How to verify the password submitted by the user through the API to access the document content if the document is password protected?

核心功能：文档密码验证API (English)/api/archive/password/check)

要实现对密码保护文档的访问，我们主要依赖的是安企CMS提供的 EnglisharchivePasswordCheckInterface. The design goal of this interface is to verify the password submitted by the user and return the corresponding result.

API address and calling method:

You can call this interface at the following address:{域名地址}/api/archive/password/check

The calling method is:POSTRequest. This means you need to send the request parameters in the request body to the server, not through the URL.

Request parameter details:

InitiatingPOSTWhen making a request, you need to provide two key parameters:

• id(int, Required): This is the unique identifier ID of the document you wish to access. Your frontend application or client needs to know the ID of this document in advance.
• password(string, 必填): This is the password inputted by the user on the front-end interface. The system will compare this password with the predefined password in the document.

For example, if you need to verify the document with ID 1, the user enters the password as '123456', the request data will be similar to the following:

{
  "id": 1,
  "password": "123456"
}

Return parameter parsing:

The return result of the interface will clearly tell you whether the password is correct, and if it is correct, the detailed content of the document.

• code(int): Error code.0Represents successful API call, other values indicate an error (for example-1Represents general error).
• msg(string): Explanation of error reason. IfcodeNot to0Here will provide detailed error information.
• data(object): Validation result object. This is the part we need to focus on.
  • status(boolean): This is the core verification result. If the password is correct,statusresponse fortrue; if the password is incorrect,false.
  • content(string): Ifstatusresponse fortrue(Password verification successful), here will directly return the complete HTML content of the document. If password verification fails,contentthe field may be empty or not contain actual document content.

The following is a successful return example:

{
  "code": 0,
  "msg": "",
  "data": {
    "status": true,
    "content": "<p>这里是文档的详细内容，可以是HTML格式的文本。</p>"
  }
}

If the password is incorrect, you may see this kind of response:

{
  "code": 0,
  "msg": "密码不正确",
  "data": {
    "status": false,
    "content": ""
  }
}

Actual operation process: how to implement step by step

Integrate this API into your application, you usually follow the following steps:

1. Identify documents that require password protection:When a user tries to access a document, your frontend application needs to be able to determine whether the document is protected by a password. This is usually achieved by adding a custom field (such asis_password_protected）and in the document detail interface（/api/archive/detail）to get the value of this field. If the document is marked as password protected, proceed to the next step.
2. Collect user password：On the front-end page, display a password input box to guide the user to enter the password to access this document.
3. Call the API for verification:用户提交密码后，您的前端应用或客户端会构建一个 EnglishPOST请求，将文档ID (id) 和用户输入的密码 (password) 发送到{域名地址}/api/archive/password/checkinterface.
4. Process the API response:
   • 如果接口返回的coderesponse for0anddata.statusresponse fortrueCongratulations, password verification successful. At this time, you can fromdata.contentextract the document content and display it to the user.
   • Ifcoderesponse for0Butdata.statusresponse forfalseThe input password is incorrect. You should display a friendly error message to the user, such as 'Password error, please try again'.
   • IfcodeNot to0The content of the field, provide the user with corresponding hints, or log the error for troubleshooting, indicates that other system errors or network problems have occurred.msgProvide the user with corresponding hints based on the content of the field, or log the error for troubleshooting.

Matters to be paid attention to in software development practice

• User Experience:Ensure the password input interface is simple and clear, with clear and friendly error messages. Auxiliary functions such as 'Forgot Password' can be provided next to the password input box (if your system supports it).
• Security:During the entire transmission process from the user entering the password on your server to the security CMS server, it is essential to use the HTTPS protocol to encrypt data and prevent the password from being intercepted.The front-end should not store users' plaintext passwords.
• Error handling:In addition to password errors, you also need to consider other potential error situations, such as failed network requests, non-existent document ID, and internal server errors, etc.This can enhance the robustness of the application by properly catching and prompting for these situations.
• Cache and session:Considering user experience, if the password verification is successful, you can consider setting a short-term session identifier for the user on the front end, such as storing a temporary token or marker locally, allowing the user to access the document without having to re-enter the password for a period of time, avoiding frequent input by the user.This requires additional logic to implement.

PassarchivePasswordCheckInterface, the security CMS provides developers with a secure and efficient way to control access to password-protected documents, making your content operation strategy more flexible and diverse.

---

Common Questions (FAQ)

Q1: Can I directly access the content of password-protected documents via an interface?/api/archive/detailNo, generally speaking.

A1:No, generally speaking.archiveDetailThe interface is mainly used to obtain document information and basic details. If the document is password protected, it can be directly accessed.archiveDetailusually does not return protected content, but may return a hint or only non-sensitive information. You must go through/api/archive/password/checkInterface, submit the correct password to obtain the protected document content.

Q2: After successful password verification, does the user need to enter the password again before closing the browser?

A2: archivePasswordCheckThe interface itself only returns the document content in a single request.If you want the user to not have to enter the password again during the current session (such as when the browser is not closed) after a successful verification, this requires you to implement additional session management logic on the frontend or backend.For example, after successful verification, you can set a temporary Cookie or Session identifier to indicate that the user has passed the password verification for a specific document. Subsequent requests can carry this identifier to directly access, without the need to call the password verification API again.

Q3: If the documents I need to protect are not just a single document but all documents under a category, what is a better method?

A3: /api/archive/password/checkThe interface is for password verification for a single document. If you have more complex permission management needs, such as the entire category or module content requiring user login or access to a specific user group, you may need to combine the Anqi CMS user system (such as the login interface)/api/loginAnd user group permission settings to achieve.The specific implementation will involve the customization of backend permission logic to determine whether the current logged-in user has sufficient permissions to access all documents under this category.