first commit

README.md

@@ -1,2 +1,91 @@
-# nanobot-auth
+# nanobot-auth-service
 
+Standalone phone/password auth service for nanobot web chat.
+
+## Features
+
+- `POST /auth/register` (phone + password + invite code; returns pending)
+- `POST /auth/login`
+- `GET /auth/me` (Bearer token)
+- `GET /auth/register/status/{request_id}`
+- `GET /admin/requests` (admin key required)
+- `POST /admin/requests/{id}/approve` (admin key required)
+- `POST /admin/requests/{id}/reject` (admin key required)
+- SQLite persistence
+- JWT access tokens
+
+## Quick Start
+
+```bash
+cd nanobot-auth-service
+pip install -e .
+cp .env.example .env
+source .env
+uvicorn app.main:app --host ${AUTH_HOST:-0.0.0.0} --port ${AUTH_PORT:-9100}
+```
+
+## Env Vars
+
+- `AUTH_DB_PATH`: sqlite file path
+- `AUTH_JWT_SECRET`: JWT signing secret
+- `AUTH_TOKEN_TTL_HOURS`: access token ttl
+- `AUTH_CORS_ORIGINS`: comma-separated origins or `*`
+- `AUTH_INVITE_CODES`: comma-separated whitelist (empty means no whitelist check)
+- `AUTH_ADMIN_KEY`: required by admin endpoints
+- `AUTH_HOST`: bind host (run command)
+- `AUTH_PORT`: bind port (run command)
+
+## API Contract
+
+`POST /auth/register`
+
+```json
+{
+  "phone": "13800000000",
+  "password": "secret123",
+  "invite_code": "invite-a"
+}
+```
+
+Response:
+
+```json
+{
+  "ok": true,
+  "status": "pending",
+  "request_id": 1,
+  "message": "pending review"
+}
+```
+
+Manual approval flow (operator terminal):
+
+```bash
+cd nanobot-auth-service
+python app/manual_review.py
+```
+
+The script lists pending requests and asks for each item:
+
+- input `y` => approve and create user
+- input `r` => reject with reason
+- any other input => skip
+
+`POST /auth/login` has the same request/response shape.
+
+`GET /auth/me`
+
+Header:
+
+```http
+Authorization: Bearer <token>
+```
+
+Response:
+
+```json
+{
+  "ok": true,
+  "user": {"id": 1, "phone": "13800000000"}
+}
+```