XuJiacheng/Xu_BrowserBookmark
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: 添加密码管理功能,包括 API、数据库支持和前端界面

Browse Source
This commit is contained in:
2026-01-23 23:55:08 +08:00
parent 1a3bbac9ff
commit a8c96d84f0
43 changed files with 1957 additions and 110 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
openspec/specs/api/spec.md
View File

@@ -63,3 +63,43 @@ The system SHALL treat exactly one configured email as an administrator and allo
- **GIVEN** an authenticated admin user
- **WHEN** the admin calls `GET /admin/users/{id}/bookmarks`
- **THEN** the server returns `200` and that user's bookmarks
### Requirement: Credential storage API
The system SHALL provide authenticated CRUD APIs for credentials scoped to the current user.
#### Scenario: Create credential
- **WHEN** an authenticated user calls `POST /credentials` with `siteOrigin`, `username`, and `password`
- **THEN** the server stores the credential and returns the created record
#### Scenario: List credentials
- **WHEN** an authenticated user calls `GET /credentials?siteOrigin=...`
- **THEN** the server returns the matching credentials for that user
#### Scenario: Update credential
- **WHEN** an authenticated user calls `PATCH /credentials/{id}`
- **THEN** the server updates the credential and returns the updated record
#### Scenario: Delete credential
- **WHEN** an authenticated user calls `DELETE /credentials/{id}`
- **THEN** the server deletes the credential
### Requirement: Credential plaintext access
The system SHALL allow authenticated users to request plaintext passwords for their own credentials.
#### Scenario: User requests plaintext
- **GIVEN** an authenticated user
- **WHEN** the user calls `GET /credentials?includePassword=true`
- **THEN** the server returns plaintext passwords for that user
#### Scenario: Admin requests plaintext for a user
- **GIVEN** an authenticated admin user
- **WHEN** the admin calls `GET /admin/users/{id}/credentials?includePassword=true`
- **THEN** the server returns plaintext passwords for that user
### Requirement: Admin credential management
The system SHALL allow an admin to list and manage any users credentials.
#### Scenario: Admin lists user credentials
- **GIVEN** an authenticated admin user
- **WHEN** the admin calls `GET /admin/users/{id}/credentials`
- **THEN** the server returns that users credentials