diff --git a/__pycache__/main.cpython-312.pyc b/__pycache__/main.cpython-312.pyc index 40dc01a..acda3f5 100644 Binary files a/__pycache__/main.cpython-312.pyc and b/__pycache__/main.cpython-312.pyc differ diff --git a/main.py b/main.py index 41accc8..70eacc3 100644 --- a/main.py +++ b/main.py @@ -1234,6 +1234,49 @@ def add_user_api(user_data: AddUserRequest): release_db_connection(conn) return JSONResponse(content={"success": False, "message": f"添加失败: {str(e)}"}, status_code=500) +@app.post("/api/admin/login") +async def admin_login(request: Request): + """ + 管理后台登录验证接口。 + """ + try: + body = await request.json() + password = body.get('password', '') + + secret = os.getenv("ADD_USER_SECRET", "123quant-speed") + + if password == secret: + response = JSONResponse(content={"success": True, "message": "登录成功"}) + response.set_cookie( + key="admin_auth", + value="true", + httponly=True, + max_age=60*60*24*7, + samesite="lax" + ) + return response + else: + return JSONResponse(content={"success": False, "message": "密码错误"}, status_code=401) + except Exception as e: + return JSONResponse(content={"success": False, "message": str(e)}, status_code=500) + +@app.get("/api/admin/check-auth") +async def check_admin_auth(request: Request): + """ + 检查管理员是否已登录。 + """ + auth_cookie = request.cookies.get("admin_auth") + return {"success": auth_cookie == "true", "authenticated": auth_cookie == "true"} + +@app.post("/api/admin/logout") +async def admin_logout(): + """ + 管理员退出登录。 + """ + response = JSONResponse(content={"success": True, "message": "已退出登录"}) + response.delete_cookie("admin_auth") + return response + @app.get("/admin", response_class=HTMLResponse) async def admin_page(request: Request): """ diff --git a/templates/add_user.html b/templates/add_user.html index 4acd99f..bf6bb6d 100644 --- a/templates/add_user.html +++ b/templates/add_user.html @@ -297,28 +297,62 @@