From f7cd9575d2c4aa25680e9dbf139d48917ea2e0fc Mon Sep 17 00:00:00 2001 From: Alfred Date: Mon, 25 May 2026 23:20:10 +0800 Subject: [PATCH] =?UTF-8?q?feat:=20=E6=94=AF=E6=8C=81=20root=20=E6=81=A2?= =?UTF-8?q?=E5=A4=8D=20admin=20=E5=AF=86=E7=A0=81?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- components/ts_api/src/ts_api.c | 4 +- components/ts_api/src/ts_api_auth.c | 118 +++++++++++++++- components/ts_security/include/ts_security.h | 7 + components/ts_security/src/ts_auth.c | 92 ++++++------ components/ts_webui/web/css/style.css | 131 +++++++++++++++++ components/ts_webui/web/js/api.js | 56 +++++--- components/ts_webui/web/js/app.js | 141 ++++++++++++++++++- components/ts_webui/web/js/lang/en-US.js | 19 +++ components/ts_webui/web/js/lang/zh-CN.js | 19 +++ docs/API_REFERENCE.md | 43 +++++- docs/QUICK_START.md | 4 +- version.txt | 2 +- 12 files changed, 565 insertions(+), 71 deletions(-) diff --git a/components/ts_api/src/ts_api.c b/components/ts_api/src/ts_api.c index c4f2404..0ff1f1a 100644 --- a/components/ts_api/src/ts_api.c +++ b/components/ts_api/src/ts_api.c @@ -31,7 +31,9 @@ static const char *s_code_names[] = { [TS_API_ERR_NO_MEM] = "NO_MEM", [TS_API_ERR_INTERNAL] = "INTERNAL", [TS_API_ERR_NOT_SUPPORTED] = "NOT_SUPPORTED", - [TS_API_ERR_HARDWARE] = "HARDWARE" + [TS_API_ERR_HARDWARE] = "HARDWARE", + [TS_API_ERR_CONNECTION] = "CONNECTION", + [TS_API_ERR_AUTH] = "AUTH" }; static const char *s_category_names[] = { diff --git a/components/ts_api/src/ts_api_auth.c b/components/ts_api/src/ts_api_auth.c index a411b36..a021362 100644 --- a/components/ts_api/src/ts_api_auth.c +++ b/components/ts_api/src/ts_api_auth.c @@ -1,7 +1,7 @@ /** * @file ts_ap * @brief Authentication API and - * 提供 auth.login / auth.lout / auth.status / auth.change_password API + * 提供 auth.login / auth.logout / auth.status / auth.change_password API * * @author TianShanOS Team * @version 1.0.0 @@ -32,6 +32,35 @@ static const char *perm_level_to_string(ts_perm_level_t level) } } +static esp_err_t validate_root_token(const cJSON *token_item, ts_api_result_t *result) +{ + if (!cJSON_IsString(token_item)) { + ts_api_result_error(result, TS_API_ERR_AUTH, "Missing token"); + return ESP_ERR_INVALID_ARG; + } + + uint32_t session_id; + esp_err_t ret = ts_security_validate_token(token_item->valuestring, &session_id); + if (ret != ESP_OK) { + ts_api_result_error(result, TS_API_ERR_AUTH, "Invalid or expired token"); + return ret; + } + + ts_session_t session; + ret = ts_security_validate_session(session_id, &session); + if (ret != ESP_OK) { + ts_api_result_error(result, TS_API_ERR_AUTH, "Session expired"); + return ret; + } + + if (session.level != TS_PERM_ROOT) { + ts_api_result_error(result, TS_API_ERR_NO_PERMISSION, "Root permission required"); + return ESP_ERR_NOT_ALLOWED; + } + + return ESP_OK; +} + /*===========================================================================*/ /* API Handlers */ /*===========================================================================*/ @@ -255,6 +284,79 @@ static esp_err_t api_auth_change_password(const cJSON *params, ts_api_result_t * return ESP_OK; } +/** + * @brief auth.admin.set_password - Root sets admin password + * + * Params: { "token": "...", "new_password": "..." } + * Returns: { "success": true, "username": "admin", "password_changed": true } + */ +static esp_err_t api_auth_admin_set_password(const cJSON *params, ts_api_result_t *result) +{ + const cJSON *token_item = cJSON_GetObjectItem(params, "token"); + const cJSON *new_pwd_item = cJSON_GetObjectItem(params, "new_password"); + + esp_err_t ret = validate_root_token(token_item, result); + if (ret != ESP_OK) return ret; + + if (!cJSON_IsString(new_pwd_item)) { + ts_api_result_error(result, TS_API_ERR_INVALID_ARG, + "Missing required parameter: new_password"); + return ESP_ERR_INVALID_ARG; + } + + const char *new_password = new_pwd_item->valuestring; + size_t len = strlen(new_password); + if (len < 4 || len > 64) { + ts_api_result_error(result, TS_API_ERR_INVALID_ARG, + "Password must be 4-64 characters"); + return ESP_ERR_INVALID_ARG; + } + + ret = ts_auth_set_admin_password(new_password); + if (ret != ESP_OK) { + ts_api_result_error(result, TS_API_ERR_INTERNAL, "Failed to set admin password"); + return ret; + } + + cJSON *data = cJSON_CreateObject(); + cJSON_AddBoolToObject(data, "success", true); + cJSON_AddStringToObject(data, "username", "admin"); + cJSON_AddBoolToObject(data, "password_changed", true); + + ts_api_result_ok(result, data); + TS_LOGI(TAG, "Root set admin password"); + return ESP_OK; +} + +/** + * @brief auth.admin.reset_password - Root resets admin password to default + * + * Params: { "token": "..." } + * Returns: { "success": true, "username": "admin", "password_changed": false } + */ +static esp_err_t api_auth_admin_reset_password(const cJSON *params, ts_api_result_t *result) +{ + const cJSON *token_item = cJSON_GetObjectItem(params, "token"); + + esp_err_t ret = validate_root_token(token_item, result); + if (ret != ESP_OK) return ret; + + ret = ts_auth_reset_password("admin"); + if (ret != ESP_OK) { + ts_api_result_error(result, TS_API_ERR_INTERNAL, "Failed to reset admin password"); + return ret; + } + + cJSON *data = cJSON_CreateObject(); + cJSON_AddBoolToObject(data, "success", true); + cJSON_AddStringToObject(data, "username", "admin"); + cJSON_AddBoolToObject(data, "password_changed", false); + + ts_api_result_ok(result, data); + TS_LOGI(TAG, "Root reset admin password to default"); + return ESP_OK; +} + /*===========================================================================*/ /* Registration */ /*===========================================================================*/ @@ -288,6 +390,20 @@ static const ts_api_endpoint_t s_auth_endpoints[] = { .handler = api_auth_change_password, .requires_auth = false, /* 密码修改使用 token 验证 */ }, + { + .name = "auth.admin.set_password", + .description = "Root sets admin password", + .category = TS_API_CAT_SECURITY, + .handler = api_auth_admin_set_password, + .requires_auth = false, /* Handler validates root token */ + }, + { + .name = "auth.admin.reset_password", + .description = "Root resets admin password to default", + .category = TS_API_CAT_SECURITY, + .handler = api_auth_admin_reset_password, + .requires_auth = false, /* Handler validates root token */ + }, }; esp_err_t ts_api_auth_register(void) diff --git a/components/ts_security/include/ts_security.h b/components/ts_security/include/ts_security.h index 31927a2..1d32f68 100644 --- a/components/ts_security/include/ts_security.h +++ b/components/ts_security/include/ts_security.h @@ -156,6 +156,13 @@ esp_err_t ts_auth_verify_password(const char *username, const char *password, esp_err_t ts_auth_change_password(const char *username, const char *old_password, const char *new_password); +/** + * @brief Set admin password without requiring the old admin password + * @param new_password New admin password (4-64 chars) + * @return ESP_OK on success + */ +esp_err_t ts_auth_set_admin_password(const char *new_password); + /** * @brief Check if user has changed the default password */ diff --git a/components/ts_security/src/ts_auth.c b/components/ts_security/src/ts_auth.c index 7eaa014..e0cd758 100644 --- a/components/ts_security/src/ts_auth.c +++ b/components/ts_security/src/ts_auth.c @@ -6,7 +6,7 @@ * * 安全设计: * - 密码哈希仅存储在 NVS,不导出到 SD 卡 - * - 忘记密码只能通过 idf.py erase-flash 恢复出厂 + * - admin 密码可由 root 会话恢复,root 密码遗失需恢复出厂 */ #include "ts_security.h" @@ -99,30 +99,45 @@ static esp_err_t save_user_credential(const char *username, const user_credentia } /** - * @brief 强制重新创建用户凭据 + * @brief 写入用户密码凭据,并清除失败计数/锁定状态 */ -static esp_err_t force_create_user(const char *username, ts_perm_level_t level) +static esp_err_t write_user_password_credential(const char *username, const char *password, + bool password_changed) { - user_credential_t cred; - - /* 根据用户类型使用不同默认密码 */ - const char *default_pwd = (level == TS_PERM_ROOT) ? DEFAULT_PASSWORD_ROOT : DEFAULT_PASSWORD_ADMIN; - TS_LOGI(TAG, "Creating/resetting user '%s'", username); - - /* 生成随机 salt */ + if (!username || !password) return ESP_ERR_INVALID_ARG; + + size_t pwd_len = strlen(password); + if (pwd_len < 4 || pwd_len > 64) { + TS_LOGW(TAG, "Password length invalid (4-64 chars required)"); + return ESP_ERR_INVALID_ARG; + } + + user_credential_t cred = {0}; + esp_fill_random(cred.salt, SALT_LEN); - - /* 计算默认密码哈希 */ - esp_err_t ret = compute_password_hash(cred.salt, default_pwd, cred.hash); + + esp_err_t ret = compute_password_hash(cred.salt, password, cred.hash); if (ret != ESP_OK) return ret; - - cred.password_changed = false; + + cred.password_changed = password_changed; cred.failed_attempts = 0; cred.lockout_until = 0; - + return save_user_credential(username, &cred); } +/** + * @brief 强制重新创建用户凭据 + */ +static esp_err_t force_create_user(const char *username, ts_perm_level_t level) +{ + /* 根据用户类型使用不同默认密码 */ + const char *default_pwd = (level == TS_PERM_ROOT) ? DEFAULT_PASSWORD_ROOT : DEFAULT_PASSWORD_ADMIN; + TS_LOGI(TAG, "Creating/resetting user '%s'", username); + + return write_user_password_credential(username, default_pwd, false); +} + /** * @brief 初始化用户(如果不存在则创建默认密码) */ @@ -279,22 +294,7 @@ esp_err_t ts_auth_change_password(const char *username, const char *old_password return ret; } - /* 加载凭据 */ - user_credential_t cred; - ret = load_user_credential(username, &cred); - if (ret != ESP_OK) return ret; - - /* 生成新 salt */ - esp_fill_random(cred.salt, SALT_LEN); - - /* 计算新密码哈希 */ - ret = compute_password_hash(cred.salt, new_password, cred.hash); - if (ret != ESP_OK) return ret; - - cred.password_changed = true; - cred.failed_attempts = 0; - - ret = save_user_credential(username, &cred); + ret = write_user_password_credential(username, new_password, true); if (ret == ESP_OK) { TS_LOGI(TAG, "Password changed for user %s", username); } @@ -302,6 +302,19 @@ esp_err_t ts_auth_change_password(const char *username, const char *old_password return ret; } +/** + * @brief Root 管理功能:设置 admin 密码 + */ +esp_err_t ts_auth_set_admin_password(const char *new_password) +{ + esp_err_t ret = write_user_password_credential("admin", new_password, true); + if (ret == ESP_OK) { + TS_LOGI(TAG, "Password set for admin by root"); + } + + return ret; +} + /** * @brief 检查用户是否已修改初始密码 */ @@ -399,20 +412,7 @@ esp_err_t ts_auth_reset_password(const char *username) return ESP_ERR_NOT_FOUND; } - user_credential_t cred; - - /* 生成新 salt */ - esp_fill_random(cred.salt, SALT_LEN); - - /* 使用默认密码 */ - esp_err_t ret = compute_password_hash(cred.salt, default_pwd, cred.hash); - if (ret != ESP_OK) return ret; - - cred.password_changed = false; - cred.failed_attempts = 0; - cred.lockout_until = 0; - - ret = save_user_credential(username, &cred); + esp_err_t ret = write_user_password_credential(username, default_pwd, false); if (ret == ESP_OK) { TS_LOGI(TAG, "Password reset to default for user %s", username); } diff --git a/components/ts_webui/web/css/style.css b/components/ts_webui/web/css/style.css index 863c703..b4c2801 100644 --- a/components/ts_webui/web/css/style.css +++ b/components/ts_webui/web/css/style.css @@ -3091,6 +3091,40 @@ button.btn-gray:hover, max-width: 460px; } +.fan-auto-help-header { + position: relative; + display: flex; + align-items: center; + padding-right: 32px; +} + +.fan-auto-help-header h2 { + height: 28px; + min-width: 0; + line-height: 28px; +} + +.fan-auto-help-header .modal-close { + position: absolute; + top: 2px; + right: 0; + width: 24px; + height: 24px; + min-width: 24px; + margin-left: 0; + font-size: 1rem; + border-radius: var(--radius-sm); +} + +.fan-auto-help-header .modal-close i { + line-height: 1; +} + +.fan-auto-help-header .modal-close:hover { + background: var(--bg-tertiary); + color: var(--text-primary); +} + .fan-auto-help-body { color: var(--text-secondary); font-size: 0.92rem; @@ -3689,6 +3723,103 @@ button.btn-gray:hover, font-size: 1.15rem; font-weight: 600; } + +.account-security-desc { + color: var(--text-muted); + margin: 0 0 15px; +} + +.account-password-form { + display: grid; + grid-template-columns: minmax(240px, 320px) minmax(240px, 320px) minmax(16px, 1fr) auto; + gap: 12px; + align-items: end; + margin-bottom: 12px; +} + +.account-password-group, +.account-security-actions { + margin-bottom: 0; +} + +.account-security-actions { + grid-column: 4; + justify-self: end; +} + +.account-password-field { + position: relative; +} + +.form-group .account-password-input { + min-height: 38px; + padding-right: 38px; + line-height: 20px; + box-sizing: border-box; +} + +.password-visibility-toggle { + position: absolute; + top: 50%; + right: 6px; + width: 28px; + height: 28px; + transform: translateY(-50%); + display: inline-flex; + align-items: center; + justify-content: center; + padding: 0; + border: 0; + border-radius: var(--radius-sm); + background: transparent; + color: var(--text-muted); + cursor: pointer; +} + +.password-visibility-toggle:hover { + background: var(--bg-tertiary); + color: var(--blue-600); +} + +.password-visibility-toggle.active { + background: var(--blue-50); + color: var(--blue-600); +} + +.account-danger-row { + border-top: 1px solid var(--border); + padding-top: 12px; + display: grid; + grid-template-columns: minmax(0, 1fr) auto; + gap: 12px; + align-items: end; +} + +.account-danger-row .btn { + justify-self: end; + align-self: end; +} + +@media (max-width: 780px) { + .account-password-form { + grid-template-columns: 1fr; + } + + .account-security-actions { + grid-column: 1; + justify-self: stretch; + } + + .account-danger-row { + grid-template-columns: 1fr; + } + + .account-security-actions .btn, + .account-danger-row .btn { + width: 100%; + } +} + .page-security .modal .modal-content h2 { font-size: 1.1rem; } diff --git a/components/ts_webui/web/js/api.js b/components/ts_webui/web/js/api.js index 06b39b8..9dddac6 100644 --- a/components/ts_webui/web/js/api.js +++ b/components/ts_webui/web/js/api.js @@ -49,15 +49,20 @@ class TianShanAPI { if (expires && Date.now() > parseInt(expires)) { // Token 已过期,清除 console.log('Token expired, clearing...'); - this.token = null; - this.username = null; - this.level = null; - localStorage.removeItem('ts_token'); - localStorage.removeItem('ts_username'); - localStorage.removeItem('ts_level'); - localStorage.removeItem('ts_expires'); + this.clearAuth(); } } + + clearAuth() { + this.token = null; + this.username = null; + this.level = null; + this.passwordChanged = null; + localStorage.removeItem('ts_token'); + localStorage.removeItem('ts_username'); + localStorage.removeItem('ts_level'); + localStorage.removeItem('ts_expires'); + } /** * 通用 API 请求方法 @@ -118,6 +123,16 @@ class TianShanAPI { if (!response.ok && !json.code) { throw new Error(json.message || json.error || 'Request failed'); } + + const isAuthEndpoint = endpoint === '/auth/login' || endpoint === '/auth/logout'; + if (!isAuthEndpoint && json && json.code === 'AUTH') { + this.clearAuth(); + const message = typeof window.t === 'function' + ? window.t('login.sessionExpired') + : '登录已过期,请重新登录'; + json.message = message; + window.dispatchEvent(new CustomEvent('authExpired', { detail: { message } })); + } return json; } catch (error) { @@ -171,7 +186,7 @@ class TianShanAPI { async login(username, password) { const result = await this.call('auth.login', { username, password }, 'POST'); - if (result.code === 0 && result.data?.token) { + if ((result.success || result.code === 0 || result.code === 'OK') && result.data?.token) { this.token = result.data.token; this.username = result.data.username; this.level = result.data.level; @@ -190,20 +205,14 @@ class TianShanAPI { await this.call('auth.logout', { token: this.token }, 'POST'); } } finally { - this.token = null; - this.username = null; - this.level = null; - localStorage.removeItem('ts_token'); - localStorage.removeItem('ts_username'); - localStorage.removeItem('ts_level'); - localStorage.removeItem('ts_expires'); + this.clearAuth(); } } async checkAuthStatus() { if (!this.token) return { valid: false }; const result = await this.call('auth.status', { token: this.token }, 'POST'); - if (result.code === 0 && result.data) { + if ((result.success || result.code === 0 || result.code === 'OK') && result.data) { return result.data; } return { valid: false }; @@ -216,6 +225,19 @@ class TianShanAPI { new_password: newPassword }, 'POST'); } + + async setAdminPassword(newPassword) { + return this.call('auth.admin.set_password', { + token: this.token, + new_password: newPassword + }, 'POST'); + } + + async resetAdminPassword() { + return this.call('auth.admin.reset_password', { + token: this.token + }, 'POST'); + } isLoggedIn() { if (!this.token) { @@ -238,7 +260,7 @@ class TianShanAPI { const parsed = expires ? parseInt(expires) : NaN; const expired = expires && Date.now() >= parsed; if (expired) { - this.logout(); // 清理过期的 token + this.clearAuth(); return false; } return true; diff --git a/components/ts_webui/web/js/app.js b/components/ts_webui/web/js/app.js index 5bf7863..0aacf13 100644 --- a/components/ts_webui/web/js/app.js +++ b/components/ts_webui/web/js/app.js @@ -128,6 +128,7 @@ class SubscriptionManager { document.addEventListener('DOMContentLoaded', () => { // 初始化认证 UI updateAuthUI(); + validateStoredSession(); // 仅当 localStorage 无有效语言偏好时,才从设备 system.language 同步(不覆盖用户已有选择) (async function syncLanguageFromDevice() { @@ -194,6 +195,26 @@ document.addEventListener('DOMContentLoaded', () => { // 认证 // ========================================================================= +window.addEventListener('authExpired', () => { + updateAuthUI(); + showLoginModal(); +}); + +async function validateStoredSession() { + if (!api.isLoggedIn()) return; + + try { + const status = await api.checkAuthStatus(); + if (!status || !status.valid) { + api.clearAuth(); + updateAuthUI(); + showLoginModal(); + } + } catch (error) { + console.debug('Stored session validation failed:', error); + } +} + function updateAuthUI() { const loginBtn = document.getElementById('login-btn'); const userName = document.getElementById('user-name'); @@ -1573,9 +1594,9 @@ function showFanAutoHelpModal() { modal.innerHTML = `
-
+

${safeTitle}

- +
${paragraphs.map(text => `

${typeof escapeHtml === 'function' ? escapeHtml(text) : text}

`).join('')} @@ -11581,6 +11602,82 @@ function clearExecResult() { // 安全页面 // ========================================================================= +async function submitAdminPasswordSet() { + const newPwdEl = document.getElementById('admin-new-password'); + const confirmPwdEl = document.getElementById('admin-confirm-password'); + const errorEl = document.getElementById('admin-password-error'); + const newPwd = newPwdEl ? newPwdEl.value : ''; + const confirmPwd = confirmPwdEl ? confirmPwdEl.value : ''; + + if (!errorEl) return; + + errorEl.classList.add('hidden'); + errorEl.textContent = ''; + + if (newPwd !== confirmPwd) { + errorEl.textContent = typeof t === 'function' ? t('securityPage.adminPasswordMismatch') : '两次输入的 admin 新密码不一致'; + errorEl.classList.remove('hidden'); + return; + } + + if (newPwd.length < 4 || newPwd.length > 64) { + errorEl.textContent = typeof t === 'function' ? t('securityPage.adminPasswordLength') : 'admin 密码长度必须为 4-64 个字符'; + errorEl.classList.remove('hidden'); + return; + } + + try { + const result = await api.setAdminPassword(newPwd); + if (result.success || result.code === 0 || result.code === 'OK') { + if (newPwdEl) newPwdEl.value = ''; + if (confirmPwdEl) confirmPwdEl.value = ''; + showToast(typeof t === 'function' ? t('securityPage.adminPasswordSetSuccess') : 'admin 密码已更新', 'success'); + } else { + errorEl.textContent = result.message || result.error || (typeof t === 'function' ? t('toast.saveFailed') : '保存失败'); + errorEl.classList.remove('hidden'); + } + } catch (error) { + errorEl.textContent = error.message || (typeof t === 'function' ? t('login.networkError') : '网络错误'); + errorEl.classList.remove('hidden'); + } +} + +async function resetAdminPasswordToDefault() { + const msg = typeof t === 'function' + ? t('securityPage.confirmResetAdminPassword') + : '确定要重置 admin 密码吗?\n\n此操作会将 admin 密码恢复为默认密码 rm01,并清除登录锁定状态。'; + + if (!confirm(msg)) return; + + try { + const result = await api.resetAdminPassword(); + if (result.success || result.code === 0 || result.code === 'OK') { + showToast(typeof t === 'function' ? t('securityPage.adminPasswordResetSuccess') : 'admin 密码已重置为默认密码 rm01', 'success'); + } else { + showToast(result.message || result.error || (typeof t === 'function' ? t('toast.saveFailed') : '操作失败'), 'error'); + } + } catch (error) { + showToast(error.message || (typeof t === 'function' ? t('login.networkError') : '网络错误'), 'error'); + } +} + +function toggleAdminPasswordVisibility(inputId, button) { + const input = document.getElementById(inputId); + if (!input || !button) return; + + const showPassword = input.type === 'password'; + input.type = showPassword ? 'text' : 'password'; + + const label = showPassword + ? (typeof t === 'function' ? t('securityPage.hidePassword') : '隐藏密码') + : (typeof t === 'function' ? t('securityPage.showPassword') : '显示密码'); + const icon = button.querySelector('i'); + if (icon) icon.className = 'ri-eye-line'; + button.classList.toggle('active', showPassword); + button.title = label; + button.setAttribute('aria-label', label); +} + async function loadSecurityPage() { clearInterval(refreshInterval); @@ -11590,8 +11687,48 @@ async function loadSecurityPage() { } const content = document.getElementById('page-content'); + const showPasswordLabel = typeof t === 'function' ? t('securityPage.showPassword') : '显示密码'; + const accountSecuritySection = api.isRoot() ? ` + + ` : ''; content.innerHTML = `
+ ${accountSecuritySection}

${t('security.keyManagement')}

diff --git a/components/ts_webui/web/js/lang/en-US.js b/components/ts_webui/web/js/lang/en-US.js index 908c3e0..b17cd63 100644 --- a/components/ts_webui/web/js/lang/en-US.js +++ b/components/ts_webui/web/js/lang/en-US.js @@ -990,6 +990,7 @@ if (typeof i18n !== 'undefined') i18n.registerLanguage('en-US', { loginFailed: 'Login Failed', welcomeName: 'Welcome, {name}!', networkError: 'Network error', + sessionExpired: 'Session expired. Please log in again.', passwordChanged: 'Password changed successfully!', invalidCredentials: 'Invalid username or password', firstTimeSetup: 'First time setup, please set a password', @@ -1992,6 +1993,24 @@ if (typeof i18n !== 'undefined') i18n.registerLanguage('en-US', { keyNotGenerated: 'Key not generated', generateHttpsKey: 'Generate HTTPS Key Pair', generateKey: 'Generate Key', + // Account security + accountSecurity: 'Account Security', + adminPasswordManagementDesc: 'Root can restore admin account access here. Setting a new password will not affect the current root session.', + newAdminPassword: 'New admin password', + newAdminPasswordPlaceholder: 'Enter new admin password', + confirmAdminPassword: 'Confirm new password', + confirmAdminPasswordPlaceholder: 'Enter the new password again', + showPassword: 'Show password', + hidePassword: 'Hide password', + setAdminPassword: 'Set admin password', + dangerZone: 'Danger Zone', + resetAdminPasswordDesc: 'Reset admin to the default password rm01 and clear login lockout state.', + resetAdminPassword: 'Reset admin to default', + adminPasswordMismatch: 'The two admin passwords do not match', + adminPasswordLength: 'Admin password must be 4-64 characters', + adminPasswordSetSuccess: 'Admin password updated', + adminPasswordResetSuccess: 'Admin password reset to default rm01', + confirmResetAdminPassword: 'Reset admin password?\n\nThis will restore admin to the default password rm01 and clear login lockout state.', // Certificate details subjectCN: 'Subject CN', issuer: 'Issuer', diff --git a/components/ts_webui/web/js/lang/zh-CN.js b/components/ts_webui/web/js/lang/zh-CN.js index ac87c54..d933d23 100644 --- a/components/ts_webui/web/js/lang/zh-CN.js +++ b/components/ts_webui/web/js/lang/zh-CN.js @@ -971,6 +971,7 @@ if (typeof i18n !== 'undefined') i18n.registerLanguage('zh-CN', { loginFailed: '登录失败', welcomeName: '欢迎, {name}!', networkError: '网络错误', + sessionExpired: '登录已过期,请重新登录', passwordChanged: '密码修改成功!', invalidCredentials: '用户名或密码错误', firstTimeSetup: '首次使用,请设置密码', @@ -1975,6 +1976,24 @@ if (typeof i18n !== 'undefined') i18n.registerLanguage('zh-CN', { keyNotGenerated: '未生成密钥', generateHttpsKey: '生成 HTTPS 密钥对', generateKey: '生成密钥', + // 账号安全 + accountSecurity: '账号安全', + adminPasswordManagementDesc: 'root 可在此恢复 admin 账号访问。设置新密码不会影响 root 当前会话。', + newAdminPassword: 'admin 新密码', + newAdminPasswordPlaceholder: '输入 admin 新密码', + confirmAdminPassword: '确认新密码', + confirmAdminPasswordPlaceholder: '再次输入新密码', + showPassword: '显示密码', + hidePassword: '隐藏密码', + setAdminPassword: '设置 admin 新密码', + dangerZone: '危险操作', + resetAdminPasswordDesc: '将 admin 密码恢复为默认密码 rm01,并清除登录锁定状态。', + resetAdminPassword: '重置 admin 为默认密码', + adminPasswordMismatch: '两次输入的 admin 新密码不一致', + adminPasswordLength: 'admin 密码长度必须为 4-64 个字符', + adminPasswordSetSuccess: 'admin 密码已更新', + adminPasswordResetSuccess: 'admin 密码已重置为默认密码 rm01', + confirmResetAdminPassword: '确定要重置 admin 密码吗?\n\n此操作会将 admin 密码恢复为默认密码 rm01,并清除登录锁定状态。', // 证书详情 subjectCN: '主体 CN', issuer: '签发者', diff --git a/docs/API_REFERENCE.md b/docs/API_REFERENCE.md index 75971a6..5010a1c 100644 --- a/docs/API_REFERENCE.md +++ b/docs/API_REFERENCE.md @@ -13,7 +13,7 @@ Content-Type: application/json { "username": "admin", - "password": "tianshan" + "password": "rm01" } Response: @@ -23,6 +23,47 @@ Response: } ``` +### Root 设置 admin 新密码 +``` +POST /api/v1/auth/admin/set_password +Content-Type: application/json + +{ + "token": "", + "new_password": "new-password" +} + +Response: +{ + "code": 0, + "data": { + "success": true, + "username": "admin", + "password_changed": true + } +} +``` + +### Root 重置 admin 为默认密码 +``` +POST /api/v1/auth/admin/reset_password +Content-Type: application/json + +{ + "token": "" +} + +Response: +{ + "code": 0, + "data": { + "success": true, + "username": "admin", + "password_changed": false + } +} +``` + ### 登出 ``` POST /api/v1/auth/logout diff --git a/docs/QUICK_START.md b/docs/QUICK_START.md index d7d81d2..f937cd6 100644 --- a/docs/QUICK_START.md +++ b/docs/QUICK_START.md @@ -86,7 +86,7 @@ log - 设置日志级别 2. 打开浏览器访问设备 IP 地址 3. 默认登录凭据: - 用户名: `admin` - - 密码: `tianshan` + - 密码: `rm01` ### WebUI 页面导航 @@ -147,7 +147,7 @@ curl http:///api/v1/system/info # 登录获取 Token curl -X POST http:///api/v1/auth/login \ -H "Content-Type: application/json" \ - -d '{"username":"admin","password":"tianshan"}' + -d '{"username":"admin","password":"rm01"}' # 使用 Token 调用 API curl http:///api/v1/config/list \ diff --git a/version.txt b/version.txt index f905682..cb498ab 100644 --- a/version.txt +++ b/version.txt @@ -1 +1 @@ -0.4.7 +0.4.8