This commit is contained in:
jeremygan2021
2026-03-20 16:18:58 +08:00
parent 3bdb055b83
commit 7caff4d72d
6 changed files with 312 additions and 31 deletions

Binary file not shown.

43
main.py
View File

@@ -1234,6 +1234,49 @@ def add_user_api(user_data: AddUserRequest):
release_db_connection(conn)
return JSONResponse(content={"success": False, "message": f"添加失败: {str(e)}"}, status_code=500)
@app.post("/api/admin/login")
async def admin_login(request: Request):
"""
管理后台登录验证接口。
"""
try:
body = await request.json()
password = body.get('password', '')
secret = os.getenv("ADD_USER_SECRET", "123quant-speed")
if password == secret:
response = JSONResponse(content={"success": True, "message": "登录成功"})
response.set_cookie(
key="admin_auth",
value="true",
httponly=True,
max_age=60*60*24*7,
samesite="lax"
)
return response
else:
return JSONResponse(content={"success": False, "message": "密码错误"}, status_code=401)
except Exception as e:
return JSONResponse(content={"success": False, "message": str(e)}, status_code=500)
@app.get("/api/admin/check-auth")
async def check_admin_auth(request: Request):
"""
检查管理员是否已登录。
"""
auth_cookie = request.cookies.get("admin_auth")
return {"success": auth_cookie == "true", "authenticated": auth_cookie == "true"}
@app.post("/api/admin/logout")
async def admin_logout():
"""
管理员退出登录。
"""
response = JSONResponse(content={"success": True, "message": "已退出登录"})
response.delete_cookie("admin_auth")
return response
@app.get("/admin", response_class=HTMLResponse)
async def admin_page(request: Request):
"""

View File

@@ -297,28 +297,62 @@
</div>
<script>
// Use secret from backend
const ACCESS_SECRET = "{{ secret }}";
document.addEventListener('DOMContentLoaded', checkAuthStatus);
// Password Check Logic
function checkSecret() {
const input = document.getElementById('secret-input');
const error = document.getElementById('secret-error');
const overlay = document.getElementById('password-overlay');
async function checkAuthStatus() {
try {
const res = await fetch('/api/admin/check-auth');
const data = await res.json();
if (input.value === ACCESS_SECRET) {
overlay.style.opacity = '0';
setTimeout(() => {
overlay.style.display = 'none';
}, 500);
} else {
error.classList.remove('hidden');
input.value = '';
input.focus();
if (data.authenticated) {
hideOverlay();
} else {
showOverlay();
}
} catch (e) {
showOverlay();
}
}
function showOverlay() {
document.getElementById('password-overlay').style.display = 'flex';
}
function hideOverlay() {
const overlay = document.getElementById('password-overlay');
overlay.style.opacity = '0';
setTimeout(() => {
overlay.style.display = 'none';
}, 500);
}
async function checkSecret() {
const input = document.getElementById('secret-input');
const error = document.getElementById('secret-error');
const password = input.value;
try {
const res = await fetch('/api/admin/login', {
method: 'POST',
headers: {'Content-Type': 'application/json'},
body: JSON.stringify({password: password})
});
const data = await res.json();
if (data.success) {
error.classList.add('hidden');
hideOverlay();
} else {
error.classList.remove('hidden');
input.value = '';
input.focus();
}
} catch (e) {
error.textContent = '网络错误';
error.classList.remove('hidden');
}
}
// Allow pressing Enter to submit password
document.getElementById('secret-input').addEventListener('keypress', function (e) {
if (e.key === 'Enter') {
checkSecret();

View File

@@ -330,6 +330,27 @@
</a>
</div>
<div class="card" style="padding: 20px;">
<h2 style="margin-bottom: 15px;">快捷导航</h2>
<div style="display: flex; gap: 10px; flex-wrap: wrap; justify-content: center;">
<a href="/add-user" style="text-decoration: none;">
<button style="background: linear-gradient(90deg, #28a745 0%, #20c997 100%);">
添加嘉宾
</button>
</a>
<a href="/edit" style="text-decoration: none;">
<button style="background: linear-gradient(90deg, #ffc107 0%, #fd7e14 100%);">
✏️ 编辑信息
</button>
</a>
<a href="/data-base" style="text-decoration: none;">
<button style="background: linear-gradient(90deg, #17a2b8 0%, #138496 100%);">
🗄️ 数据库管理
</button>
</a>
</div>
</div>
<div class="card">
<h2>基本信息设置</h2>
<div class="card-content">
@@ -603,26 +624,61 @@
header.parentElement.classList.toggle('collapsed');
});
});
checkAuthStatus();
});
// Use secret from backend
const ACCESS_SECRET = "{{ secret }}";
async function checkAuthStatus() {
try {
const res = await fetch('/api/admin/check-auth');
const data = await res.json();
// Password Check Logic
function checkSecret() {
if (data.authenticated) {
hideOverlay();
} else {
showOverlay();
}
} catch (e) {
showOverlay();
}
}
function showOverlay() {
document.getElementById('password-overlay').style.display = 'flex';
}
function hideOverlay() {
const overlay = document.getElementById('password-overlay');
overlay.style.opacity = '0';
setTimeout(() => {
overlay.style.display = 'none';
}, 500);
}
async function checkSecret() {
const input = document.getElementById('secret-input');
const error = document.getElementById('secret-error');
const overlay = document.getElementById('password-overlay');
const password = input.value;
if (input.value === ACCESS_SECRET) {
overlay.style.opacity = '0';
setTimeout(() => {
overlay.style.display = 'none';
}, 500);
} else {
try {
const res = await fetch('/api/admin/login', {
method: 'POST',
headers: {'Content-Type': 'application/json'},
body: JSON.stringify({password: password})
});
const data = await res.json();
if (data.success) {
error.style.display = 'none';
hideOverlay();
} else {
error.style.display = 'block';
input.value = '';
input.focus();
}
} catch (e) {
error.textContent = '网络错误';
error.style.display = 'block';
input.value = '';
input.focus();
}
}

View File

@@ -360,6 +360,18 @@
</style>
</head>
<body>
<!-- Password Overlay -->
<div id="password-overlay" style="position: fixed; top: 0; left: 0; width: 100%; height: 100%; background-color: var(--bg-color); z-index: 9999; display: flex; align-items: center; justify-content: center; backdrop-filter: blur(10px);">
<div class="card" style="text-align: center; width: 90%; max-width: 400px;">
<h2 style="margin-bottom: 20px; color: var(--primary-color);">请输入访问密钥</h2>
<div class="form-group">
<input type="password" id="secret-input" placeholder="输入密钥" style="text-align: center;">
</div>
<button onclick="checkSecret()">确认</button>
<p id="secret-error" style="color: #ff6b6b; margin-top: 15px; display: none;">密钥错误</p>
</div>
</div>
<div class="container">
<h1>数据库管理</h1>
@@ -410,6 +422,68 @@
<div id="message"></div>
<script>
document.addEventListener('DOMContentLoaded', checkAuthStatus);
async function checkAuthStatus() {
try {
const res = await fetch('/api/admin/check-auth');
const data = await res.json();
if (data.authenticated) {
hideOverlay();
} else {
showOverlay();
}
} catch (e) {
showOverlay();
}
}
function showOverlay() {
document.getElementById('password-overlay').style.display = 'flex';
}
function hideOverlay() {
const overlay = document.getElementById('password-overlay');
overlay.style.opacity = '0';
setTimeout(() => {
overlay.style.display = 'none';
}, 500);
}
async function checkSecret() {
const input = document.getElementById('secret-input');
const error = document.getElementById('secret-error');
const password = input.value;
try {
const res = await fetch('/api/admin/login', {
method: 'POST',
headers: {'Content-Type': 'application/json'},
body: JSON.stringify({password: password})
});
const data = await res.json();
if (data.success) {
error.style.display = 'none';
hideOverlay();
} else {
error.style.display = 'block';
input.value = '';
input.focus();
}
} catch (e) {
error.textContent = '网络错误';
error.style.display = 'block';
}
}
document.getElementById('secret-input').addEventListener('keypress', function (e) {
if (e.key === 'Enter') {
checkSecret();
}
});
let currentTable = '';
let currentPage = 1;
let pageSize = 50;

View File

@@ -273,6 +273,18 @@
</style>
</head>
<body>
<!-- Password Overlay -->
<div id="password-overlay" style="position: fixed; top: 0; left: 0; width: 100%; height: 100%; background-color: var(--bg-color); z-index: 9999; display: flex; align-items: center; justify-content: center; backdrop-filter: blur(10px);">
<div class="card" style="text-align: center; width: 90%; max-width: 400px;">
<h2 style="margin-bottom: 20px;">请输入访问密钥</h2>
<div class="input-group">
<input type="password" id="secret-input" placeholder="输入密钥" style="text-align: center;">
</div>
<button onclick="checkSecret()">确认</button>
<p id="secret-error" class="error-msg hidden">密钥错误</p>
</div>
</div>
<div class="container">
<header>
<img src="{{ config.header_image }}" alt="{{ config.event_title }}" class="header-img" onerror="this.style.display='none'">
@@ -384,6 +396,68 @@
</div>
<script>
document.addEventListener('DOMContentLoaded', checkAuthStatus);
async function checkAuthStatus() {
try {
const res = await fetch('/api/admin/check-auth');
const data = await res.json();
if (data.authenticated) {
hideOverlay();
} else {
showOverlay();
}
} catch (e) {
showOverlay();
}
}
function showOverlay() {
document.getElementById('password-overlay').style.display = 'flex';
}
function hideOverlay() {
const overlay = document.getElementById('password-overlay');
overlay.style.opacity = '0';
setTimeout(() => {
overlay.style.display = 'none';
}, 500);
}
async function checkSecret() {
const input = document.getElementById('secret-input');
const error = document.getElementById('secret-error');
const password = input.value;
try {
const res = await fetch('/api/admin/login', {
method: 'POST',
headers: {'Content-Type': 'application/json'},
body: JSON.stringify({password: password})
});
const data = await res.json();
if (data.success) {
error.classList.add('hidden');
hideOverlay();
} else {
error.classList.remove('hidden');
input.value = '';
input.focus();
}
} catch (e) {
error.textContent = '网络错误';
error.classList.remove('hidden');
}
}
document.getElementById('secret-input').addEventListener('keypress', function (e) {
if (e.key === 'Enter') {
checkSecret();
}
});
async function searchUser() {
const query = document.getElementById('search-input').value.trim();
const btn = document.getElementById('search-btn');