In AnQi CMS, content management not only covers the conventional article publishing and display, but also provides flexible mechanisms to protect sensitive or exclusive content.When you need to allow users to access specific document content by entering a password, AnQi CMS provides a clear API interface to achieve this function.This is very useful for building paid content, VIP areas, or internal material sharing scenarios.
Core Function: Document Password Verification API (/api/archive/password/check)
To access password-protected documents, we mainly rely on the services provided by Anqi CMSarchivePasswordCheckInterface. The design goal of this interface is to verify the password submitted by the user and return the corresponding result.
API address and calling method:
You can call this interface at the following address:{域名地址}/api/archive/password/check
The calling method isPOSTrequest. This means you need to send the request parameters in the request body to the server, not through the URL.
Request parameter details:
InitiatingPOSTWhen making a request, you need to provide two key parameters:
id(int, required): This is the unique identifier ID of the document you wish to access. Your frontend application or client needs to know the document ID in advance.password(string, required): This is the password entered by the user on the front-end interface. The system will compare this password with the pre-set password in the document.
For example, if you want to verify the document with ID 1, the user enters the password '123456', the request data will be something like this:
{
"id": 1,
"password": "123456"
}
Return parameter parsing:
The interface's return result will clearly tell you whether the password is correct, and if it is correct, the detailed content of the document.
code(int): Error code.0Indicates that the interface call was successful, other values indicate an error (for example-1Represents a general error).msg(string): Explanation of the error reason. Ifcodenot0Here will provide detailed error information.data(object): Verification result object. This is the part we need to focus on.status(boolean): This is the core result of the verification. If the password is correct,statusWithtrue; then if the password is incorrect,false.content(string): IfstatusWithtrue(Password verified), it will directly return the complete HTML content of the document. If the password verification fails,contentthe field may be empty or not contain actual document content.
An example of a successful return is as follows:
{
"code": 0,
"msg": "",
"data": {
"status": true,
"content": "<p>这里是文档的详细内容,可以是HTML格式的文本。</p>"
}
}
If the password is incorrect, you may see such a response:
{
"code": 0,
"msg": "密码不正确",
"data": {
"status": false,
"content": ""
}
}
Actual operation process: how to implement step by step
Integrate this API into your application, it usually follows the following steps:
- Identify documents that require password protection:When a user tries to access a document, your frontend application needs to be able to determine whether the document is protected by a password. This is usually done by adding a custom field (such as
is_password_protected)and in the document detail interface(/api/archive/detail)to retrieve the value of this field. If the document is marked as password protected, proceed to the next step. - Collect the user's password:On the front end page, display a password input box to guide the user to enter the password to access the document.
- Call the API for verification:After the user submits the password, your front-end application or client will construct a
POSTrequest, sending the document ID (id) and the password entered by the user (password) to{域名地址}/api/archive/password/checkinterface. - Process the API response:
- if the interface returns the
codeWith0anddata.statusWithtrueCongratulations, your password verification was successful. At this point, you can extract the document content and display it to the user.data.contentExtract the document content and display it to the user. - If
codeWith0Butdata.statusWithfalseThis indicates that the user's password is incorrect. You should display a friendly error message to the user, such as 'Password error, please try again'. - If
codenot0This indicates that an other system error or network problem has occurred, you can refer tomsgthe content of the field to provide the user with the corresponding prompt, or record the error for troubleshooting.
- if the interface returns the
Attention to software development practices
- User Experience:Ensure the password input interface is simple and clear, with clear and friendly error prompts. You can provide auxiliary functions such as 'Forgot Password' next to the password input box (if your system supports it).
- Security:Throughout the entire process of entering a password from your server to the Anqicms server, it is imperative to use the HTTPS protocol to encrypt data and prevent passwords from being intercepted.The front-end should not store users' plain-text passwords.
- Error handling:In addition to password errors, you should also consider other potential error situations, such as failed network requests, non-existent document IDs, and internal server errors.Properly catch and prompt errors for these situations can enhance the robustness of the application.
- Cache and session:Considering user experience, if the password verification is successful, you can consider setting a short-term session identifier for the user on the front end, such as storing a temporary token or marker locally, allowing the user to access the document without repeating the password for a period of time, and avoiding frequent input by the user.This requires additional logic to implement.
ByarchivePasswordCheckAn interface, Anqi CMS provides developers with a secure and efficient way to control access permissions to password-protected documents, making your content operation strategy more flexible and diverse.
Frequently Asked Questions (FAQ)
Q1: Can I directly access/api/archive/detailthe content of the password-protected document via the interface?
A1:In most cases, no.archiveDetailThe interface is mainly used to obtain the *** information and basic details of the document. If the document is protected by a password, it can be accessed directlyarchiveDetailGenerally, protected content is not returned, but a hint or non-sensitive information may be provided instead. You must pass/api/archive/password/checkInterface, submit the correct password to access the protected document content.
Q2: After one successful password verification, does the user need to enter the password again before closing the browser?
A2: archivePasswordCheckThe interface itself only returns the document content in a single request. If you want the user to not have to enter the password again during the current session (such as when the browser is not closed), this requires you to implement session management logic on the frontend or backend.For example, after successful verification, you can set a temporary Cookie or Session identifier to indicate that the user has passed the password verification for a specific document. Subsequent requests can carry this identifier to directly access, without needing to call the password verification API again.
Q3: If I need to protect not just a single document, but all documents under the entire category, what is a better method?
A3: /api/archive/password/checkThe interface is for password verification for a single document. If you have more complex permission management needs, such as the entire category or module content requiring user login or reaching a specific user group to access, you may need to combine the Anqi CMS user system (such as the login interface/api/login) and user group permission settings to implement. The specific implementation will involve custom development of backend permission logic to determine if the current logged-in user's permissions are sufficient to access all documents under the category.