feat(web): refine auth and usage flows

Add non-consuming verification-code checks, broaden account search, and polish themed dashboard and usage views for better usability.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

Author: DouDOU-start

backend/internal/infra/mailer/verifycode.go

@@ -43,23 +43,33 @@ func (s *VerifyCodeStore) Generate(email string) string {
 	return code
 }
 
-// Verify 校验验证码，成功后自动删除。
-func (s *VerifyCodeStore) Verify(email, code string) bool {
-	s.mu.Lock()
-	defer s.mu.Unlock()
-
+// Check 校验验证码，但不消耗验证码。
+func (s *VerifyCodeStore) Check(email, code string) bool {
+	s.mu.RLock()
 	entry, ok := s.codes[email]
+	s.mu.RUnlock()
 	if !ok {
 		return false
 	}
 	if time.Now().After(entry.expiresAt) {
-		delete(s.codes, email)
+		s.mu.Lock()
+		if current, exists := s.codes[email]; exists && current.expiresAt.Equal(entry.expiresAt) {
+			delete(s.codes, email)
+		}
+		s.mu.Unlock()
 		return false
 	}
-	if entry.code != code {
+	return entry.code == code
+}
+
+// Verify 校验验证码，成功后自动删除。
+func (s *VerifyCodeStore) Verify(email, code string) bool {
+	if !s.Check(email, code) {
 		return false
 	}
+	s.mu.Lock()
 	delete(s.codes, email)
+	s.mu.Unlock()
 	return true
 }
 

backend/internal/infra/store/account_store.go

@@ -4,6 +4,9 @@ import (
 	"context"
 	"time"
 
+	"entgo.io/ent/dialect/sql"
+	"entgo.io/ent/dialect/sql/sqljson"
+
 	"github.com/DouDOU-start/airgate-core/ent"
 	entaccount "github.com/DouDOU-start/airgate-core/ent/account"
 	entgroup "github.com/DouDOU-start/airgate-core/ent/group"
@@ -23,12 +26,24 @@ func NewAccountStore(db *ent.Client) *AccountStore {
 	return &AccountStore{db: db}
 }
 
+func accountKeywordMatches(keyword string) predicate.Account {
+	return entaccount.Or(
+		entaccount.NameContains(keyword),
+		entaccount.And(
+			entaccount.TypeEQ("oauth"),
+			func(s *sql.Selector) {
+				s.Where(sqljson.StringContains(entaccount.FieldCredentials, keyword, sqljson.Path("email")))
+			},
+		),
+	)
+}
+
 // List 查询账号列表。
 func (s *AccountStore) List(ctx context.Context, filter appaccount.ListFilter) ([]appaccount.Account, int64, error) {
 	query := s.db.Account.Query()
 
 	if filter.Keyword != "" {
-		query = query.Where(entaccount.NameContains(filter.Keyword))
+		query = query.Where(accountKeywordMatches(filter.Keyword))
 	}
 	if filter.Platform != "" {
 		query = query.Where(entaccount.PlatformEQ(filter.Platform))
@@ -72,7 +87,7 @@ func (s *AccountStore) ListAll(ctx context.Context, filter appaccount.ListFilter
 	query := s.db.Account.Query()
 
 	if filter.Keyword != "" {
-		query = query.Where(entaccount.NameContains(filter.Keyword))
+		query = query.Where(accountKeywordMatches(filter.Keyword))
 	}
 	if filter.Platform != "" {
 		query = query.Where(entaccount.PlatformEQ(filter.Platform))

backend/internal/infra/store/account_store_test.go

@@ -0,0 +1,57 @@
+package store
+
+import (
+	"context"
+	"testing"
+
+	_ "github.com/mattn/go-sqlite3"
+
+	"github.com/DouDOU-start/airgate-core/ent"
+	"github.com/DouDOU-start/airgate-core/ent/enttest"
+	"github.com/DouDOU-start/airgate-core/ent/migrate"
+	"github.com/DouDOU-start/airgate-core/internal/app/account"
+)
+
+func TestAccountStoreKeywordSearchMatchesOAuthEmail(t *testing.T) {
+	db := enttestOpen(t)
+	defer func() {
+		if err := db.Close(); err != nil {
+			t.Fatalf("close db: %v", err)
+		}
+	}()
+
+	ctx := context.Background()
+	if _, err := db.Account.Create().
+		SetName("Claude Key").
+		SetPlatform("openai").
+		SetType("oauth").
+		SetCredentials(map[string]string{"email": "claude@example.com", "access_token": "token"}).
+		Save(ctx); err != nil {
+		t.Fatalf("create oauth account: %v", err)
+	}
+	if _, err := db.Account.Create().
+		SetName("Other Key").
+		SetPlatform("openai").
+		SetType("apikey").
+		SetCredentials(map[string]string{"api_key": "sk-test"}).
+		Save(ctx); err != nil {
+		t.Fatalf("create api key account: %v", err)
+	}
+
+	store := NewAccountStore(db)
+	items, total, err := store.List(ctx, account.ListFilter{Page: 1, PageSize: 20, Keyword: "claude@"})
+	if err != nil {
+		t.Fatalf("List returned error: %v", err)
+	}
+	if total != 1 {
+		t.Fatalf("total = %d, want 1", total)
+	}
+	if len(items) != 1 || items[0].Name != "Claude Key" {
+		t.Fatalf("items = %+v", items)
+	}
+}
+
+func enttestOpen(t *testing.T) *ent.Client {
+	t.Helper()
+	return enttest.Open(t, "sqlite3", "file:account_store?mode=memory&cache=shared&_fk=1", enttest.WithMigrateOptions(migrate.WithGlobalUniqueID(false)))
+}

backend/internal/server/dto/auth.go

@@ -32,6 +32,11 @@ type SendVerifyCodeReq struct {
 	Email string `json:"email" binding:"required,email"`
 }
 
+type VerifyCodeReq struct {
+	Email string `json:"email" binding:"required,email"`
+	Code  string `json:"code" binding:"required"`
+}
+
 // RefreshResp Token 刷新响应
 type RefreshResp struct {
 	Token string `json:"token"`

backend/internal/server/dto/usage.go

@@ -85,6 +85,7 @@ type UsageQuery struct {
 
 // UsageFilterQuery 使用记录筛选参数（不含分页，用于聚合统计）
 type UsageFilterQuery struct {
+	APIKeyID  *int64 `form:"api_key_id"`
 	Platform  string `form:"platform"`
 	Model     string `form:"model"`
 	StartDate string `form:"start_date"`

backend/internal/server/handler/auth_handler_routes.go

@@ -174,6 +174,19 @@ func (h *AuthHandler) Register(c *gin.Context) {
 }
 
 // SendVerifyCode 发送邮箱验证码。
+func (h *AuthHandler) VerifyCode(c *gin.Context) {
+	var req dto.VerifyCodeReq
+	if err := c.ShouldBindJSON(&req); err != nil {
+		response.BindError(c, err)
+		return
+	}
+	if !h.codeStore.Check(req.Email, req.Code) {
+		response.BadRequest(c, "验证码无效或已过期")
+		return
+	}
+	response.Success(c, nil)
+}
+
 func (h *AuthHandler) SendVerifyCode(c *gin.Context) {
 	var req dto.SendVerifyCodeReq
 	if err := c.ShouldBindJSON(&req); err != nil {

backend/internal/server/handler/usage_handler_routes.go

@@ -81,17 +81,16 @@ func (h *UsageHandler) UserUsageStats(c *gin.Context) {
 		return
 	}
 
-	// API Key 登录场景：限定统计范围
-	var scopedKey *int64
+	apiKeyFilter := query.APIKeyID
 	scoped := false
 	if sk := scopedAPIKeyID(c); sk > 0 {
-		scopedKey = &sk
+		apiKeyFilter = &sk
 		scoped = true
 	}
 
 	tz := c.Query("tz")
 	summary, err := h.service.UserStats(c.Request.Context(), int64(userID), appusage.StatsFilter{
-		APIKeyID:    scopedKey,
+		APIKeyID:    apiKeyFilter,
 		Platform:    query.Platform,
 		Model:       query.Model,
 		StartDate:   query.StartDate,
@@ -109,7 +108,7 @@ func (h *UsageHandler) UserUsageStats(c *gin.Context) {
 	uid64 := int64(userID)
 	modelStats, _ := h.service.StatsByModel(c.Request.Context(), appusage.StatsFilter{
 		UserID:      &uid64,
-		APIKeyID:    scopedKey,
+		APIKeyID:    apiKeyFilter,
 		Platform:    query.Platform,
 		Model:       query.Model,
 		StartDate:   query.StartDate,

backend/internal/server/router.go

@@ -53,6 +53,7 @@ func (s *Server) registerRoutes() {
 		authGroup.POST("/login-apikey", handlers.Auth.LoginByAPIKey)
 		authGroup.POST("/register", handlers.Auth.Register)
 		authGroup.POST("/send-verify-code", handlers.Auth.SendVerifyCode)
+		authGroup.POST("/verify-code", handlers.Auth.VerifyCode)
 	}
 
 	// === 用户路由（需要 JWT 认证） ===

web/src/app/layout/AppShell.tsx

@@ -342,7 +342,7 @@ export function AppShell({ children }: AppShellProps) {
       <div className="space-y-1 border-t border-border p-3">
         {!sidebarCollapsed && (
           <Button
-            className="w-full justify-start"
+            className="w-full justify-center"
             size="sm"
             variant="ghost"
             onPress={() => { window.location.href = effectiveDocUrl(site.doc_url).href; }}

web/src/app/layout/ChatShell.tsx

@@ -34,6 +34,15 @@ export function ChatShell({ children }: ChatShellProps) {
     document.title = site.site_name || 'AirGate';
   }, [site.site_name]);
 
+  useEffect(() => {
+    const previousOverflow = document.body.style.overflow;
+    document.body.style.overflow = 'hidden';
+    window.scrollTo(0, 0);
+    return () => {
+      document.body.style.overflow = previousOverflow;
+    };
+  }, []);
+
   const toggleLanguage = () => {
     const nextLang = i18n.language === 'zh' ? 'en' : 'zh';
     i18n.changeLanguage(nextLang);