Основной адрес для запросов связанных с авторизацией:
- глобально:
https://rsgames.online:8888/auth/... - локально:
http://localhost:8000/auth/...
- address: /auth/regist/
- method:
POST, - body:
{
"userName": "Vasya",
"email": "vasya.371@mail.ru",
"password": "123456"
}- successful response: code: 200
{
"message": "New User has been successfully created!"
}- unsuccessful response: code: 400
{
"message": "Password Changing Error"
}- address: /auth/login/
- method:
POST, - body:
{
"userName": "Vasya",
"password": "123456"
}- unsuccessful response: code: 405
{
"message": "Incorrect password for {userName}"
}- unsuccessful response: code: 404
{
"message": "User {userName} not found"
}- successful response: code: 200
{
"token": "eyJhbGciOiJOEzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjYzZGZ2Ma6lMmRiZjJjZGM0NTQzNzU0NiIsInN0YXR1c2VzIjpbImFkbWluIl0sImlhdCI6MTY3NTYyMTI3MSwiZX2wIjoxNjc1Nzk0MDcxfQ.DV-pTi3ICN65nh3HAoqI-A6HCg62OoufR8Bgw45oq8Y"
}Полученный токен используется для авторизации пользователя. (см. Токен пользователя)
- address: /auth/users/
- method:
GET, - header:
Authorizationwith token - unsuccessful response: code: 405
{
"message": "You do not have permission"
}- unsuccessful response: code: 405
{
"message": "You do not have permission"
}- successful response: code: 200
[
{
"_id": "63dfd49b2571ef2e8ea3113d",
"userName": "Vasya",
"password": "$2A$07$isD5IKBkZasc8fUjEa9SGO4.btlmL3cq0FkT0m4scZpUMX3sHEOFu",
"status": [ "user" ],
"date": "2023-02-05T16:08:59.414Z",
"__v": 0
},
// ...
]Выводится список всех пользователей, команда доступна только пользователям со статусом admin
- address: /auth/forgotpass/
- method:
POST, - body:
{ "userName": "Vasya" }или
{ "email": "vasya.371@mail.ru" }- unsuccessful response: code: 401
{
"message": "Wrong Input Data"
}- unsuccessful response: code: 404
{
"message": "User not found"
}- unsuccessful response: code: 400
{
"message": "Reset Error"
}- successful response: code: 200
{
"message": "E-mail sended to vasya.371@mail.ru",
"resetToken": "8q7d3syf-q5gj-6ad6-1sb3-72sgx2d4djs1"
}После этого на e-mail указанный при регистрации пользователя (vasya.371@mail.ru) будет отправлена ссылка для сброса пароля, формата:
https://rsgames.online/resetpass?resetToken=8q7d3syf-q5gj-6ad6-1sb3-72sgx2d4djs1
Используйте страницу https://rsgames.online/resetpas и query-параметр resetToken для сброса пароля. Используя для этого следующий запрос:
- address: /auth/setpass/
- method:
POST, - body:
{
"password": "NewPassword",
"resetToken": "8q7d3syf-q5gj-6ad6-1sb3-72sgx2d4djs1"
}После выполнения запроса, при правильно указанном resetToken - пароль пользователя будет изменен на новый.
- unsuccessful response: code: 404
{
"message": "User not found"
}- unsuccessful response: code: 400
{
"message": "Password Reset Error"
}- successful response: code: 200
{
"message": "Password has been changed!"
}- address: /auth/user/
- method:
DELETE, - body:
{
"userName": "Vasya"
}- unsuccessful response: code: 404
{
"message": "User not found"
}- unsuccessful response: code: 400
{
"message": "Failed to delete user"
}- successful response: code: 204
- address: /auth/myuser/
- method:
GET, - header:
Authorizationwith token - unsuccessful response: code: 403
{
"message": "User not authorized"
}- unsuccessful response: code: 400
{
"message": "Failed to get users"
}- successful response: code: 200
{
"userName": "Vasya",
"email": "vasya.371@mail.ru",
"status": [
"admin"
],
"banned": false,
"date": "2023-02-06T09:07:46.283Z"
}- address: /auth/user/
- method:
PUT, - body:
{
"userName": "Vasya"
}- unsuccessful response: code: 405
{
"message": "You do not have permission"
}- unsuccessful response: code: 400
{
"message": "Failed to set new status"
}- successful response: code: 200
{
"message": "Status changed",
"user": <User>
}Изменяет заменяет массив статусов пользователя на новый.
- address: /auth/user?userName={userName}
- method:
GET, - header:
Authorizationwith token - unsuccessful response: code: 403
{
"message": "User not authorized"
}- unsuccessful response: code: 400
{
"message": "Failed to get user"
}- successful response: code: 200
{
"userName": "Vasya",
"email": "vasya.371@mail.ru",
"status": [
"admin"
],
"banned": false,
"date": "2023-02-06T09:07:46.283Z"
}- address: /auth/user/ban?userName={userName}
- method:
GET, - header:
Authorizationwith token - successful response: code: 200
{
"message": "User Vasya has been banned"
}- address: /auth/user/unban?userName={userName}
- method:
GET, - header:
Authorizationwith token - successful response: code: 200
{
"message": "User Vasya has been unbanned"
}- address: /auth/setpass/
- method:
PUT, - header:
Authorizationwith token - body:
{
"password": "123456",
"newPassword": "654321",
}- successful response: code: 200
{
"message": "Password has been changed!"
}- unsuccessful response: code: 404
{
"message": "User {userName} not found"
}- unsuccessful response: code: 405
{
"message": "Incorrect password for ${userName}"
}- unsuccessful response: code: 400
{
"message": "Incorrect password for ${userName}"
}Для авторизированного пользователя, чтобы сообщить серверу, какой пользователь отправляет запросы, нужно отправлять на сервер запросы с заголовком "Authorization" тогда сервер сможет корректно обрабатывать запросы:
- Header Name:
Authorization - Header Value:
Bearer {user-token-value}Значение полученного токена -user-token-value, пишется без{и}:)