feat(api): add captcha fields and admin authentication endpoints

- Add CaptchaId and CaptchaCode fields to login/register/reset requests
- Add /v1/auth/captcha/generate endpoint for user captcha generation
- Add /v1/auth/admin/login endpoint for admin authentication
- Add /v1/auth/admin/reset-password endpoint for admin password reset
- Add /v1/auth/admin/captcha/generate endpoint for admin captcha generation
- Update GlobalConfigResponse with new verify configuration fields
- Add GenerateCaptchaResponse type for captcha generation

apis/auth/auth.api

@@ -11,13 +11,15 @@ info (
 type (
 	// User login request
 	UserLoginRequest {
-		Identifier string `json:"identifier"`
-		Email      string `json:"email" validate:"required"`
-		Password   string `json:"password" validate:"required"`
-		IP         string `header:"X-Original-Forwarded-For"`
-		UserAgent  string `header:"User-Agent"`
-		LoginType  string `header:"Login-Type"`
-		CfToken    string `json:"cf_token,optional"`
+		Identifier  string `json:"identifier"`
+		Email       string `json:"email" validate:"required"`
+		Password    string `json:"password" validate:"required"`
+		IP          string `header:"X-Original-Forwarded-For"`
+		UserAgent   string `header:"User-Agent"`
+		LoginType   string `header:"Login-Type"`
+		CfToken     string `json:"cf_token,optional"`
+		CaptchaId   string `json:"captcha_id,optional"`
+		CaptchaCode string `json:"captcha_code,optional"`
 	}
 	// Check user is exist request
 	CheckUserRequest {
@@ -29,26 +31,30 @@ type (
 	}
 	// User login response
 	UserRegisterRequest {
-		Identifier string `json:"identifier"`
-		Email      string `json:"email" validate:"required"`
-		Password   string `json:"password" validate:"required"`
-		Invite     string `json:"invite,optional"`
-		Code       string `json:"code,optional"`
-		IP         string `header:"X-Original-Forwarded-For"`
-		UserAgent  string `header:"User-Agent"`
-		LoginType  string `header:"Login-Type"`
-		CfToken    string `json:"cf_token,optional"`
+		Identifier  string `json:"identifier"`
+		Email       string `json:"email" validate:"required"`
+		Password    string `json:"password" validate:"required"`
+		Invite      string `json:"invite,optional"`
+		Code        string `json:"code,optional"`
+		IP          string `header:"X-Original-Forwarded-For"`
+		UserAgent   string `header:"User-Agent"`
+		LoginType   string `header:"Login-Type"`
+		CfToken     string `json:"cf_token,optional"`
+		CaptchaId   string `json:"captcha_id,optional"`
+		CaptchaCode string `json:"captcha_code,optional"`
 	}
-	// User login response
+	// User reset password request
 	ResetPasswordRequest {
-		Identifier string `json:"identifier"`
-		Email      string `json:"email" validate:"required"`
-		Password   string `json:"password" validate:"required"`
-		Code       string `json:"code,optional"`
-		IP         string `header:"X-Original-Forwarded-For"`
-		UserAgent  string `header:"User-Agent"`
-		LoginType  string `header:"Login-Type"`
-		CfToken    string `json:"cf_token,optional"`
+		Identifier  string `json:"identifier"`
+		Email       string `json:"email" validate:"required"`
+		Password    string `json:"password" validate:"required"`
+		Code        string `json:"code,optional"`
+		IP          string `header:"X-Original-Forwarded-For"`
+		UserAgent   string `header:"User-Agent"`
+		LoginType   string `header:"Login-Type"`
+		CfToken     string `json:"cf_token,optional"`
+		CaptchaId   string `json:"captcha_id,optional"`
+		CaptchaCode string `json:"captcha_code,optional"`
 	}
 	LoginResponse {
 		Token string `json:"token"`
@@ -75,6 +81,8 @@ type (
 		UserAgent         string `header:"User-Agent"`
 		LoginType         string `header:"Login-Type"`
 		CfToken           string `json:"cf_token,optional"`
+		CaptchaId         string `json:"captcha_id,optional"`
+		CaptchaCode       string `json:"captcha_code,optional"`
 	}
 	// Check user is exist request
 	TelephoneCheckUserRequest {
@@ -97,6 +105,8 @@ type (
 		UserAgent         string `header:"User-Agent"`
 		LoginType         string `header:"Login-Type,optional"`
 		CfToken           string `json:"cf_token,optional"`
+		CaptchaId         string `json:"captcha_id,optional"`
+		CaptchaCode       string `json:"captcha_code,optional"`
 	}
 	// User login response
 	TelephoneResetPasswordRequest {
@@ -109,6 +119,8 @@ type (
 		UserAgent         string `header:"User-Agent"`
 		LoginType         string `header:"Login-Type,optional"`
 		CfToken           string `json:"cf_token,optional"`
+		CaptchaId         string `json:"captcha_id,optional"`
+		CaptchaCode       string `json:"captcha_code,optional"`
 	}
 	AppleLoginCallbackRequest {
 		Code    string `form:"code"`
@@ -126,6 +138,11 @@ type (
 		CfToken    string `json:"cf_token,optional"`
 		ShortCode  string `json:"short_code,optional"`
 	}
+	GenerateCaptchaResponse {
+		Id    string `json:"id"`
+		Image string `json:"image"`
+		Type  string `json:"type"`
+	}
 )
 
 @server (
@@ -166,11 +183,34 @@ service ppanel {
 	@handler TelephoneResetPassword
 	post /reset/telephone (TelephoneResetPasswordRequest) returns (LoginResponse)
 
+	@doc "Generate captcha"
+	@handler GenerateCaptcha
+	post /captcha/generate returns (GenerateCaptchaResponse)
+
 	@doc "Device Login"
 	@handler DeviceLogin
 	post /login/device (DeviceLoginRequest) returns (LoginResponse)
 }
 
+@server (
+	prefix:     v1/auth/admin
+	group:      auth/admin
+	middleware: DeviceMiddleware
+)
+service ppanel {
+	@doc "Admin login"
+	@handler AdminLogin
+	post /login (UserLoginRequest) returns (LoginResponse)
+
+	@doc "Admin reset password"
+	@handler AdminResetPassword
+	post /reset (ResetPasswordRequest) returns (LoginResponse)
+
+	@doc "Generate captcha"
+	@handler AdminGenerateCaptcha
+	post /captcha/generate returns (GenerateCaptchaResponse)
+}
+
 @server (
 	prefix: v1/auth/oauth
 	group:  auth/oauth

apis/common.api

@@ -12,10 +12,12 @@ import "./types.api"
 
 type (
 	VeifyConfig {
-		TurnstileSiteKey          string `json:"turnstile_site_key"`
-		EnableLoginVerify         bool   `json:"enable_login_verify"`
-		EnableRegisterVerify      bool   `json:"enable_register_verify"`
-		EnableResetPasswordVerify bool   `json:"enable_reset_password_verify"`
+		CaptchaType                   string `json:"captcha_type"`
+		TurnstileSiteKey              string `json:"turnstile_site_key"`
+		EnableUserLoginCaptcha        bool   `json:"enable_user_login_captcha"`
+		EnableUserRegisterCaptcha     bool   `json:"enable_user_register_captcha"`
+		EnableAdminLoginCaptcha       bool   `json:"enable_admin_login_captcha"`
+		EnableUserResetPasswordCaptcha bool  `json:"enable_user_reset_password_captcha"`
 	}
 	GetGlobalConfigResponse {
 		Site         SiteConfig             `json:"site"`

apis/types.api

@@ -154,11 +154,13 @@ type (
 		DeviceLimit             int64  `json:"device_limit"`
 	}
 	VerifyConfig {
-		TurnstileSiteKey          string `json:"turnstile_site_key"`
-		TurnstileSecret           string `json:"turnstile_secret"`
-		EnableLoginVerify         bool   `json:"enable_login_verify"`
-		EnableRegisterVerify      bool   `json:"enable_register_verify"`
-		EnableResetPasswordVerify bool   `json:"enable_reset_password_verify"`
+		CaptchaType                   string `json:"captcha_type"`                      // local or turnstile
+		TurnstileSiteKey              string `json:"turnstile_site_key"`
+		TurnstileSecret               string `json:"turnstile_secret"`
+		EnableUserLoginCaptcha        bool   `json:"enable_user_login_captcha"`         // User login captcha
+		EnableUserRegisterCaptcha     bool   `json:"enable_user_register_captcha"`      // User register captcha
+		EnableAdminLoginCaptcha       bool   `json:"enable_admin_login_captcha"`        // Admin login captcha
+		EnableUserResetPasswordCaptcha bool  `json:"enable_user_reset_password_captcha"` // User reset password captcha
 	}
 	NodeConfig {
 		NodeSecret             string         `json:"node_secret"`