From 84e7ec84004d5b2b85fc592d48103e3f5a8fb4df Mon Sep 17 00:00:00 2001 From: sp Date: Thu, 4 Mar 2021 10:07:03 +1100 Subject: [PATCH] add description for login API --- README.md | 27 ++++++++++++++++++++------- 1 file changed, 20 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index e47b12e..9a614da 100644 --- a/README.md +++ b/README.md @@ -7,18 +7,31 @@ input **username** : must be email **password** : 4-40 chars -output +output: always json -```json +```json5 { - "login": true, - "Biukop-Session": "biukop session id", - "Biukop-Mid": "biukop machine id" + "login": true, //true = login ,false = failed. + "Biukop-Session": "3c88be7a-552a-474f-8e4b-92ff22fa0e1c", //session id, for each session + "Biukop-Mid": "a0acd59c-ffa5-439f-b415-7313b7cb1d34", //machine id, never change + "sessionExpire": 1646338110, //unix timestamp + "sessionExpireHuman": "Fri, 04 Mar 2022 07:08:30 +1100," // same as unix timestamp } ``` -1. /signup -2. /logout +1. **login**: true/false indicate a successful login. but the session id and mid is the real auth mechanisms for subsequent http request. +1. **Biukop-Session**: server side auth and user tracking. +1. **Biukop-Mid**: machine id, unique for identify this particular browser client. it should be saved to browser's local storage and comeback with every request.. +1. **sessionExpire**: when this session id will become expire. UnixStamp for easy comparison for client, the serverside value is the key to determin whether a session has expired. +1. **sessionExpireHuman**: for easy display and debug purpose make client's coding easy. + + +## 2. /signup +User Sign up through email authentication, a temporary code will be generated for the user to sign up for the first time. Not implemented yet. + +## 3. /logout +Client side clear the session ID and it will logout. Serverside will also clear the session when user logout. No data is kept for a dead or expired session. + 3. /loans?skip=page= GET 4. /loan/id GET POST PUT DELETE 5. /User/id GET POST PUT DELETE