Skip to content

Document WJ API response example #50

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
mzl2233 wants to merge 1 commit into
base: main
Choose a base branch
from
+38 −1
Open

Document WJ API response example #50

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
39 changes: 38 additions & 1 deletion docs/auth.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -124,7 +124,44 @@ On mount, checks `localStorage` for an `auth_flow` state object with `status: 'v
- Looks up the state record in Redis using the SHA256 hash of the `temp_token`.
- Verifies the status is `pending`. If it's already `verified` or missing, return an error.
3. **Security**: Applies strict rate limiting per _valid_ `temp_token` to prevent brute-force attempts on a single verification flow. Check and set rate limit (or attempts count) in Redis.
4. **API Query**: Fetches recent submissions from the questionnaire platform for the given `account`.
4. **API Query**: Fetches recent submissions from the questionnaire platform for the given `account`. The WJ API response looks like:

```jsonc
{
"success": true,
"message": "ok",
"data": {
"rows": [
{
"answers": [
{
"answer": "12345678",
"question": {
"answer_name": "12345678",
"id": 10469990, // question_id
"question_type": "填空题",
"title": "请输入8位随机码"
}
}
],
"id": 3913814, // answer_id
"ip_address": "127.0.0.1",
"status": 0,
"submitted_at": "2025-09-10T15:34:07.972+08:00",
"tags": [],
"user": {
"account": "xxxxx", // JAccount
"name": "xxx", // real name
"organization": "密西根学院"
}
}
],
"total": 2
},
"code": 0
}
```

5. **Find Submission**: Locates the specific submission matching the `answer_id`. If not found, returns an error.
6. **Extract Data**: Extracts the `submitted_otp` and the questionnaire's unique ID (`quest_id`) from the submission.
7. ~~**Intent Verification**: Confirms that the `quest_id` from the submission correctly maps to the `action` specified in the request, preventing cross-flow attacks.~~ Not needed, different quesitonnaires use different API, cross-flow attacks are not possible.
Expand Down
Loading