版本：Current

REST API

Base URL: http://<host>:4000

鉴权: Authorization: Bearer <accessToken>

健康检查

`GET /health`

无需鉴权 → { "status": "ok", "timestamp": "..." }

认证

`POST /api/auth/verify-code`

验证登录码（NextAuth player-code 内部调用，无需 JWT）。

Body

{
  "code": "123456",
  "playerId": "550e8400-e29b-41d4-a716-446655440000"
}

200

{
  "playerId": "...",
  "internalEmail": "player:...@game.local",
  "displayName": "玩家 #001",
  "playerNumber": 1
}

错误: 400 Invalid player ID / Invalid code format · 401 Invalid or expired login code

游戏

`POST /api/submit-answer`

Body: { "answer": "A" | "B" }
权限: Player only

Admin（需 isAdmin 且非 isDisplay）

`POST /api/admin/next-question`

Body: { "question", "optionA", "optionB" }

`POST /api/admin/publish-login-code`

无 Body。生成 6 位码并 Socket 广播。

200: { "message": "Login code published", "code": "123456" }

`POST /api/admin/close-login-code`

清除登录码并广播 login_code_closed。

`POST /api/admin/reset-game`

重置全部游戏状态、登录码、玩家注册表。

NextAuth（Frontend）

路径	说明
`/api/auth/session`	当前 Session
`/api/auth/signin`	登录
`/api/auth/callback/*`	OAuth 回调

Credentials providers: player-code, staff-credentials

健康检查​

GET /health​

认证​

POST /api/auth/verify-code​

游戏​

POST /api/submit-answer​

Admin（需 isAdmin 且非 isDisplay）​

POST /api/admin/next-question​

POST /api/admin/publish-login-code​

POST /api/admin/close-login-code​

POST /api/admin/reset-game​

NextAuth（Frontend）​