feat: add utoipa path annotations to all API handlers and wire OpenAPI spec

- Add #[utoipa::path] annotations to all 70+ handler functions across auth, config, workflow, and message modules - Add IntoParams/ToSchema derives to Pagination, PaginatedResponse, ApiResponse in erp-core, and MessageQuery/TemplateQuery in erp-message - Collect all module paths into OpenAPI spec via AuthApiDoc, ConfigApiDoc, WorkflowApiDoc, MessageApiDoc structs in erp-server main.rs - Update openapi_spec handler to merge all module specs - The /docs/openapi.json endpoint now returns complete API documentation with all endpoints, request/response schemas, and security requirements
2026-04-15 01:23:27 +08:00
parent ee65b6e3c9
commit e44d6063be
21 changed files with 1165 additions and 22 deletions
--- a/crates/erp-auth/src/handler/auth_handler.rs
+++ b/crates/erp-auth/src/handler/auth_handler.rs
@@ -10,6 +10,17 @@ use crate::auth_state::AuthState;
 use crate::dto::{LoginReq, LoginResp, RefreshReq};
 use crate::service::auth_service::{AuthService, JwtConfig};

+#[utoipa::path(
+    post,
+    path = "/api/v1/auth/login",
+    request_body = LoginReq,
+    responses(
+        (status = 200, description = "登录成功", body = ApiResponse<LoginResp>),
+        (status = 400, description = "请求参数错误"),
+        (status = 401, description = "用户名或密码错误"),
+    ),
+    tag = "认证"
+)]
 /// POST /api/v1/auth/login
 ///
 /// Authenticates a user with username and password, returning access and refresh tokens.
@@ -48,6 +59,16 @@ where
    Ok(Json(ApiResponse::ok(resp)))
 }

+#[utoipa::path(
+    post,
+    path = "/api/v1/auth/refresh",
+    request_body = RefreshReq,
+    responses(
+        (status = 200, description = "刷新成功", body = ApiResponse<LoginResp>),
+        (status = 401, description = "刷新令牌无效或已过期"),
+    ),
+    tag = "认证"
+)]
 /// POST /api/v1/auth/refresh
 ///
 /// Validates an existing refresh token, revokes it (rotation), and issues
@@ -71,6 +92,16 @@ where
    Ok(Json(ApiResponse::ok(resp)))
 }

+#[utoipa::path(
+    post,
+    path = "/api/v1/auth/logout",
+    responses(
+        (status = 200, description = "已成功登出"),
+        (status = 401, description = "未授权"),
+    ),
+    security(("bearer_auth" = [])),
+    tag = "认证"
+)]
 /// POST /api/v1/auth/logout
 ///
 /// Revokes all refresh tokens for the authenticated user, effectively