chore: 不优化首页头像

.gitea/workflows/deploy.yml

@@ -0,0 +1,80 @@
+# .gitea/workflows/deploy.yml
+name: Deploy to K3s
+
+on:
+  push:
+    branches:
+      - master
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+
+    container:
+      image: localhost:5000/tiny-ci-runner:latest
+
+    env:
+      IMAGE_TAG: ${{ github.sha }}
+      KUBECONFIG: /tmp/.kube/config
+      NODE_ENV: production
+
+    steps:
+      - name: Write kubeconfig
+        run: |
+          mkdir -p /tmp/.kube
+          cat << 'EOF' > /tmp/.kube/config
+          ${{ secrets.KUBECONFIG_DATA }}
+          EOF
+          chmod 600 /tmp/.kube/config
+
+      - name: Verify Kubernetes access
+        run: |
+          kubectl cluster-info
+          kubectl get nodes
+
+      - name: Checkout code
+        run: |
+          git clone --depth=1 --branch master \
+            https://git.tonesc.cn/tone/tonePage.git \
+            /workspace/tone/tonePage
+          cd /workspace/tone/tonePage
+          git log -1 --oneline
+
+      - name: Build and push backend image
+        run: |
+          cd /workspace/tone/tonePage/apps/backend
+          docker build -t localhost:5000/backend:${IMAGE_TAG} .
+          docker push localhost:5000/backend:${IMAGE_TAG}
+
+      - name: Build and push frontend image
+        run: |
+          cd /workspace/tone/tonePage/apps/frontend
+          docker build \
+            --build-arg API_BASE="http://backend-service:3001" \
+            -t localhost:5000/frontend:${IMAGE_TAG} .
+          docker push localhost:5000/frontend:${IMAGE_TAG}
+
+      - name: Deploy to K3s
+        run: |
+          cd /workspace/tone/tonePage/apps/deploy
+
+          # 基础资源
+          kubectl apply -f postgres-deployment.yaml
+          kubectl apply -f backend-deployment.yaml
+          kubectl apply -f frontend-deployment.yaml
+
+          # 更新镜像（触发滚动更新）
+          kubectl set image deployment/backend \
+            backend=localhost:5000/backend:${IMAGE_TAG}
+
+          kubectl set image deployment/frontend \
+            frontend=localhost:5000/frontend:${IMAGE_TAG}
+
+          # 等待滚动完成
+          kubectl rollout status deployment/backend --timeout=120s
+          kubectl rollout status deployment/frontend --timeout=120s
+
+      - name: Post-deploy sanity check
+        run: |
+          kubectl get pods
+          kubectl get svc

.gitignore

@@ -1,31 +1 @@
-# Logs
-logs
-*.log
-npm-debug.log*
-yarn-debug.log*
-yarn-error.log*
-pnpm-debug.log*
-lerna-debug.log*
-
-node_modules
 .DS_Store
-dist
-dist-ssr
-coverage
-*.local
-
-/cypress/videos/
-/cypress/screenshots/
-
-# Editor directories and files
-.vscode/*
-!.vscode/extensions.json
-.idea
-*.suo
-*.ntvs*
-*.njsproj
-*.sln
-*.sw?
-
-*.tsbuildinfo
-pnpm-lock.yaml

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 tonecn
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -0,0 +1,48 @@
+# TONE_Page 个人博客
+
+## 简介
+一款由NextJS+NustJS(+Postgres)打造的现代化个人博客平台
+
+## 功能特性
+- 资源/工具发布
+- 博客发布
+- 博客评论及回复
+- 用户系统（支持账号密码登录、邮箱验证码登录）
+
+## 安装与运行
+```bash
+git clone https://git.tonesc.cn/tone/tonePage.git
+
+# 后端
+cd tone-page-server
+touch .env # 创建并编辑环境变量，需要包含以下信息
+npm run build
+npm run start:prod
+
+# 前端
+cd tone-page-web
+npm run build
+npm run start
+```
+
+```bash
+# 后端环境变量
+DATABASE_HOST= # 数据库地址（Postgres）
+DATABASE_PORT= # 数据库端口
+DATABASE_NAME= # 数据库名称
+DATABASE_USERNAME= # 数据库用户名
+DATABASE_PASSWORD= # 数据库密码
+JWT_SECRET= # JWT密钥，任意均可
+JWT_EXPIRES_IN= # JWT过期时间，例如1d、12h
+ALIYUN_ACCESS_KEY_ID= # 阿里云RAM用户ACCESS_KEY_ID
+ALIYUN_ACCESS_KEY_SECRET= # 阿里云RAM用户ACCESS_KEY_SECRET
+ALIYUN_OSS_STS_ROLE_ARN= # 阿里云OSS_STS需要扮演的角色ARN
+NODE_ENV=production # 保留该行表示在生产环境
+```
+## 注意事项
+* 注意后端在正式进入生产环境前，需要先注释```NODE_ENV=production```以实现数据表结构初始化，完成后重启服务，并取消注释即可正式进入生产环境
+* 若需使用pm2进行服务管理，可通过```pm2 start "npm run start" --name "name"```启动
+* 前端服务开放在3002端口，后端服务开放在3001端口
+
+## 许可证
+MIT

Server/SettingConfig.json

@@ -1,8 +0,0 @@
-{
-    "mysql":{
-        "host":"server.tonesc.cn",
-        "user":"root",
-        "password":"245565",
-        "database":"tonecn"
-    }
-}

Server/nodemon.json

@@ -1,8 +0,0 @@
-{
-  "watch": ["*.ts"],
-  "execMap": {
-    "ts": "ts-node"
-  },
-  "ignore": ["*.test.ts"],
-  "ext": "ts"
-}

Server/package.json

@@ -1,25 +0,0 @@
-{
-  "name": "server",
-  "version": "1.0.0",
-  "description": "",
-  "main": "index.js",
-  "scripts": {
-    "test": "echo \"Error: no test specified\" && exit 1",
-    "start": "nodemon index.ts"
-  },
-  "keywords": [],
-  "author": "",
-  "license": "ISC",
-  "devDependencies": {
-    "@types/node": "^20.12.12",
-    "nodemon": "^3.1.0",
-    "ts-node": "^10.9.2",
-    "typescript": "^5.4.5"
-  },
-  "dependencies": {
-    "cors": "^2.8.5",
-    "express": "^4.19.2",
-    "ioredis": "^5.4.1",
-    "mysql2": "^3.9.7"
-  }
-}

Server/pnpm-lock.yaml

@@ -1,944 +0,0 @@
-lockfileVersion: '6.0'
-
-settings:
-  autoInstallPeers: true
-  excludeLinksFromLockfile: false
-
-dependencies:
-  cors:
-    specifier: ^2.8.5
-    version: 2.8.5
-  express:
-    specifier: ^4.19.2
-    version: 4.19.2
-  ioredis:
-    specifier: ^5.4.1
-    version: 5.4.1
-  mysql2:
-    specifier: ^3.9.7
-    version: 3.9.7
-
-devDependencies:
-  '@types/node':
-    specifier: ^20.12.12
-    version: 20.12.12
-  nodemon:
-    specifier: ^3.1.0
-    version: 3.1.0
-  ts-node:
-    specifier: ^10.9.2
-    version: 10.9.2(@types/node@20.12.12)(typescript@5.4.5)
-  typescript:
-    specifier: ^5.4.5
-    version: 5.4.5
-
-packages:
-
-  /@cspotcode/source-map-support@0.8.1:
-    resolution: {integrity: sha512-IchNf6dN4tHoMFIn/7OE8LWZ19Y6q/67Bmf6vnGREv8RSbBVb9LPJxEcnwrcwX6ixSvaiGoomAUvu4YSxXrVgw==}
-    engines: {node: '>=12'}
-    dependencies:
-      '@jridgewell/trace-mapping': 0.3.9
-    dev: true
-
-  /@ioredis/commands@1.2.0:
-    resolution: {integrity: sha512-Sx1pU8EM64o2BrqNpEO1CNLtKQwyhuXuqyfH7oGKCk+1a33d2r5saW8zNwm3j6BTExtjrv2BxTgzzkMwts6vGg==}
-    dev: false
-
-  /@jridgewell/resolve-uri@3.1.2:
-    resolution: {integrity: sha512-bRISgCIjP20/tbWSPWMEi54QVPRZExkuD9lJL+UIxUKtwVJA8wW1Trb1jMs1RFXo1CBTNZ/5hpC9QvmKWdopKw==}
-    engines: {node: '>=6.0.0'}
-    dev: true
-
-  /@jridgewell/sourcemap-codec@1.4.15:
-    resolution: {integrity: sha512-eF2rxCRulEKXHTRiDrDy6erMYWqNw4LPdQ8UQA4huuxaQsVeRPFl2oM8oDGxMFhJUWZf9McpLtJasDDZb/Bpeg==}
-    dev: true
-
-  /@jridgewell/trace-mapping@0.3.9:
-    resolution: {integrity: sha512-3Belt6tdc8bPgAtbcmdtNJlirVoTmEb5e2gC94PnkwEW9jI6CAHUeoG85tjWP5WquqfavoMtMwiG4P926ZKKuQ==}
-    dependencies:
-      '@jridgewell/resolve-uri': 3.1.2
-      '@jridgewell/sourcemap-codec': 1.4.15
-    dev: true
-
-  /@tsconfig/node10@1.0.11:
-    resolution: {integrity: sha512-DcRjDCujK/kCk/cUe8Xz8ZSpm8mS3mNNpta+jGCA6USEDfktlNvm1+IuZ9eTcDbNk41BHwpHHeW+N1lKCz4zOw==}
-    dev: true
-
-  /@tsconfig/node12@1.0.11:
-    resolution: {integrity: sha512-cqefuRsh12pWyGsIoBKJA9luFu3mRxCA+ORZvA4ktLSzIuCUtWVxGIuXigEwO5/ywWFMZ2QEGKWvkZG1zDMTag==}
-    dev: true
-
-  /@tsconfig/node14@1.0.3:
-    resolution: {integrity: sha512-ysT8mhdixWK6Hw3i1V2AeRqZ5WfXg1G43mqoYlM2nc6388Fq5jcXyr5mRsqViLx/GJYdoL0bfXD8nmF+Zn/Iow==}
-    dev: true
-
-  /@tsconfig/node16@1.0.4:
-    resolution: {integrity: sha512-vxhUy4J8lyeyinH7Azl1pdd43GJhZH/tP2weN8TntQblOY+A0XbT8DJk1/oCPuOOyg/Ja757rG0CgHcWC8OfMA==}
-    dev: true
-
-  /@types/node@20.12.12:
-    resolution: {integrity: sha512-eWLDGF/FOSPtAvEqeRAQ4C8LSA7M1I7i0ky1I8U7kD1J5ITyW3AsRhQrKVoWf5pFKZ2kILsEGJhsI9r93PYnOw==}
-    dependencies:
-      undici-types: 5.26.5
-    dev: true
-
-  /accepts@1.3.8:
-    resolution: {integrity: sha512-PYAthTa2m2VKxuvSD3DPC/Gy+U+sOA1LAuT8mkmRuvw+NACSaeXEQ+NHcVF7rONl6qcaxV3Uuemwawk+7+SJLw==}
-    engines: {node: '>= 0.6'}
-    dependencies:
-      mime-types: 2.1.35
-      negotiator: 0.6.3
-    dev: false
-
-  /acorn-walk@8.3.2:
-    resolution: {integrity: sha512-cjkyv4OtNCIeqhHrfS81QWXoCBPExR/J62oyEqepVw8WaQeSqpW2uhuLPh1m9eWhDuOo/jUXVTlifvesOWp/4A==}
-    engines: {node: '>=0.4.0'}
-    dev: true
-
-  /acorn@8.11.3:
-    resolution: {integrity: sha512-Y9rRfJG5jcKOE0CLisYbojUjIrIEE7AGMzA/Sm4BslANhbS+cDMpgBdcPT91oJ7OuJ9hYJBx59RjbhxVnrF8Xg==}
-    engines: {node: '>=0.4.0'}
-    hasBin: true
-    dev: true
-
-  /anymatch@3.1.3:
-    resolution: {integrity: sha512-KMReFUr0B4t+D+OBkjR3KYqvocp2XaSzO55UcB6mgQMd3KbcE+mWTyvVV7D/zsdEbNnV6acZUutkiHQXvTr1Rw==}
-    engines: {node: '>= 8'}
-    dependencies:
-      normalize-path: 3.0.0
-      picomatch: 2.3.1
-    dev: true
-
-  /arg@4.1.3:
-    resolution: {integrity: sha512-58S9QDqG0Xx27YwPSt9fJxivjYl432YCwfDMfZ+71RAqUrZef7LrKQZ3LHLOwCS4FLNBplP533Zx895SeOCHvA==}
-    dev: true
-
-  /array-flatten@1.1.1:
-    resolution: {integrity: sha512-PCVAQswWemu6UdxsDFFX/+gVeYqKAod3D3UVm91jHwynguOwAvYPhx8nNlM++NqRcK6CxxpUafjmhIdKiHibqg==}
-    dev: false
-
-  /balanced-match@1.0.2:
-    resolution: {integrity: sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==}
-    dev: true
-
-  /binary-extensions@2.3.0:
-    resolution: {integrity: sha512-Ceh+7ox5qe7LJuLHoY0feh3pHuUDHAcRUeyL2VYghZwfpkNIy/+8Ocg0a3UuSoYzavmylwuLWQOf3hl0jjMMIw==}
-    engines: {node: '>=8'}
-    dev: true
-
-  /body-parser@1.20.2:
-    resolution: {integrity: sha512-ml9pReCu3M61kGlqoTm2umSXTlRTuGTx0bfYj+uIUKKYycG5NtSbeetV3faSU6R7ajOPw0g/J1PvK4qNy7s5bA==}
-    engines: {node: '>= 0.8', npm: 1.2.8000 || >= 1.4.16}
-    dependencies:
-      bytes: 3.1.2
-      content-type: 1.0.5
-      debug: 2.6.9
-      depd: 2.0.0
-      destroy: 1.2.0
-      http-errors: 2.0.0
-      iconv-lite: 0.4.24
-      on-finished: 2.4.1
-      qs: 6.11.0
-      raw-body: 2.5.2
-      type-is: 1.6.18
-      unpipe: 1.0.0
-    transitivePeerDependencies:
-      - supports-color
-    dev: false
-
-  /brace-expansion@1.1.11:
-    resolution: {integrity: sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==}
-    dependencies:
-      balanced-match: 1.0.2
-      concat-map: 0.0.1
-    dev: true
-
-  /braces@3.0.2:
-    resolution: {integrity: sha512-b8um+L1RzM3WDSzvhm6gIz1yfTbBt6YTlcEKAvsmqCZZFw46z626lVj9j1yEPW33H5H+lBQpZMP1k8l+78Ha0A==}
-    engines: {node: '>=8'}
-    dependencies:
-      fill-range: 7.0.1
-    dev: true
-
-  /bytes@3.1.2:
-    resolution: {integrity: sha512-/Nf7TyzTx6S3yRJObOAV7956r8cr2+Oj8AC5dt8wSP3BQAoeX58NoHyCU8P8zGkNXStjTSi6fzO6F0pBdcYbEg==}
-    engines: {node: '>= 0.8'}
-    dev: false
-
-  /call-bind@1.0.7:
-    resolution: {integrity: sha512-GHTSNSYICQ7scH7sZ+M2rFopRoLh8t2bLSW6BbgrtLsahOIB5iyAVJf9GjWK3cYTDaMj4XdBpM1cA6pIS0Kv2w==}
-    engines: {node: '>= 0.4'}
-    dependencies:
-      es-define-property: 1.0.0
-      es-errors: 1.3.0
-      function-bind: 1.1.2
-      get-intrinsic: 1.2.4
-      set-function-length: 1.2.2
-    dev: false
-
-  /chokidar@3.6.0:
-    resolution: {integrity: sha512-7VT13fmjotKpGipCW9JEQAusEPE+Ei8nl6/g4FBAmIm0GOOLMua9NDDo/DWp0ZAxCr3cPq5ZpBqmPAQgDda2Pw==}
-    engines: {node: '>= 8.10.0'}
-    dependencies:
-      anymatch: 3.1.3
-      braces: 3.0.2
-      glob-parent: 5.1.2
-      is-binary-path: 2.1.0
-      is-glob: 4.0.3
-      normalize-path: 3.0.0
-      readdirp: 3.6.0
-    optionalDependencies:
-      fsevents: 2.3.3
-    dev: true
-
-  /cluster-key-slot@1.1.2:
-    resolution: {integrity: sha512-RMr0FhtfXemyinomL4hrWcYJxmX6deFdCxpJzhDttxgO1+bcCnkk+9drydLVDmAMG7NE6aN/fl4F7ucU/90gAA==}
-    engines: {node: '>=0.10.0'}
-    dev: false
-
-  /concat-map@0.0.1:
-    resolution: {integrity: sha512-/Srv4dswyQNBfohGpz9o6Yb3Gz3SrUDqBH5rTuhGR7ahtlbYKnVxw2bCFMRljaA7EXHaXZ8wsHdodFvbkhKmqg==}
-    dev: true
-
-  /content-disposition@0.5.4:
-    resolution: {integrity: sha512-FveZTNuGw04cxlAiWbzi6zTAL/lhehaWbTtgluJh4/E95DqMwTmha3KZN1aAWA8cFIhHzMZUvLevkw5Rqk+tSQ==}
-    engines: {node: '>= 0.6'}
-    dependencies:
-      safe-buffer: 5.2.1
-    dev: false
-
-  /content-type@1.0.5:
-    resolution: {integrity: sha512-nTjqfcBFEipKdXCv4YDQWCfmcLZKm81ldF0pAopTvyrFGVbcR6P/VAAd5G7N+0tTr8QqiU0tFadD6FK4NtJwOA==}
-    engines: {node: '>= 0.6'}
-    dev: false
-
-  /cookie-signature@1.0.6:
-    resolution: {integrity: sha512-QADzlaHc8icV8I7vbaJXJwod9HWYp8uCqf1xa4OfNu1T7JVxQIrUgOWtHdNDtPiywmFbiS12VjotIXLrKM3orQ==}
-    dev: false
-
-  /cookie@0.6.0:
-    resolution: {integrity: sha512-U71cyTamuh1CRNCfpGY6to28lxvNwPG4Guz/EVjgf3Jmzv0vlDp1atT9eS5dDjMYHucpHbWns6Lwf3BKz6svdw==}
-    engines: {node: '>= 0.6'}
-    dev: false
-
-  /cors@2.8.5:
-    resolution: {integrity: sha512-KIHbLJqu73RGr/hnbrO9uBeixNGuvSQjul/jdFvS/KFSIH1hWVd1ng7zOHx+YrEfInLG7q4n6GHQ9cDtxv/P6g==}
-    engines: {node: '>= 0.10'}
-    dependencies:
-      object-assign: 4.1.1
-      vary: 1.1.2
-    dev: false
-
-  /create-require@1.1.1:
-    resolution: {integrity: sha512-dcKFX3jn0MpIaXjisoRvexIJVEKzaq7z2rZKxf+MSr9TkdmHmsU4m2lcLojrj/FHl8mk5VxMmYA+ftRkP/3oKQ==}
-    dev: true
-
-  /debug@2.6.9:
-    resolution: {integrity: sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==}
-    peerDependencies:
-      supports-color: '*'
-    peerDependenciesMeta:
-      supports-color:
-        optional: true
-    dependencies:
-      ms: 2.0.0
-    dev: false
-
-  /debug@4.3.4(supports-color@5.5.0):
-    resolution: {integrity: sha512-PRWFHuSU3eDtQJPvnNY7Jcket1j0t5OuOsFzPPzsekD52Zl8qUfFIPEiswXqIvHWGVHOgX+7G/vCNNhehwxfkQ==}
-    engines: {node: '>=6.0'}
-    peerDependencies:
-      supports-color: '*'
-    peerDependenciesMeta:
-      supports-color:
-        optional: true
-    dependencies:
-      ms: 2.1.2
-      supports-color: 5.5.0
-
-  /define-data-property@1.1.4:
-    resolution: {integrity: sha512-rBMvIzlpA8v6E+SJZoo++HAYqsLrkg7MSfIinMPFhmkorw7X+dOXVJQs+QT69zGkzMyfDnIMN2Wid1+NbL3T+A==}
-    engines: {node: '>= 0.4'}
-    dependencies:
-      es-define-property: 1.0.0
-      es-errors: 1.3.0
-      gopd: 1.0.1
-    dev: false
-
-  /denque@2.1.0:
-    resolution: {integrity: sha512-HVQE3AAb/pxF8fQAoiqpvg9i3evqug3hoiwakOyZAwJm+6vZehbkYXZ0l4JxS+I3QxM97v5aaRNhj8v5oBhekw==}
-    engines: {node: '>=0.10'}
-    dev: false
-
-  /depd@2.0.0:
-    resolution: {integrity: sha512-g7nH6P6dyDioJogAAGprGpCtVImJhpPk/roCzdb3fIh61/s/nPsfR6onyMwkCAR/OlC3yBC0lESvUoQEAssIrw==}
-    engines: {node: '>= 0.8'}
-    dev: false
-
-  /destroy@1.2.0:
-    resolution: {integrity: sha512-2sJGJTaXIIaR1w4iJSNoN0hnMY7Gpc/n8D4qSCJw8QqFWXf7cuAgnEHxBpweaVcPevC2l3KpjYCx3NypQQgaJg==}
-    engines: {node: '>= 0.8', npm: 1.2.8000 || >= 1.4.16}
-    dev: false
-
-  /diff@4.0.2:
-    resolution: {integrity: sha512-58lmxKSA4BNyLz+HHMUzlOEpg09FV+ev6ZMe3vJihgdxzgcwZ8VoEEPmALCZG9LmqfVoNMMKpttIYTVG6uDY7A==}
-    engines: {node: '>=0.3.1'}
-    dev: true
-
-  /ee-first@1.1.1:
-    resolution: {integrity: sha512-WMwm9LhRUo+WUaRN+vRuETqG89IgZphVSNkdFgeb6sS/E4OrDIN7t48CAewSHXc6C8lefD8KKfr5vY61brQlow==}
-    dev: false
-
-  /encodeurl@1.0.2:
-    resolution: {integrity: sha512-TPJXq8JqFaVYm2CWmPvnP2Iyo4ZSM7/QKcSmuMLDObfpH5fi7RUGmd/rTDf+rut/saiDiQEeVTNgAmJEdAOx0w==}
-    engines: {node: '>= 0.8'}
-    dev: false
-
-  /es-define-property@1.0.0:
-    resolution: {integrity: sha512-jxayLKShrEqqzJ0eumQbVhTYQM27CfT1T35+gCgDFoL82JLsXqTJ76zv6A0YLOgEnLUMvLzsDsGIrl8NFpT2gQ==}
-    engines: {node: '>= 0.4'}
-    dependencies:
-      get-intrinsic: 1.2.4
-    dev: false
-
-  /es-errors@1.3.0:
-    resolution: {integrity: sha512-Zf5H2Kxt2xjTvbJvP2ZWLEICxA6j+hAmMzIlypy4xcBg1vKVnx89Wy0GbS+kf5cwCVFFzdCFh2XSCFNULS6csw==}
-    engines: {node: '>= 0.4'}
-    dev: false
-
-  /escape-html@1.0.3:
-    resolution: {integrity: sha512-NiSupZ4OeuGwr68lGIeym/ksIZMJodUGOSCZ/FSnTxcrekbvqrgdUxlJOMpijaKZVjAJrWrGs/6Jy8OMuyj9ow==}
-    dev: false
-
-  /etag@1.8.1:
-    resolution: {integrity: sha512-aIL5Fx7mawVa300al2BnEE4iNvo1qETxLrPI/o05L7z6go7fCw1J6EQmbK4FmJ2AS7kgVF/KEZWufBfdClMcPg==}
-    engines: {node: '>= 0.6'}
-    dev: false
-
-  /express@4.19.2:
-    resolution: {integrity: sha512-5T6nhjsT+EOMzuck8JjBHARTHfMht0POzlA60WV2pMD3gyXw2LZnZ+ueGdNxG+0calOJcWKbpFcuzLZ91YWq9Q==}
-    engines: {node: '>= 0.10.0'}
-    dependencies:
-      accepts: 1.3.8
-      array-flatten: 1.1.1
-      body-parser: 1.20.2
-      content-disposition: 0.5.4
-      content-type: 1.0.5
-      cookie: 0.6.0
-      cookie-signature: 1.0.6
-      debug: 2.6.9
-      depd: 2.0.0
-      encodeurl: 1.0.2
-      escape-html: 1.0.3
-      etag: 1.8.1
-      finalhandler: 1.2.0
-      fresh: 0.5.2
-      http-errors: 2.0.0
-      merge-descriptors: 1.0.1
-      methods: 1.1.2
-      on-finished: 2.4.1
-      parseurl: 1.3.3
-      path-to-regexp: 0.1.7
-      proxy-addr: 2.0.7
-      qs: 6.11.0
-      range-parser: 1.2.1
-      safe-buffer: 5.2.1
-      send: 0.18.0
-      serve-static: 1.15.0
-      setprototypeof: 1.2.0
-      statuses: 2.0.1
-      type-is: 1.6.18
-      utils-merge: 1.0.1
-      vary: 1.1.2
-    transitivePeerDependencies:
-      - supports-color
-    dev: false
-
-  /fill-range@7.0.1:
-    resolution: {integrity: sha512-qOo9F+dMUmC2Lcb4BbVvnKJxTPjCm+RRpe4gDuGrzkL7mEVl/djYSu2OdQ2Pa302N4oqkSg9ir6jaLWJ2USVpQ==}
-    engines: {node: '>=8'}
-    dependencies:
-      to-regex-range: 5.0.1
-    dev: true
-
-  /finalhandler@1.2.0:
-    resolution: {integrity: sha512-5uXcUVftlQMFnWC9qu/svkWv3GTd2PfUhK/3PLkYNAe7FbqJMt3515HaxE6eRL74GdsriiwujiawdaB1BpEISg==}
-    engines: {node: '>= 0.8'}
-    dependencies:
-      debug: 2.6.9
-      encodeurl: 1.0.2
-      escape-html: 1.0.3
-      on-finished: 2.4.1
-      parseurl: 1.3.3
-      statuses: 2.0.1
-      unpipe: 1.0.0
-    transitivePeerDependencies:
-      - supports-color
-    dev: false
-
-  /forwarded@0.2.0:
-    resolution: {integrity: sha512-buRG0fpBtRHSTCOASe6hD258tEubFoRLb4ZNA6NxMVHNw2gOcwHo9wyablzMzOA5z9xA9L1KNjk/Nt6MT9aYow==}
-    engines: {node: '>= 0.6'}
-    dev: false
-
-  /fresh@0.5.2:
-    resolution: {integrity: sha512-zJ2mQYM18rEFOudeV4GShTGIQ7RbzA7ozbU9I/XBpm7kqgMywgmylMwXHxZJmkVoYkna9d2pVXVXPdYTP9ej8Q==}
-    engines: {node: '>= 0.6'}
-    dev: false
-
-  /fsevents@2.3.3:
-    resolution: {integrity: sha512-5xoDfX+fL7faATnagmWPpbFtwh/R77WmMMqqHGS65C3vvB0YHrgF+B1YmZ3441tMj5n63k0212XNoJwzlhffQw==}
-    engines: {node: ^8.16.0 || ^10.6.0 || >=11.0.0}
-    os: [darwin]
-    requiresBuild: true
-    dev: true
-    optional: true
-
-  /function-bind@1.1.2:
-    resolution: {integrity: sha512-7XHNxH7qX9xG5mIwxkhumTox/MIRNcOgDrxWsMt2pAr23WHp6MrRlN7FBSFpCpr+oVO0F744iUgR82nJMfG2SA==}
-    dev: false
-
-  /generate-function@2.3.1:
-    resolution: {integrity: sha512-eeB5GfMNeevm/GRYq20ShmsaGcmI81kIX2K9XQx5miC8KdHaC6Jm0qQ8ZNeGOi7wYB8OsdxKs+Y2oVuTFuVwKQ==}
-    dependencies:
-      is-property: 1.0.2
-    dev: false
-
-  /get-intrinsic@1.2.4:
-    resolution: {integrity: sha512-5uYhsJH8VJBTv7oslg4BznJYhDoRI6waYCxMmCdnTrcCrHA/fCFKoTFz2JKKE0HdDFUF7/oQuhzumXJK7paBRQ==}
-    engines: {node: '>= 0.4'}
-    dependencies:
-      es-errors: 1.3.0
-      function-bind: 1.1.2
-      has-proto: 1.0.3
-      has-symbols: 1.0.3
-      hasown: 2.0.2
-    dev: false
-
-  /glob-parent@5.1.2:
-    resolution: {integrity: sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow==}
-    engines: {node: '>= 6'}
-    dependencies:
-      is-glob: 4.0.3
-    dev: true
-
-  /gopd@1.0.1:
-    resolution: {integrity: sha512-d65bNlIadxvpb/A2abVdlqKqV563juRnZ1Wtk6s1sIR8uNsXR70xqIzVqxVf1eTqDunwT2MkczEeaezCKTZhwA==}
-    dependencies:
-      get-intrinsic: 1.2.4
-    dev: false
-
-  /has-flag@3.0.0:
-    resolution: {integrity: sha512-sKJf1+ceQBr4SMkvQnBDNDtf4TXpVhVGateu0t918bl30FnbE2m4vNLX+VWe/dpjlb+HugGYzW7uQXH98HPEYw==}
-    engines: {node: '>=4'}
-
-  /has-property-descriptors@1.0.2:
-    resolution: {integrity: sha512-55JNKuIW+vq4Ke1BjOTjM2YctQIvCT7GFzHwmfZPGo5wnrgkid0YQtnAleFSqumZm4az3n2BS+erby5ipJdgrg==}
-    dependencies:
-      es-define-property: 1.0.0
-    dev: false
-
-  /has-proto@1.0.3:
-    resolution: {integrity: sha512-SJ1amZAJUiZS+PhsVLf5tGydlaVB8EdFpaSO4gmiUKUOxk8qzn5AIy4ZeJUmh22znIdk/uMAUT2pl3FxzVUH+Q==}
-    engines: {node: '>= 0.4'}
-    dev: false
-
-  /has-symbols@1.0.3:
-    resolution: {integrity: sha512-l3LCuF6MgDNwTDKkdYGEihYjt5pRPbEg46rtlmnSPlUbgmB8LOIrKJbYYFBSbnPaJexMKtiPO8hmeRjRz2Td+A==}
-    engines: {node: '>= 0.4'}
-    dev: false
-
-  /hasown@2.0.2:
-    resolution: {integrity: sha512-0hJU9SCPvmMzIBdZFqNPXWa6dqh7WdH0cII9y+CyS8rG3nL48Bclra9HmKhVVUHyPWNH5Y7xDwAB7bfgSjkUMQ==}
-    engines: {node: '>= 0.4'}
-    dependencies:
-      function-bind: 1.1.2
-    dev: false
-
-  /http-errors@2.0.0:
-    resolution: {integrity: sha512-FtwrG/euBzaEjYeRqOgly7G0qviiXoJWnvEH2Z1plBdXgbyjv34pHTSb9zoeHMyDy33+DWy5Wt9Wo+TURtOYSQ==}
-    engines: {node: '>= 0.8'}
-    dependencies:
-      depd: 2.0.0
-      inherits: 2.0.4
-      setprototypeof: 1.2.0
-      statuses: 2.0.1
-      toidentifier: 1.0.1
-    dev: false
-
-  /iconv-lite@0.4.24:
-    resolution: {integrity: sha512-v3MXnZAcvnywkTUEZomIActle7RXXeedOR31wwl7VlyoXO4Qi9arvSenNQWne1TcRwhCL1HwLI21bEqdpj8/rA==}
-    engines: {node: '>=0.10.0'}
-    dependencies:
-      safer-buffer: 2.1.2
-    dev: false
-
-  /iconv-lite@0.6.3:
-    resolution: {integrity: sha512-4fCk79wshMdzMp2rH06qWrJE4iolqLhCUH+OiuIgU++RB0+94NlDL81atO7GX55uUKueo0txHNtvEyI6D7WdMw==}
-    engines: {node: '>=0.10.0'}
-    dependencies:
-      safer-buffer: 2.1.2
-    dev: false
-
-  /ignore-by-default@1.0.1:
-    resolution: {integrity: sha512-Ius2VYcGNk7T90CppJqcIkS5ooHUZyIQK+ClZfMfMNFEF9VSE73Fq+906u/CWu92x4gzZMWOwfFYckPObzdEbA==}
-    dev: true
-
-  /inherits@2.0.4:
-    resolution: {integrity: sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==}
-    dev: false
-
-  /ioredis@5.4.1:
-    resolution: {integrity: sha512-2YZsvl7jopIa1gaePkeMtd9rAcSjOOjPtpcLlOeusyO+XH2SK5ZcT+UCrElPP+WVIInh2TzeI4XW9ENaSLVVHA==}
-    engines: {node: '>=12.22.0'}
-    dependencies:
-      '@ioredis/commands': 1.2.0
-      cluster-key-slot: 1.1.2
-      debug: 4.3.4(supports-color@5.5.0)
-      denque: 2.1.0
-      lodash.defaults: 4.2.0
-      lodash.isarguments: 3.1.0
-      redis-errors: 1.2.0
-      redis-parser: 3.0.0
-      standard-as-callback: 2.1.0
-    transitivePeerDependencies:
-      - supports-color
-    dev: false
-
-  /ipaddr.js@1.9.1:
-    resolution: {integrity: sha512-0KI/607xoxSToH7GjN1FfSbLoU0+btTicjsQSWQlh/hZykN8KpmMf7uYwPW3R+akZ6R/w18ZlXSHBYXiYUPO3g==}
-    engines: {node: '>= 0.10'}
-    dev: false
-
-  /is-binary-path@2.1.0:
-    resolution: {integrity: sha512-ZMERYes6pDydyuGidse7OsHxtbI7WVeUEozgR/g7rd0xUimYNlvZRE/K2MgZTjWy725IfelLeVcEM97mmtRGXw==}
-    engines: {node: '>=8'}
-    dependencies:
-      binary-extensions: 2.3.0
-    dev: true
-
-  /is-extglob@2.1.1:
-    resolution: {integrity: sha512-SbKbANkN603Vi4jEZv49LeVJMn4yGwsbzZworEoyEiutsN3nJYdbO36zfhGJ6QEDpOZIFkDtnq5JRxmvl3jsoQ==}
-    engines: {node: '>=0.10.0'}
-    dev: true
-
-  /is-glob@4.0.3:
-    resolution: {integrity: sha512-xelSayHH36ZgE7ZWhli7pW34hNbNl8Ojv5KVmkJD4hBdD3th8Tfk9vYasLM+mXWOZhFkgZfxhLSnrwRr4elSSg==}
-    engines: {node: '>=0.10.0'}
-    dependencies:
-      is-extglob: 2.1.1
-    dev: true
-
-  /is-number@7.0.0:
-    resolution: {integrity: sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng==}
-    engines: {node: '>=0.12.0'}
-    dev: true
-
-  /is-property@1.0.2:
-    resolution: {integrity: sha512-Ks/IoX00TtClbGQr4TWXemAnktAQvYB7HzcCxDGqEZU6oCmb2INHuOoKxbtR+HFkmYWBKv/dOZtGRiAjDhj92g==}
-    dev: false
-
-  /lodash.defaults@4.2.0:
-    resolution: {integrity: sha512-qjxPLHd3r5DnsdGacqOMU6pb/avJzdh9tFX2ymgoZE27BmjXrNy/y4LoaiTeAb+O3gL8AfpJGtqfX/ae2leYYQ==}
-    dev: false
-
-  /lodash.isarguments@3.1.0:
-    resolution: {integrity: sha512-chi4NHZlZqZD18a0imDHnZPrDeBbTtVN7GXMwuGdRH9qotxAjYs3aVLKc7zNOG9eddR5Ksd8rvFEBc9SsggPpg==}
-    dev: false
-
-  /long@5.2.3:
-    resolution: {integrity: sha512-lcHwpNoggQTObv5apGNCTdJrO69eHOZMi4BNC+rTLER8iHAqGrUVeLh/irVIM7zTw2bOXA8T6uNPeujwOLg/2Q==}
-    dev: false
-
-  /lru-cache@7.18.3:
-    resolution: {integrity: sha512-jumlc0BIUrS3qJGgIkWZsyfAM7NCWiBcCDhnd+3NNM5KbBmLTgHVfWBcg6W+rLUsIpzpERPsvwUP7CckAQSOoA==}
-    engines: {node: '>=12'}
-    dev: false
-
-  /lru-cache@8.0.5:
-    resolution: {integrity: sha512-MhWWlVnuab1RG5/zMRRcVGXZLCXrZTgfwMikgzCegsPnG62yDQo5JnqKkrK4jO5iKqDAZGItAqN5CtKBCBWRUA==}
-    engines: {node: '>=16.14'}
-    dev: false
-
-  /make-error@1.3.6:
-    resolution: {integrity: sha512-s8UhlNe7vPKomQhC1qFelMokr/Sc3AgNbso3n74mVPA5LTZwkB9NlXf4XPamLxJE8h0gh73rM94xvwRT2CVInw==}
-    dev: true
-
-  /media-typer@0.3.0:
-    resolution: {integrity: sha512-dq+qelQ9akHpcOl/gUVRTxVIOkAJ1wR3QAvb4RsVjS8oVoFjDGTc679wJYmUmknUF5HwMLOgb5O+a3KxfWapPQ==}
-    engines: {node: '>= 0.6'}
-    dev: false
-
-  /merge-descriptors@1.0.1:
-    resolution: {integrity: sha512-cCi6g3/Zr1iqQi6ySbseM1Xvooa98N0w31jzUYrXPX2xqObmFGHJ0tQ5u74H3mVh7wLouTseZyYIq39g8cNp1w==}
-    dev: false
-
-  /methods@1.1.2:
-    resolution: {integrity: sha512-iclAHeNqNm68zFtnZ0e+1L2yUIdvzNoauKU4WBA3VvH/vPFieF7qfRlwUZU+DA9P9bPXIS90ulxoUoCH23sV2w==}
-    engines: {node: '>= 0.6'}
-    dev: false
-
-  /mime-db@1.52.0:
-    resolution: {integrity: sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg==}
-    engines: {node: '>= 0.6'}
-    dev: false
-
-  /mime-types@2.1.35:
-    resolution: {integrity: sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw==}
-    engines: {node: '>= 0.6'}
-    dependencies:
-      mime-db: 1.52.0
-    dev: false
-
-  /mime@1.6.0:
-    resolution: {integrity: sha512-x0Vn8spI+wuJ1O6S7gnbaQg8Pxh4NNHb7KSINmEWKiPE4RKOplvijn+NkmYmmRgP68mc70j2EbeTFRsrswaQeg==}
-    engines: {node: '>=4'}
-    hasBin: true
-    dev: false
-
-  /minimatch@3.1.2:
-    resolution: {integrity: sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==}
-    dependencies:
-      brace-expansion: 1.1.11
-    dev: true
-
-  /ms@2.0.0:
-    resolution: {integrity: sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A==}
-    dev: false
-
-  /ms@2.1.2:
-    resolution: {integrity: sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==}
-
-  /ms@2.1.3:
-    resolution: {integrity: sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==}
-    dev: false
-
-  /mysql2@3.9.7:
-    resolution: {integrity: sha512-KnJT8vYRcNAZv73uf9zpXqNbvBG7DJrs+1nACsjZP1HMJ1TgXEy8wnNilXAn/5i57JizXKtrUtwDB7HxT9DDpw==}
-    engines: {node: '>= 8.0'}
-    dependencies:
-      denque: 2.1.0
-      generate-function: 2.3.1
-      iconv-lite: 0.6.3
-      long: 5.2.3
-      lru-cache: 8.0.5
-      named-placeholders: 1.1.3
-      seq-queue: 0.0.5
-      sqlstring: 2.3.3
-    dev: false
-
-  /named-placeholders@1.1.3:
-    resolution: {integrity: sha512-eLoBxg6wE/rZkJPhU/xRX1WTpkFEwDJEN96oxFrTsqBdbT5ec295Q+CoHrL9IT0DipqKhmGcaZmwOt8OON5x1w==}
-    engines: {node: '>=12.0.0'}
-    dependencies:
-      lru-cache: 7.18.3
-    dev: false
-
-  /negotiator@0.6.3:
-    resolution: {integrity: sha512-+EUsqGPLsM+j/zdChZjsnX51g4XrHFOIXwfnCVPGlQk/k5giakcKsuxCObBRu6DSm9opw/O6slWbJdghQM4bBg==}
-    engines: {node: '>= 0.6'}
-    dev: false
-
-  /nodemon@3.1.0:
-    resolution: {integrity: sha512-xqlktYlDMCepBJd43ZQhjWwMw2obW/JRvkrLxq5RCNcuDDX1DbcPT+qT1IlIIdf+DhnWs90JpTMe+Y5KxOchvA==}
-    engines: {node: '>=10'}
-    hasBin: true
-    dependencies:
-      chokidar: 3.6.0
-      debug: 4.3.4(supports-color@5.5.0)
-      ignore-by-default: 1.0.1
-      minimatch: 3.1.2
-      pstree.remy: 1.1.8
-      semver: 7.6.2
-      simple-update-notifier: 2.0.0
-      supports-color: 5.5.0
-      touch: 3.1.1
-      undefsafe: 2.0.5
-    dev: true
-
-  /normalize-path@3.0.0:
-    resolution: {integrity: sha512-6eZs5Ls3WtCisHWp9S2GUy8dqkpGi4BVSz3GaqiE6ezub0512ESztXUwUB6C6IKbQkY2Pnb/mD4WYojCRwcwLA==}
-    engines: {node: '>=0.10.0'}
-    dev: true
-
-  /object-assign@4.1.1:
-    resolution: {integrity: sha512-rJgTQnkUnH1sFw8yT6VSU3zD3sWmu6sZhIseY8VX+GRu3P6F7Fu+JNDoXfklElbLJSnc3FUQHVe4cU5hj+BcUg==}
-    engines: {node: '>=0.10.0'}
-    dev: false
-
-  /object-inspect@1.13.1:
-    resolution: {integrity: sha512-5qoj1RUiKOMsCCNLV1CBiPYE10sziTsnmNxkAI/rZhiD63CF7IqdFGC/XzjWjpSgLf0LxXX3bDFIh0E18f6UhQ==}
-    dev: false
-
-  /on-finished@2.4.1:
-    resolution: {integrity: sha512-oVlzkg3ENAhCk2zdv7IJwd/QUD4z2RxRwpkcGY8psCVcCYZNq4wYnVWALHM+brtuJjePWiYF/ClmuDr8Ch5+kg==}
-    engines: {node: '>= 0.8'}
-    dependencies:
-      ee-first: 1.1.1
-    dev: false
-
-  /parseurl@1.3.3:
-    resolution: {integrity: sha512-CiyeOxFT/JZyN5m0z9PfXw4SCBJ6Sygz1Dpl0wqjlhDEGGBP1GnsUVEL0p63hoG1fcj3fHynXi9NYO4nWOL+qQ==}
-    engines: {node: '>= 0.8'}
-    dev: false
-
-  /path-to-regexp@0.1.7:
-    resolution: {integrity: sha512-5DFkuoqlv1uYQKxy8omFBeJPQcdoE07Kv2sferDCrAq1ohOU+MSDswDIbnx3YAM60qIOnYa53wBhXW0EbMonrQ==}
-    dev: false
-
-  /picomatch@2.3.1:
-    resolution: {integrity: sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==}
-    engines: {node: '>=8.6'}
-    dev: true
-
-  /proxy-addr@2.0.7:
-    resolution: {integrity: sha512-llQsMLSUDUPT44jdrU/O37qlnifitDP+ZwrmmZcoSKyLKvtZxpyV0n2/bD/N4tBAAZ/gJEdZU7KMraoK1+XYAg==}
-    engines: {node: '>= 0.10'}
-    dependencies:
-      forwarded: 0.2.0
-      ipaddr.js: 1.9.1
-    dev: false
-
-  /pstree.remy@1.1.8:
-    resolution: {integrity: sha512-77DZwxQmxKnu3aR542U+X8FypNzbfJ+C5XQDk3uWjWxn6151aIMGthWYRXTqT1E5oJvg+ljaa2OJi+VfvCOQ8w==}
-    dev: true
-
-  /qs@6.11.0:
-    resolution: {integrity: sha512-MvjoMCJwEarSbUYk5O+nmoSzSutSsTwF85zcHPQ9OrlFoZOYIjaqBAJIqIXjptyD5vThxGq52Xu/MaJzRkIk4Q==}
-    engines: {node: '>=0.6'}
-    dependencies:
-      side-channel: 1.0.6
-    dev: false
-
-  /range-parser@1.2.1:
-    resolution: {integrity: sha512-Hrgsx+orqoygnmhFbKaHE6c296J+HTAQXoxEF6gNupROmmGJRoyzfG3ccAveqCBrwr/2yxQ5BVd/GTl5agOwSg==}
-    engines: {node: '>= 0.6'}
-    dev: false
-
-  /raw-body@2.5.2:
-    resolution: {integrity: sha512-8zGqypfENjCIqGhgXToC8aB2r7YrBX+AQAfIPs/Mlk+BtPTztOvTS01NRW/3Eh60J+a48lt8qsCzirQ6loCVfA==}
-    engines: {node: '>= 0.8'}
-    dependencies:
-      bytes: 3.1.2
-      http-errors: 2.0.0
-      iconv-lite: 0.4.24
-      unpipe: 1.0.0
-    dev: false
-
-  /readdirp@3.6.0:
-    resolution: {integrity: sha512-hOS089on8RduqdbhvQ5Z37A0ESjsqz6qnRcffsMU3495FuTdqSm+7bhJ29JvIOsBDEEnan5DPu9t3To9VRlMzA==}
-    engines: {node: '>=8.10.0'}
-    dependencies:
-      picomatch: 2.3.1
-    dev: true
-
-  /redis-errors@1.2.0:
-    resolution: {integrity: sha512-1qny3OExCf0UvUV/5wpYKf2YwPcOqXzkwKKSmKHiE6ZMQs5heeE/c8eXK+PNllPvmjgAbfnsbpkGZWy8cBpn9w==}
-    engines: {node: '>=4'}
-    dev: false
-
-  /redis-parser@3.0.0:
-    resolution: {integrity: sha512-DJnGAeenTdpMEH6uAJRK/uiyEIH9WVsUmoLwzudwGJUwZPp80PDBWPHXSAGNPwNvIXAbe7MSUB1zQFugFml66A==}
-    engines: {node: '>=4'}
-    dependencies:
-      redis-errors: 1.2.0
-    dev: false
-
-  /safe-buffer@5.2.1:
-    resolution: {integrity: sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==}
-    dev: false
-
-  /safer-buffer@2.1.2:
-    resolution: {integrity: sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==}
-    dev: false
-
-  /semver@7.6.2:
-    resolution: {integrity: sha512-FNAIBWCx9qcRhoHcgcJ0gvU7SN1lYU2ZXuSfl04bSC5OpvDHFyJCjdNHomPXxjQlCBU67YW64PzY7/VIEH7F2w==}
-    engines: {node: '>=10'}
-    hasBin: true
-    dev: true
-
-  /send@0.18.0:
-    resolution: {integrity: sha512-qqWzuOjSFOuqPjFe4NOsMLafToQQwBSOEpS+FwEt3A2V3vKubTquT3vmLTQpFgMXp8AlFWFuP1qKaJZOtPpVXg==}
-    engines: {node: '>= 0.8.0'}
-    dependencies:
-      debug: 2.6.9
-      depd: 2.0.0
-      destroy: 1.2.0
-      encodeurl: 1.0.2
-      escape-html: 1.0.3
-      etag: 1.8.1
-      fresh: 0.5.2
-      http-errors: 2.0.0
-      mime: 1.6.0
-      ms: 2.1.3
-      on-finished: 2.4.1
-      range-parser: 1.2.1
-      statuses: 2.0.1
-    transitivePeerDependencies:
-      - supports-color
-    dev: false
-
-  /seq-queue@0.0.5:
-    resolution: {integrity: sha512-hr3Wtp/GZIc/6DAGPDcV4/9WoZhjrkXsi5B/07QgX8tsdc6ilr7BFM6PM6rbdAX1kFSDYeZGLipIZZKyQP0O5Q==}
-    dev: false
-
-  /serve-static@1.15.0:
-    resolution: {integrity: sha512-XGuRDNjXUijsUL0vl6nSD7cwURuzEgglbOaFuZM9g3kwDXOWVTck0jLzjPzGD+TazWbboZYu52/9/XPdUgne9g==}
-    engines: {node: '>= 0.8.0'}
-    dependencies:
-      encodeurl: 1.0.2
-      escape-html: 1.0.3
-      parseurl: 1.3.3
-      send: 0.18.0
-    transitivePeerDependencies:
-      - supports-color
-    dev: false
-
-  /set-function-length@1.2.2:
-    resolution: {integrity: sha512-pgRc4hJ4/sNjWCSS9AmnS40x3bNMDTknHgL5UaMBTMyJnU90EgWh1Rz+MC9eFu4BuN/UwZjKQuY/1v3rM7HMfg==}
-    engines: {node: '>= 0.4'}
-    dependencies:
-      define-data-property: 1.1.4
-      es-errors: 1.3.0
-      function-bind: 1.1.2
-      get-intrinsic: 1.2.4
-      gopd: 1.0.1
-      has-property-descriptors: 1.0.2
-    dev: false
-
-  /setprototypeof@1.2.0:
-    resolution: {integrity: sha512-E5LDX7Wrp85Kil5bhZv46j8jOeboKq5JMmYM3gVGdGH8xFpPWXUMsNrlODCrkoxMEeNi/XZIwuRvY4XNwYMJpw==}
-    dev: false
-
-  /side-channel@1.0.6:
-    resolution: {integrity: sha512-fDW/EZ6Q9RiO8eFG8Hj+7u/oW+XrPTIChwCOM2+th2A6OblDtYYIpve9m+KvI9Z4C9qSEXlaGR6bTEYHReuglA==}
-    engines: {node: '>= 0.4'}
-    dependencies:
-      call-bind: 1.0.7
-      es-errors: 1.3.0
-      get-intrinsic: 1.2.4
-      object-inspect: 1.13.1
-    dev: false
-
-  /simple-update-notifier@2.0.0:
-    resolution: {integrity: sha512-a2B9Y0KlNXl9u/vsW6sTIu9vGEpfKu2wRV6l1H3XEas/0gUIzGzBoP/IouTcUQbm9JWZLH3COxyn03TYlFax6w==}
-    engines: {node: '>=10'}
-    dependencies:
-      semver: 7.6.2
-    dev: true
-
-  /sqlstring@2.3.3:
-    resolution: {integrity: sha512-qC9iz2FlN7DQl3+wjwn3802RTyjCx7sDvfQEXchwa6CWOx07/WVfh91gBmQ9fahw8snwGEWU3xGzOt4tFyHLxg==}
-    engines: {node: '>= 0.6'}
-    dev: false
-
-  /standard-as-callback@2.1.0:
-    resolution: {integrity: sha512-qoRRSyROncaz1z0mvYqIE4lCd9p2R90i6GxW3uZv5ucSu8tU7B5HXUP1gG8pVZsYNVaXjk8ClXHPttLyxAL48A==}
-    dev: false
-
-  /statuses@2.0.1:
-    resolution: {integrity: sha512-RwNA9Z/7PrK06rYLIzFMlaF+l73iwpzsqRIFgbMLbTcLD6cOao82TaWefPXQvB2fOC4AjuYSEndS7N/mTCbkdQ==}
-    engines: {node: '>= 0.8'}
-    dev: false
-
-  /supports-color@5.5.0:
-    resolution: {integrity: sha512-QjVjwdXIt408MIiAqCX4oUKsgU2EqAGzs2Ppkm4aQYbjm+ZEWEcW4SfFNTr4uMNZma0ey4f5lgLrkB0aX0QMow==}
-    engines: {node: '>=4'}
-    dependencies:
-      has-flag: 3.0.0
-
-  /to-regex-range@5.0.1:
-    resolution: {integrity: sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ==}
-    engines: {node: '>=8.0'}
-    dependencies:
-      is-number: 7.0.0
-    dev: true
-
-  /toidentifier@1.0.1:
-    resolution: {integrity: sha512-o5sSPKEkg/DIQNmH43V0/uerLrpzVedkUh8tGNvaeXpfpuwjKenlSox/2O/BTlZUtEe+JG7s5YhEz608PlAHRA==}
-    engines: {node: '>=0.6'}
-    dev: false
-
-  /touch@3.1.1:
-    resolution: {integrity: sha512-r0eojU4bI8MnHr8c5bNo7lJDdI2qXlWWJk6a9EAFG7vbhTjElYhBVS3/miuE0uOuoLdb8Mc/rVfsmm6eo5o9GA==}
-    hasBin: true
-    dev: true
-
-  /ts-node@10.9.2(@types/node@20.12.12)(typescript@5.4.5):
-    resolution: {integrity: sha512-f0FFpIdcHgn8zcPSbf1dRevwt047YMnaiJM3u2w2RewrB+fob/zePZcrOyQoLMMO7aBIddLcQIEK5dYjkLnGrQ==}
-    hasBin: true
-    peerDependencies:
-      '@swc/core': '>=1.2.50'
-      '@swc/wasm': '>=1.2.50'
-      '@types/node': '*'
-      typescript: '>=2.7'
-    peerDependenciesMeta:
-      '@swc/core':
-        optional: true
-      '@swc/wasm':
-        optional: true
-    dependencies:
-      '@cspotcode/source-map-support': 0.8.1
-      '@tsconfig/node10': 1.0.11
-      '@tsconfig/node12': 1.0.11
-      '@tsconfig/node14': 1.0.3
-      '@tsconfig/node16': 1.0.4
-      '@types/node': 20.12.12
-      acorn: 8.11.3
-      acorn-walk: 8.3.2
-      arg: 4.1.3
-      create-require: 1.1.1
-      diff: 4.0.2
-      make-error: 1.3.6
-      typescript: 5.4.5
-      v8-compile-cache-lib: 3.0.1
-      yn: 3.1.1
-    dev: true
-
-  /type-is@1.6.18:
-    resolution: {integrity: sha512-TkRKr9sUTxEH8MdfuCSP7VizJyzRNMjj2J2do2Jr3Kym598JVdEksuzPQCnlFPW4ky9Q+iA+ma9BGm06XQBy8g==}
-    engines: {node: '>= 0.6'}
-    dependencies:
-      media-typer: 0.3.0
-      mime-types: 2.1.35
-    dev: false
-
-  /typescript@5.4.5:
-    resolution: {integrity: sha512-vcI4UpRgg81oIRUFwR0WSIHKt11nJ7SAVlYNIu+QpqeyXP+gpQJy/Z4+F0aGxSE4MqwjyXvW/TzgkLAx2AGHwQ==}
-    engines: {node: '>=14.17'}
-    hasBin: true
-    dev: true
-
-  /undefsafe@2.0.5:
-    resolution: {integrity: sha512-WxONCrssBM8TSPRqN5EmsjVrsv4A8X12J4ArBiiayv3DyyG3ZlIg6yysuuSYdZsVz3TKcTg2fd//Ujd4CHV1iA==}
-    dev: true
-
-  /undici-types@5.26.5:
-    resolution: {integrity: sha512-JlCMO+ehdEIKqlFxk6IfVoAUVmgz7cU7zD/h9XZ0qzeosSHmUJVOzSQvvYSYWXkFXC+IfLKSIffhv0sVZup6pA==}
-    dev: true
-
-  /unpipe@1.0.0:
-    resolution: {integrity: sha512-pjy2bYhSsufwWlKwPc+l3cN7+wuJlK6uz0YdJEOlQDbl6jo/YlPi4mb8agUkVC8BF7V8NuzeyPNqRksA3hztKQ==}
-    engines: {node: '>= 0.8'}
-    dev: false
-
-  /utils-merge@1.0.1:
-    resolution: {integrity: sha512-pMZTvIkT1d+TFGvDOqodOclx0QWkkgi6Tdoa8gC8ffGAAqz9pzPTZWAybbsHHoED/ztMtkv/VoYTYyShUn81hA==}
-    engines: {node: '>= 0.4.0'}
-    dev: false
-
-  /v8-compile-cache-lib@3.0.1:
-    resolution: {integrity: sha512-wa7YjyUGfNZngI/vtK0UHAN+lgDCxBPCylVXGp0zu59Fz5aiGtNXaq3DhIov063MorB+VfufLh3JlF2KdTK3xg==}
-    dev: true
-
-  /vary@1.1.2:
-    resolution: {integrity: sha512-BNGbWLfd0eUPabhkXUVm0j8uuvREyTh5ovRa/dyow/BqAbZJyC+5fU+IzQOzmAKzYqYRAISoRhdQr3eIZ/PXqg==}
-    engines: {node: '>= 0.8'}
-    dev: false
-
-  /yn@3.1.1:
-    resolution: {integrity: sha512-Ux4ygGWsu2c7isFWe8Yu1YluJmqVhxqK2cLXNQA5AcC3QfbGNpM7fu0Y8b/z16pXLnFxZYvWhd3fhBY9DLmC6Q==}
-    engines: {node: '>=6'}
-    dev: true

Server/tsconfig.json

@@ -1,14 +0,0 @@
-{
-  "compilerOptions": {
-    "target": "es6",
-    "module": "commonjs",
-    "strict": true,
-    "esModuleInterop": true,
-    "baseUrl": ".",
-    "paths": {
-      "@/*": ["src/*"],
-      "@plugs/*": ["plugs/*"],
-      "@apis/*": ["apis/*"]
-    }
-  }
-}

apps/.dockerignore

@@ -0,0 +1,4 @@
+node_modules
+.next
+.git
+.env.local

apps/backend/.eslintrc.js

@@ -0,0 +1,25 @@
+module.exports = {
+  parser: '@typescript-eslint/parser',
+  parserOptions: {
+    project: 'tsconfig.json',
+    tsconfigRootDir: __dirname,
+    sourceType: 'module',
+  },
+  plugins: ['@typescript-eslint/eslint-plugin'],
+  extends: [
+    'plugin:@typescript-eslint/recommended',
+    'plugin:prettier/recommended',
+  ],
+  root: true,
+  env: {
+    node: true,
+    jest: true,
+  },
+  ignorePatterns: ['.eslintrc.js'],
+  rules: {
+    '@typescript-eslint/interface-name-prefix': 'off',
+    '@typescript-eslint/explicit-function-return-type': 'off',
+    '@typescript-eslint/explicit-module-boundary-types': 'off',
+    '@typescript-eslint/no-explicit-any': 'off',
+  },
+};

apps/backend/.gitignore

@@ -0,0 +1,56 @@
+# compiled output
+/dist
+/node_modules
+/build
+
+# Logs
+logs
+*.log
+npm-debug.log*
+pnpm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+lerna-debug.log*
+
+# OS
+.DS_Store
+
+# Tests
+/coverage
+/.nyc_output
+
+# IDEs and editors
+/.idea
+.project
+.classpath
+.c9/
+*.launch
+.settings/
+*.sublime-workspace
+
+# IDE - VSCode
+.vscode/*
+!.vscode/settings.json
+!.vscode/tasks.json
+!.vscode/launch.json
+!.vscode/extensions.json
+
+# dotenv environment variable files
+.env
+.env.development.local
+.env.test.local
+.env.production.local
+.env.local
+
+# temp directory
+.temp
+.tmp
+
+# Runtime data
+pids
+*.pid
+*.seed
+*.pid.lock
+
+# Diagnostic reports (https://nodejs.org/api/report.html)
+report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json

apps/backend/.prettierrc

@@ -0,0 +1,4 @@
+{
+  "singleQuote": true,
+  "trailingComma": "all"
+}

apps/backend/Dockerfile

@@ -0,0 +1,23 @@
+FROM node:22-alpine AS builder
+RUN npm install -g pnpm
+WORKDIR /app
+
+COPY package.json pnpm-lock.yaml ./
+RUN pnpm install --frozen-lockfile
+
+COPY . .
+RUN pnpm run build
+
+RUN CI=true pnpm prune --prod
+
+FROM node:22-alpine AS runner
+WORKDIR /app
+
+ENV NODE_ENV=production
+
+COPY --from=builder /app/node_modules ./node_modules
+COPY --from=builder /app/dist ./dist
+COPY --from=builder /app/package.json ./package.json
+
+EXPOSE 3001
+CMD ["node", "dist/main.js"]

apps/backend/README.md

@@ -0,0 +1,99 @@
+<p align="center">
+  <a href="http://nestjs.com/" target="blank"><img src="https://nestjs.com/img/logo-small.svg" width="120" alt="Nest Logo" /></a>
+</p>
+
+[circleci-image]: https://img.shields.io/circleci/build/github/nestjs/nest/master?token=abc123def456
+[circleci-url]: https://circleci.com/gh/nestjs/nest
+
+  <p align="center">A progressive <a href="http://nodejs.org" target="_blank">Node.js</a> framework for building efficient and scalable server-side applications.</p>
+    <p align="center">
+<a href="https://www.npmjs.com/~nestjscore" target="_blank"><img src="https://img.shields.io/npm/v/@nestjs/core.svg" alt="NPM Version" /></a>
+<a href="https://www.npmjs.com/~nestjscore" target="_blank"><img src="https://img.shields.io/npm/l/@nestjs/core.svg" alt="Package License" /></a>
+<a href="https://www.npmjs.com/~nestjscore" target="_blank"><img src="https://img.shields.io/npm/dm/@nestjs/common.svg" alt="NPM Downloads" /></a>
+<a href="https://circleci.com/gh/nestjs/nest" target="_blank"><img src="https://img.shields.io/circleci/build/github/nestjs/nest/master" alt="CircleCI" /></a>
+<a href="https://coveralls.io/github/nestjs/nest?branch=master" target="_blank"><img src="https://coveralls.io/repos/github/nestjs/nest/badge.svg?branch=master#9" alt="Coverage" /></a>
+<a href="https://discord.gg/G7Qnnhy" target="_blank"><img src="https://img.shields.io/badge/discord-online-brightgreen.svg" alt="Discord"/></a>
+<a href="https://opencollective.com/nest#backer" target="_blank"><img src="https://opencollective.com/nest/backers/badge.svg" alt="Backers on Open Collective" /></a>
+<a href="https://opencollective.com/nest#sponsor" target="_blank"><img src="https://opencollective.com/nest/sponsors/badge.svg" alt="Sponsors on Open Collective" /></a>
+  <a href="https://paypal.me/kamilmysliwiec" target="_blank"><img src="https://img.shields.io/badge/Donate-PayPal-ff3f59.svg" alt="Donate us"/></a>
+    <a href="https://opencollective.com/nest#sponsor"  target="_blank"><img src="https://img.shields.io/badge/Support%20us-Open%20Collective-41B883.svg" alt="Support us"></a>
+  <a href="https://twitter.com/nestframework" target="_blank"><img src="https://img.shields.io/twitter/follow/nestframework.svg?style=social&label=Follow" alt="Follow us on Twitter"></a>
+</p>
+  <!--[![Backers on Open Collective](https://opencollective.com/nest/backers/badge.svg)](https://opencollective.com/nest#backer)
+  [![Sponsors on Open Collective](https://opencollective.com/nest/sponsors/badge.svg)](https://opencollective.com/nest#sponsor)-->
+
+## Description
+
+[Nest](https://github.com/nestjs/nest) framework TypeScript starter repository.
+
+## Project setup
+
+```bash
+$ pnpm install
+```
+
+## Compile and run the project
+
+```bash
+# development
+$ pnpm run start
+
+# watch mode
+$ pnpm run start:dev
+
+# production mode
+$ pnpm run start:prod
+```
+
+## Run tests
+
+```bash
+# unit tests
+$ pnpm run test
+
+# e2e tests
+$ pnpm run test:e2e
+
+# test coverage
+$ pnpm run test:cov
+```
+
+## Deployment
+
+When you're ready to deploy your NestJS application to production, there are some key steps you can take to ensure it runs as efficiently as possible. Check out the [deployment documentation](https://docs.nestjs.com/deployment) for more information.
+
+If you are looking for a cloud-based platform to deploy your NestJS application, check out [Mau](https://mau.nestjs.com), our official platform for deploying NestJS applications on AWS. Mau makes deployment straightforward and fast, requiring just a few simple steps:
+
+```bash
+$ pnpm install -g mau
+$ mau deploy
+```
+
+With Mau, you can deploy your application in just a few clicks, allowing you to focus on building features rather than managing infrastructure.
+
+## Resources
+
+Check out a few resources that may come in handy when working with NestJS:
+
+- Visit the [NestJS Documentation](https://docs.nestjs.com) to learn more about the framework.
+- For questions and support, please visit our [Discord channel](https://discord.gg/G7Qnnhy).
+- To dive deeper and get more hands-on experience, check out our official video [courses](https://courses.nestjs.com/).
+- Deploy your application to AWS with the help of [NestJS Mau](https://mau.nestjs.com) in just a few clicks.
+- Visualize your application graph and interact with the NestJS application in real-time using [NestJS Devtools](https://devtools.nestjs.com).
+- Need help with your project (part-time to full-time)? Check out our official [enterprise support](https://enterprise.nestjs.com).
+- To stay in the loop and get updates, follow us on [X](https://x.com/nestframework) and [LinkedIn](https://linkedin.com/company/nestjs).
+- Looking for a job, or have a job to offer? Check out our official [Jobs board](https://jobs.nestjs.com).
+
+## Support
+
+Nest is an MIT-licensed open source project. It can grow thanks to the sponsors and support by the amazing backers. If you'd like to join them, please [read more here](https://docs.nestjs.com/support).
+
+## Stay in touch
+
+- Author - [Kamil Myśliwiec](https://twitter.com/kammysliwiec)
+- Website - [https://nestjs.com](https://nestjs.com/)
+- Twitter - [@nestframework](https://twitter.com/nestframework)
+
+## License
+
+Nest is [MIT licensed](https://github.com/nestjs/nest/blob/master/LICENSE).

apps/backend/nest-cli.json

@@ -0,0 +1,8 @@
+{
+  "$schema": "https://json.schemastore.org/nest-cli",
+  "collection": "@nestjs/schematics",
+  "sourceRoot": "src",
+  "compilerOptions": {
+    "deleteOutDir": true
+  }
+}

apps/backend/package.json

@@ -0,0 +1,94 @@
+{
+  "name": "tone-page-server",
+  "version": "0.0.1",
+  "description": "",
+  "author": "",
+  "private": true,
+  "license": "UNLICENSED",
+  "scripts": {
+    "build": "nest build",
+    "format": "prettier --write \"src/**/*.ts\" \"test/**/*.ts\"",
+    "start": "nest start",
+    "start:dev": "nest start --watch",
+    "start:debug": "nest start --debug --watch",
+    "start:prod": "node dist/main",
+    "lint": "eslint \"{src,apps,libs,test}/**/*.ts\" --fix",
+    "test": "jest",
+    "test:watch": "jest --watch",
+    "test:cov": "jest --coverage",
+    "test:debug": "node --inspect-brk -r tsconfig-paths/register -r ts-node/register node_modules/.bin/jest --runInBand",
+    "test:e2e": "jest --config ./test/jest-e2e.json",
+    "migration:generate": "typeorm migration:generate -d src/data-source.ts",
+    "migration:run": "typeorm migration:run -d dist/data-source.js",
+    "migration:revert": "typeorm migration:revert -d dist/data-source.js"
+  },
+  "dependencies": {
+    "@alicloud/credentials": "^2.4.3",
+    "@alicloud/dm20151123": "1.2.6",
+    "@alicloud/dypnsapi20170525": "^2.0.0",
+    "@alicloud/dysmsapi20170525": "4.1.0",
+    "@alicloud/openapi-client": "^0.4.14",
+    "@alicloud/tea-util": "^1.4.10",
+    "@nestjs/common": "^10.0.0",
+    "@nestjs/config": "^4.0.2",
+    "@nestjs/core": "^10.0.0",
+    "@nestjs/mapped-types": "*",
+    "@nestjs/platform-express": "^10.0.0",
+    "@nestjs/throttler": "^6.4.0",
+    "@nestjs/typeorm": "^11.0.0",
+    "@simplewebauthn/server": "^13.2.2",
+    "@types/ali-oss": "^6.16.11",
+    "ali-oss": "^6.23.0",
+    "class-transformer": "^0.5.1",
+    "class-validator": "^0.14.2",
+    "cookie-parser": "^1.4.7",
+    "dotenv": "^17.2.3",
+    "jsonwebtoken": "^9.0.2",
+    "pg": "^8.15.6",
+    "reflect-metadata": "^0.2.0",
+    "rxjs": "^7.8.1",
+    "typeorm": "^0.3.22",
+    "uuid": "^11.1.0"
+  },
+  "devDependencies": {
+    "@nestjs/cli": "^10.0.0",
+    "@nestjs/schematics": "^10.0.0",
+    "@nestjs/testing": "^10.0.0",
+    "@types/cookie-parser": "^1.4.10",
+    "@types/express": "^5.0.0",
+    "@types/jest": "^29.5.2",
+    "@types/node": "^20.3.1",
+    "@types/supertest": "^6.0.0",
+    "@typescript-eslint/eslint-plugin": "^8.0.0",
+    "@typescript-eslint/parser": "^8.0.0",
+    "eslint": "^8.0.0",
+    "eslint-config-prettier": "^9.0.0",
+    "eslint-plugin-prettier": "^5.0.0",
+    "jest": "^29.5.0",
+    "prettier": "^3.0.0",
+    "source-map-support": "^0.5.21",
+    "supertest": "^7.0.0",
+    "ts-jest": "^29.1.0",
+    "ts-loader": "^9.4.3",
+    "ts-node": "^10.9.1",
+    "tsconfig-paths": "^4.2.0",
+    "typescript": "^5.1.3"
+  },
+  "jest": {
+    "moduleFileExtensions": [
+      "js",
+      "json",
+      "ts"
+    ],
+    "rootDir": "src",
+    "testRegex": ".*\\.spec\\.ts$",
+    "transform": {
+      "^.+\\.(t|j)s$": "ts-jest"
+    },
+    "collectCoverageFrom": [
+      "**/*.(t|j)s"
+    ],
+    "coverageDirectory": "../coverage",
+    "testEnvironment": "node"
+  }
+}

apps/backend/src/admin/admin.controller.spec.ts

@@ -0,0 +1,18 @@
+import { Test, TestingModule } from '@nestjs/testing';
+import { AdminController } from './admin.controller';
+
+describe('AdminController', () => {
+  let controller: AdminController;
+
+  beforeEach(async () => {
+    const module: TestingModule = await Test.createTestingModule({
+      controllers: [AdminController],
+    }).compile();
+
+    controller = module.get<AdminController>(AdminController);
+  });
+
+  it('should be defined', () => {
+    expect(controller).toBeDefined();
+  });
+});

apps/backend/src/admin/admin.controller.ts

@@ -0,0 +1,4 @@
+import { Controller } from '@nestjs/common';
+
+@Controller('admin')
+export class AdminController {}

apps/backend/src/admin/admin.module.ts

@@ -0,0 +1,32 @@
+import { Module } from '@nestjs/common';
+import { AdminController } from './admin.controller';
+import { AdminUserController } from './controller/admin-user.controller';
+import { TypeOrmModule } from '@nestjs/typeorm';
+import { User } from 'src/user/entities/user.entity';
+import { UserModule } from 'src/user/user.module';
+import { AdminWebResourceController } from './controller/web/admin-web-resource.controller';
+import { AdminWebBlogController } from './controller/web/admin-web-blog.controller';
+import { ResourceModule } from 'src/resource/resource.module';
+import { BlogModule } from 'src/blog/blog.module';
+import { AuthModule } from 'src/auth/auth.module';
+import { AdminResourceService } from './services/admin.resource.service';
+
+@Module({
+  providers: [
+    AdminResourceService,
+  ],
+  imports: [
+    TypeOrmModule.forFeature([User]),
+    UserModule,
+    ResourceModule,
+    BlogModule,
+    AuthModule,
+  ],
+  controllers: [
+    AdminController,
+    AdminUserController,
+    AdminWebResourceController,
+    AdminWebBlogController,
+  ],
+})
+export class AdminModule {}

apps/backend/src/admin/controller/admin-user.controller.ts

@@ -0,0 +1,83 @@
+import {
+  Body,
+  Controller,
+  Delete,
+  Get,
+  Param,
+  ParseUUIDPipe,
+  Post,
+  Put,
+  Query,
+  UseGuards,
+} from '@nestjs/common';
+import { ListDto } from '../dto/admin-user/list.dto';
+import { CreateDto } from '../dto/admin-user/create.dto';
+import { UserService } from 'src/user/user.service';
+import { UpdateDto } from '../dto/admin-user/update.dto';
+import { UpdatePasswordDto } from '../dto/admin-user/update-password.dto';
+import { RemoveUserDto } from '../dto/admin-user/remove.dto';
+import { RolesGuard } from 'src/common/guard/roles.guard';
+import { Roles } from 'src/common/decorators/role.decorator';
+import { Role } from 'src/auth/role.enum';
+import { AuthGuard } from 'src/auth/guards/auth.guard';
+
+@Controller('admin/user')
+@UseGuards(AuthGuard, RolesGuard)
+@Roles(Role.Admin)
+export class AdminUserController {
+  constructor(private readonly userService: UserService) { }
+
+  @Get()
+  async list(@Query() listDto: ListDto) {
+    return this.userService.list(listDto.page, listDto.pageSize);
+  }
+
+  @Get(':userId')
+  async get(
+    @Param('userId', new ParseUUIDPipe({ version: '4' })) userId: string,
+  ) {
+    return this.userService.findOne({ userId });
+  }
+
+  @Post()
+  async create(@Body() createDto: CreateDto) {
+    return this.userService.register({
+      ...createDto,
+      ...(createDto.password &&
+        (() => {
+          const salt = this.userService.generateSalt();
+          return {
+            salt,
+            password_hash: this.userService.hashPassword(
+              createDto.password,
+              salt,
+            ),
+          };
+        })()),
+    });
+  }
+
+  @Put(':userId')
+  async update(
+    @Param('userId', new ParseUUIDPipe({ version: '4' })) userId: string,
+    @Body() updateDto: UpdateDto,
+  ) {
+    return this.userService.update(userId, updateDto);
+  }
+
+  @Delete(':userId')
+  async delete(
+    @Param('userId', new ParseUUIDPipe({ version: '4' })) userId: string,
+    @Query() dto: RemoveUserDto,
+  ) {
+    return this.userService.delete(userId, dto.soft);
+  }
+
+  @Post(':userId/password')
+  async setPassword(
+    @Param('userId', new ParseUUIDPipe({ version: '4' })) userId: string,
+    @Body() updatePasswordDto: UpdatePasswordDto,
+  ) {
+    return this.userService.setPassword(userId, updatePasswordDto.password);
+  }
+}

apps/backend/src/admin/controller/web/admin-web-blog.controller.ts

@@ -0,0 +1,64 @@
+import {
+  Body,
+  Controller,
+  Delete,
+  Get,
+  Param,
+  ParseUUIDPipe,
+  Post,
+  Put,
+  UseGuards,
+} from '@nestjs/common';
+import { CreateBlogDto } from 'src/admin/dto/admin-web/create-blog.dto';
+import { SetBlogPasswordDto } from 'src/admin/dto/admin-web/set-blog-password.dto';
+import { UpdateBlogDto } from 'src/admin/dto/admin-web/update-blog.dto';
+import { AuthGuard } from 'src/auth/guards/auth.guard';
+import { Role } from 'src/auth/role.enum';
+import { BlogService } from 'src/blog/blog.service';
+import { Roles } from 'src/common/decorators/role.decorator';
+import { RolesGuard } from 'src/common/guard/roles.guard';
+
+@Controller('/admin/web/blog')
+@UseGuards(AuthGuard, RolesGuard)
+@Roles(Role.Admin)
+export class AdminWebBlogController {
+  constructor(private readonly adminWebBlogService: BlogService) { }
+
+  @Get()
+  async list() {
+    return this.adminWebBlogService.list({
+      withAll: true,
+    });
+  }
+
+  @Post()
+  async create(@Body() dto: CreateBlogDto) {
+    return this.adminWebBlogService.create(dto);
+  }
+
+  @Put(':id')
+  async update(
+    @Param('id', new ParseUUIDPipe({ version: '4' })) id: string,
+    @Body() dto: UpdateBlogDto,
+  ) {
+    return this.adminWebBlogService.update(id, dto);
+  }
+
+  @Post(':id/password')
+  async setPassword(
+    @Param('id', new ParseUUIDPipe({ version: '4' })) id: string,
+    @Body() dto: SetBlogPasswordDto,
+  ) {
+    return this.adminWebBlogService.setPassword(id, dto.password);
+  }
+
+  @Get(':id')
+  async get(@Param('id', new ParseUUIDPipe({ version: '4' })) id: string) {
+    return this.adminWebBlogService.findById(id);
+  }
+
+  @Delete(':id')
+  async remove(@Param('id', new ParseUUIDPipe({ version: '4' })) id: string) {
+    return this.adminWebBlogService.remove(id);
+  }
+}

apps/backend/src/admin/controller/web/admin-web-resource.controller.ts

@@ -0,0 +1,56 @@
+import {
+  Body,
+  Controller,
+  Delete,
+  Get,
+  Param,
+  ParseUUIDPipe,
+  Post,
+  Put,
+  UseGuards,
+} from '@nestjs/common';
+import { CreateResourceDto } from 'src/admin/dto/admin-web/create-resource.dto';
+import { AdminResourceService } from 'src/admin/services/admin.resource.service';
+import { AuthGuard } from 'src/auth/guards/auth.guard';
+import { Role } from 'src/auth/role.enum';
+import { Roles } from 'src/common/decorators/role.decorator';
+import { RolesGuard } from 'src/common/guard/roles.guard';
+
+@Controller('/admin/web/resource')
+@UseGuards(AuthGuard, RolesGuard)
+@Roles(Role.Admin)
+export class AdminWebResourceController {
+
+  constructor(private readonly resourceService: AdminResourceService) { }
+
+  @Get()
+  async list() {
+    return this.resourceService.findAll();
+  }
+
+  @Get(':id')
+  async get(@Param('id', new ParseUUIDPipe({ version: '4' })) id: string) {
+    return this.resourceService.findById(id);
+  }
+
+  @Post()
+  async create(@Body() data: CreateResourceDto) {
+    return this.resourceService.create(data);
+  }
+
+  @Put(':id')
+  async update(
+    @Param('id', new ParseUUIDPipe({ version: '4' })) id: string,
+    @Body() data: CreateResourceDto,
+  ) {
+    return this.resourceService.update({
+      ...data,
+      id,
+    });
+  }
+
+  @Delete(':id')
+  async delete(@Param('id', new ParseUUIDPipe({ version: '4' })) id: string) {
+    return this.resourceService.delete(id);
+  }
+}

apps/backend/src/admin/dto/admin-permission/create-permission.dto.ts

@@ -0,0 +1,9 @@
+import { IsString } from 'class-validator';
+
+export class CreatePermissionDto {
+  @IsString()
+  name: string;
+
+  @IsString()
+  description: string;
+}

apps/backend/src/admin/dto/admin-role-permission/delete-role-permissions.dto.ts

@@ -0,0 +1,8 @@
+import { ArrayMinSize, IsArray, IsUUID } from 'class-validator';
+
+export class DeleteRolePermissionsDto {
+  @IsArray()
+  @ArrayMinSize(1)
+  @IsUUID('4', { each: true })
+  permissionIds: string[];
+}

apps/backend/src/admin/dto/admin-role-permission/set-role-permissions.dto.ts

@@ -0,0 +1,8 @@
+import { ArrayMinSize, IsArray, IsUUID } from 'class-validator';
+
+export class SetRolePermissionsDto {
+  @IsArray()
+  @ArrayMinSize(1)
+  @IsUUID('4', { each: true })
+  permissionIds: string[];
+}

apps/backend/src/admin/dto/admin-role/create-role.dto.ts

@@ -0,0 +1,9 @@
+import { IsString } from 'class-validator';
+
+export class CreateRoleDto {
+  @IsString()
+  name: string;
+
+  @IsString()
+  localName: string;
+}

apps/backend/src/admin/dto/admin-user-role/create-user-role.dto.ts

@@ -0,0 +1,13 @@
+import { IsBoolean, IsDateString, IsOptional, IsUUID } from 'class-validator';
+
+export class CreateUserRoleDto {
+  @IsUUID('4')
+  roleId: string;
+
+  @IsBoolean()
+  isEnabled: boolean;
+
+  @IsOptional()
+  @IsDateString()
+  expiredAt?: Date;
+}

apps/backend/src/admin/dto/admin-user-role/delete-user-role.dto.ts

@@ -0,0 +1,6 @@
+import { IsUUID } from 'class-validator';
+
+export class DeleteUserRoleDto {
+  @IsUUID('4')
+  roleId: string;
+}

apps/backend/src/admin/dto/admin-user/create.dto.ts

@@ -0,0 +1,32 @@
+import { IsString, Length, Matches, ValidateIf } from 'class-validator';
+
+export class CreateDto {
+  @ValidateIf((o) => o.username !== null)
+  @IsString({ message: '用户名不得为空' })
+  @Length(4, 32, { message: '用户名长度只能为4~32' })
+  username: string | null;
+
+  @ValidateIf((o) => o.nickname !== null)
+  @IsString({ message: '昵称不得为空' })
+  @Length(1, 30, { message: '昵称长度只能为1~30' })
+  nickname: string | null;
+
+  @ValidateIf((o) => o.email !== null)
+  @IsString({ message: '邮箱不得为空' })
+  @Length(6, 254, { message: '邮箱长度只能为6~254' })
+  email: string | null;
+
+  @ValidateIf((o) => o.phone !== null)
+  @IsString({ message: '手机号不得为空' })
+  @Length(11, 11, { message: '手机号长度只能为11' })
+  phone: string | null;
+
+  @ValidateIf((o) => o.password !== null)
+  @IsString({ message: '密码不得为空' })
+  @Length(6, 32, { message: '密码长度只能为6~32' })
+  @Matches(
+    /^(?=.*[a-zA-Z])(?=.*\d)[a-zA-Z\d!@#$%^&*()_+\-=\[\]{};:'",.<>/?]{6,32}$/,
+    { message: '密码必须包含字母和数字，且长度在6~32之间' },
+  )
+  password: string | null;
+}

apps/backend/src/admin/dto/admin-user/list.dto.ts

@@ -0,0 +1,3 @@
+import { PaginationDto } from '../common/pagination.dto';
+
+export class ListDto extends PaginationDto {}

apps/backend/src/admin/dto/admin-user/remove.dto.ts

@@ -0,0 +1,8 @@
+import { Transform } from 'class-transformer';
+import { IsBoolean } from 'class-validator';
+
+export class RemoveUserDto {
+  @Transform(({ value }) => value === 'true')
+  @IsBoolean({ message: '需指定删除类型' })
+  soft: boolean;
+}

apps/backend/src/admin/dto/admin-user/update-password.dto.ts

@@ -0,0 +1,11 @@
+import { IsString, Length, Matches } from 'class-validator';
+
+export class UpdatePasswordDto {
+  @IsString({ message: '密码不得为空' })
+  @Length(6, 32, { message: '密码长度只能为6~32' })
+  @Matches(
+    /^(?=.*[a-zA-Z])(?=.*\d)[a-zA-Z\d!@#$%^&*()_+\-=\[\]{};:'",.<>/?]{6,32}$/,
+    { message: '密码必须包含字母和数字，且长度在6~32之间' },
+  )
+  password: string;
+}

apps/backend/src/admin/dto/admin-user/update.dto.ts

@@ -0,0 +1,35 @@
+import {
+  IsEmail,
+  IsOptional,
+  IsString,
+  Length,
+  Matches,
+} from 'class-validator';
+
+export class UpdateDto {
+  @IsString({ message: '用户名不得为空' })
+  @Length(4, 32, { message: '用户名长度只能为4~32' })
+  username: string;
+
+  @IsString({ message: '昵称不得为空' })
+  @Length(1, 30, { message: '昵称长度只能为1~30' })
+  nickname: string;
+
+  @IsOptional()
+  @IsEmail({}, { message: '请输入有效的邮箱地址', always: false })
+  @Length(6, 254, {
+    message: '邮箱长度只能为6~254',
+    // 仅在值不为 null 或 undefined 时验证
+    always: false,
+  })
+  email?: string;
+
+  @IsOptional() // 标记字段为可选
+  @IsString({ message: '手机号不得为空', always: false })
+  @Matches(/^1[3456789]\d{9}$/, {
+    message: '请输入有效的手机号码',
+    // 仅在值不为 null 或 undefined 时验证
+    always: false,
+  })
+  phone?: string;
+}

apps/backend/src/admin/dto/admin-web/create-blog.dto.ts

@@ -0,0 +1,22 @@
+import { IsEnum, IsString } from 'class-validator';
+import { BlogPermission } from 'src/blog/blog.permission.enum';
+
+export class CreateBlogDto {
+  @IsString()
+  title: string;
+
+  @IsString()
+  slug: string;// 允许空串，但如果为空则需要手动设置为null，防止数据库唯一键冲突
+
+  @IsString()
+  description: string;
+
+  @IsString()
+  contentUrl: string;
+
+  @IsEnum(BlogPermission, { each: true, message: '请求类型错误' })
+  permissions: BlogPermission[];
+
+  @IsString()
+  password: string; // 允许空串
+}

apps/backend/src/admin/dto/admin-web/create-resource.dto.ts

@@ -0,0 +1,28 @@
+import { Type } from 'class-transformer';
+import { IsString, ValidateNested } from 'class-validator';
+
+class ResourceTagDto {
+  @IsString()
+  name: string;
+
+  @IsString()
+  type: string;
+}
+
+export class CreateResourceDto {
+  @IsString()
+  title: string;
+
+  @IsString()
+  description: string;
+
+  @IsString()
+  imageUrl: string;
+
+  @IsString()
+  link: string;
+
+  @ValidateNested({ each: true })
+  @Type(() => ResourceTagDto)
+  tags: ResourceTagDto[];
+}

apps/backend/src/admin/dto/admin-web/set-blog-password.dto.ts

@@ -0,0 +1,6 @@
+import { IsString } from 'class-validator';
+
+export class SetBlogPasswordDto {
+  @IsString()
+  password: string;
+}

apps/backend/src/admin/dto/admin-web/update-blog.dto.ts

@@ -0,0 +1,19 @@
+import { IsEnum, IsString } from 'class-validator';
+import { BlogPermission } from 'src/blog/blog.permission.enum';
+
+export class UpdateBlogDto {
+  @IsString()
+  title: string;
+
+  @IsString()
+  description: string;
+
+  @IsString()
+  slug: string;
+
+  @IsString()
+  contentUrl: string;
+
+  @IsEnum(BlogPermission, { each: true, message: '请求类型错误' })
+  permissions: BlogPermission[];
+}

apps/backend/src/admin/dto/common/pagination.dto.ts

@@ -0,0 +1,16 @@
+import { Type } from 'class-transformer';
+import { IsInt, IsOptional, Min } from 'class-validator';
+
+export class PaginationDto {
+  @IsOptional()
+  @Type(() => Number)
+  @IsInt()
+  @Min(1)
+  page?: number = 1;
+
+  @IsOptional()
+  @Type(() => Number)
+  @IsInt()
+  @Min(1)
+  pageSize?: number = 20;
+}

apps/backend/src/admin/services/admin.resource.service.ts

@@ -0,0 +1,42 @@
+import { Injectable } from "@nestjs/common";
+import { InjectRepository } from "@nestjs/typeorm";
+import { Resource } from "src/resource/entity/resource.entity";
+import { Repository } from "typeorm";
+
+@Injectable()
+export class AdminResourceService {
+
+    constructor(
+        @InjectRepository(Resource)
+        private readonly resourceRepository: Repository<Resource>,
+    ) { }
+
+
+    async findAll() {
+        return this.resourceRepository.find({
+            order: {
+                updatedAt: 'DESC',
+            }
+        });
+    }
+
+    async findById(id: string): Promise<Resource> {
+        return this.resourceRepository.findOne({ where: { id } });
+    }
+
+    async create(data: Partial<Resource>): Promise<Resource> {
+        const resource = this.resourceRepository.create(data);
+        return this.resourceRepository.save(resource);
+    }
+
+    async update(data: Partial<Resource>): Promise<Resource> {
+        // const updateRes =  await this.resourceRepository.update(id, data);
+        // updateRes.affected
+        // return this.resourceRepository.findOne({ where: { id } });
+        return this.resourceRepository.save(data);
+    }
+
+    async delete(id: string): Promise<void> {
+        await this.resourceRepository.delete(id);
+    }
+}

apps/backend/src/app.controller.spec.ts

@@ -0,0 +1,22 @@
+import { Test, TestingModule } from '@nestjs/testing';
+import { AppController } from './app.controller';
+import { AppService } from './app.service';
+
+describe('AppController', () => {
+  let appController: AppController;
+
+  beforeEach(async () => {
+    const app: TestingModule = await Test.createTestingModule({
+      controllers: [AppController],
+      providers: [AppService],
+    }).compile();
+
+    appController = app.get<AppController>(AppController);
+  });
+
+  describe('root', () => {
+    it('should return "Hello World!"', () => {
+      expect(appController.getHello()).toBe('Hello World!');
+    });
+  });
+});

apps/backend/src/app.controller.ts

@@ -0,0 +1,12 @@
+import { Controller, Get } from '@nestjs/common';
+import { AppService } from './app.service';
+
+@Controller()
+export class AppController {
+  constructor(private readonly appService: AppService) {}
+
+  @Get()
+  getHello(): string {
+    return this.appService.getHello();
+  }
+}

apps/backend/src/app.module.ts

@@ -0,0 +1,61 @@
+import { Module } from '@nestjs/common';
+import { AppController } from './app.controller';
+import { AppService } from './app.service';
+import { ConfigModule } from '@nestjs/config';
+import { TypeOrmModule } from '@nestjs/typeorm';
+import { UserModule } from './user/user.module';
+import { AuthModule } from './auth/auth.module';
+import { VerificationModule } from './verification/verification.module';
+import { NotificationModule } from './notification/notification.module';
+import { ResourceModule } from './resource/resource.module';
+import { BlogModule } from './blog/blog.module';
+import { AdminModule } from './admin/admin.module';
+import { OssModule } from './oss/oss.module';
+import { ThrottlerModule } from '@nestjs/throttler';
+import { CaptchaModule } from './captcha/captcha.module';
+import { SmsModule } from './sms/sms.module';
+import { CommonModule } from './common/common.module';
+import { AppDataSource } from './data-source';
+
+@Module({
+  imports: [
+    ConfigModule.forRoot({ isGlobal: true }),
+    TypeOrmModule.forRootAsync({
+      useFactory: () => AppDataSource.options,
+    }),
+    ThrottlerModule.forRoot({
+      ignoreUserAgents: [/googlebot/i, /bingbot/i],
+      throttlers: [
+        {
+          name: 'min',
+          limit: 100,
+          ttl: 60 * 1000,
+        },
+        {
+          name: 'hour',
+          limit: 500,
+          ttl: 60 * 60 * 1000,
+        },
+        {
+          name: 'day',
+          limit: 10000,
+          ttl: 24 * 60 * 60 * 1000,
+        },
+      ],
+    }),
+    UserModule,
+    AuthModule,
+    VerificationModule,
+    NotificationModule,
+    ResourceModule,
+    BlogModule,
+    AdminModule,
+    OssModule,
+    CaptchaModule,
+    SmsModule,
+    CommonModule,
+  ],
+  controllers: [AppController],
+  providers: [AppService],
+})
+export class AppModule { }

apps/backend/src/app.service.ts

@@ -0,0 +1,8 @@
+import { Injectable } from '@nestjs/common';
+
+@Injectable()
+export class AppService {
+  getHello(): string {
+    return 'Hello World!';
+  }
+}

apps/backend/src/auth/auth.controller.spec.ts

@@ -0,0 +1,18 @@
+import { Test, TestingModule } from '@nestjs/testing';
+import { AuthController } from './auth.controller';
+
+describe('AuthController', () => {
+  let controller: AuthController;
+
+  beforeEach(async () => {
+    const module: TestingModule = await Test.createTestingModule({
+      controllers: [AuthController],
+    }).compile();
+
+    controller = module.get<AuthController>(AuthController);
+  });
+
+  it('should be defined', () => {
+    expect(controller).toBeDefined();
+  });
+});

apps/backend/src/auth/auth.controller.ts

@@ -0,0 +1,183 @@
+import {
+  BadRequestException,
+  Body,
+  Controller,
+  Post,
+  Req,
+  Res,
+  UseGuards,
+} from '@nestjs/common';
+import { LoginByPasswordDto } from './dto/login.dto';
+import { AuthService } from './auth.service';
+import { UserSessionService } from 'src/auth/service/user-session.service';
+import { Throttle, ThrottlerGuard } from '@nestjs/throttler';
+import { Request, Response } from 'express';
+import { UserService } from 'src/user/user.service';
+import { AuthGuard } from './guards/auth.guard';
+import { SmsLoginDto } from './dto/sms-login.dto';
+import { SmsService } from 'src/sms/sms.service';
+import { UserSession } from 'src/auth/entity/user-session.entity';
+import { PasskeyService } from './service/passkey.service';
+import { v4 as uuidv4 } from 'uuid';
+import { PasskeyLoginDto } from './dto/passkey-login.dto';
+import { AuthUser, CurrentUser } from './decorator/current-user.decorator';
+import { PasskeyRegisterDto } from './dto/passkey-register.dto';
+
+@Controller('auth')
+export class AuthController {
+  constructor(
+    private readonly authService: AuthService,
+    private readonly userService: UserService,
+    private readonly userSessionService: UserSessionService,
+    private readonly smsService: SmsService,
+    private readonly passkeyService: PasskeyService,
+  ) { }
+
+  private setUserSession(res: Response, session: UserSession) {
+    res.cookie('session', session.sessionId, {
+      httpOnly: true,
+      secure: process.env.NODE_ENV === 'production',
+      sameSite: 'lax',
+      // 永不过期，不用设置maxAge
+      path: '/',
+    })
+  }
+
+  @Post('login/password')
+  @UseGuards(ThrottlerGuard)
+  @Throttle({
+    'min': { limit: 5, ttl: 60 * 1000 },
+    'hour': { limit: 20, ttl: 60 * 60 * 1000 },
+    'day': { limit: 50, ttl: 24 * 60 * 60 * 1000 }
+  })
+  async loginByPassword(
+    @Body() loginDto: LoginByPasswordDto,
+    @Res({ passthrough: true }) res: Response,
+  ) {
+    const { identifier, password } = loginDto;
+    const session = await this.authService.loginWithPassword(identifier, password);
+    this.setUserSession(res, session);
+    return {
+      user: await this.userService.findById(session.userId),
+    };
+  }
+
+  @Post('login/sms')
+  @UseGuards(ThrottlerGuard)
+  @Throttle({
+    'day': { limit: 50, ttl: 24 * 60 * 60 * 1000 }
+  })
+  async loginBySms(
+    @Body() dto: SmsLoginDto,
+    @Res({ passthrough: true }) res: Response,
+  ) {
+    const { phone, code } = dto;
+    await this.smsService.checkSms(phone, 'login', code);
+    // 验证通过，（注册并）登陆
+    const session = await this.authService.loginWithPhone(phone);
+    this.setUserSession(res, session);
+    return {
+      user: await this.userService.findById(session.userId),
+    }
+  }
+
+
+  @Post('passkey/login/options')
+  @UseGuards(ThrottlerGuard)
+  @Throttle({
+    'day': { limit: 20, ttl: 24 * 60 * 60 * 1000 }
+  })
+  async loginByPasskeyOptions(
+    @Res({ passthrough: true }) res: Response,
+  ) {
+    const tempSessionId = uuidv4();
+    const options = await this.passkeyService.getAuthenticationOptions(tempSessionId);
+
+    res.cookie('passkey_temp_session', tempSessionId, {
+      httpOnly: true,
+      secure: process.env.NODE_ENV === 'production',
+      sameSite: 'lax',
+      path: '/api/auth/passkey/login',
+      maxAge: 1 * 60 * 1000,
+    });
+    return options;
+  }
+
+  @Post('passkey/login')
+  @UseGuards(ThrottlerGuard)
+  @Throttle({
+    'day': { limit: 20, ttl: 24 * 60 * 60 * 1000 }
+  })
+  async loginByPasskey(
+    @Req() req: Request,
+    @Body() body: PasskeyLoginDto,
+    @Res({ passthrough: true }) res: Response,
+  ) {
+    const tempSessionId = req.cookies?.passkey_temp_session;
+    if (!tempSessionId) {
+      throw new BadRequestException('登录失败，请重试');
+    }
+
+    try {
+      const user = await this.passkeyService.login(tempSessionId, body.credentialResponse);
+
+      const session = await this.userSessionService.createSession(user.userId);
+
+      this.setUserSession(res, session);
+
+      return {
+        user: await this.userService.findById(user.userId),
+      };
+    } catch (error) {
+      throw error;
+    } finally {
+      res.clearCookie('passkey_temp_session', {
+        httpOnly: true,
+        secure: process.env.NODE_ENV === 'production',
+        sameSite: 'lax',
+        path: '/api/auth/passkey/login',
+      });
+    }
+  }
+
+  @UseGuards(AuthGuard)
+  @Post('passkey/register/options')
+  async getPasskeyRegisterOptions(
+    @CurrentUser() user: AuthUser,
+  ) {
+    const { userId } = user;
+    return this.passkeyService.getRegistrationOptions(userId);
+  }
+
+  @UseGuards(AuthGuard)
+  @Post('passkey/register')
+  async registerPasskey(
+    @CurrentUser() user: AuthUser,
+    @Body() dto: PasskeyRegisterDto,
+  ) {
+    const { userId } = user;
+    const { credentialResponse, name } = dto;
+
+    const passkey = await this.passkeyService.register(userId, credentialResponse, name.trim());
+
+    return {
+      id: passkey.id,
+      name: passkey.name,
+      createdAt: passkey.createdAt,
+    };
+  }
+
+  @UseGuards(AuthGuard)
+  @Post('logout')
+  async logout(@CurrentUser() user: AuthUser, @Res({ passthrough: true }) res: Response) {
+    const { sessionId } = user;
+    await this.userSessionService.invalidateSession(sessionId, '用户主动登出');
+    res.clearCookie('session', {
+      httpOnly: true,
+      secure: process.env.NODE_ENV === 'production',
+      sameSite: 'lax',
+      path: '/',
+    })
+    return true;
+  }
+}

apps/backend/src/auth/auth.module.ts

@@ -0,0 +1,28 @@
+import { forwardRef, Module } from '@nestjs/common';
+import { AuthController } from './auth.controller';
+import { AuthService } from './auth.service';
+import { UserModule } from 'src/user/user.module';
+import { TypeOrmModule } from '@nestjs/typeorm';
+import { UserSession } from 'src/auth/entity/user-session.entity';
+import { ConfigModule } from '@nestjs/config';
+import { VerificationModule } from 'src/verification/verification.module';
+import { AuthGuard } from './guards/auth.guard';
+import { OptionalAuthGuard } from './guards/optional-auth.guard';
+import { SmsModule } from 'src/sms/sms.module';
+import { PasskeyCredential } from './entity/passkey-credential.entity';
+import { UserSessionService } from './service/user-session.service';
+import { PasskeyService } from './service/passkey.service';
+
+@Module({
+  imports: [
+    ConfigModule,
+    forwardRef(() => UserModule),
+    TypeOrmModule.forFeature([UserSession, PasskeyCredential]),
+    VerificationModule,
+    SmsModule,
+  ],
+  controllers: [AuthController],
+  providers: [AuthService, UserSessionService, PasskeyService, AuthGuard, OptionalAuthGuard],
+  exports: [AuthService, UserSessionService, PasskeyService, AuthGuard, OptionalAuthGuard],
+})
+export class AuthModule { }

apps/backend/src/auth/auth.service.spec.ts

@@ -0,0 +1,18 @@
+import { Test, TestingModule } from '@nestjs/testing';
+import { AuthService } from './auth.service';
+
+describe('AuthService', () => {
+  let service: AuthService;
+
+  beforeEach(async () => {
+    const module: TestingModule = await Test.createTestingModule({
+      providers: [AuthService],
+    }).compile();
+
+    service = module.get<AuthService>(AuthService);
+  });
+
+  it('should be defined', () => {
+    expect(service).toBeDefined();
+  });
+});

apps/backend/src/auth/auth.service.ts

@@ -0,0 +1,76 @@
+import { createHash } from 'crypto';
+import { BadRequestException, Injectable } from '@nestjs/common';
+import { UserService } from 'src/user/user.service';
+import { UserSessionService } from 'src/auth/service/user-session.service';
+import { BusinessException } from 'src/common/exceptions/business.exception';
+import { ErrorCode } from 'src/common/constants/error-codes';
+
+@Injectable()
+export class AuthService {
+  constructor(
+    private readonly userService: UserService,
+    private readonly userSessionService: UserSessionService,
+  ) { }
+
+  async loginWithPassword(identifier: string, password: string) {
+    // 依次使用邮箱、手机号、账号登陆（防止有大聪明给账号改成别人的邮箱或手机号）
+    const user = await this.userService.findOne(
+      [{ email: identifier }, { phone: identifier }, { username: identifier }],
+      {
+        withDeleted: true,
+      },
+    );
+
+    if (user && user.deletedAt !== null) {
+      throw new BusinessException({
+        message: '该账号注销中',
+        code: ErrorCode.USER_ACCOUNT_DEACTIVATED,
+      });
+    }
+
+    if (user === null || !user.password_hash || !user.salt) {
+      throw new BusinessException({
+        message: '账户或密码错误',
+        code: ErrorCode.AUTH_INVALID_CREDENTIALS
+      });
+    }
+
+    // 判断密码是否正确
+    const hashedPassword = this.hashPassword(password, user.salt);
+    if (hashedPassword !== user.password_hash) {
+      throw new BusinessException({
+        message: '账户或密码错误',
+        code: ErrorCode.AUTH_INVALID_CREDENTIALS
+      });
+    }
+
+    const { userId } = user;
+
+    return this.userSessionService.createSession(userId);
+  }
+
+  async loginWithPhone(phone: string) {
+    // 判断用户是否存在，若不存在则进行注册
+    let user = await this.userService.findOne({ phone }, { withDeleted: true });
+    if (user && user.deletedAt !== null) {
+      throw new BadRequestException('该账号注销中，请使用其他手机号');
+    }
+
+    if (!user) {
+      // 执行注册操作
+      user = await this.userService.register({ phone });
+    }
+
+    if (!user || !user.userId) {
+      // 注册失败或用户信息错误
+      throw new BadRequestException('请求失败，请稍后再试');
+    }
+
+    return this.userSessionService.createSession(user.userId);
+  }
+
+  private hashPassword(password: string, salt: string): string {
+    return createHash('sha256').update(`${password}${salt}`).digest('hex');
+  }
+
+}

apps/backend/src/auth/decorator/current-user.decorator.ts

@@ -0,0 +1,14 @@
+import { createParamDecorator, ExecutionContext } from '@nestjs/common';
+import { Request } from 'express';
+
+export interface AuthUser {
+    sessionId: string;
+    userId: string;
+}
+
+export const CurrentUser = createParamDecorator(
+    (data: unknown, ctx: ExecutionContext): AuthUser => {
+        const request = ctx.switchToHttp().getRequest<Request>();
+        return request.user;
+    },
+);

apps/backend/src/auth/dto/login.dto.ts

@@ -0,0 +1,37 @@
+import { IsEnum, IsString, Length, ValidateIf } from 'class-validator';
+
+// export class LoginDto {
+//   @IsEnum(['password', 'phone', 'email'], { message: '请求类型错误' })
+//   type: 'password' | 'phone' | 'email';
+
+//   @ValidateIf((o) => o.type === 'password')
+
+//   account?: string;
+
+
+
+//   @ValidateIf((o) => o.type === 'phone')
+//   @IsString({ message: '手机号必须输入' })
+//   @Length(11, 11, { message: '手机号异常' }) // 中国大陆，11位数字
+//   phone?: string;
+
+//   @ValidateIf((o) => o.type === 'email')
+//   @IsString({ message: '邮箱必须输入' })
+//   @Length(6, 254, { message: '邮箱异常' }) // RFC 5321
+//   email?: string;
+
+//   @ValidateIf((o) => o.type === 'phone' || o.type === 'email')
+//   @IsString({ message: '验证码必须输入' })
+//   @Length(6, 6, { message: '验证码异常' }) // 6位数字
+//   code?: string;
+// }
+
+export class LoginByPasswordDto {
+  @IsString({ message: '账户必须输入' })
+  @Length(1, 254, { message: '账户异常' }) // 用户名、邮箱、手机号
+  identifier: string;
+
+  @IsString({ message: '密码必须输入' })
+  @Length(6, 32, { message: '密码异常' }) // 6-32位
+  password: string;
+}

apps/backend/src/auth/dto/passkey-login.dto.ts

@@ -0,0 +1,6 @@
+import { IsObject } from "class-validator";
+
+export class PasskeyLoginDto {
+    @IsObject()
+    credentialResponse: any;
+}

apps/backend/src/auth/dto/passkey-register.dto.ts

@@ -0,0 +1,9 @@
+import { IsObject, IsString } from "class-validator";
+
+export class PasskeyRegisterDto {
+    @IsObject()
+    credentialResponse: any;
+
+    @IsString({ message: '通行证名称只能是字符串' })
+    name: string;
+}

apps/backend/src/auth/dto/sms-login.dto.ts

@@ -0,0 +1,13 @@
+import { IsPhoneNumber, Matches } from "class-validator";
+
+export class SmsLoginDto {
+    @IsPhoneNumber('CN', {
+        message: '请输入有效的中国大陆手机号',
+    })
+    phone: string;
+
+    @Matches(/^\d{6}$/, {
+        message: '验证码必须是6位数字',
+    })
+    code: string;
+}

apps/backend/src/auth/entity/passkey-credential.entity.ts

@@ -0,0 +1,36 @@
+import { User } from "src/user/entities/user.entity";
+import { Column, CreateDateColumn, Entity, Index, ManyToOne, PrimaryGeneratedColumn, UpdateDateColumn } from "typeorm";
+
+@Entity()
+@Index(['user'])
+export class PasskeyCredential {
+    @PrimaryGeneratedColumn('uuid')
+    id: string;
+
+    // 关联用户
+    @ManyToOne(() => User, user => user.passkeys, { onDelete: 'CASCADE' })
+    user: User;
+
+    // WebAuthn 必需字段
+    @Column({ length: 255 })
+    name: string; // 用户自定义名称，如 "iPhone", "工作笔记本"
+
+    @Column({ unique: true })
+    credentialId: string; // Base64URL 编码的 credentialId（唯一标识）
+
+    @Column({ type: 'text' })
+    publicKey: string; // Base64URL 编码的公钥（SPKI 格式）
+
+    @Column({ type: 'int' })
+    signCount: number; // 防重放攻击，每次签名递增
+
+    // 是否已验证（注册时验证，登录时更新）
+    @Column({ default: false })
+    verified: boolean;
+
+    @CreateDateColumn()
+    createdAt: Date;
+
+    @UpdateDateColumn()
+    updatedAt: Date;
+}

apps/backend/src/auth/entity/user-session.entity.ts

@@ -0,0 +1,25 @@
+import {
+  Column,
+  CreateDateColumn,
+  DeleteDateColumn,
+  Entity,
+  PrimaryGeneratedColumn,
+} from 'typeorm';
+
+@Entity()
+export class UserSession {
+  @PrimaryGeneratedColumn('uuid')
+  sessionId: string;
+
+  @Column({ length: 36 })
+  userId: string;
+
+  @Column({ nullable: true })
+  disabledReason?: string;
+
+  @CreateDateColumn({ precision: 3 })
+  createdAt: Date;
+
+  @DeleteDateColumn({ nullable: true, precision: 3 })
+  deletedAt: Date;
+}

apps/backend/src/auth/guards/auth.guard.ts

@@ -0,0 +1,34 @@
+// auth.guard.ts
+import { Injectable, CanActivate, ExecutionContext, UnauthorizedException } from '@nestjs/common';
+import { Request } from 'express';
+import { UserSessionService } from 'src/auth/service/user-session.service';
+
+@Injectable()
+export class AuthGuard implements CanActivate {
+    constructor(
+        private userSessionService: UserSessionService,
+    ) { }
+
+    async canActivate(context: ExecutionContext): Promise<boolean> {
+        const request = context.switchToHttp().getRequest<Request>();
+
+        // 从 Cookie 读取 session
+        const sessionId = request.cookies?.['session'];
+        if (!sessionId) {
+            throw new UnauthorizedException('登陆凭证无效，请重新登陆');
+        }
+
+        // 验证 session
+        const session = await this.userSessionService.getSession(sessionId);
+        if (!session) {
+            throw new UnauthorizedException('登陆凭证无效，请重新登陆');
+        }
+
+        const { userId } = session;
+        request.user = {
+            sessionId,
+            userId,
+        };
+        return true;
+    }
+}

apps/backend/src/auth/guards/optional-auth.guard.ts

@@ -0,0 +1,16 @@
+import { ExecutionContext, Injectable } from "@nestjs/common";
+import { AuthGuard } from "./auth.guard";
+
+@Injectable()
+export class OptionalAuthGuard extends AuthGuard {
+    async canActivate(context: ExecutionContext): Promise<boolean> {
+        try {
+            return await super.canActivate(context);
+        } catch (error) {
+            // 验证失败时，req.user = null，但允许继续
+            const request = context.switchToHttp().getRequest();
+            request.user = null;
+            return true;
+        }
+    }
+}

apps/backend/src/auth/role.enum.ts

@@ -0,0 +1,3 @@
+export enum Role {
+  Admin = 'admin',
+}

apps/backend/src/auth/service/passkey.service.ts

@@ -0,0 +1,249 @@
+import { BadRequestException, Injectable, InternalServerErrorException, NotFoundException, OnModuleDestroy, OnModuleInit } from "@nestjs/common";
+import { InjectRepository } from "@nestjs/typeorm";
+import { PasskeyCredential } from "../entity/passkey-credential.entity";
+import { Repository } from "typeorm";
+import { User } from "src/user/entities/user.entity";
+import { randomBytes } from 'crypto';
+import { generateAuthenticationOptions, GenerateAuthenticationOptionsOpts, generateRegistrationOptions, GenerateRegistrationOptionsOpts, VerifiedAuthenticationResponse, VerifiedRegistrationResponse, verifyAuthenticationResponse, verifyRegistrationResponse } from "@simplewebauthn/server";
+import { isoBase64URL } from '@simplewebauthn/server/helpers';
+
+interface ChallengeEntry {
+    value: string;
+    expiresAt: number;
+}
+
+class MemoryChallengeStore {
+    private store = new Map<string, ChallengeEntry>();
+    private cleanupInterval: NodeJS.Timeout | null = null;
+
+    constructor(private ttlMs: number = 5 * 60 * 100) {
+        this.startCleanup();
+    }
+
+    set(key: string, value: string): void {
+        this.store.set(key, {
+            value,
+            expiresAt: Date.now() + this.ttlMs,
+        });
+    }
+
+    get(key: string): string | null {
+        const entry = this.store.get(key);
+        if (!entry) return null;
+        if (Date.now() > entry.expiresAt) {
+            this.store.delete(key);
+            return null;
+        }
+        return entry.value;
+    }
+
+    delete(key: string): void {
+        this.store.delete(key);
+    }
+
+    private startCleanup(): void {
+        this.cleanupInterval = setInterval(() => {
+            const now = Date.now();
+            for (const [key, entry] of this.store.entries()) {
+                if (now > entry.expiresAt) {
+                    this.store.delete(key);
+                }
+            }
+        }, 60_000); // 每分钟清理一次
+    }
+
+    stopCleanup(): void {
+        if (this.cleanupInterval) {
+            clearInterval(this.cleanupInterval);
+            this.cleanupInterval = null;
+        }
+    }
+}
+
+const registrationChallenges = new MemoryChallengeStore(5 * 60 * 1000); // 5 分钟过期
+const authenticationChallenges = new MemoryChallengeStore(5 * 60 * 1000);
+
+
+@Injectable()
+export class PasskeyService implements OnModuleDestroy {
+
+    private readonly rpID: string;
+    private readonly origin: string;
+    private readonly rpName: string;
+
+    constructor(
+        @InjectRepository(PasskeyCredential)
+        private readonly passkeyRepo: Repository<PasskeyCredential>,
+        @InjectRepository(User)
+        private readonly userRepository: Repository<User>,
+    ) {
+        this.rpID = process.env.WEBAUTHN_RP_ID;
+        this.origin = process.env.WEBAUTHN_ORIGIN;
+        this.rpName = process.env.WEBAUTHN_RP_NAME;
+
+        if (!this.rpID || !this.origin || !this.rpName) {
+            throw new Error('Missing required env: WEBAUTHN_RP_ID or WEBAUTHN_ORIGIN');
+        }
+    }
+
+    onModuleDestroy() {
+        registrationChallenges.stopCleanup();
+        authenticationChallenges.stopCleanup();
+    }
+
+    private generateChallenge(length: number = 32): string {
+        return randomBytes(length).toString('base64');
+    }
+
+    async getRegistrationOptions(userId: string) {
+        const user = await this.userRepository.findOneBy({ userId });
+        if (!user) {
+            throw new NotFoundException('用户不存在');
+        }
+
+        const challenge = this.generateChallenge();
+
+        const opts: GenerateRegistrationOptionsOpts = {
+            rpName: this.rpName,
+            rpID: this.rpID,
+            userID: Buffer.from(userId),
+            userName: user.username || 'user',
+            userDisplayName: user.nickname || 'User',
+            challenge,
+            authenticatorSelection: {
+                residentKey: 'required', // 必须是可发现凭证（Passkey）
+                userVerification: 'preferred',
+            },
+            supportedAlgorithmIDs: [-7], // ES256
+            timeout: 60000,
+        };
+
+        const options = await generateRegistrationOptions(opts);
+        registrationChallenges.set(userId, options.challenge)
+        return options;
+    }
+
+    async register(userId: string, credentialResponse: any, name: string): Promise<PasskeyCredential> {
+        const expectedChallenge = registrationChallenges.get(userId);
+        if (!expectedChallenge) {
+            throw new BadRequestException('注册失败，请重试');
+        }
+
+        let verification: VerifiedRegistrationResponse;
+        try {
+            verification = await verifyRegistrationResponse({
+                response: credentialResponse,
+                expectedChallenge,
+                expectedOrigin: this.origin,
+                expectedRPID: this.rpID,
+                requireUserVerification: false,
+            });
+        } catch (err) {
+            throw new BadRequestException('注册失败');
+        }
+
+        if (!verification.verified) {
+            throw new BadRequestException('注册失败');
+        }
+
+        const { credential } = verification.registrationInfo;
+        if (!credential) {
+            throw new InternalServerErrorException('服务器内部错误');
+        }
+
+        // 保存凭证到数据库
+        const passkey = this.passkeyRepo.create({
+            user: { userId } as User,
+            name: name || '新的通行证',
+            credentialId: credential.id,
+            publicKey: isoBase64URL.fromBuffer(credential.publicKey),
+            signCount: credential.counter,
+            verified: true,
+        });
+
+        await this.passkeyRepo.save(passkey);
+        registrationChallenges.delete(userId);
+
+        return passkey;
+    }
+
+    async getAuthenticationOptions(sessionId: string) {
+        const challenge = this.generateChallenge();
+        const opts: GenerateAuthenticationOptionsOpts = {
+            rpID: this.rpID,
+            challenge,
+            timeout: 60000,
+            userVerification: 'preferred',
+        };
+
+        const options = await generateAuthenticationOptions(opts);
+        authenticationChallenges.set(sessionId, options.challenge);
+        return options;
+    }
+
+    async login(sessionId: string, credentialResponse: any): Promise<User> {
+        const expectedChallenge = authenticationChallenges.get(sessionId);
+        if (!expectedChallenge) {
+            throw new BadRequestException('认证失败，请重试');
+        }
+
+        const credentialId = credentialResponse.id;
+        const passkey = await this.passkeyRepo.findOne({
+            where: { credentialId, verified: true },
+            relations: ['user'],
+        });
+
+        if (!passkey) {
+            throw new NotFoundException('未找到可用的通行证');
+        }
+
+        let verification: VerifiedAuthenticationResponse;
+        try {
+            verification = await verifyAuthenticationResponse({
+                response: credentialResponse,
+                expectedChallenge,
+                expectedOrigin: this.origin,
+                expectedRPID: this.rpID,
+                credential: {
+                    id: passkey.credentialId,
+                    publicKey: isoBase64URL.toBuffer(passkey.publicKey),
+                    counter: passkey.signCount,
+                },
+                requireUserVerification: false,
+            });
+        } catch (err) {
+            throw new BadRequestException('认证失败');
+        }
+
+        if (!verification.verified) {
+            throw new BadRequestException('认证失败');
+        }
+
+        const newSignCount = verification.authenticationInfo.newCounter;
+        if (newSignCount !== passkey.signCount) {
+            passkey.signCount = newSignCount;
+            await this.passkeyRepo.save(passkey);
+        }
+
+        authenticationChallenges.delete(sessionId);
+        return passkey.user;
+    }
+
+    async listUserPasskeys(userId: string): Promise<PasskeyCredential[]> {
+        return this.passkeyRepo.find({
+            where: { user: { userId }, verified: true },
+            select: ['id', 'name', 'createdAt'],
+        });
+    }
+
+    async removePasskey(userId: string, passkeyId: string): Promise<void> {
+        const result = await this.passkeyRepo.delete({
+            id: passkeyId,
+            user: { userId },
+        });
+
+        if (result.affected === 0) {
+            throw new NotFoundException('未找到对应的通行证');
+        }
+    }
+}

apps/backend/src/auth/service/user-session.service.ts

@@ -0,0 +1,39 @@
+import { InjectRepository } from '@nestjs/typeorm';
+import { Injectable } from '@nestjs/common';
+import { UserSession } from '../entity/user-session.entity';
+import { Repository } from 'typeorm';
+
+@Injectable()
+export class UserSessionService {
+  constructor(
+    @InjectRepository(UserSession)
+    private readonly userSessionRepository: Repository<UserSession>,
+  ) { }
+
+  async createSession(userId: string): Promise<UserSession> {
+    const session = this.userSessionRepository.create({
+      userId,
+    });
+    return this.userSessionRepository.save(session);
+  }
+
+  async getSession(sessionId: string) {
+    const session = await this.userSessionRepository.findOne({
+      where: {
+        sessionId,
+      },
+    });
+
+    return session;
+  }
+
+  async invalidateSession(sessionId: string, reason?: string): Promise<void> {
+    await this.userSessionRepository.update(
+      { sessionId, deletedAt: null },
+      {
+        deletedAt: new Date(),
+        disabledReason: reason || null,
+      }
+    )
+  }
+}

apps/backend/src/blog/blog.controller.spec.ts

@@ -0,0 +1,18 @@
+import { Test, TestingModule } from '@nestjs/testing';
+import { BlogController } from './blog.controller';
+
+describe('BlogController', () => {
+  let controller: BlogController;
+
+  beforeEach(async () => {
+    const module: TestingModule = await Test.createTestingModule({
+      controllers: [BlogController],
+    }).compile();
+
+    controller = module.get<BlogController>(BlogController);
+  });
+
+  it('should be defined', () => {
+    expect(controller).toBeDefined();
+  });
+});

apps/backend/src/blog/blog.controller.ts

@@ -0,0 +1,145 @@
+import {
+  BadRequestException,
+  Body,
+  Controller,
+  Get,
+  Param,
+  ParseUUIDPipe,
+  Post,
+  Query,
+  Req,
+  UseGuards,
+} from '@nestjs/common';
+import { BlogService } from './blog.service';
+import { UserService } from 'src/user/user.service';
+import { createBlogCommentDto } from './dto/create.blogcomment.dto';
+import { Throttle, ThrottlerGuard } from '@nestjs/throttler';
+import { BlogPermission } from './blog.permission.enum';
+import { OptionalAuthGuard } from 'src/auth/guards/optional-auth.guard';
+import { AuthUser, CurrentUser } from 'src/auth/decorator/current-user.decorator';
+import { Request } from 'express';
+
+@Controller('blog')
+export class BlogController {
+  constructor(
+    private readonly blogService: BlogService,
+    private readonly userService: UserService,
+  ) { }
+
+  @Get()
+  getBlogs() {
+    return this.blogService.list();
+  }
+
+  @Get(':id/slug')
+  async getBlogBySlug(
+    @Param('id') slug: string,
+    @Query('p') password?: string,
+  ) {
+    if (slug.trim().length === 0) {
+      throw new BadRequestException('文章不存在');
+    }
+    
+    const blog = await this.blogService.findBySlug(slug);
+    if (!blog) throw new BadRequestException('文章不存在或无权限访问');
+
+    if (!blog.permissions.includes(BlogPermission.Public)) {
+      // 无公开权限，则进一步检查是否有密码保护
+      if (!blog.permissions.includes(BlogPermission.ByPassword)) {
+        throw new BadRequestException('文章不存在或无权限访问');
+      } else {
+        // 判断密码是否正确
+        if (
+          typeof password !== 'string' ||
+          this.blogService.hashPassword(password) !== blog.password_hash
+        ) {
+          throw new BadRequestException('文章不存在或无权限访问');
+        }
+      }
+    }
+
+    const blogDataRes = await fetch(`${blog.contentUrl}`);
+    const blogContent = await blogDataRes.text();
+
+    this.blogService.incrementViewCount(blog.id).catch(() => null);
+    return {
+      id: blog.id,
+      title: blog.title,
+      description: blog.description,
+      createdAt: blog.createdAt,
+      content: blogContent,
+    };
+  }
+
+  @Get(':id/comments')
+  async getBlogComments(
+    @Param('id', new ParseUUIDPipe({ version: '4' })) id: string,
+  ) {
+    const blog = await this.blogService.findById(id);
+    if (!blog) throw new BadRequestException('文章不存在');
+
+    /** @todo 对文章可读性进行更详细的判定 */
+
+    if (
+      !blog.permissions.includes(BlogPermission.Public) &&
+      !blog.permissions.includes(BlogPermission.ByPassword)
+    ) {
+      throw new BadRequestException('文章不存在或未公开');
+    }
+
+    return await this.blogService.getComments(blog);
+  }
+
+  // 该接口允许匿名评论，但仍需验证userId合法性
+  @UseGuards(ThrottlerGuard, OptionalAuthGuard)
+  @Throttle({ default: { limit: 20, ttl: 60000 } })
+  @Post(':id/comment')
+  async createBlogComment(
+    @Param('id', new ParseUUIDPipe({ version: '4' })) id: string,
+    @Body() commentData: createBlogCommentDto,
+    @Req() req: Request,
+    @CurrentUser() authUser: AuthUser,
+  ) {
+    const { userId } = (authUser ?? {}) as { userId: string | undefined };
+    const blog = await this.blogService.findById(id);
+    if (!blog) throw new BadRequestException('文章不存在');
+
+    if (!blog.permissions.includes(BlogPermission.AllowComments)) {
+      throw new BadRequestException('作者关闭了该文章的评论功能');
+    }
+
+    const user = userId ? await this.userService.findOne({ userId }) : null;
+
+    const ip = `${req.headers['x-forwarded-for'] || req.ip}`;
+    // 获取IP归属地
+    let address = '未知';
+    if (!['::1'].includes(ip)) {
+      const addressRes = await (
+        await fetch(
+          `https://mesh.if.iqiyi.com/aid/ip/info?version=1.1.1&ip=${ip}`,
+        )
+      ).json();
+      if (addressRes?.code == 0) {
+        const country: string = addressRes?.data?.countryCN || '未知';
+        const province: string = addressRes?.data?.provinceCN || '中国';
+        if (country !== '中国') {
+          // 非中国，显示国家
+          address = country;
+        } else {
+          // 中国，显示省份
+          address = province;
+        }
+      }
+    }
+
+    const comment = {
+      ...commentData,
+      blog,
+      user,
+      ip,
+      address,
+    };
+
+    return await this.blogService.createComment(comment);
+  }
+}

apps/backend/src/blog/blog.module.ts

@@ -0,0 +1,20 @@
+import { Module } from '@nestjs/common';
+import { BlogController } from './blog.controller';
+import { BlogService } from './blog.service';
+import { TypeOrmModule } from '@nestjs/typeorm';
+import { Blog } from './entity/Blog.entity';
+import { BlogComment } from './entity/BlogComment.entity';
+import { AuthModule } from 'src/auth/auth.module';
+import { UserModule } from 'src/user/user.module';
+
+@Module({
+  imports: [
+    TypeOrmModule.forFeature([Blog, BlogComment]),
+    AuthModule,
+    UserModule,
+  ],
+  controllers: [BlogController],
+  providers: [BlogService],
+  exports: [BlogService],
+})
+export class BlogModule {}

apps/backend/src/blog/blog.permission.enum.ts

@@ -0,0 +1,6 @@
+export enum BlogPermission {
+  Public = 'Public',
+  ByPassword = 'ByPassword',
+  List = 'List',
+  AllowComments = 'AllowComments',
+}

apps/backend/src/blog/blog.service.spec.ts

@@ -0,0 +1,18 @@
+import { Test, TestingModule } from '@nestjs/testing';
+import { BlogService } from './blog.service';
+
+describe('BlogService', () => {
+  let service: BlogService;
+
+  beforeEach(async () => {
+    const module: TestingModule = await Test.createTestingModule({
+      providers: [BlogService],
+    }).compile();
+
+    service = module.get<BlogService>(BlogService);
+  });
+
+  it('should be defined', () => {
+    expect(service).toBeDefined();
+  });
+});

apps/backend/src/blog/blog.service.ts

@@ -0,0 +1,154 @@
+import { Injectable } from '@nestjs/common';
+import { InjectRepository } from '@nestjs/typeorm';
+import { Blog } from './entity/Blog.entity';
+import { Repository } from 'typeorm';
+import { BlogComment } from './entity/BlogComment.entity';
+import { BlogPermission } from './blog.permission.enum';
+import { createHash } from 'crypto';
+
+@Injectable()
+export class BlogService {
+  constructor(
+    @InjectRepository(Blog)
+    private readonly blogRepository: Repository<Blog>,
+    @InjectRepository(BlogComment)
+    private readonly blogCommentRepository: Repository<BlogComment>,
+  ) { }
+
+  async list(
+    option: {
+      withAll?: boolean;
+    } = {},
+  ) {
+    return (
+      await this.blogRepository.find({
+        order: {
+          createdAt: 'DESC',
+        },
+      })
+    )
+      .filter(
+        (i) => option.withAll || i.permissions.includes(BlogPermission.List),
+      )
+      .map((i) => {
+        if (option.withAll) {
+          return i;
+        }
+
+        const { createdAt, updatedAt, id, title, viewCount, description, slug } = i;
+        return {
+          createdAt,
+          updatedAt,
+          id,
+          title,
+          slug,
+          viewCount,
+          description,
+        };
+      });
+  }
+
+  async create(dto: Partial<Blog> & { password: string }) {
+    const { password, ...blog } = dto;
+    if (blog.permissions.includes(BlogPermission.ByPassword)) {
+      if (password) {
+        blog.password_hash = createHash('sha256')
+          .update(`${password}`)
+          .digest('hex');
+      }
+    }
+    if (typeof blog.slug === 'string' && blog.slug.trim().length === 0) {
+      blog.slug = null;
+    }
+
+    const newBlog = this.blogRepository.create(blog);
+    return this.blogRepository.save(newBlog);
+  }
+
+  async setPassword(id: string, password: string) {
+    const blog = await this.findById(id);
+    if (!blog) {
+      throw new Error('博客不存在');
+    }
+
+    return (
+      (
+        await this.blogRepository.update(id, {
+          ...blog,
+          password_hash: this.hashPassword(password),
+        })
+      ).affected > 0
+    );
+  }
+
+  async update(id: string, blog: Partial<Blog>) {
+    await this.blogRepository.update(id, blog);
+    return this.blogRepository.findOneBy({ id });
+  }
+
+  async remove(id: string) {
+    const blog = await this.blogRepository.findOneBy({ id });
+    if (!blog) return null;
+    return this.blogRepository.softRemove(blog);
+  }
+
+  async findById(id: string) {
+    return await this.blogRepository.findOneBy({ id });
+  }
+
+  async findBySlug(slug: string) {
+    return this.blogRepository.findOne({
+      where: { slug }
+    })
+  }
+
+  async incrementViewCount(id: string) {
+    await this.blogRepository.increment({ id }, 'viewCount', 1);
+  }
+
+  async getComments(blog: Blog) {
+    const comments = await this.blogCommentRepository.find({
+      where: { blog: { id: blog.id } },
+      relations: ['user'],
+      order: {
+        createdAt: 'DESC',
+      },
+    });
+
+    return comments.map((comment) => {
+      const { user, ...rest } = comment;
+      delete rest.blog;
+      return {
+        ...rest,
+        user: user
+          ? {
+            userId: user.userId,
+            username: user.username,
+            nickname: user.nickname,
+          }
+          : null,
+      };
+    });
+  }
+
+  async createComment(comment: Partial<BlogComment>) {
+    const newComment = this.blogCommentRepository.create(comment);
+    const savedComment = await this.blogCommentRepository.save(newComment, {});
+    const { user, ...commentWithoutBlog } = savedComment;
+    delete commentWithoutBlog.blog;
+    return {
+      ...commentWithoutBlog,
+      user: user
+        ? {
+          userId: user.userId,
+          username: user.username,
+          nickname: user.nickname,
+        }
+        : null,
+    };
+  }
+
+  hashPassword(password: string) {
+    return createHash('sha256').update(`${password}`).digest('hex');
+  }
+}

apps/backend/src/blog/dto/create.blogcomment.dto.ts

@@ -0,0 +1,10 @@
+import { IsOptional, IsString, IsUUID } from 'class-validator';
+
+export class createBlogCommentDto {
+  @IsString({ message: '评论内容不能为空' })
+  content: string;
+
+  @IsOptional()
+  @IsUUID('4', { message: '父评论ID格式错误' })
+  parentId?: string;
+}

apps/backend/src/blog/entity/Blog.entity.ts

@@ -0,0 +1,53 @@
+import {
+  Column,
+  CreateDateColumn,
+  DeleteDateColumn,
+  Entity,
+  OneToMany,
+  PrimaryGeneratedColumn,
+  UpdateDateColumn,
+} from 'typeorm';
+import { BlogComment } from './BlogComment.entity';
+import { BlogPermission } from '../blog.permission.enum';
+
+/** @todo 考虑后续将权限的数据类型替换为json，以提高查询效率 */
+@Entity()
+export class Blog {
+  @PrimaryGeneratedColumn('uuid')
+  id: string;
+
+  @Column({ unique: true, nullable: true })
+  slug: string;
+
+  @Column()
+  title: string;
+
+  @Column()
+  description: string;
+
+  @Column()
+  contentUrl: string;
+
+  @Column({ default: 0 })
+  viewCount: number;
+
+  @CreateDateColumn({ precision: 3 })
+  createdAt: Date;
+
+  @UpdateDateColumn({ precision: 3 })
+  updatedAt: Date;
+
+  @DeleteDateColumn({ precision: 3, nullable: true })
+  deletedAt: Date;
+
+  // 权限
+  @Column('simple-array', { default: '' })
+  permissions: BlogPermission[];
+
+  @Column({ nullable: true })
+  password_hash: string | null;
+
+  // 关系
+  @OneToMany(() => BlogComment, (comment) => comment.blog)
+  comments: BlogComment[];
+}

apps/backend/src/blog/entity/BlogComment.entity.ts

@@ -0,0 +1,43 @@
+import { User } from 'src/user/entities/user.entity';
+import {
+  Column,
+  CreateDateColumn,
+  DeleteDateColumn,
+  Entity,
+  JoinColumn,
+  ManyToOne,
+  PrimaryGeneratedColumn,
+} from 'typeorm';
+import { Blog } from './Blog.entity';
+
+@Entity()
+export class BlogComment {
+  @PrimaryGeneratedColumn('uuid')
+  id: string;
+
+  @Column()
+  content: string;
+
+  @Column()
+  ip: string;
+
+  @Column()
+  address: string;
+
+  @CreateDateColumn({ precision: 3 })
+  createdAt: Date;
+
+  @DeleteDateColumn({ precision: 3, nullable: true })
+  deletedAt: Date;
+
+  @ManyToOne(() => User, { nullable: true })
+  @JoinColumn({ name: 'userId' })
+  user: User | null;
+
+  @ManyToOne(() => Blog)
+  @JoinColumn({ name: 'blogId' })
+  blog: Blog | null;
+
+  @Column({ type: 'uuid', nullable: true })
+  parentId: string | null;
+}

apps/backend/src/captcha/captcha.controller.spec.ts

@@ -0,0 +1,18 @@
+import { Test, TestingModule } from '@nestjs/testing';
+import { CaptchaController } from './captcha.controller';
+
+describe('CaptchaController', () => {
+  let controller: CaptchaController;
+
+  beforeEach(async () => {
+    const module: TestingModule = await Test.createTestingModule({
+      controllers: [CaptchaController],
+    }).compile();
+
+    controller = module.get<CaptchaController>(CaptchaController);
+  });
+
+  it('should be defined', () => {
+    expect(controller).toBeDefined();
+  });
+});

apps/backend/src/captcha/captcha.controller.ts

@@ -0,0 +1,10 @@
+import { Controller, Get } from '@nestjs/common';
+import { GetCaptchaDto } from './dto/get-captcha.dto';
+
+@Controller('captcha')
+export class CaptchaController {
+    @Get()
+    async getCaptcha(dto: GetCaptchaDto) {
+        
+    }
+}

apps/backend/src/captcha/captcha.module.ts

@@ -0,0 +1,11 @@
+import { Module } from '@nestjs/common';
+import { CaptchaService } from './captcha.service';
+import { CaptchaController } from './captcha.controller';
+import { CaptchaRateLimitService } from './service/rate-limit';
+
+@Module({
+  providers: [CaptchaService, CaptchaRateLimitService],
+  controllers: [CaptchaController],
+  imports: [],
+})
+export class CaptchaModule { }

apps/backend/src/captcha/captcha.service.spec.ts

@@ -0,0 +1,18 @@
+import { Test, TestingModule } from '@nestjs/testing';
+import { CaptchaService } from './captcha.service';
+
+describe('CaptchaService', () => {
+  let service: CaptchaService;
+
+  beforeEach(async () => {
+    const module: TestingModule = await Test.createTestingModule({
+      providers: [CaptchaService],
+    }).compile();
+
+    service = module.get<CaptchaService>(CaptchaService);
+  });
+
+  it('should be defined', () => {
+    expect(service).toBeDefined();
+  });
+});

apps/backend/src/captcha/captcha.service.ts

@@ -0,0 +1,27 @@
+import { Injectable } from '@nestjs/common';
+import { ErrorCode } from 'src/common/constants/error-codes';
+import { BusinessException } from 'src/common/exceptions/business.exception';
+
+export enum CaptchaContext {
+    SEND_SMS = 'send_sms',
+    PASSKEY = 'passkey',
+}
+
+@Injectable()
+export class CaptchaService {
+    public async generate(context: CaptchaContext, ip: string, userId?: string) {
+        await this.checkRateLimit(ip, context)
+    }
+
+    public async verify(token: string, ip: string, userId?: string) {
+
+    }
+
+    private async checkRateLimit(ip: string, context: CaptchaContext) {
+        /** @todo */
+        throw new BusinessException({
+            code: ErrorCode.CAPTCHA_RARE_LIMIT,
+            message: '服务器处理不过来了，过会儿再试试吧',
+        });
+    }
+}

apps/backend/src/captcha/dto/get-captcha.dto.ts

@@ -0,0 +1,16 @@
+import { IsEnum, IsOptional, IsUUID } from "class-validator";
+
+export enum CaptchaContext {
+    SEND_SMS = 'send_sms',
+    PASSKEY = 'passkey',
+}
+
+export class GetCaptchaDto {
+
+    @IsEnum(CaptchaContext, { message: '无效的context' })
+    context: string;
+
+    @IsOptional()
+    @IsUUID('4', { message: 'userId不合法' })
+    userId?: string;
+}

apps/backend/src/captcha/service/rate-limit.ts

@@ -0,0 +1,3 @@
+export class CaptchaRateLimitService {
+
+}

apps/backend/src/common/common.module.ts

@@ -0,0 +1,10 @@
+import { Module } from '@nestjs/common';
+import { RolesGuard } from './guard/roles.guard';
+import { UserModule } from 'src/user/user.module';
+
+@Module({
+    providers: [RolesGuard],
+    imports: [UserModule],
+    exports: [RolesGuard],
+})
+export class CommonModule { }

apps/backend/src/common/constants/error-codes.ts

@@ -0,0 +1,47 @@
+/**
+ * 全局业务错误码规范：
+ * - 每个模块分配一个 1000 起始的段（如 USER: -1000~1999, AUTH: -2000~2999）
+ * - 代码结构：{ 模块名大写 }_{ 错误语义 }
+ */
+
+export const ErrorCode = {
+    // 通用错误（0 ~ 999）
+    COMMON_INTERNAL_ERROR: -1,
+    COMMON_INVALID_PARAM: -2,
+    COMMON_NOT_FOUND: -3,
+
+    // 用户模块（1000 ~ 1999）
+    USER_NOT_FOUND: -1001,
+    USER_ALREADY_EXISTS: -1002,
+    USER_ACCOUNT_DISABLED: -1003,
+    USER_FIND_OPTIONS_EMPTY: -1004,
+    USER_ACCOUNT_DEACTIVATED: -1005,
+
+    // 认证模块
+    AUTH_INVALID_CREDENTIALS: -2001,
+    AUTH_PASSKEY_NOT_REGISTERED: -2002,
+    AUTH_SESSION_EXPIRED: -2003,
+
+    // 博客模块
+    BLOG_NOT_FOUND: -3001,
+    BLOG_PERMISSION_DENIED: -3002,
+
+    // 验证模块
+    CAPTCHA_RARE_LIMIT: -4001,
+
+    // 通知模块
+    NOTIFICATION_SEND_FAILED: -5001,
+
+    // Sms模块
+    SMS_CODE_INCORRECT: -6001,
+    SMS_CODE_EXPIRED: -6002,
+
+    // 资源模块
+    RESOURCE_UPLOAD_FAILED: -7001,
+    RESOURCE_NOT_FOUND: -7002,
+
+    // 管理员模块
+    ADMIN_FORBIDDEN: -8001,
+} as const;
+
+export type ErrorCodeType = typeof ErrorCode[keyof typeof ErrorCode];

apps/backend/src/common/decorators/role.decorator.ts

@@ -0,0 +1,4 @@
+import { SetMetadata } from '@nestjs/common';
+import { Role } from 'src/auth/role.enum';
+
+export const Roles = (...roles: Role[]) => SetMetadata('roles', roles);

apps/backend/src/common/exceptions/business.exception.ts

@@ -0,0 +1,22 @@
+import { HttpStatus } from '@nestjs/common';
+
+export class BusinessException {
+
+    public statusCode: HttpStatus;
+    public message: string;
+    public code: number;
+    public data: any;
+
+    constructor(args: {
+        statusCode?: HttpStatus,
+        message?: string,
+        code?: number,
+        data?: any,
+    }) {
+        const { statusCode, message, code, data } = args;
+        this.statusCode = statusCode || HttpStatus.BAD_REQUEST;
+        this.message = message || '请求错误';
+        this.code = code || -1;
+        this.data = data || null;
+    }
+}

apps/backend/src/common/filters/global.exceptions.filter.ts

@@ -0,0 +1,56 @@
+import { ArgumentsHost, ExceptionFilter, HttpException, HttpStatus, Logger } from "@nestjs/common";
+import { Request, Response } from "express";
+import { BusinessException } from "../exceptions/business.exception";
+
+export class GlobalExceptionsFilter implements ExceptionFilter {
+    catch(exception: any, host: ArgumentsHost) {
+        const ctx = host.switchToHttp();
+        const response = ctx.getResponse<Response>();
+        const request = ctx.getRequest<Request>();
+
+        let statusCode = HttpStatus.INTERNAL_SERVER_ERROR;
+        let errorResponse = {
+            success: false,
+            message: '服务器内部错误',
+            code: -1,
+            data: null as any,
+        };
+
+        if (exception instanceof BusinessException) {
+            statusCode = exception.statusCode;
+            const { message, code, data } = exception;
+            errorResponse = {
+                ...errorResponse,
+                message, code, data,
+            }
+        } else if (exception instanceof HttpException) {
+            // 当HttpException传入类型为string时，响应data为null，message为传入的string
+            // 其他请况（object/number），响应为传入数据，message为HttpException的错误码
+            statusCode = exception.getStatus();
+            const exceptionResponse = exception.getResponse() as Record<string, any>;
+            if (exceptionResponse.message) {
+                errorResponse.message = exceptionResponse.message;
+            } else {
+                errorResponse.message = '请求失败';
+                errorResponse.data = exceptionResponse;
+            }
+
+            if (statusCode === HttpStatus.UNAUTHORIZED && request.cookies?.['session']) {
+                response.clearCookie('session', {
+                    httpOnly: true,
+                    secure: process.env.NODE_ENV === 'production',
+                    sameSite: 'lax',
+                    path: '/',
+                });
+            }
+
+            if (statusCode === HttpStatus.TOO_MANY_REQUESTS) {
+                errorResponse.message = '请求过于频繁，请稍后再试';
+            }
+        } else {
+            Logger.warn(exception, request.path);
+        }
+
+        response.status(statusCode).json(errorResponse);
+    }
+}

apps/backend/src/common/guard/roles.guard.ts

@@ -0,0 +1,59 @@
+import {
+  CanActivate,
+  ExecutionContext,
+  ForbiddenException,
+  Injectable,
+  InternalServerErrorException,
+  Logger,
+  UnauthorizedException,
+} from '@nestjs/common';
+import { Reflector } from '@nestjs/core';
+import { Request } from 'express';
+import { AuthUser } from 'src/auth/decorator/current-user.decorator';
+import { Role } from 'src/auth/role.enum';
+import { UserService } from 'src/user/user.service';
+
+@Injectable()
+export class RolesGuard implements CanActivate {
+
+  private logger = new Logger(RolesGuard.name);
+
+  constructor(
+    private reflector: Reflector,
+    private readonly userService: UserService,
+  ) { }
+
+  async canActivate(context: ExecutionContext): Promise<boolean> {
+    const requiredRoles = this.reflector.getAllAndOverride<Role[] | undefined>(
+      'roles',
+      [context.getHandler(), context.getClass()],
+    );
+
+    if (!requiredRoles) return true;
+
+    const request = context.switchToHttp().getRequest<Request>();
+    const authUser = request.user as AuthUser;
+
+    if (!authUser) {
+      this.logger.warn(
+        `Path: ${request.path} has RolesGuard enabled, but it seems AuthGuard was forgotten.`
+      )
+      throw new InternalServerErrorException('服务器内部错误');
+    }
+
+    const { userId } = authUser;
+    const user = await this.userService.findOne({ userId })
+    if (!user) {
+      this.logger.warn(
+        `UserId: ${user.userId} has a valid login credential, but the user information does not exist.`
+      )
+      throw new UnauthorizedException('用户不存在');
+    }
+
+    if (!requiredRoles.some((role) => user.roles.includes(role))) {
+      throw new ForbiddenException('权限不足');
+    }
+
+    return true;
+  }
+}

apps/backend/src/common/interceptors/response.interceptor.ts

@@ -0,0 +1,25 @@
+import {
+  CallHandler,
+  ExecutionContext,
+  Injectable,
+  NestInterceptor,
+} from '@nestjs/common';
+import { Observable } from 'rxjs';
+import { map } from 'rxjs/operators';
+
+@Injectable()
+export class ResponseInterceptor implements NestInterceptor {
+  intercept(
+    context: ExecutionContext,
+    next: CallHandler<any>,
+  ): Observable<any> | Promise<Observable<any>> {
+    return next.handle().pipe(
+      map((data) => ({
+        success: true,
+        code: 0,
+        message: '请求成功',
+        data,
+      })),
+    );
+  }
+}

apps/backend/src/common/types/express/index.d.ts

@@ -0,0 +1,9 @@
+import { AuthUser } from "src/auth/decorator/current-user.decorator";
+
+declare global {
+  namespace Express {
+    interface Request {
+      user?: AuthUser;
+    }
+  }
+}

apps/backend/src/data-source.ts

@@ -0,0 +1,20 @@
+import 'reflect-metadata';
+import { DataSource } from 'typeorm';
+import * as dotenv from 'dotenv';
+
+dotenv.config();
+
+export const AppDataSource = new DataSource({
+    type: 'postgres',
+    host: process.env.DATABASE_HOST,
+    port: Number(process.env.DATABASE_PORT ?? 5432),
+    username: process.env.DATABASE_USERNAME,
+    password: process.env.DATABASE_PASSWORD,
+    database: process.env.DATABASE_NAME,
+
+    synchronize: false,
+    logging: false,
+
+    entities: ['dist/**/*.entity.js'],
+    migrations: ['dist/migrations/*.js'],
+});

apps/backend/src/main.ts

@@ -0,0 +1,32 @@
+import { NestFactory } from '@nestjs/core';
+import { AppModule } from './app.module';
+import { BadRequestException, ValidationPipe } from '@nestjs/common';
+import { ResponseInterceptor } from './common/interceptors/response.interceptor';
+import { GlobalExceptionsFilter } from './common/filters/global.exceptions.filter';
+import * as cookieParser from 'cookie-parser';
+
+async function bootstrap() {
+  const app = await NestFactory.create(AppModule);
+  app.use(cookieParser());
+  app.setGlobalPrefix('api');
+  app.useGlobalPipes(
+    new ValidationPipe({
+      transform: true,
+      whitelist: true,
+      forbidNonWhitelisted: true,
+      stopAtFirstError: true,
+      exceptionFactory: (errors) => {
+        const error = errors[0];
+        const firstConstraint = error.constraints
+          ? Object.values(error.constraints)[0]
+          : '验证失败';
+
+        throw new BadRequestException(firstConstraint);
+      },
+    }),
+  );
+  app.useGlobalInterceptors(new ResponseInterceptor());
+  app.useGlobalFilters(new GlobalExceptionsFilter());
+  await app.listen(process.env.PORT ?? 3001);
+}
+bootstrap();

apps/backend/src/migrations/1766809565876-AddSlugToBlog.ts

@@ -0,0 +1,16 @@
+import { MigrationInterface, QueryRunner } from "typeorm";
+
+export class AddSlugToBlog1766809565876 implements MigrationInterface {
+    name = 'AddSlugToBlog1766809565876'
+
+    public async up(queryRunner: QueryRunner): Promise<void> {
+        await queryRunner.query(`ALTER TABLE "blog" ADD "slug" character varying`);
+        await queryRunner.query(`ALTER TABLE "blog" ADD CONSTRAINT "UQ_0dc7e58d73a1390874a663bd599" UNIQUE ("slug")`);
+    }
+
+    public async down(queryRunner: QueryRunner): Promise<void> {
+        await queryRunner.query(`ALTER TABLE "blog" DROP CONSTRAINT "UQ_0dc7e58d73a1390874a663bd599"`);
+        await queryRunner.query(`ALTER TABLE "blog" DROP COLUMN "slug"`);
+    }
+
+}

apps/backend/src/notification/notification.module.ts

@@ -0,0 +1,8 @@
+import { Module } from '@nestjs/common';
+import { NotificationService } from './notification.service';
+
+@Module({
+  providers: [NotificationService],
+  exports: [NotificationService],
+})
+export class NotificationModule {}

apps/backend/src/notification/notification.service.spec.ts

@@ -0,0 +1,18 @@
+import { Test, TestingModule } from '@nestjs/testing';
+import { NotificationService } from './notification.service';
+
+describe('NotificationService', () => {
+  let service: NotificationService;
+
+  beforeEach(async () => {
+    const module: TestingModule = await Test.createTestingModule({
+      providers: [NotificationService],
+    }).compile();
+
+    service = module.get<NotificationService>(NotificationService);
+  });
+
+  it('should be defined', () => {
+    expect(service).toBeDefined();
+  });
+});

apps/backend/src/notification/notification.service.ts

@@ -0,0 +1,143 @@
+import { BadRequestException, Injectable } from '@nestjs/common';
+
+import Dm20151123, * as $Dm20151123 from '@alicloud/dm20151123';
+import * as $OpenApi from '@alicloud/openapi-client';
+// import Client, * as $dm from '@alicloud/dm20151123';
+import * as $Util from '@alicloud/tea-util';
+import Credential, { Config } from '@alicloud/credentials';
+
+@Injectable()
+export class NotificationService {
+  // private dm: Dm20151123;
+
+  constructor() {
+    // const credentialsConfig = new Config({
+    //   type: 'access_key',
+    //   accessKeyId: process.env.ALIYUN_ACCESS_KEY_ID,
+    //   accessKeySecret: process.env.ALIYUN_ACCESS_KEY_SECRET,
+    // });
+    // const credential = new Credential(credentialsConfig);
+    // const config = new $OpenApi.Config({ credential });
+    // config.endpoint = 'dm.aliyuncs.com';
+    // this.dm = new Dm20151123(config);
+  }
+
+  private getMailHtmlBody(option: { type: 'login-verify'; code: string }) {
+    if (option.type === 'login-verify') {
+      return `<!DOCTYPE html>
+      <html>
+      <head>
+          <meta charset="UTF-8">
+          <title>特恩的日志 - 登录验证码</title>
+          <style>
+              body { font-family: 'Helvetica Neue', Arial, sans-serif; line-height: 1.6; }
+              .container { max-width: 600px; margin: 0px auto; padding: 20px; }
+              .content { padding: 20px 0; }
+              .code-box { 
+                  background: #f8f9fa; 
+                  border: 1px dashed #ccc;
+                  padding: 15px;
+                  text-align: center;
+                  margin: 20px 0;
+                  font-size: 24px;
+                  font-weight: bold;
+                  letter-spacing: 5px;
+                  color: #e74c3c;
+              }
+              .footer { 
+                  color: #777; 
+                  font-size: 12px; 
+                  border-top: 1px solid #eee;
+                  padding-top: 15px;
+              }
+          </style>
+      </head>
+      <body>
+          <div class="container">
+              <div class="content">
+                  <p>您好！您正在尝试登录【特恩的日志】控制台，验证码如下：</p>
+                  
+                  <div class="code-box">
+                      <span id="verificationCode">${option.code}</span>
+                  </div>
+                  
+                  <p>请注意：</p>
+                  <ul>
+                      <li>此验证码 <strong>10分钟内</strong> 有效</li>
+                      <li>请勿向任何人透露此验证码</li>
+                      <li>如非本人操作，请忽略本邮件</li>
+                  </ul>
+              </div>
+              
+              <div class="footer">
+                  <p>© 2025 TONE（个人） 版权所有</p>
+                  <a href="https://beian.miit.gov.cn/">网站备案号：渝ICP备2023009516号-1</a>
+              </div>
+          </div>
+      </body>
+      </html>`;
+    } else {
+      throw new Error('未配置的模版');
+    }
+  }
+
+  async sendMail(option: {
+    type: 'login-verify';
+    targetMail: string;
+    code: string;
+  }) {
+    // const runtime = new $Util.RuntimeOptions({});
+
+    // const singleSendMailRequest = new $Dm20151123.SingleSendMailRequest({
+    //   accountName: 'security@tonesc.cn',
+    //   addressType: 1,
+    //   replyToAddress: false,
+    //   toAddress: `${option.targetMail}`,
+    //   subject: '【特恩的日志】登陆验证码',
+    //   htmlBody: this.getMailHtmlBody({
+    //     type: 'login-verify',
+    //     code: option.code,
+    //   }),
+    //   textBody: '',
+    // });
+
+    // try {
+    //   await this.dm.singleSendMailWithOptions(singleSendMailRequest, runtime);
+    // } catch (error) {
+    //   console.error(error);
+    //   throw new BadRequestException('邮件发送失败');
+    // }
+    throw new Error('not implement')
+  }
+
+  /**
+   * @deprecated 短信签名暂未通过
+   */
+  async sendSMS(phone: string, type: 'login', code: string) {
+    throw new Error(
+      `SMS sending is not implemented yet. Phone: ${phone}, Type: ${type}, Code: ${code}`,
+    );
+    // const config = new $OpenApi.Config({
+    //     accessKeyId: process.env.ALIYUN_ACCESS_KEY_ID,
+    //     accessKeySecret: process.env.ALIYUN_ACCESS_KEY_SECRET,
+    // })
+    // config.endpoint = 'dysmsapi.aliyuncs.com';
+    // const client = new Client(config);
+    // const request = new $dysmsapi.SendSmsRequest({});
+    // request.phoneNumbers = phone;
+    // request.signName = (() => {
+    //     switch (type) {
+    //         case 'login':
+    //             return process.env.ALIYUN_SMS_LOGIN_SIGN_NAME;
+    //         default:
+    //             throw new Error('Unknown SMS type');
+    //     }
+    // })();
+    // request.templateCode = code;
+    // await client.sendSms(request).then(a => {
+    //     console.log(a)
+    // }).catch(err => {
+    //     console.error(err);
+    // })
+  }
+}

apps/backend/src/oss/oss.controller.spec.ts

@@ -0,0 +1,18 @@
+import { Test, TestingModule } from '@nestjs/testing';
+import { OssController } from './oss.controller';
+
+describe('OssController', () => {
+  let controller: OssController;
+
+  beforeEach(async () => {
+    const module: TestingModule = await Test.createTestingModule({
+      controllers: [OssController],
+    }).compile();
+
+    controller = module.get<OssController>(OssController);
+  });
+
+  it('should be defined', () => {
+    expect(controller).toBeDefined();
+  });
+});

apps/backend/src/oss/oss.controller.ts

@@ -0,0 +1,19 @@
+import { Controller, Get, UseGuards } from '@nestjs/common';
+import { OssService } from './oss.service';
+import { AuthGuard } from 'src/auth/guards/auth.guard';
+import { AuthUser, CurrentUser } from 'src/auth/decorator/current-user.decorator';
+
+@Controller('oss')
+export class OssController {
+  constructor(private readonly ossService: OssService) { }
+
+  @UseGuards(AuthGuard)
+  @Get('sts')
+  async getStsToken(@CurrentUser() user: AuthUser) {
+    const { userId } = user;
+    return {
+      ...(await this.ossService.getStsToken(`${userId}`)),
+      userId,
+    };
+  }
+}

apps/backend/src/oss/oss.module.ts

@@ -0,0 +1,12 @@
+import { Module } from '@nestjs/common';
+import { OssService } from './oss.service';
+import { OssController } from './oss.controller';
+import { AuthModule } from 'src/auth/auth.module';
+import { UserModule } from 'src/user/user.module';
+
+@Module({
+  providers: [OssService],
+  controllers: [OssController],
+  imports: [AuthModule, UserModule],
+})
+export class OssModule { }

apps/backend/src/oss/oss.service.spec.ts

@@ -0,0 +1,18 @@
+import { Test, TestingModule } from '@nestjs/testing';
+import { OssService } from './oss.service';
+
+describe('OssService', () => {
+  let service: OssService;
+
+  beforeEach(async () => {
+    const module: TestingModule = await Test.createTestingModule({
+      providers: [OssService],
+    }).compile();
+
+    service = module.get<OssService>(OssService);
+  });
+
+  it('should be defined', () => {
+    expect(service).toBeDefined();
+  });
+});

apps/backend/src/oss/oss.service.ts

@@ -0,0 +1,53 @@
+import { Injectable } from '@nestjs/common';
+import { STS } from 'ali-oss';
+
+@Injectable()
+export class OssService {
+  private sts = new STS({
+    accessKeyId: process.env.ALIYUN_ACCESS_KEY_ID,
+    accessKeySecret: process.env.ALIYUN_ACCESS_KEY_SECRET,
+  });
+
+  private stsCache: {
+    [session: string]: {
+      credentials: {
+        AccessKeyId: string;
+        AccessKeySecret: string;
+        SecurityToken: string;
+        Expiration: string;
+      };
+      expireTime: number; // 时间戳，单位为毫秒
+    };
+  } = {};
+
+  /** @todo 该方法存在缓存穿透问题，待优化 */
+  async getStsToken(session: string) {
+    if (this.stsCache[session]) {
+      const cached = this.stsCache[session];
+      // 检查缓存是否过期
+      if (cached.expireTime > Date.now()) {
+        return cached.credentials;
+      } else {
+        // 如果过期，删除缓存
+        delete this.stsCache[session];
+      }
+    }
+
+    return this.sts
+      .assumeRole(process.env.ALIYUN_OSS_STS_ROLE_ARN, ``, 3600, `${session}`)
+      .then((res) => {
+        // 缓存
+        this.stsCache[session] = {
+          credentials: res.credentials,
+          expireTime:
+            new Date(res.credentials.Expiration).getTime() - 5 * 60 * 1000, // 提前5分钟过期,
+        };
+
+        return res.credentials;
+      })
+      .catch((err) => {
+        console.error('获取STS Token失败:', err);
+        throw new Error('获取STS Token失败');
+      });
+  }
+}

apps/backend/src/resource/entity/resource.entity.ts

@@ -0,0 +1,50 @@
+import {
+  Column,
+  CreateDateColumn,
+  Entity,
+  Index,
+  PrimaryGeneratedColumn,
+  UpdateDateColumn,
+} from 'typeorm';
+
+type ResourceTag = {
+  name: string;
+  type: string;
+};
+
+@Entity()
+export class Resource {
+  @PrimaryGeneratedColumn('uuid')
+  @Index()
+  id: string;
+
+  @Column()
+  title: string;
+
+  @Column()
+  description: string;
+
+  @Column()
+  imageUrl: string;
+
+  @Column()
+  link: string;
+
+  @Column('jsonb')
+  tags: ResourceTag[];
+
+  @CreateDateColumn({ precision: 3 })
+  createdAt: Date;
+
+  @UpdateDateColumn({ precision: 3 })
+  updatedAt: Date;
+}
+
+export interface PublicResource {
+  id: string;
+  title: string;
+  description: string;
+  imageUrl: string;
+  link: string;
+  tags: ResourceTag[];
+}

apps/backend/src/resource/resource.controller.spec.ts

@@ -0,0 +1,18 @@
+import { Test, TestingModule } from '@nestjs/testing';
+import { ResourceController } from './resource.controller';
+
+describe('ResourceController', () => {
+  let controller: ResourceController;
+
+  beforeEach(async () => {
+    const module: TestingModule = await Test.createTestingModule({
+      controllers: [ResourceController],
+    }).compile();
+
+    controller = module.get<ResourceController>(ResourceController);
+  });
+
+  it('should be defined', () => {
+    expect(controller).toBeDefined();
+  });
+});