feat: 新增新用户引导页

Author: Mecozea

app/client-layout.tsx

@@ -11,7 +11,8 @@ import { Footer } from "@/components/layout/footer";
 export function ClientLayout({ children }: { children: React.ReactNode }) {
   const pathname = usePathname();
   const isSimpleLayout = pathname === '/login' || pathname === '/login/' || 
-                        pathname === '/oauth-error' || pathname === '/oauth-error/';
+                        pathname === '/oauth-error' || pathname === '/oauth-error/' ||
+                        pathname === '/setup-guide' || pathname === '/setup-guide/';
 
   return (
     <AuthProvider>

app/components/route-guard.tsx

@@ -15,7 +15,7 @@ interface RouteGuardProps {
 // 公开路由列表（不需要身份验证）
 // 由于 next.config.js 中设置了 `trailingSlash: true`，导出后路径可能变成 `/login/`
 // 为兼容两种情况，统一在比较前去除末尾斜杠，再进行匹配
-const RAW_PUBLIC_ROUTES = ['/login', '/oauth-error'];
+const RAW_PUBLIC_ROUTES = ['/login', '/oauth-error', '/setup-guide'];
 
 /**
  * 规范化路径，去除末尾斜杠（根路径 `/` 除外）
@@ -44,10 +44,12 @@ export function RouteGuard({ children }: RouteGuardProps) {
       const isPublicRoute = PUBLIC_ROUTES.includes(normalizePath(pathname));
 
       console.log('🛡️ RouteGuard 路由检查', {
+        pathname,
         isPublicRoute,
         hasUser: !!user,
+        isSetupGuide: pathname === '/setup-guide',
         action: !user && !isPublicRoute ? '重定向到登录页' :
-               user && isPublicRoute ? '重定向到仪表盘' : '无需重定向'
+               user && isPublicRoute && pathname !== '/setup-guide' ? '重定向到仪表盘' : '无需重定向'
       });
 
       // 添加小延迟，避免与其他导航操作冲突
@@ -56,8 +58,9 @@ export function RouteGuard({ children }: RouteGuardProps) {
           // 用户未登录且访问私有路由，重定向到登录页
           console.log('🔒 执行重定向：用户未登录，前往登录页');
           router.replace('/login');
-        } else if (user && isPublicRoute) {
+        } else if (user && isPublicRoute && pathname !== '/setup-guide') {
           // 用户已登录但访问公开路由（如登录页），重定向到仪表盘
+          // 但是允许已登录用户访问引导页面
           console.log('👤 执行重定向：用户已登录，前往仪表盘');
           router.replace('/dashboard');
         }
@@ -83,7 +86,7 @@ export function RouteGuard({ children }: RouteGuardProps) {
 
   // 检查是否应该显示内容
   const isPublicRoute = PUBLIC_ROUTES.includes(normalizePath(pathname));
-  const shouldShowContent = (user && !isPublicRoute) || (!user && isPublicRoute);
+  const shouldShowContent = (user && !isPublicRoute) || (!user && isPublicRoute) || (user && pathname === '/setup-guide');
 
   if (!shouldShowContent) {
     // 正在重定向中，显示加载状态

app/login/page.tsx

@@ -114,8 +114,22 @@ export default function LoginPage() {
           localStorage.setItem('nodepass.user', JSON.stringify(loginUser));
         }
 
-        console.log('🚀 重定向到仪表盘');
-        router.push('/dashboard');
+        // 检查是否是默认账号密码，如果是则跳转到引导页面
+        console.log('🔍 检查默认凭据状态', { 
+          isDefaultCredentials: result.isDefaultCredentials,
+          type: typeof result.isDefaultCredentials 
+        });
+        
+        if (result.isDefaultCredentials === true) {
+          console.log('🔧 检测到默认凭据，重定向到安全设置引导页');
+          console.log('🔍 开始跳转到 /setup-guide');
+          
+          // 直接使用 window.location 进行跳转，避免与路由守卫冲突
+          window.location.href = '/setup-guide';
+        } else {
+          console.log('🚀 重定向到仪表盘');
+          router.push('/dashboard');
+        }
       } else {
         console.error('❌ 登录失败', result);
         setError(result.error || '登录失败');

go.mod

@@ -8,20 +8,31 @@ require (
 	github.com/google/uuid v1.6.0
 	github.com/gorilla/mux v1.8.1
 	github.com/mattn/go-ieproxy v0.0.12
-	github.com/mattn/go-sqlite3 v1.14.22
 	github.com/r3labs/sse/v2 v2.10.0
 	github.com/sirupsen/logrus v1.9.3
 	golang.org/x/crypto v0.38.0
 	gorm.io/driver/sqlite v1.5.4
 	gorm.io/gorm v1.25.5
+	modernc.org/sqlite v1.33.1
 )
 
 require (
+	github.com/dustin/go-humanize v1.0.1 // indirect
+	github.com/hashicorp/golang-lru/v2 v2.0.7 // indirect
 	github.com/jinzhu/inflection v1.0.0 // indirect
 	github.com/jinzhu/now v1.1.5 // indirect
-	github.com/shirou/gopsutil/v3 v3.20.10 // indirect
+	github.com/mattn/go-isatty v0.0.20 // indirect
+	github.com/mattn/go-sqlite3 v1.14.17 // indirect
+	github.com/ncruces/go-strftime v0.1.9 // indirect
+	github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect
 	golang.org/x/net v0.40.0 // indirect
 	golang.org/x/sys v0.33.0 // indirect
 	golang.org/x/text v0.25.0 // indirect
 	gopkg.in/cenkalti/backoff.v1 v1.1.0 // indirect
+	modernc.org/gc/v3 v3.0.0-20240107210532-573471604cb6 // indirect
+	modernc.org/libc v1.55.3 // indirect
+	modernc.org/mathutil v1.6.0 // indirect
+	modernc.org/memory v1.8.0 // indirect
+	modernc.org/strutil v1.2.0 // indirect
+	modernc.org/token v1.1.0 // indirect
 )

internal/api/auth.go

@@ -102,11 +102,19 @@ func (h *AuthHandler) HandleLogin(w http.ResponseWriter, r *http.Request) {
 		SameSite: http.SameSiteLaxMode,
 	})
 
+	// 检查是否是默认账号密码
+	isDefaultCredentials := h.authService.IsDefaultCredentials()
+
+	// 调试日志
+	fmt.Printf("🔍 登录成功，检查默认凭据状态: %v\n", isDefaultCredentials)
+
 	// 返回成功响应
-	json.NewEncoder(w).Encode(auth.LoginResponse{
-		Success: true,
-		Message: "登录成功",
-	})
+	response := map[string]interface{}{
+		"success":              true,
+		"message":              "登录成功",
+		"isDefaultCredentials": isDefaultCredentials,
+	}
+	json.NewEncoder(w).Encode(response)
 }
 
 // HandleLogout 处理登出请求
@@ -237,6 +245,13 @@ type UsernameChangeRequest struct {
 	NewUsername string `json:"newUsername"`
 }
 
+// SecurityUpdateRequest 安全设置更新请求体（用户名+密码）
+type SecurityUpdateRequest struct {
+	CurrentPassword string `json:"currentPassword"`
+	NewUsername     string `json:"newUsername"`
+	NewPassword     string `json:"newPassword"`
+}
+
 // HandleChangePassword 修改密码
 func (h *AuthHandler) HandleChangePassword(w http.ResponseWriter, r *http.Request) {
 	if r.Method != http.MethodPost {
@@ -338,6 +353,57 @@ func (h *AuthHandler) HandleChangeUsername(w http.ResponseWriter, r *http.Reques
 	json.NewEncoder(w).Encode(map[string]interface{}{"success": true, "message": msg})
 }
 
+// HandleUpdateSecurity 同时修改用户名和密码
+func (h *AuthHandler) HandleUpdateSecurity(w http.ResponseWriter, r *http.Request) {
+	if r.Method != http.MethodPost {
+		http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)
+		return
+	}
+
+	// 获取 session cookie
+	cookie, err := r.Cookie("session")
+	if err != nil {
+		w.WriteHeader(http.StatusUnauthorized)
+		json.NewEncoder(w).Encode(map[string]interface{}{"success": false, "message": "未登录"})
+		return
+	}
+
+	if !h.authService.ValidateSession(cookie.Value) {
+		w.WriteHeader(http.StatusUnauthorized)
+		json.NewEncoder(w).Encode(map[string]interface{}{"success": false, "message": "会话无效"})
+		return
+	}
+
+	sess, ok := h.authService.GetSession(cookie.Value)
+	if !ok {
+		w.WriteHeader(http.StatusUnauthorized)
+		json.NewEncoder(w).Encode(map[string]interface{}{"success": false, "message": "会话无效"})
+		return
+	}
+
+	var req SecurityUpdateRequest
+	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+		w.WriteHeader(http.StatusBadRequest)
+		json.NewEncoder(w).Encode(map[string]interface{}{"success": false, "message": "无效请求体"})
+		return
+	}
+
+	if req.CurrentPassword == "" || req.NewUsername == "" || req.NewPassword == "" {
+		w.WriteHeader(http.StatusBadRequest)
+		json.NewEncoder(w).Encode(map[string]interface{}{"success": false, "message": "缺少必填字段"})
+		return
+	}
+
+	ok2, msg := h.authService.UpdateSecurity(sess.Username, req.CurrentPassword, req.NewUsername, req.NewPassword)
+	if !ok2 {
+		w.WriteHeader(http.StatusBadRequest)
+		json.NewEncoder(w).Encode(map[string]interface{}{"success": false, "message": msg})
+		return
+	}
+
+	json.NewEncoder(w).Encode(map[string]interface{}{"success": true, "message": msg})
+}
+
 // HandleOAuth2Callback 处理第三方 OAuth2 回调
 //
 // 目前仅作为占位实现，记录回调信息并返回成功响应。

internal/api/routes.go

@@ -106,6 +106,7 @@ func (r *Router) registerRoutes() {
 	r.router.HandleFunc("/api/auth/init", r.authHandler.HandleInitSystem).Methods("POST")
 	r.router.HandleFunc("/api/auth/change-password", r.authHandler.HandleChangePassword).Methods("POST")
 	r.router.HandleFunc("/api/auth/change-username", r.authHandler.HandleChangeUsername).Methods("POST")
+	r.router.HandleFunc("/api/auth/update-security", r.authHandler.HandleUpdateSecurity).Methods("POST")
 	r.router.HandleFunc("/api/auth/oauth2", r.authHandler.HandleOAuth2Provider).Methods("GET")
 
 	// OAuth2 回调

internal/auth/models.go

@@ -36,3 +36,9 @@ const (
 	ConfigKeyAdminUsername = "admin_username"
 	ConfigKeyAdminPassword = "admin_password_hash"
 )
+
+// 默认账号密码常量
+const (
+	DefaultAdminUsername = "nodepass"
+	DefaultAdminPassword = "Np123456"
+)

internal/auth/service.go

@@ -127,6 +127,25 @@ func (s *Service) IsSystemInitialized() bool {
 	return value == "true"
 }
 
+// IsDefaultCredentials 检查当前账号密码是否是默认的
+func (s *Service) IsDefaultCredentials() bool {
+	storedUsername, _ := s.GetSystemConfig(ConfigKeyAdminUsername)
+	storedPasswordHash, _ := s.GetSystemConfig(ConfigKeyAdminPassword)
+
+	fmt.Printf("🔍 检查默认凭据: username=%s (expected=%s), hasHash=%v\n",
+		storedUsername, DefaultAdminUsername, storedPasswordHash != "")
+
+	if storedUsername != DefaultAdminUsername {
+		fmt.Printf("🔍 用户名不匹配，非默认凭据\n")
+		return false
+	}
+
+	// 验证密码是否是默认密码
+	isDefaultPassword := s.VerifyPassword(DefaultAdminPassword, storedPasswordHash)
+	fmt.Printf("🔍 密码验证结果: %v\n", isDefaultPassword)
+	return isDefaultPassword
+}
+
 // AuthenticateUser 用户登录验证
 func (s *Service) AuthenticateUser(username, password string) bool {
 	storedUsername, _ := s.GetSystemConfig(ConfigKeyAdminUsername)
@@ -277,8 +296,8 @@ func (s *Service) InitializeSystem() (string, string, error) {
 		return "", "", errors.New("系统已初始化")
 	}
 
-	username := "nodepass"
-	password := generateRandomPassword(12)
+	username := DefaultAdminUsername
+	password := DefaultAdminPassword
 
 	passwordHash, err := s.HashPassword(password)
 	if err != nil {
@@ -366,6 +385,11 @@ func (s *Service) ChangePassword(username, currentPassword, newPassword string)
 		return false, "当前密码不正确"
 	}
 
+	// 验证新密码不能与默认密码相同
+	if newPassword == DefaultAdminPassword {
+		return false, "新密码不能与默认密码相同，请设置一个安全的密码"
+	}
+
 	// 加密新密码
 	hash, err := s.HashPassword(newPassword)
 	if err != nil {
@@ -389,6 +413,8 @@ func (s *Service) ChangeUsername(currentUsername, newUsername string) (bool, str
 		return false, "当前用户名不正确"
 	}
 
+	// 允许设置任何用户名，包括默认用户名
+
 	// 更新系统配置中的用户名
 	if err := s.SetSystemConfig(ConfigKeyAdminUsername, newUsername); err != nil {
 		return false, "更新用户名失败"
@@ -412,6 +438,56 @@ func (s *Service) ChangeUsername(currentUsername, newUsername string) (bool, str
 	return true, "用户名修改成功"
 }
 
+// UpdateSecurity 同时修改用户名和密码
+func (s *Service) UpdateSecurity(currentUsername, currentPassword, newUsername, newPassword string) (bool, string) {
+	// 验证当前用户身份
+	if !s.AuthenticateUser(currentUsername, currentPassword) {
+		return false, "当前密码不正确"
+	}
+
+	// 验证新密码不能与默认密码相同
+	if newPassword == DefaultAdminPassword {
+		return false, "新密码不能与默认密码相同，请设置一个安全的密码"
+	}
+
+	// 允许设置任何用户名，包括默认用户名
+
+	// 加密新密码
+	hash, err := s.HashPassword(newPassword)
+	if err != nil {
+		return false, "密码加密失败"
+	}
+
+	// 更新用户名
+	if err := s.SetSystemConfig(ConfigKeyAdminUsername, newUsername); err != nil {
+		return false, "更新用户名失败"
+	}
+
+	// 更新密码
+	if err := s.SetSystemConfig(ConfigKeyAdminPassword, hash); err != nil {
+		// 如果密码更新失败，回滚用户名
+		s.SetSystemConfig(ConfigKeyAdminUsername, currentUsername)
+		return false, "更新密码失败"
+	}
+
+	// 更新数据库中的会话记录
+	s.db.Model(&models.UserSession{}).Where("username = ?", currentUsername).Update("username", newUsername)
+
+	// 更新缓存中的会话
+	sessionCache.Range(func(key, value interface{}) bool {
+		sess := value.(Session)
+		if sess.Username == currentUsername {
+			sess.Username = newUsername
+			sessionCache.Store(key, sess)
+		}
+		return true
+	})
+
+	// 使所有现有 Session 失效
+	s.invalidateAllSessions()
+	return true, "账号信息修改成功"
+}
+
 // ResetAdminPassword 重置管理员密码并返回新密码
 func (s *Service) ResetAdminPassword() (string, string, error) {
 	// 确认系统已初始化

internal/db/db.go

@@ -12,6 +12,7 @@ import (
 	"gorm.io/driver/sqlite"
 	"gorm.io/gorm"
 	"gorm.io/gorm/logger"
+	_ "modernc.org/sqlite"
 )
 
 var (