add login/logout routes in openapi spec

author: Rigel Kent <sendmemail@rigelk.eu> 2021-05-12 21:23:54 +0200
committer: Rigel Kent <sendmemail@rigelk.eu> 2021-05-12 21:49:00 +0200
commit: e2464d22a5f19168022e72c77e82019726216542 (patch)
tree: 9fcd6fd0b32540be8d561f051976f57f984d5d70 /support/doc
parent: 0ae3ebb03edf8b6a6d74666f006d7373e393e40d (diff)
download: PeerTube-e2464d22a5f19168022e72c77e82019726216542.tar.gz
PeerTube-e2464d22a5f19168022e72c77e82019726216542.tar.zst
PeerTube-e2464d22a5f19168022e72c77e82019726216542.zip
1 files changed, 213 insertions, 19 deletions
diff --git a/support/doc/api/openapi.yaml b/support/doc/api/openapi.yaml
index d8597d618..f54df1dd0 100644
--- a/support/doc/api/openapi.yaml
+++ b/support/doc/api/openapi.yaml
@@ -4,12 +4,12 @@ info:
  version: 3.2.0-rc.1
  contact:
    name: PeerTube Community
-    url: 'https://joinpeertube.org'
+    url: https://joinpeertube.org
  license:
    name: AGPLv3.0
-    url: 'https://github.com/Chocobozzz/PeerTube/blob/master/LICENSE'
+    url: https://github.com/Chocobozzz/PeerTube/blob/master/LICENSE
  x-logo:
-    url: 'https://joinpeertube.org/img/brand.png'
+    url: https://joinpeertube.org/img/brand.png
    altText: PeerTube Project Homepage
  description: |
    The PeerTube API is built on HTTP(S) and is RESTful. You can use your favorite
@@ -27,8 +27,8 @@ info:
    # Authentication
    When you sign up for an account on a PeerTube instance, you are given the possibility
-    to generate sessions on it, and authenticate there using a session token. Only __one
+    to generate sessions on it, and authenticate there using an access token. Only __one
-    session token can currently be used at a time__.
+    access token can currently be used at a time__.
    ## Roles
@@ -91,18 +91,27 @@ info:
    This API features [Cross-Origin Resource Sharing (CORS)](https://fetch.spec.whatwg.org/),
    allowing cross-domain communication from the browser for some routes:
    
-    | Endpoint                    | Origin |
+    | Endpoint                    |
-    |------------------------- ---|--------|
+    |------------------------- ---|
-    | `/api/*`                    | *      |
+    | `/api/*`                    |
-    | `/download/*`               | *      |
+    | `/download/*`               |
-    | `/lazy-static/*`            | *      |
+    | `/lazy-static/*`            |
-    | `/live/segments-sha256/*`   | *      |
+    | `/live/segments-sha256/*`   |
-    | `/.well-known/webfinger`    | *      |
+    | `/.well-known/webfinger`    |
    In addition, all routes serving ActivityPub are CORS-enabled for all origins.
 externalDocs:
  url: https://docs.joinpeertube.org/api-rest-reference.html
 tags:
+  - name: Register
+    description: |
+      As a visitor, you can use this API to open an account (if registrations are open on
+      that PeerTube instance). As an admin, you should use the dedicated [User creation 
+      API](#operation/createUser) instead.
+  - name: Session
+    x-displayName: Login/Logout
+    description: |
+      Sessions deal with access tokens over time. Only __one session token can currently be used at a time__.
  - name: Accounts
    description: >
      Accounts encompass remote accounts discovered across the federation,
@@ -226,6 +235,10 @@ tags:
      For importing videos as your own, refer to [video imports](#operation/importVideo).
 x-tagGroups:
+  - name: Auth
+    tags:
+      - Register
+      - Session
  - name: Accounts
    tags:
      - Accounts
@@ -573,6 +586,7 @@ paths:
  /users:
    post:
      summary: Create a user
+      operationId: createUser
      security:
        - OAuth2:
          - admin
@@ -689,11 +703,92 @@ paths:
            schema:
              $ref: '#/components/schemas/UpdateUser'
        required: true
+  /oauth-clients/local:
+    get:
+      summary: Login prerequisite
+      description: You need to retrieve a client id and secret before [logging in](#operation/getOauthToken).
+      operationId: getOAuthClient
+      tags:
+        - Session
+      responses:
+        '200':
+          description: successful operation
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/OAuthClient'
+          links:
+            UseOAuthClientToLogin:
+              operationId: getOAuthToken
+              parameters:
+                client_id: '$response.body#/client_id'
+                client_secret: '$response.body#/client_secret'
+  /users/token:
+    post:
+      summary: Login
+      operationId: getOAuthToken
+      description: With your [client id and secret](#operation/getOAuthClient), you can retrieve an access and refresh tokens.
+      tags:
+        - Session
+      requestBody:
+        content:
+          application/x-www-form-urlencoded:
+            schema:
+              oneOf:
+                - $ref: '#/components/schemas/OAuthToken-password'
+                - $ref: '#/components/schemas/OAuthToken-refresh_token'
+              discriminator:
+                propertyName: grant_type
+                mapping:
+                  password: '#/components/schemas/OAuthToken-password'
+                  refresh_token: '#/components/schemas/OAuthToken-refresh_token'
+      responses:
+        '200':
+          description: successful operation
+          content:
+            application/json:
+              schema:
+                type: object
+                properties:
+                  token_type:
+                    type: string
+                    example: Bearer
+                  access_token:
+                    type: string
+                    example: 90286a0bdf0f7315d9d3fe8dabf9e1d2be9c97d0
+                    description: valid for 1 day
+                  refresh_token:
+                    type: string
+                    example: 2e0d675df9fc96d2e4ec8a3ebbbf45eca9137bb7
+                    description: valid for 2 weeks
+                  expires_in:
+                    type: integer
+                    minimum: 0
+                    example: 14399
+                  refresh_token_expires_in:
+                    type: integer
+                    minimum: 0
+                    example: 1209600
+  /users/revoke-token:
+    post:
+      summary: Logout
+      description: Revokes your access token and its associated refresh token, destroying your current session.
+      operationId: revokeOAuthToken
+      tags:
+        - Session
+      security:
+        - OAuth2: []
+      responses:
+        '200':
+          description: successful operation
  /users/register:
    post:
      summary: Register a user
      tags:
        - Users
+        - Register
      responses:
        '204':
          description: successful operation
@@ -703,6 +798,47 @@ paths:
            schema:
              $ref: '#/components/schemas/RegisterUser'
        required: true
+  /users/{id}/verify-email:
+    post:
+      summary: Verify a user
+      description: |
+        Following a user registration, the new user will receive an email asking to click a link
+        containing a secret. 
+      tags:
+        - Users
+        - Register
+      parameters:
+        - $ref: '#/components/parameters/id'
+      requestBody:
+        content:
+          application/json:
+            schema:
+              type: object
+              properties:
+                verificationString:
+                  type: string
+                  format: url
+                isPendingEmail:
+                  type: boolean
+              required:
+                - verificationString
+      responses:
+        '204':
+          description: successful operation
+        '403':
+          description: invalid verification string
+        '404':
+          description: user not found
+  /users/ask-send-verify-email:
+    post:
+      summary: Resend user verification link
+      tags:
+        - Users
+        - Register
+      responses:
+        '204':
+          description: successful operation
  /users/me:
    get:
      summary: Get my user information
@@ -4225,17 +4361,18 @@ components:
      description: |
        Authenticating via OAuth requires the following steps:
        - Have an activated account
-        - [Generate](https://docs.joinpeertube.org/api-rest-getting-started) a
+        - [Generate] an access token for that account at `/api/v1/users/token`.
-        Bearer Token for that account at `/api/v1/users/token`
+        - Make requests with the *Authorization: Bearer <token\>* header
-        - Make authenticated requests, putting *Authorization: Bearer <token\>*
        - Profit, depending on the role assigned to the account
-        Note that the __access token is valid for 1 day__ and, and is given
+        Note that the __access token is valid for 1 day__ and is given
        along with a __refresh token valid for 2 weeks__.
+        [Generate]: https://docs.joinpeertube.org/api-rest-getting-started
      type: oauth2
      flows:
        password:
-          tokenUrl: 'https://peertube.example.com/api/v1/users/token'
+          tokenUrl: /api/v1/users/token
          scopes:
            admin: Admin scope
            moderator: Moderator scope
@@ -4257,14 +4394,16 @@ components:
      type: string
      description: immutable name of the user, used to find or mention its actor
      example: chocobozzz
-      pattern: '/^[a-z0-9._]{1,50}$/'
+      pattern: '/^[a-z0-9._]+$/'
      minLength: 1
      maxLength: 50
    usernameChannel:
      type: string
      description: immutable name of the channel, used to interact with its actor
      example: framasoft_videos
-      pattern: '/^[ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789\\-_.:]+$/'
+      pattern: '/^[a-zA-Z0-9\\-_.:]+$/'
+      minLength: 1
+      maxLength: 50
    password:
      type: string
      format: password
@@ -5998,6 +6137,61 @@ components:
        - password
        - email
+    OAuthClient:
+      properties:
+        client_id:
+          type: string
+          pattern: /^[a-z0-9]$/
+          maxLength: 32
+          minLength: 32
+          example: v1ikx5hnfop4mdpnci8nsqh93c45rldf
+        client_secret:
+          type: string
+          pattern: /^[a-zA-Z0-9]$/
+          maxLength: 32
+          minLength: 32
+          example: AjWiOapPltI6EnsWQwlFarRtLh4u8tDt
+    OAuthToken-password:
+      allOf:
+        - $ref: '#/components/schemas/OAuthClient'
+        - type: object
+          properties:
+            grant_type:
+              type: string
+              enum:
+                - password
+                - refresh_token
+              default: password
+            username:
+              $ref: '#/components/schemas/User/properties/username'
+            password:
+              $ref: '#/components/schemas/password'
+      required:
+        - client_id
+        - client_secret
+        - grant_type
+        - username
+        - password
+    OAuthToken-refresh_token:
+      allOf:
+        - $ref: '#/components/schemas/OAuthClient'
+        - type: object
+          properties:
+            grant_type:
+              type: string
+              enum:
+                - password
+                - refresh_token
+              default: password
+            refresh_token:
+              type: string
+              example: 2e0d675df9fc96d2e4ec8a3ebbbf45eca9137bb7
+      required:
+        - client_id
+        - client_secret
+        - grant_type
+        - refresh_token
    VideoChannel:
      properties:
        # GET/POST/PUT properties
author	Rigel Kent <sendmemail@rigelk.eu>	2021-05-12 21:23:54 +0200
committer	Rigel Kent <sendmemail@rigelk.eu>	2021-05-12 21:49:00 +0200
commit	e2464d22a5f19168022e72c77e82019726216542 (patch)
tree	9fcd6fd0b32540be8d561f051976f57f984d5d70 /support/doc
parent	0ae3ebb03edf8b6a6d74666f006d7373e393e40d (diff)
download	PeerTube-e2464d22a5f19168022e72c77e82019726216542.tar.gz PeerTube-e2464d22a5f19168022e72c77e82019726216542.tar.zst PeerTube-e2464d22a5f19168022e72c77e82019726216542.zip

diff --git a/support/doc/api/openapi.yaml b/support/doc/api/openapi.yaml index d8597d618..f54df1dd0 100644 --- a/support/doc/api/openapi.yaml +++ b/support/doc/api/openapi.yaml
@@ -4,12 +4,12 @@ info:
4	version: 3.2.0-rc.1	4	version: 3.2.0-rc.1
5	contact:	5	contact:
6	name: PeerTube Community	6	name: PeerTube Community
7	url: 'https://joinpeertube.org'	7	url: https://joinpeertube.org
8	license:	8	license:
9	name: AGPLv3.0	9	name: AGPLv3.0
10	url: 'https://github.com/Chocobozzz/PeerTube/blob/master/LICENSE'	10	url: https://github.com/Chocobozzz/PeerTube/blob/master/LICENSE
11	x-logo:	11	x-logo:
12	url: 'https://joinpeertube.org/img/brand.png'	12	url: https://joinpeertube.org/img/brand.png
13	altText: PeerTube Project Homepage	13	altText: PeerTube Project Homepage
14	description: \|	14	description: \|
15	The PeerTube API is built on HTTP(S) and is RESTful. You can use your favorite	15	The PeerTube API is built on HTTP(S) and is RESTful. You can use your favorite
@@ -27,8 +27,8 @@ info:
27	# Authentication	27	# Authentication
28		28
29	When you sign up for an account on a PeerTube instance, you are given the possibility	29	When you sign up for an account on a PeerTube instance, you are given the possibility
30	to generate sessions on it, and authenticate there using a session token. Only __one	30	to generate sessions on it, and authenticate there using an access token. Only __one
31	session token can currently be used at a time__.	31	access token can currently be used at a time__.
32		32
33	## Roles	33	## Roles
34		34
@@ -91,18 +91,27 @@ info:
91	This API features [Cross-Origin Resource Sharing (CORS)](https://fetch.spec.whatwg.org/),	91	This API features [Cross-Origin Resource Sharing (CORS)](https://fetch.spec.whatwg.org/),
92	allowing cross-domain communication from the browser for some routes:	92	allowing cross-domain communication from the browser for some routes:
93		93
94	\| Endpoint \| Origin \|	94	\| Endpoint \|
95	\|------------------------- ---\|--------\|	95	\|------------------------- ---\|
96	\| `/api/` \| \|	96	\| `/api/*` \|
97	\| `/download/` \| \|	97	\| `/download/*` \|
98	\| `/lazy-static/` \| \|	98	\| `/lazy-static/*` \|
99	\| `/live/segments-sha256/` \| \|	99	\| `/live/segments-sha256/*` \|
100	\| `/.well-known/webfinger` \| * \|	100	\| `/.well-known/webfinger` \|
101		101
102	In addition, all routes serving ActivityPub are CORS-enabled for all origins.	102	In addition, all routes serving ActivityPub are CORS-enabled for all origins.
103	externalDocs:	103	externalDocs:
104	url: https://docs.joinpeertube.org/api-rest-reference.html	104	url: https://docs.joinpeertube.org/api-rest-reference.html
105	tags:	105	tags:
		106	- name: Register
		107	description: \|
		108	As a visitor, you can use this API to open an account (if registrations are open on
		109	that PeerTube instance). As an admin, you should use the dedicated [User creation
		110	API](#operation/createUser) instead.
		111	- name: Session
		112	x-displayName: Login/Logout
		113	description: \|
		114	Sessions deal with access tokens over time. Only __one session token can currently be used at a time__.
106	- name: Accounts	115	- name: Accounts
107	description: >	116	description: >
108	Accounts encompass remote accounts discovered across the federation,	117	Accounts encompass remote accounts discovered across the federation,
@@ -226,6 +235,10 @@ tags:
226		235
227	For importing videos as your own, refer to [video imports](#operation/importVideo).	236	For importing videos as your own, refer to [video imports](#operation/importVideo).
228	x-tagGroups:	237	x-tagGroups:
		238	- name: Auth
		239	tags:
		240	- Register
		241	- Session
229	- name: Accounts	242	- name: Accounts
230	tags:	243	tags:
231	- Accounts	244	- Accounts
@@ -573,6 +586,7 @@ paths:
573	/users:	586	/users:
574	post:	587	post:
575	summary: Create a user	588	summary: Create a user
		589	operationId: createUser
576	security:	590	security:
577	- OAuth2:	591	- OAuth2:
578	- admin	592	- admin
@@ -689,11 +703,92 @@ paths:
689	schema:	703	schema:
690	$ref: '#/components/schemas/UpdateUser'	704	$ref: '#/components/schemas/UpdateUser'
691	required: true	705	required: true
		706
		707	/oauth-clients/local:
		708	get:
		709	summary: Login prerequisite
		710	description: You need to retrieve a client id and secret before [logging in](#operation/getOauthToken).
		711	operationId: getOAuthClient
		712	tags:
		713	- Session
		714	responses:
		715	'200':
		716	description: successful operation
		717	content:
		718	application/json:
		719	schema:
		720	$ref: '#/components/schemas/OAuthClient'
		721	links:
		722	UseOAuthClientToLogin:
		723	operationId: getOAuthToken
		724	parameters:
		725	client_id: '$response.body#/client_id'
		726	client_secret: '$response.body#/client_secret'
		727	/users/token:
		728	post:
		729	summary: Login
		730	operationId: getOAuthToken
		731	description: With your [client id and secret](#operation/getOAuthClient), you can retrieve an access and refresh tokens.
		732	tags:
		733	- Session
		734	requestBody:
		735	content:
		736	application/x-www-form-urlencoded:
		737	schema:
		738	oneOf:
		739	- $ref: '#/components/schemas/OAuthToken-password'
		740	- $ref: '#/components/schemas/OAuthToken-refresh_token'
		741	discriminator:
		742	propertyName: grant_type
		743	mapping:
		744	password: '#/components/schemas/OAuthToken-password'
		745	refresh_token: '#/components/schemas/OAuthToken-refresh_token'
		746	responses:
		747	'200':
		748	description: successful operation
		749	content:
		750	application/json:
		751	schema:
		752	type: object
		753	properties:
		754	token_type:
		755	type: string
		756	example: Bearer
		757	access_token:
		758	type: string
		759	example: 90286a0bdf0f7315d9d3fe8dabf9e1d2be9c97d0
		760	description: valid for 1 day
		761	refresh_token:
		762	type: string
		763	example: 2e0d675df9fc96d2e4ec8a3ebbbf45eca9137bb7
		764	description: valid for 2 weeks
		765	expires_in:
		766	type: integer
		767	minimum: 0
		768	example: 14399
		769	refresh_token_expires_in:
		770	type: integer
		771	minimum: 0
		772	example: 1209600
		773	/users/revoke-token:
		774	post:
		775	summary: Logout
		776	description: Revokes your access token and its associated refresh token, destroying your current session.
		777	operationId: revokeOAuthToken
		778	tags:
		779	- Session
		780	security:
		781	- OAuth2: []
		782	responses:
		783	'200':
		784	description: successful operation
		785
692	/users/register:	786	/users/register:
693	post:	787	post:
694	summary: Register a user	788	summary: Register a user
695	tags:	789	tags:
696	- Users	790	- Users
		791	- Register
697	responses:	792	responses:
698	'204':	793	'204':
699	description: successful operation	794	description: successful operation
@@ -703,6 +798,47 @@ paths:
703	schema:	798	schema:
704	$ref: '#/components/schemas/RegisterUser'	799	$ref: '#/components/schemas/RegisterUser'
705	required: true	800	required: true
		801	/users/{id}/verify-email:
		802	post:
		803	summary: Verify a user
		804	description: \|
		805	Following a user registration, the new user will receive an email asking to click a link
		806	containing a secret.
		807	tags:
		808	- Users
		809	- Register
		810	parameters:
		811	- $ref: '#/components/parameters/id'
		812	requestBody:
		813	content:
		814	application/json:
		815	schema:
		816	type: object
		817	properties:
		818	verificationString:
		819	type: string
		820	format: url
		821	isPendingEmail:
		822	type: boolean
		823	required:
		824	- verificationString
		825	responses:
		826	'204':
		827	description: successful operation
		828	'403':
		829	description: invalid verification string
		830	'404':
		831	description: user not found
		832	/users/ask-send-verify-email:
		833	post:
		834	summary: Resend user verification link
		835	tags:
		836	- Users
		837	- Register
		838	responses:
		839	'204':
		840	description: successful operation
		841
706	/users/me:	842	/users/me:
707	get:	843	get:
708	summary: Get my user information	844	summary: Get my user information
@@ -4225,17 +4361,18 @@ components:
4225	description: \|	4361	description: \|
4226	Authenticating via OAuth requires the following steps:	4362	Authenticating via OAuth requires the following steps:
4227	- Have an activated account	4363	- Have an activated account
4228	- [Generate](https://docs.joinpeertube.org/api-rest-getting-started) a	4364	- [Generate] an access token for that account at `/api/v1/users/token`.
4229	Bearer Token for that account at `/api/v1/users/token`	4365	- Make requests with the Authorization: Bearer <token\> header
4230	- Make authenticated requests, putting Authorization: Bearer <token\>
4231	- Profit, depending on the role assigned to the account	4366	- Profit, depending on the role assigned to the account
4232		4367
4233	Note that the __access token is valid for 1 day__ and, and is given	4368	Note that the __access token is valid for 1 day__ and is given
4234	along with a __refresh token valid for 2 weeks__.	4369	along with a __refresh token valid for 2 weeks__.
		4370
		4371	[Generate]: https://docs.joinpeertube.org/api-rest-getting-started
4235	type: oauth2	4372	type: oauth2
4236	flows:	4373	flows:
4237	password:	4374	password:
4238	tokenUrl: 'https://peertube.example.com/api/v1/users/token'	4375	tokenUrl: /api/v1/users/token
4239	scopes:	4376	scopes:
4240	admin: Admin scope	4377	admin: Admin scope
4241	moderator: Moderator scope	4378	moderator: Moderator scope
@@ -4257,14 +4394,16 @@ components:
4257	type: string	4394	type: string
4258	description: immutable name of the user, used to find or mention its actor	4395	description: immutable name of the user, used to find or mention its actor
4259	example: chocobozzz	4396	example: chocobozzz
4260	pattern: '/^[a-z0-9._]{1,50}$/'	4397	pattern: '/^[a-z0-9._]+$/'
4261	minLength: 1	4398	minLength: 1
4262	maxLength: 50	4399	maxLength: 50
4263	usernameChannel:	4400	usernameChannel:
4264	type: string	4401	type: string
4265	description: immutable name of the channel, used to interact with its actor	4402	description: immutable name of the channel, used to interact with its actor
4266	example: framasoft_videos	4403	example: framasoft_videos
4267	pattern: '/^[ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789\\-_.:]+$/'	4404	pattern: '/^[a-zA-Z0-9\\-_.:]+$/'
		4405	minLength: 1
		4406	maxLength: 50
4268	password:	4407	password:
4269	type: string	4408	type: string
4270	format: password	4409	format: password
@@ -5998,6 +6137,61 @@ components:
5998	- password	6137	- password
5999	- email	6138	- email
6000		6139
		6140	OAuthClient:
		6141	properties:
		6142	client_id:
		6143	type: string
		6144	pattern: /^[a-z0-9]$/
		6145	maxLength: 32
		6146	minLength: 32
		6147	example: v1ikx5hnfop4mdpnci8nsqh93c45rldf
		6148	client_secret:
		6149	type: string
		6150	pattern: /^[a-zA-Z0-9]$/
		6151	maxLength: 32
		6152	minLength: 32
		6153	example: AjWiOapPltI6EnsWQwlFarRtLh4u8tDt
		6154	OAuthToken-password:
		6155	allOf:
		6156	- $ref: '#/components/schemas/OAuthClient'
		6157	- type: object
		6158	properties:
		6159	grant_type:
		6160	type: string
		6161	enum:
		6162	- password
		6163	- refresh_token
		6164	default: password
		6165	username:
		6166	$ref: '#/components/schemas/User/properties/username'
		6167	password:
		6168	$ref: '#/components/schemas/password'
		6169	required:
		6170	- client_id
		6171	- client_secret
		6172	- grant_type
		6173	- username
		6174	- password
		6175	OAuthToken-refresh_token:
		6176	allOf:
		6177	- $ref: '#/components/schemas/OAuthClient'
		6178	- type: object
		6179	properties:
		6180	grant_type:
		6181	type: string
		6182	enum:
		6183	- password
		6184	- refresh_token
		6185	default: password
		6186	refresh_token:
		6187	type: string
		6188	example: 2e0d675df9fc96d2e4ec8a3ebbbf45eca9137bb7
		6189	required:
		6190	- client_id
		6191	- client_secret
		6192	- grant_type
		6193	- refresh_token
		6194
6001	VideoChannel:	6195	VideoChannel:
6002	properties:	6196	properties:
6003	# GET/POST/PUT properties	6197	# GET/POST/PUT properties