMethod). When method is 'code', sends a 6-digit numeric code for two-step flow. When method is 'link', sends a magic link. Prevents user enumeration by returning success even if email doesn't exist.
|
|
676
|
+
tags:
|
|
677
|
+
- Client
|
|
678
|
+
requestBody:
|
|
679
|
+
required: true
|
|
680
|
+
content:
|
|
681
|
+
application/json:
|
|
682
|
+
schema:
|
|
683
|
+
type: object
|
|
684
|
+
required:
|
|
685
|
+
- email
|
|
686
|
+
properties:
|
|
687
|
+
email:
|
|
688
|
+
type: string
|
|
689
|
+
format: email
|
|
690
|
+
example: user@example.com
|
|
691
|
+
responses:
|
|
692
|
+
'202':
|
|
693
|
+
description: Password reset email sent (if email exists). Message varies based on configured method.
|
|
694
|
+
content:
|
|
695
|
+
application/json:
|
|
696
|
+
schema:
|
|
697
|
+
type: object
|
|
698
|
+
properties:
|
|
699
|
+
success:
|
|
700
|
+
type: boolean
|
|
701
|
+
message:
|
|
702
|
+
type: string
|
|
703
|
+
example: "If your email is registered, we have sent you a password reset code/link. Please check your inbox."
|
|
704
|
+
'400':
|
|
705
|
+
description: Invalid request
|
|
706
|
+
|
|
707
|
+
/api/auth/email/exchange-reset-password-token:
|
|
708
|
+
post:
|
|
709
|
+
summary: Exchange reset password code for reset token
|
|
710
|
+
description: |
|
|
711
|
+
Step 1 of two-step password reset flow (only used when resetPasswordMethod is 'code'):
|
|
712
|
+
1. Verify the 6-digit code sent to user's email
|
|
713
|
+
2. Return a reset token that can be used to actually reset the password
|
|
714
|
+
|
|
715
|
+
This endpoint is not used when resetPasswordMethod is 'link' (magic link flow is direct).
|
|
716
|
+
tags:
|
|
717
|
+
- Client
|
|
718
|
+
requestBody:
|
|
719
|
+
required: true
|
|
720
|
+
content:
|
|
721
|
+
application/json:
|
|
722
|
+
schema:
|
|
723
|
+
type: object
|
|
724
|
+
required:
|
|
725
|
+
- email
|
|
726
|
+
- code
|
|
727
|
+
properties:
|
|
728
|
+
email:
|
|
729
|
+
type: string
|
|
730
|
+
format: email
|
|
731
|
+
example: user@example.com
|
|
732
|
+
code:
|
|
733
|
+
type: string
|
|
734
|
+
description: 6-digit numeric code from email
|
|
735
|
+
example: "123456"
|
|
736
|
+
responses:
|
|
737
|
+
'200':
|
|
738
|
+
description: Code verified successfully, reset token returned
|
|
739
|
+
content:
|
|
740
|
+
application/json:
|
|
741
|
+
schema:
|
|
742
|
+
type: object
|
|
743
|
+
properties:
|
|
744
|
+
token:
|
|
745
|
+
type: string
|
|
746
|
+
description: Reset token to be used in reset-password endpoint
|
|
747
|
+
expiresAt:
|
|
748
|
+
type: string
|
|
749
|
+
format: date-time
|
|
750
|
+
description: Token expiration timestamp
|
|
751
|
+
'400':
|
|
752
|
+
description: Invalid request
|
|
753
|
+
'401':
|
|
754
|
+
description: Invalid or expired code
|
|
755
|
+
|
|
756
|
+
/api/auth/email/reset-password:
|
|
757
|
+
post:
|
|
758
|
+
summary: Reset password with token
|
|
759
|
+
description: |
|
|
760
|
+
Reset user password with a token. The token can be:
|
|
761
|
+
- Magic link token (64-character hex token from send-reset-password when method is 'link')
|
|
762
|
+
- Reset token (from exchange-reset-password-token after code verification when method is 'code')
|
|
763
|
+
|
|
764
|
+
Both token types use RESET_PASSWORD purpose and are verified the same way.
|
|
765
|
+
|
|
766
|
+
Flow summary:
|
|
767
|
+
- Code method: send-reset-password → exchange-reset-password-token → reset-password (with resetToken)
|
|
768
|
+
- Link method: send-reset-password → reset-password (with link token directly)
|
|
769
|
+
tags:
|
|
770
|
+
- Client
|
|
771
|
+
requestBody:
|
|
772
|
+
required: true
|
|
773
|
+
content:
|
|
774
|
+
application/json:
|
|
775
|
+
schema:
|
|
776
|
+
type: object
|
|
777
|
+
required:
|
|
778
|
+
- newPassword
|
|
779
|
+
- otp
|
|
780
|
+
properties:
|
|
781
|
+
newPassword:
|
|
782
|
+
type: string
|
|
783
|
+
description: New password meeting configured requirements
|
|
784
|
+
example: newSecurePassword123
|
|
785
|
+
otp:
|
|
786
|
+
type: string
|
|
787
|
+
description: Reset token (either from magic link or from exchange-reset-password-token endpoint)
|
|
788
|
+
example: "a1b2c3d4..."
|
|
789
|
+
responses:
|
|
790
|
+
'200':
|
|
791
|
+
description: Password reset successfully
|
|
792
|
+
content:
|
|
793
|
+
application/json:
|
|
794
|
+
schema:
|
|
795
|
+
type: object
|
|
796
|
+
properties:
|
|
797
|
+
message:
|
|
798
|
+
type: string
|
|
799
|
+
example: "Password reset successfully"
|
|
800
|
+
'400':
|
|
801
|
+
description: Invalid request or password requirements not met
|
|
802
|
+
'401':
|
|
803
|
+
description: Verification code/token expired or invalid
|
|
804
|
+
|
|
805
|
+
/api/auth/oauth/configs:
|
|
806
|
+
get:
|
|
807
|
+
summary: List all OAuth configurations
|
|
808
|
+
description: Get all configured OAuth providers (admin only)
|
|
809
|
+
tags:
|
|
810
|
+
- Admin
|
|
811
|
+
security:
|
|
812
|
+
- bearerAuth: []
|
|
813
|
+
responses:
|
|
814
|
+
'200':
|
|
815
|
+
description: List of OAuth configurations
|
|
816
|
+
content:
|
|
817
|
+
application/json:
|
|
818
|
+
schema:
|
|
819
|
+
type: object
|
|
820
|
+
properties:
|
|
821
|
+
data:
|
|
822
|
+
type: array
|
|
823
|
+
items:
|
|
824
|
+
$ref: '#/components/schemas/OAuthConfig'
|
|
825
|
+
count:
|
|
826
|
+
type: integer
|
|
827
|
+
'401':
|
|
828
|
+
description: Unauthorized
|
|
829
|
+
'403':
|
|
830
|
+
description: Forbidden - Admin only
|
|
831
|
+
|
|
832
|
+
post:
|
|
833
|
+
summary: Create OAuth configuration
|
|
834
|
+
description: Create a new OAuth provider configuration (admin only)
|
|
835
|
+
tags:
|
|
836
|
+
- Admin
|
|
837
|
+
security:
|
|
838
|
+
- bearerAuth: []
|
|
839
|
+
requestBody:
|
|
840
|
+
required: true
|
|
841
|
+
content:
|
|
842
|
+
application/json:
|
|
843
|
+
schema:
|
|
844
|
+
type: object
|
|
845
|
+
required:
|
|
846
|
+
- provider
|
|
847
|
+
properties:
|
|
848
|
+
provider:
|
|
849
|
+
type: string
|
|
850
|
+
enum: [google, github, discord, linkedin, facebook, microsoft]
|
|
851
|
+
clientId:
|
|
852
|
+
type: string
|
|
853
|
+
clientSecret:
|
|
854
|
+
type: string
|
|
855
|
+
redirectUri:
|
|
856
|
+
type: string
|
|
857
|
+
scopes:
|
|
858
|
+
type: array
|
|
859
|
+
items:
|
|
860
|
+
type: string
|
|
861
|
+
useSharedKey:
|
|
862
|
+
type: boolean
|
|
863
|
+
responses:
|
|
864
|
+
'200':
|
|
865
|
+
description: OAuth configuration created
|
|
866
|
+
content:
|
|
867
|
+
application/json:
|
|
868
|
+
schema:
|
|
869
|
+
$ref: '#/components/schemas/OAuthConfig'
|
|
870
|
+
'400':
|
|
871
|
+
description: Invalid request
|
|
872
|
+
'401':
|
|
873
|
+
description: Unauthorized
|
|
874
|
+
'403':
|
|
875
|
+
description: Forbidden - Admin only
|
|
876
|
+
|
|
877
|
+
/api/auth/oauth/{provider}/config:
|
|
878
|
+
get:
|
|
879
|
+
summary: Get OAuth configuration for specific provider
|
|
880
|
+
description: Get OAuth configuration including client secret (admin only)
|
|
881
|
+
tags:
|
|
882
|
+
- Admin
|
|
883
|
+
security:
|
|
884
|
+
- bearerAuth: []
|
|
885
|
+
parameters:
|
|
886
|
+
- name: provider
|
|
887
|
+
in: path
|
|
888
|
+
required: true
|
|
889
|
+
schema:
|
|
890
|
+
type: string
|
|
891
|
+
enum: [google, github, discord, linkedin, facebook, microsoft]
|
|
892
|
+
responses:
|
|
893
|
+
'200':
|
|
894
|
+
description: OAuth configuration
|
|
895
|
+
content:
|
|
896
|
+
application/json:
|
|
897
|
+
schema:
|
|
898
|
+
allOf:
|
|
899
|
+
- $ref: '#/components/schemas/OAuthConfig'
|
|
900
|
+
- type: object
|
|
901
|
+
properties:
|
|
902
|
+
clientSecret:
|
|
903
|
+
type: string
|
|
904
|
+
'401':
|
|
905
|
+
description: Unauthorized
|
|
906
|
+
'403':
|
|
907
|
+
description: Forbidden - Admin only
|
|
908
|
+
'404':
|
|
909
|
+
description: Configuration not found
|
|
910
|
+
|
|
911
|
+
put:
|
|
912
|
+
summary: Update OAuth configuration
|
|
913
|
+
description: Update OAuth provider configuration (admin only)
|
|
914
|
+
tags:
|
|
915
|
+
- Admin
|
|
916
|
+
security:
|
|
917
|
+
- bearerAuth: []
|
|
918
|
+
parameters:
|
|
919
|
+
- name: provider
|
|
920
|
+
in: path
|
|
921
|
+
required: true
|
|
922
|
+
schema:
|
|
923
|
+
type: string
|
|
924
|
+
enum: [google, github, discord, linkedin, facebook, microsoft]
|
|
925
|
+
requestBody:
|
|
926
|
+
required: true
|
|
927
|
+
content:
|
|
928
|
+
application/json:
|
|
929
|
+
schema:
|
|
930
|
+
type: object
|
|
931
|
+
properties:
|
|
932
|
+
clientId:
|
|
933
|
+
type: string
|
|
934
|
+
clientSecret:
|
|
935
|
+
type: string
|
|
936
|
+
redirectUri:
|
|
937
|
+
type: string
|
|
938
|
+
scopes:
|
|
939
|
+
type: array
|
|
940
|
+
items:
|
|
941
|
+
type: string
|
|
942
|
+
useSharedKey:
|
|
943
|
+
type: boolean
|
|
944
|
+
responses:
|
|
945
|
+
'200':
|
|
946
|
+
description: Configuration updated
|
|
947
|
+
content:
|
|
948
|
+
application/json:
|
|
949
|
+
schema:
|
|
950
|
+
$ref: '#/components/schemas/OAuthConfig'
|
|
951
|
+
'400':
|
|
952
|
+
description: Invalid request
|
|
953
|
+
'401':
|
|
954
|
+
description: Unauthorized
|
|
955
|
+
'403':
|
|
956
|
+
description: Forbidden - Admin only
|
|
957
|
+
'404':
|
|
958
|
+
description: Configuration not found
|
|
959
|
+
|
|
960
|
+
delete:
|
|
961
|
+
summary: Delete OAuth configuration
|
|
962
|
+
description: Delete OAuth provider configuration (admin only)
|
|
963
|
+
tags:
|
|
964
|
+
- Admin
|
|
965
|
+
security:
|
|
966
|
+
- bearerAuth: []
|
|
967
|
+
parameters:
|
|
968
|
+
- name: provider
|
|
969
|
+
in: path
|
|
970
|
+
required: true
|
|
971
|
+
schema:
|
|
972
|
+
type: string
|
|
973
|
+
enum: [google, github, discord, linkedin, facebook, microsoft]
|
|
974
|
+
responses:
|
|
975
|
+
'200':
|
|
976
|
+
description: Configuration deleted
|
|
977
|
+
content:
|
|
978
|
+
application/json:
|
|
979
|
+
schema:
|
|
980
|
+
type: object
|
|
981
|
+
properties:
|
|
982
|
+
success:
|
|
983
|
+
type: boolean
|
|
984
|
+
message:
|
|
985
|
+
type: string
|
|
986
|
+
'401':
|
|
987
|
+
description: Unauthorized
|
|
988
|
+
'403':
|
|
989
|
+
description: Forbidden - Admin only
|
|
990
|
+
'404':
|
|
991
|
+
description: Configuration not found
|
|
992
|
+
|
|
993
|
+
/api/auth/oauth/{provider}:
|
|
994
|
+
get:
|
|
995
|
+
summary: Initiate OAuth flow
|
|
996
|
+
description: Generate OAuth authorization URL for any supported provider
|
|
997
|
+
tags:
|
|
998
|
+
- Client
|
|
999
|
+
parameters:
|
|
1000
|
+
- name: provider
|
|
1001
|
+
in: path
|
|
1002
|
+
required: true
|
|
1003
|
+
schema:
|
|
1004
|
+
type: string
|
|
1005
|
+
enum: [google, github, discord, linkedin, facebook, microsoft]
|
|
1006
|
+
- name: redirect_uri
|
|
1007
|
+
in: query
|
|
1008
|
+
required: true
|
|
1009
|
+
schema:
|
|
1010
|
+
type: string
|
|
1011
|
+
format: uri
|
|
1012
|
+
description: URL to redirect after authentication
|
|
1013
|
+
responses:
|
|
1014
|
+
'200':
|
|
1015
|
+
description: OAuth authorization URL
|
|
1016
|
+
content:
|
|
1017
|
+
application/json:
|
|
1018
|
+
schema:
|
|
1019
|
+
type: object
|
|
1020
|
+
properties:
|
|
1021
|
+
authUrl:
|
|
1022
|
+
type: string
|
|
1023
|
+
format: uri
|
|
1024
|
+
'400':
|
|
1025
|
+
description: Invalid request or provider not supported
|
|
1026
|
+
'500':
|
|
1027
|
+
description: OAuth not configured
|
|
1028
|
+
|
|
1029
|
+
/api/auth/oauth/shared/callback/{state}:
|
|
1030
|
+
get:
|
|
1031
|
+
summary: Shared OAuth callback handler
|
|
1032
|
+
description: Handles OAuth callbacks from InsForge Cloud shared OAuth
|
|
1033
|
+
tags:
|
|
1034
|
+
- Client
|
|
1035
|
+
parameters:
|
|
1036
|
+
- name: state
|
|
1037
|
+
in: path
|
|
1038
|
+
required: true
|
|
1039
|
+
schema:
|
|
1040
|
+
type: string
|
|
1041
|
+
description: JWT state parameter
|
|
1042
|
+
- name: success
|
|
1043
|
+
in: query
|
|
1044
|
+
schema:
|
|
1045
|
+
type: string
|
|
1046
|
+
description: Success flag
|
|
1047
|
+
- name: error
|
|
1048
|
+
in: query
|
|
1049
|
+
schema:
|
|
1050
|
+
type: string
|
|
1051
|
+
description: Error message
|
|
1052
|
+
- name: payload
|
|
1053
|
+
in: query
|
|
1054
|
+
schema:
|
|
1055
|
+
type: string
|
|
1056
|
+
description: Base64 encoded user payload
|
|
1057
|
+
responses:
|
|
1058
|
+
'302':
|
|
1059
|
+
description: Redirect to application with access token or error
|
|
1060
|
+
headers:
|
|
1061
|
+
Location:
|
|
1062
|
+
schema:
|
|
1063
|
+
type: string
|
|
1064
|
+
format: uri
|
|
1065
|
+
|
|
1066
|
+
/api/auth/oauth/{provider}/callback:
|
|
1067
|
+
get:
|
|
1068
|
+
summary: Provider-specific OAuth callback
|
|
1069
|
+
description: OAuth callback endpoint for provider-specific flows
|
|
1070
|
+
tags:
|
|
1071
|
+
- Client
|
|
1072
|
+
parameters:
|
|
1073
|
+
- name: provider
|
|
1074
|
+
in: path
|
|
1075
|
+
required: true
|
|
1076
|
+
schema:
|
|
1077
|
+
type: string
|
|
1078
|
+
enum: [google, github, discord, linkedin, facebook, microsoft]
|
|
1079
|
+
- name: code
|
|
1080
|
+
in: query
|
|
1081
|
+
schema:
|
|
1082
|
+
type: string
|
|
1083
|
+
description: Authorization code from OAuth provider
|
|
1084
|
+
- name: state
|
|
1085
|
+
in: query
|
|
1086
|
+
required: true
|
|
1087
|
+
schema:
|
|
1088
|
+
type: string
|
|
1089
|
+
description: JWT state with redirect URI
|
|
1090
|
+
- name: token
|
|
1091
|
+
in: query
|
|
1092
|
+
schema:
|
|
1093
|
+
type: string
|
|
1094
|
+
description: Direct ID token (for some providers)
|
|
1095
|
+
responses:
|
|
1096
|
+
'302':
|
|
1097
|
+
description: Redirect to application with access token
|
|
1098
|
+
headers:
|
|
1099
|
+
Location:
|
|
1100
|
+
schema:
|
|
1101
|
+
type: string
|
|
1102
|
+
format: uri
|
|
1103
|
+
description: Redirect URL with access_token, user_id, email, and name query params
|
|
1104
|
+
|
|
1105
|
+
components:
|
|
1106
|
+
securitySchemes:
|
|
1107
|
+
bearerAuth:
|
|
1108
|
+
type: http
|
|
1109
|
+
scheme: bearer
|
|
1110
|
+
bearerFormat: JWT
|
|
1111
|
+
apiKey:
|
|
1112
|
+
type: apiKey
|
|
1113
|
+
in: header
|
|
1114
|
+
name: x-api-key
|
|
1115
|
+
|
|
1116
|
+
schemas:
|
|
1117
|
+
UserResponse:
|
|
1118
|
+
type: object
|
|
1119
|
+
properties:
|
|
1120
|
+
id:
|
|
1121
|
+
type: string
|
|
1122
|
+
format: uuid
|
|
1123
|
+
email:
|
|
1124
|
+
type: string
|
|
1125
|
+
format: email
|
|
1126
|
+
name:
|
|
1127
|
+
type: string
|
|
1128
|
+
emailVerified:
|
|
1129
|
+
type: boolean
|
|
1130
|
+
identities:
|
|
1131
|
+
type: array
|
|
1132
|
+
items:
|
|
1133
|
+
type: object
|
|
1134
|
+
properties:
|
|
1135
|
+
provider:
|
|
1136
|
+
type: string
|
|
1137
|
+
providerType:
|
|
1138
|
+
type: string
|
|
1139
|
+
createdAt:
|
|
1140
|
+
type: string
|
|
1141
|
+
format: date-time
|
|
1142
|
+
updatedAt:
|
|
1143
|
+
type: string
|
|
1144
|
+
format: date-time
|
|
1145
|
+
|
|
1146
|
+
OAuthConfig:
|
|
1147
|
+
type: object
|
|
1148
|
+
properties:
|
|
1149
|
+
id:
|
|
1150
|
+
type: string
|
|
1151
|
+
format: uuid
|
|
1152
|
+
provider:
|
|
1153
|
+
type: string
|
|
1154
|
+
enum: [google, github, discord, linkedin, facebook, microsoft]
|
|
1155
|
+
clientId:
|
|
1156
|
+
type: string
|
|
1157
|
+
nullable: true
|
|
1158
|
+
redirectUri:
|
|
1159
|
+
type: string
|
|
1160
|
+
nullable: true
|
|
1161
|
+
scopes:
|
|
1162
|
+
type: array
|
|
1163
|
+
items:
|
|
1164
|
+
type: string
|
|
1165
|
+
nullable: true
|
|
1166
|
+
useSharedKey:
|
|
1167
|
+
type: boolean
|
|
1168
|
+
createdAt:
|
|
1169
|
+
type: string
|
|
1170
|
+
format: date-time
|
|
1171
|
+
updatedAt:
|
|
1172
|
+
type: string
|
|
1173
|
+
format: date-time
|
|
1174
|
+
|
|
1175
|
+
AuthRecord:
|
|
1176
|
+
type: object
|
|
1177
|
+
properties:
|
|
1178
|
+
id:
|
|
1179
|
+
type: string
|
|
1180
|
+
format: uuid
|
|
1181
|
+
email:
|
|
1182
|
+
type: string
|
|
1183
|
+
format: email
|
|
1184
|
+
passwordHash:
|
|
1185
|
+
type: string
|
|
1186
|
+
description: SHA256 hash of password
|
|
1187
|
+
createdAt:
|
|
1188
|
+
type: string
|
|
1189
|
+
format: date-time
|
|
1190
|
+
updatedAt:
|
|
1191
|
+
type: string
|
|
1192
|
+
format: date-time
|
|
1193
|
+
|
|
1194
|
+
ProfileRecord:
|
|
1195
|
+
type: object
|
|
1196
|
+
properties:
|
|
1197
|
+
id:
|
|
1198
|
+
type: string
|
|
1199
|
+
format: uuid
|
|
1200
|
+
authId:
|
|
1201
|
+
type: string
|
|
1202
|
+
format: uuid
|
|
1203
|
+
description: Foreign key to auth table
|
|
1204
|
+
name:
|
|
1205
|
+
type: string
|
|
1206
|
+
avatar_url:
|
|
1207
|
+
type: string
|
|
1208
|
+
nullable: true
|
|
1209
|
+
bio:
|
|
1210
|
+
type: string
|
|
1211
|
+
nullable: true
|
|
1212
|
+
metadata:
|
|
1213
|
+
type: object
|
|
1214
|
+
description: JSONB field for flexible data
|
|
1215
|
+
createdAt:
|
|
1216
|
+
type: string
|
|
1217
|
+
format: date-time
|
|
1218
|
+
updatedAt:
|
|
1219
|
+
type: string
|
|
1220
|
+
format: date-time
|
|
1221
|
+
|
|
1222
|
+
ErrorResponse:
|
|
1223
|
+
type: object
|
|
1224
|
+
required:
|
|
1225
|
+
- error
|
|
1226
|
+
- message
|
|
1227
|
+
- statusCode
|
|
1228
|
+
properties:
|
|
1229
|
+
error:
|
|
1230
|
+
type: string
|
|
1231
|
+
description: Error code for programmatic handling
|
|
1232
|
+
example: "VALIDATION_ERROR"
|
|
1233
|
+
message:
|
|
1234
|
+
type: string
|
|
1235
|
+
description: Human-readable error message
|
|
1236
|
+
example: "Email is already in use"
|
|
1237
|
+
statusCode:
|
|
1238
|
+
type: integer
|
|
1239
|
+
description: HTTP status code
|
|
1240
|
+
example: 400
|
|
1241
|
+
nextActions:
|
|
1242
|
+
type: string
|
|
1243
|
+
description: Suggested action to resolve the error
|
|
1244
|
+
example: "Please use a different email address"
|