benya/Messenger
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

privacy/security: add PM privacy levels and improve session visibility
All checks were successful
CI / test (push) Successful in 24s
Details

Browse Source
This commit is contained in:
Alex
2026-03-08 14:26:19 +03:00
parent 528778238b
commit 76cc5e0f12
17 changed files with 229 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
docs/api-reference.md
View File

@@ -109,6 +109,19 @@ For `/health/ready` failure:
}
```
### SessionRead
```json
{
"jti": "uuid",
"created_at": "2026-03-08T10:00:00Z",
"ip_address": "127.0.0.1",
"user_agent": "Mozilla/5.0 ...",
"current": false,
"token_type": "refresh"
}
```
### AuthUserResponse
```json
@@ -121,6 +134,11 @@ For `/health/ready` failure:
"avatar_url": "https://...",
"email_verified": true,
"twofa_enabled": false,
"allow_private_messages": true,
"privacy_private_messages": "everyone",
"privacy_last_seen": "everyone",
"privacy_avatar": "everyone",
"privacy_group_invites": "everyone",
"created_at": "2026-03-08T10:00:00Z",
"updated_at": "2026-03-08T10:00:00Z"
}
@@ -140,6 +158,10 @@ For `/health/ready` failure:
"bio": "optional",
"email_verified": true,
"allow_private_messages": true,
"privacy_private_messages": "everyone",
"privacy_last_seen": "everyone",
"privacy_avatar": "everyone",
"privacy_group_invites": "everyone",
"twofa_enabled": false,
"created_at": "2026-03-08T10:00:00Z",
"updated_at": "2026-03-08T10:00:00Z"
@@ -166,11 +188,16 @@ For `/health/ready` failure:
"username": "new_username",
"bio": "new bio",
"avatar_url": "https://...",
"allow_private_messages": true
"allow_private_messages": true,
"privacy_private_messages": "contacts",
"privacy_last_seen": "contacts",
"privacy_avatar": "everyone",
"privacy_group_invites": "contacts"
}
```
All fields are optional.
`privacy_private_messages`: `everyone | contacts | nobody`.
## 3.3 Chats
@@ -500,7 +527,8 @@ Response: `200` + `AuthUserResponse`
### GET `/api/v1/auth/sessions`
Auth required.
Response: `200` + `SessionRead[]`
Response: `200` + `SessionRead[]`
Note: list includes refresh sessions and a synthetic current access-token session (`token_type=access`) for stable UI visibility.
### DELETE `/api/v1/auth/sessions/{jti}`