feat: 完善登录认证系统

- 首次使用强制设置密码(至少6位) - 密码存数据库(SHA256哈希),前端可修改 - 登录失败5次锁定5分钟,防爆破 - 导航栏添加修改密码入口 - 移除硬编码默认密码
2026-04-02 12:11:09 +08:00
parent 6ab6666cac
commit c293f3d4ac
8 changed files with 278 additions and 46 deletions
--- a/templates/setup.html
+++ b/templates/setup.html
@@ -0,0 +1,50 @@
+<!DOCTYPE html>
+<html lang="zh-CN">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>初始设置 - 微店抢购管理</title>
+    <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/css/bootstrap.min.css" rel="stylesheet">
+    <link href="https://cdn.jsdelivr.net/npm/bootstrap-icons@1.11.3/font/bootstrap-icons.min.css" rel="stylesheet">
+    <style>
+        body { background: linear-gradient(135deg, #667eea 0%, #764ba2 100%); min-height: 100vh;
+               display: flex; align-items: center; justify-content: center;
+               font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif; }
+        .card { width: 380px; border-radius: 18px; border: none; box-shadow: 0 8px 40px rgba(0,0,0,.2); }
+        .card-header { text-align: center; padding: 2rem 2rem 1rem; background: none; border: none; }
+        .card-header i { font-size: 2.5rem; color: #667eea; }
+        .card-header h4 { margin-top: .8rem; font-weight: 600; color: #333; }
+        .card-header p { color: #888; font-size: .85rem; }
+        .card-body { padding: 0 2rem 2rem; }
+        .form-control { border-radius: 10px; padding: .6rem 1rem; }
+        .btn-primary { background: linear-gradient(135deg, #667eea, #764ba2); border: none;
+                       border-radius: 10px; padding: .6rem; font-weight: 500; width: 100%; }
+        .alert { border-radius: 10px; font-size: .85rem; }
+    </style>
+</head>
+<body>
+    <div class="card">
+        <div class="card-header">
+            <i class="bi bi-shield-lock-fill"></i>
+            <h4>首次使用设置</h4>
+            <p>请设置管理密码（至少6位）</p>
+        </div>
+        <div class="card-body">
+            {% if error %}
+            <div class="alert alert-danger py-2">{{ error }}</div>
+            {% endif %}
+            <form method="POST">
+                <div class="mb-3">
+                    <input type="password" class="form-control" name="password"
+                           placeholder="设置密码" autofocus required minlength="6">
+                </div>
+                <div class="mb-3">
+                    <input type="password" class="form-control" name="password2"
+                           placeholder="确认密码" required minlength="6">
+                </div>
+                <button type="submit" class="btn btn-primary">确认设置</button>
+            </form>
+        </div>
+    </div>
+</body>
+</html>