Spaces:

cacode
/

SACC

Paused

App Files Files Community

cacode commited on 24 days ago

Commit

f256f5b

verified ·

1 Parent(s): a30f196

Split admin features into separate pages

Browse files

Files changed (8) hide show

space_app.py +961 -842
static/style.css +759 -703
templates/admin_dashboard.html +125 -366
templates/admin_layout.html +27 -0
templates/admin_logs.html +28 -0
templates/admin_registration_codes.html +81 -0
templates/admin_schedules.html +116 -0
templates/admin_users.html +147 -0

space_app.py CHANGED Viewed

@@ -1,844 +1,963 @@
-from __future__ import annotations
-import atexit
-import json
-import re
-import time
-from datetime import date as date_cls, time as time_cls
-from functools import wraps
-from typing import Callable
-from flask import Flask, Response, flash, g, jsonify, redirect, render_template, request, session, stream_with_context, url_for
-from core.config import AppConfig
-from core.db import (
-    DEFAULT_REGISTRATION_CODE_MAX_USES,
-    Database,
-    MAX_REFRESH_INTERVAL_SECONDS,
-    MIN_REFRESH_INTERVAL_SECONDS,
-    normalize_registration_code,
-)
-from core.runtime_logging import configure_logging, get_logger
-from core.security import SecretBox, hash_password, verify_password
-from core.task_manager import TaskManager
-configure_logging()
-APP_LOGGER = get_logger("sacc.web")
-config = AppConfig.load()
-store = Database(
-    config.db_path,
-    default_parallel_limit=config.default_parallel_limit,
-    mysql_ssl_ca_path=config.mysql_ssl_ca_path,
-)
-store.init_db()
-secret_box = SecretBox(config.encryption_key)
-task_manager = TaskManager(config=config, store=store, secret_box=secret_box)
-def _seed_legacy_user() -> None:
-    if store.list_users():
-        return
-    legacy_path = config.root_dir / "user_data.json"
-    if not legacy_path.exists():
-        return
-    try:
-        payload = json.loads(legacy_path.read_text(encoding="utf-8"))
-    except (OSError, json.JSONDecodeError):
-        return
-    student_id = str(payload.get("std_id", "")).strip()
-    password = str(payload.get("password", "")).strip()
-    if not student_id or not password:
-        return
-    user_id = store.create_user(student_id, secret_box.encrypt(password), "Legacy User")
-    for source_key, category in (("a", "plan"), ("b", "free")):
-        for course in payload.get("course", {}).get(source_key, []):
-            course_id = str(course.get("course_id", "")).strip()
-            course_index = str(course.get("course_index", "")).strip()
-            if course_id and course_index:
-                store.add_course(user_id, category, course_id, course_index)
-_seed_legacy_user()
-task_manager.start()
-atexit.register(task_manager.shutdown)
-app = Flask(__name__, template_folder="templates", static_folder="static")
-app.secret_key = config.session_secret
-app.config.update(SESSION_COOKIE_HTTPONLY=True, SESSION_COOKIE_SAMESITE="Lax")
-APP_LOGGER.info(
-    "Application bootstrap complete | data_dir=%s db_path=%s backend=%s chrome_binary=%s chromedriver_path=%s default_parallel_limit=%s schedule_timezone=%s",
-    config.data_dir,
-    config.db_path,
-    config.database_backend,
-    config.chrome_binary,
-    config.chromedriver_path,
-    config.default_parallel_limit,
-    config.schedule_timezone,
-)
-CATEGORY_LABELS = {
-    "plan": "方案选课",
-    "free": "自由选课",
-}
-TASK_LABELS = {
-    "pending": "排队中",
-    "running": "执行中",
-    "cancel_requested": "停止中",
-    "completed": "已完成",
-    "stopped": "已停止",
-    "failed": "失败",
-}
-SKIPPED_REQUEST_LOG_PREFIXES = (
-    "/static/",
-    "/api/",
-)
-SKIPPED_REQUEST_LOG_PATHS = {
-    "/favicon.ico",
-}
-COURSE_ID_PATTERN = re.compile(r"^[0-9A-Za-z]{1,32}$")
-COURSE_INDEX_PATTERN = re.compile(r"^[0-9A-Za-z]{1,8}$")
-REGISTRATION_CODE_PATTERN = re.compile(r"^[A-Z0-9-]{6,64}$")
-def _current_actor_label() -> str:
-    role = session.get("role", "guest")
-    if role == "user":
-        return f"user:{session.get('user_id', '-')}"
-    if role == "admin":
-        return f"admin:{session.get('admin_username', '-')}"
-    return "guest"
-@app.before_request
-def before_request_logging() -> None:
-    g.request_started_at = time.perf_counter()
-@app.after_request
-def after_request_logging(response):
-    if request.path in SKIPPED_REQUEST_LOG_PATHS:
-        return response
-    if any(request.path.startswith(prefix) for prefix in SKIPPED_REQUEST_LOG_PREFIXES):
-        return response
-    started_at = getattr(g, "request_started_at", None)
-    duration_ms = 0.0 if started_at is None else (time.perf_counter() - started_at) * 1000
-    remote_addr = request.headers.get("x-forwarded-for") or request.remote_addr or "-"
-    APP_LOGGER.info(
-        "HTTP %s %s -> %s in %.1fms | actor=%s remote=%s",
-        request.method,
-        request.path,
-        response.status_code,
-        duration_ms,
-        _current_actor_label(),
-        remote_addr,
-    )
-    return response
-@app.context_processor
-def inject_globals() -> dict:
-    return {
-        "category_labels": CATEGORY_LABELS,
-        "task_labels": TASK_LABELS,
-        "session_role": session.get("role", "guest"),
-        "refresh_interval_min": MIN_REFRESH_INTERVAL_SECONDS,
-        "refresh_interval_max": MAX_REFRESH_INTERVAL_SECONDS,
-        "default_refresh_interval_seconds": config.poll_interval_seconds,
-        "default_registration_code_max_uses": DEFAULT_REGISTRATION_CODE_MAX_USES,
-    }
-def _login_required(role: str) -> Callable:
-    def decorator(view: Callable) -> Callable:
-        @wraps(view)
-        def wrapped(*args, **kwargs):
-            current_role = session.get("role")
-            if role == "user" and current_role != "user":
-                flash("请先登录学生账号。", "warning")
-                return redirect(url_for("login"))
-            if role == "admin" and current_role != "admin":
-                flash("请先登录管理员账号。", "warning")
-                return redirect(url_for("admin_login"))
-            return view(*args, **kwargs)
-        return wrapped
-    return decorator
-def _get_current_user() -> dict | None:
-    user_id = session.get("user_id")
-    if not user_id:
-        return None
-    return store.get_user(int(user_id))
-def _get_admin_identity() -> dict:
-    return {
-        "username": session.get("admin_username", ""),
-        "is_super_admin": bool(session.get("is_super_admin", False)),
-    }
-def _normalize_course_token(raw_value: str) -> str:
-    return re.sub(r"\s+", "", str(raw_value or "")).upper()
-def _validate_course_target(course_id: str, course_index: str) -> tuple[str, str] | None:
-    normalized_course_id = _normalize_course_token(course_id)
-    normalized_course_index = _normalize_course_token(course_index)
-    if not COURSE_ID_PATTERN.fullmatch(normalized_course_id):
-        return None
-    if not COURSE_INDEX_PATTERN.fullmatch(normalized_course_index):
-        return None
-    return normalized_course_id, normalized_course_index
-def _parse_refresh_interval(raw_value: str | None, *, default: int) -> int:
-    raw_text = str(raw_value or "").strip()
-    if not raw_text:
-        return default
-    try:
-        interval = int(raw_text)
-    except ValueError as exc:
-        raise ValueError(f"刷新间隔必须是 {MIN_REFRESH_INTERVAL_SECONDS} 到 {MAX_REFRESH_INTERVAL_SECONDS} 之间的整数。") from exc
-    if interval < MIN_REFRESH_INTERVAL_SECONDS or interval > MAX_REFRESH_INTERVAL_SECONDS:
-        raise ValueError(f"刷新间隔必须在 {MIN_REFRESH_INTERVAL_SECONDS} 到 {MAX_REFRESH_INTERVAL_SECONDS} 秒之间。")
-    return interval
-def _parse_registration_code_max_uses(raw_value: str | None) -> int:
-    raw_text = str(raw_value or "").strip()
-    if not raw_text:
-        return DEFAULT_REGISTRATION_CODE_MAX_USES
-    try:
-        value = int(raw_text)
-    except ValueError as exc:
-        raise ValueError("注册码可用次数必须是 1 到 99 之间的整数。") from exc
-    if value < 1 or value > 99:
-        raise ValueError("注册码可用次数必须在 1 到 99 之间。")
-    return value
-def _parse_iso_date(raw_value: str | None, label: str) -> str:
-    raw_text = str(raw_value or "").strip()
-    if not raw_text:
-        raise ValueError(f"{label}不能为空。")
-    try:
-        return date_cls.fromisoformat(raw_text).isoformat()
-    except ValueError as exc:
-        raise ValueError(f"{label}格式无效，请使用 YYYY-MM-DD。") from exc
-def _parse_clock_time(raw_value: str | None, label: str) -> str:
-    raw_text = str(raw_value or "").strip()
-    if not raw_text:
-        raise ValueError(f"{label}不能为空。")
-    try:
-        return time_cls.fromisoformat(raw_text).strftime("%H:%M")
-    except ValueError as exc:
-        raise ValueError(f"{label}格式无效，请使用 HH:MM。") from exc
-def _parse_schedule_form(form) -> dict:
-    enabled = str(form.get("schedule_enabled", "")).lower() in {"1", "true", "on", "yes"}
-    start_date_raw = form.get("start_date", "")
-    end_date_raw = form.get("end_date", "")
-    daily_start_time_raw = form.get("daily_start_time", "")
-    daily_stop_time_raw = form.get("daily_stop_time", "")
-    has_any_value = enabled or any(str(value or "").strip() for value in (start_date_raw, end_date_raw, daily_start_time_raw, daily_stop_time_raw))
-    if not has_any_value:
-        return {
-            "is_enabled": False,
-            "start_date": None,
-            "end_date": None,
-            "daily_start_time": None,
-            "daily_stop_time": None,
-        }
-    start_date = _parse_iso_date(start_date_raw, "开始日期")
-    end_date = _parse_iso_date(end_date_raw, "结束日期")
-    daily_start_time = _parse_clock_time(daily_start_time_raw, "每日启动时间")
-    daily_stop_time = _parse_clock_time(daily_stop_time_raw, "每日停止时间")
-    if end_date < start_date:
-        raise ValueError("结束日期不能早于开始日期。")
-    if daily_stop_time <= daily_start_time:
-        raise ValueError("每日停止时间必须晚于每日启动时间。")
-    return {
-        "is_enabled": enabled,
-        "start_date": start_date,
-        "end_date": end_date,
-        "daily_start_time": daily_start_time,
-        "daily_stop_time": daily_stop_time,
-    }
-def _user_owns_course(user_id: int, course_target_id: int) -> bool:
-    return any(course["id"] == course_target_id for course in store.list_courses_for_user(user_id))
-def _build_user_dashboard_context(user: dict) -> dict:
-    return {
-        "current_user": user,
-        "courses": store.list_courses_for_user(user["id"]),
-        "task": store.get_latest_task_for_user(user["id"]),
-        "schedule": store.get_user_schedule(user["id"]),
-        "recent_logs": store.list_recent_logs(user_id=user["id"], limit=config.logs_page_size),
-    }
-def _build_admin_dashboard_context() -> dict:
-    users = store.list_users()
-    for user in users:
-        user["courses"] = store.list_courses_for_user(user["id"])
-        user["latest_task"] = store.get_latest_task_for_user(user["id"])
-        user["schedule"] = store.get_user_schedule(user["id"])
-    admin_identity = _get_admin_identity()
-    return {
-        "users": users,
-        "admins": store.list_admins(),
-        "registration_codes": store.list_registration_codes(limit=60),
-        "stats": store.get_admin_stats(),
-        "recent_tasks": store.list_recent_tasks(limit=18),
-        "recent_logs": store.list_recent_logs(limit=config.logs_page_size),
-        "parallel_limit": store.get_parallel_limit(),
-        "default_refresh_interval_seconds": config.poll_interval_seconds,
-        "is_super_admin": admin_identity["is_super_admin"],
-        "admin_identity": admin_identity,
-    }
-def _queue_task_for_user(user: dict, *, requested_by: str, requested_by_role: str) -> tuple[dict, bool]:
-    return task_manager.queue_task(user["id"], requested_by=requested_by, requested_by_role=requested_by_role)
-def _latest_log_id(logs: list[dict]) -> int:
-    if not logs:
-        return 0
-    return int(logs[-1]["id"])
-@app.get("/")
-def index():
-    if session.get("role") == "user":
-        return redirect(url_for("dashboard"))
-    if session.get("role") == "admin":
-        return redirect(url_for("admin_dashboard"))
-    return redirect(url_for("login"))
-@app.route("/login", methods=["GET", "POST"])
-def login():
-    if request.method == "POST":
-        student_id = request.form.get("student_id", "").strip()
-        password = request.form.get("password", "")
-        user = store.get_user_by_student_id(student_id)
-        if user is None:
-            flash("没有找到该学号对应的账号。如果你有注册码，请先完成注册。", "danger")
-            return render_template("login.html")
-        if not user["is_active"]:
-            flash("该账号已被管理员禁用。", "danger")
-            return render_template("login.html")
-        try:
-            stored_password = secret_box.decrypt(user["password_encrypted"])
-        except Exception:
-            flash("账号数据损坏，请联系管理员重置密码。", "danger")
-            return render_template("login.html")
-        if stored_password != password:
-            flash("学号或密码不正确。", "danger")
-            return render_template("login.html")
-        session.clear()
-        session["role"] = "user"
-        session["user_id"] = user["id"]
-        return redirect(url_for("dashboard"))
-    return render_template("login.html")
-@app.route("/register", methods=["GET", "POST"])
-def register():
-    if request.method == "POST":
-        registration_code = normalize_registration_code(request.form.get("registration_code", ""))
-        student_id = request.form.get("student_id", "").strip()
-        password = request.form.get("password", "").strip()
-        display_name = request.form.get("display_name", "").strip()
-        if not REGISTRATION_CODE_PATTERN.fullmatch(registration_code):
-            flash("请输入有效的注册码。", "danger")
-            return render_template("register.html")
-        if not student_id.isdigit() or not password:
-            flash("请填写学号和教务处密码。", "danger")
-            return render_template("register.html")
-        try:
-            store.register_user_with_code(
-                registration_code,
-                student_id,
-                secret_box.encrypt(password),
-                display_name,
-                refresh_interval_seconds=config.poll_interval_seconds,
-            )
-        except ValueError as exc:
-            flash(str(exc), "danger")
-            return render_template("register.html")
-        flash("注册成功，请使用学号和教务处密码登录。", "success")
-        return redirect(url_for("login"))
-    return render_template("register.html")
-@app.post("/logout")
-def logout():
-    session.clear()
-    return redirect(url_for("login"))
-@app.route("/admin", methods=["GET", "POST"])
-def admin_login():
-    if request.method == "POST":
-        username = request.form.get("username", "").strip()
-        password = request.form.get("password", "")
-        is_super_admin = username == config.super_admin_username and password == config.super_admin_password
-        admin_row = store.get_admin_by_username(username)
-        is_regular_admin = bool(admin_row and verify_password(admin_row["password_hash"], password))
-        if not is_super_admin and not is_regular_admin:
-            flash("管理员账号或密码错误。", "danger")
-            return render_template("admin_login.html")
-        session.clear()
-        session["role"] = "admin"
-        session["admin_username"] = username
-        session["is_super_admin"] = is_super_admin
-        return redirect(url_for("admin_dashboard"))
-    return render_template("admin_login.html")
-@app.post("/admin/logout")
-def admin_logout():
-    session.clear()
     return redirect(url_for("admin_login"))
-@app.get("/dashboard")
-@_login_required("user")
-def dashboard():
-    user = _get_current_user()
-    if user is None:
-        session.clear()
-        return redirect(url_for("login"))
-    return render_template("dashboard.html", **_build_user_dashboard_context(user))
-@app.post("/dashboard/profile")
-@_login_required("user")
-def update_profile():
-    user = _get_current_user()
-    if user is None:
-        session.clear()
-        return redirect(url_for("login"))
-    password = request.form.get("password", "").strip()
-    display_name = request.form.get("display_name", "").strip()
-    if not password:
-        flash("密码不能为空。", "danger")
-        return redirect(url_for("dashboard"))
-    store.update_user(user["id"], password_encrypted=secret_box.encrypt(password), display_name=display_name)
-    flash("账号信息已更新。", "success")
-    return redirect(url_for("dashboard"))
-@app.post("/dashboard/settings/runtime")
-@_login_required("user")
-def update_runtime_settings():
-    user = _get_current_user()
-    if user is None:
-        session.clear()
-        return redirect(url_for("login"))
-    try:
-        refresh_interval_seconds = _parse_refresh_interval(
-            request.form.get("refresh_interval_seconds"),
-            default=int(user.get("refresh_interval_seconds") or config.poll_interval_seconds),
-        )
-    except ValueError as exc:
-        flash(str(exc), "danger")
-        return redirect(url_for("dashboard"))
-    store.update_user(user["id"], refresh_interval_seconds=refresh_interval_seconds)
-    flash(f"未命中课程后的刷新间隔已更新为 {refresh_interval_seconds} 秒。", "success")
-    return redirect(url_for("dashboard"))
-@app.post("/dashboard/courses")
-@_login_required("user")
-def add_course():
-    user = _get_current_user()
-    if user is None:
-        session.clear()
-        return redirect(url_for("login"))
-    category = request.form.get("category", "free")
-    course_id = request.form.get("course_id", "")
-    course_index = request.form.get("course_index", "")
-    normalized_target = _validate_course_target(course_id, course_index)
-    if normalized_target is None:
-        flash("课程号需要使用 1-32 位字母或数字，课序号需要使用 1-8 位字母或数字。", "danger")
-        return redirect(url_for("dashboard"))
-    normalized_course_id, normalized_course_index = normalized_target
-    store.add_course(user["id"], category, normalized_course_id, normalized_course_index)
-    flash("课程已加入任务列表。", "success")
-    return redirect(url_for("dashboard"))
-@app.post("/dashboard/courses/<int:course_target_id>/delete")
-@_login_required("user")
-def delete_course(course_target_id: int):
-    user = _get_current_user()
-    if user is None:
-        session.clear()
-        return redirect(url_for("login"))
-    if not _user_owns_course(user["id"], course_target_id):
-        flash("不能删除不属于当前账号的课程。", "danger")
-        return redirect(url_for("dashboard"))
-    store.delete_course(course_target_id)
-    flash("课程已移除。", "success")
-    return redirect(url_for("dashboard"))
-@app.post("/dashboard/task/start")
-@_login_required("user")
-def start_task():
-    user = _get_current_user()
-    if user is None:
-        session.clear()
-        return redirect(url_for("login"))
-    task, created = _queue_task_for_user(user, requested_by=user["student_id"], requested_by_role="user")
-    flash("任务已启动。" if created else f"已有任务处于 {TASK_LABELS.get(task['status'], task['status'])} 状态。", "success" if created else "warning")
-    return redirect(url_for("dashboard"))
-@app.post("/dashboard/task/stop")
-@_login_required("user")
-def stop_task():
-    user = _get_current_user()
-    if user is None:
-        session.clear()
-        return redirect(url_for("login"))
-    active_task = store.find_active_task_for_user(user["id"])
-    if active_task and task_manager.stop_task(active_task["id"]):
-        flash("停止请求已发送。", "success")
-    else:
-        flash("当前没有可停止的任务。", "warning")
-    return redirect(url_for("dashboard"))
-@app.get("/admin/dashboard")
-@_login_required("admin")
-def admin_dashboard():
-    return render_template("admin_dashboard.html", **_build_admin_dashboard_context())
-@app.post("/admin/settings/parallel-limit")
-@_login_required("admin")
-def update_parallel_limit():
-    try:
-        parallel_limit = max(1, min(8, int(request.form.get("parallel_limit", str(config.default_parallel_limit)))))
-    except ValueError:
-        flash("并行数必须是 1 到 8 的整数。", "danger")
-        return redirect(url_for("admin_dashboard"))
-    store.set_parallel_limit(parallel_limit)
-    flash(f"并行数已更新为 {parallel_limit}。", "success")
-    return redirect(url_for("admin_dashboard"))
-@app.post("/admin/users")
-@_login_required("admin")
-def create_user():
-    student_id = request.form.get("student_id", "").strip()
-    password = request.form.get("password", "").strip()
-    display_name = request.form.get("display_name", "").strip()
-    try:
-        refresh_interval_seconds = _parse_refresh_interval(
-            request.form.get("refresh_interval_seconds"),
-            default=config.poll_interval_seconds,
-        )
-    except ValueError as exc:
-        flash(str(exc), "danger")
-        return redirect(url_for("admin_dashboard"))
-    if not student_id.isdigit() or not password:
-        flash("请填写有效的学号和密码。", "danger")
-        return redirect(url_for("admin_dashboard"))
-    if store.get_user_by_student_id(student_id):
-        flash("该学号已经存在。", "warning")
-        return redirect(url_for("admin_dashboard"))
-    store.create_user(
-        student_id,
-        secret_box.encrypt(password),
-        display_name,
-        refresh_interval_seconds=refresh_interval_seconds,
-    )
-    flash("用户已创建。", "success")
-    return redirect(url_for("admin_dashboard"))
-@app.post("/admin/users/<int:user_id>/update")
-@_login_required("admin")
-def update_user(user_id: int):
-    user = store.get_user(user_id)
-    if user is None:
-        flash("用户不存在。", "danger")
-        return redirect(url_for("admin_dashboard"))
-    display_name = request.form.get("display_name", user["display_name"]).strip()
-    password = request.form.get("password", "").strip()
-    try:
-        refresh_interval_seconds = _parse_refresh_interval(
-            request.form.get("refresh_interval_seconds"),
-            default=int(user.get("refresh_interval_seconds") or config.poll_interval_seconds),
-        )
-    except ValueError as exc:
-        flash(str(exc), "danger")
-        return redirect(url_for("admin_dashboard"))
-    if password:
-        store.update_user(
-            user_id,
-            display_name=display_name,
-            password_encrypted=secret_box.encrypt(password),
-            refresh_interval_seconds=refresh_interval_seconds,
-        )
-    else:
-        store.update_user(user_id, display_name=display_name, refresh_interval_seconds=refresh_interval_seconds)
-    flash("用户信息已更新。", "success")
-    return redirect(url_for("admin_dashboard"))
-@app.post("/admin/users/<int:user_id>/toggle")
-@_login_required("admin")
-def toggle_user(user_id: int):
-    updated = store.toggle_user_active(user_id)
-    if updated is None:
-        flash("用户不存在。", "danger")
-    else:
-        flash("用户状态已切换。", "success")
-    return redirect(url_for("admin_dashboard"))
-@app.post("/admin/users/<int:user_id>/delete")
-@_login_required("admin")
-def delete_user_by_admin(user_id: int):
-    user = store.get_user(user_id)
-    if user is None:
-        flash("用户不存在。", "danger")
-        return redirect(url_for("admin_dashboard"))
-    active_task = store.find_active_task_for_user(user_id)
-    if active_task is not None:
-        flash("请先停止该用户当前任务，再删除用户。", "danger")
-        return redirect(url_for("admin_dashboard"))
-    store.delete_user(user_id)
-    flash("用户及其课程、日志、定时设置已删除。", "success")
-    return redirect(url_for("admin_dashboard"))
-@app.post("/admin/users/<int:user_id>/schedule")
-@_login_required("admin")
-def update_user_schedule(user_id: int):
-    if store.get_user(user_id) is None:
-        flash("用户不存在。", "danger")
-        return redirect(url_for("admin_dashboard"))
-    try:
-        schedule_payload = _parse_schedule_form(request.form)
-    except ValueError as exc:
-        flash(str(exc), "danger")
-        return redirect(url_for("admin_dashboard"))
-    store.upsert_user_schedule(user_id, **schedule_payload)
-    flash("定时启动终止设置已更新。", "success")
-    return redirect(url_for("admin_dashboard"))
-@app.post("/admin/users/<int:user_id>/courses")
-@_login_required("admin")
-def admin_add_course(user_id: int):
-    if store.get_user(user_id) is None:
-        flash("用户不存在。", "danger")
-        return redirect(url_for("admin_dashboard"))
-    category = request.form.get("category", "free")
-    course_id = request.form.get("course_id", "")
-    course_index = request.form.get("course_index", "")
-    normalized_target = _validate_course_target(course_id, course_index)
-    if normalized_target is None:
-        flash("课程号需要使用 1-32 位字母或数字，课序号需要使用 1-8 位字母或数字。", "danger")
-        return redirect(url_for("admin_dashboard"))
-    normalized_course_id, normalized_course_index = normalized_target
-    store.add_course(user_id, category, normalized_course_id, normalized_course_index)
-    flash("课程已添加到对应用户。", "success")
-    return redirect(url_for("admin_dashboard"))
-@app.post("/admin/courses/<int:course_target_id>/delete")
-@_login_required("admin")
-def admin_delete_course(course_target_id: int):
-    store.delete_course(course_target_id)
-    flash("课程已删除。", "success")
-    return redirect(url_for("admin_dashboard"))
-@app.post("/admin/users/<int:user_id>/task/start")
-@_login_required("admin")
-def admin_start_user_task(user_id: int):
-    user = store.get_user(user_id)
-    if user is None:
-        flash("用户不存在。", "danger")
-        return redirect(url_for("admin_dashboard"))
-    admin_identity = _get_admin_identity()
-    task, created = _queue_task_for_user(user, requested_by=admin_identity["username"], requested_by_role="admin")
-    flash("任务已加入队列。" if created else f"该用户已有任务处于 {TASK_LABELS.get(task['status'], task['status'])} 状态。", "success" if created else "warning")
-    return redirect(url_for("admin_dashboard"))
-@app.post("/admin/users/<int:user_id>/task/stop")
-@_login_required("admin")
-def admin_stop_user_task(user_id: int):
-    active_task = store.find_active_task_for_user(user_id)
-    if active_task and task_manager.stop_task(active_task["id"]):
-        flash("已发送停止请求。", "success")
-    else:
-        flash("当前没有可停止任务。", "warning")
-    return redirect(url_for("admin_dashboard"))
-@app.post("/admin/admins")
-@_login_required("admin")
-def create_admin():
-    if not session.get("is_super_admin", False):
-        flash("只有超级管理员可以新增管理员。", "danger")
-        return redirect(url_for("admin_dashboard"))
-    username = request.form.get("username", "").strip()
-    password = request.form.get("password", "").strip()
-    if not username or not password:
-        flash("请填写管理员账号和密码。", "danger")
-        return redirect(url_for("admin_dashboard"))
-    if username == config.super_admin_username or store.get_admin_by_username(username):
-        flash("该管理员账号已存在。", "warning")
-        return redirect(url_for("admin_dashboard"))
-    store.create_admin(username, hash_password(password))
-    flash("管理员已创建。", "success")
-    return redirect(url_for("admin_dashboard"))
-@app.post("/admin/registration-codes")
-@_login_required("admin")
-def create_registration_code():
-    note = request.form.get("note", "").strip()
-    try:
-        max_uses = _parse_registration_code_max_uses(request.form.get("max_uses"))
-    except ValueError as exc:
-        flash(str(exc), "danger")
-        return redirect(url_for("admin_dashboard"))
-    admin_identity = _get_admin_identity()
-    created = store.create_registration_code(created_by=admin_identity["username"], note=note, max_uses=max_uses)
-    flash(f"注册码已创建：{created['code']}", "success")
-    return redirect(url_for("admin_dashboard"))
-@app.post("/admin/registration-codes/<int:registration_code_id>/toggle")
-@_login_required("admin")
-def toggle_registration_code(registration_code_id: int):
-    updated = store.toggle_registration_code_active(registration_code_id)
-    if updated is None:
-        flash("注册码不存在。", "danger")
-    else:
-        flash("注册码状态已更新。", "success")
-    return redirect(url_for("admin_dashboard"))
-@app.get("/api/user/status")
-@_login_required("user")
-def user_status():
-    user = _get_current_user()
-    if user is None:
-        return jsonify({"ok": False}), 401
-    task = store.get_latest_task_for_user(user["id"])
-    return jsonify(
-        {
-            "ok": True,
-            "task": task,
-            "courses": store.list_courses_for_user(user["id"]),
-            "user": {
-                "refresh_interval_seconds": int(user.get("refresh_interval_seconds") or config.poll_interval_seconds),
-            },
-        }
-    )
-@app.get("/api/admin/status")
-@_login_required("admin")
-def admin_status():
-    return jsonify(
-        {
-            "ok": True,
-            "stats": store.get_admin_stats(),
-            "parallel_limit": store.get_parallel_limit(),
-            "recent_tasks": store.list_recent_tasks(limit=12),
-        }
-    )
-@app.get("/api/user/logs/stream")
-@_login_required("user")
-def stream_user_logs():
-    user = _get_current_user()
-    if user is None:
-        return jsonify({"ok": False}), 401
-    last_id = int(request.args.get("last_id", _latest_log_id(store.list_recent_logs(user_id=user["id"], limit=1))))
-    @stream_with_context
-    def generate():
-        current_last_id = last_id
-        while True:
-            logs = store.list_logs_after(current_last_id, user_id=user["id"], limit=60)
-            if logs:
-                for log in logs:
-                    current_last_id = int(log["id"])
-                    yield f"id: {log['id']}\ndata: {json.dumps(log, ensure_ascii=False)}\n\n"
-            else:
-                yield ": keep-alive\n\n"
-            time.sleep(1)
-    response = Response(generate(), mimetype="text/event-stream")
-    response.headers["Cache-Control"] = "no-cache"
-    response.headers["X-Accel-Buffering"] = "no"
-    return response
-@app.get("/api/admin/logs/stream")
-@_login_required("admin")
-def stream_admin_logs():
-    last_id = int(request.args.get("last_id", _latest_log_id(store.list_recent_logs(limit=1))))
-    @stream_with_context
-    def generate():
-        current_last_id = last_id
-        while True:
-            logs = store.list_logs_after(current_last_id, limit=80)
-            if logs:
-                for log in logs:
-                    current_last_id = int(log["id"])
-                    yield f"id: {log['id']}\ndata: {json.dumps(log, ensure_ascii=False)}\n\n"
-            else:
-                yield ": keep-alive\n\n"
-            time.sleep(1)
-    response = Response(generate(), mimetype="text/event-stream")
-    response.headers["Cache-Control"] = "no-cache"
-    response.headers["X-Accel-Buffering"] = "no"
     return response

+from __future__ import annotations
+import atexit
+import json
+import re
+import time
+from datetime import date as date_cls, time as time_cls
+from functools import wraps
+from typing import Callable
+from urllib.parse import urlparse
+from flask import Flask, Response, flash, g, jsonify, redirect, render_template, request, session, stream_with_context, url_for
+from core.config import AppConfig
+from core.db import (
+    DEFAULT_REGISTRATION_CODE_MAX_USES,
+    Database,
+    MAX_REFRESH_INTERVAL_SECONDS,
+    MIN_REFRESH_INTERVAL_SECONDS,
+    normalize_registration_code,
+)
+from core.runtime_logging import configure_logging, get_logger
+from core.security import SecretBox, hash_password, verify_password
+from core.task_manager import TaskManager
+configure_logging()
+APP_LOGGER = get_logger("sacc.web")
+config = AppConfig.load()
+store = Database(
+    config.db_path,
+    default_parallel_limit=config.default_parallel_limit,
+    mysql_ssl_ca_path=config.mysql_ssl_ca_path,
+)
+store.init_db()
+secret_box = SecretBox(config.encryption_key)
+task_manager = TaskManager(config=config, store=store, secret_box=secret_box)
+def _seed_legacy_user() -> None:
+    if store.list_users():
+        return
+    legacy_path = config.root_dir / "user_data.json"
+    if not legacy_path.exists():
+        return
+    try:
+        payload = json.loads(legacy_path.read_text(encoding="utf-8"))
+    except (OSError, json.JSONDecodeError):
+        return
+    student_id = str(payload.get("std_id", "")).strip()
+    password = str(payload.get("password", "")).strip()
+    if not student_id or not password:
+        return
+    user_id = store.create_user(student_id, secret_box.encrypt(password), "Legacy User")
+    for source_key, category in (("a", "plan"), ("b", "free")):
+        for course in payload.get("course", {}).get(source_key, []):
+            course_id = str(course.get("course_id", "")).strip()
+            course_index = str(course.get("course_index", "")).strip()
+            if course_id and course_index:
+                store.add_course(user_id, category, course_id, course_index)
+_seed_legacy_user()
+task_manager.start()
+atexit.register(task_manager.shutdown)
+app = Flask(__name__, template_folder="templates", static_folder="static")
+app.secret_key = config.session_secret
+app.config.update(SESSION_COOKIE_HTTPONLY=True, SESSION_COOKIE_SAMESITE="Lax")
+APP_LOGGER.info(
+    "Application bootstrap complete | data_dir=%s db_path=%s backend=%s chrome_binary=%s chromedriver_path=%s default_parallel_limit=%s schedule_timezone=%s",
+    config.data_dir,
+    config.db_path,
+    config.database_backend,
+    config.chrome_binary,
+    config.chromedriver_path,
+    config.default_parallel_limit,
+    config.schedule_timezone,
+)
+CATEGORY_LABELS = {
+    "plan": "方案选课",
+    "free": "自由选课",
+}
+TASK_LABELS = {
+    "pending": "排队中",
+    "running": "执行中",
+    "cancel_requested": "停止中",
+    "completed": "已完成",
+    "stopped": "已停止",
+    "failed": "失败",
+}
+SKIPPED_REQUEST_LOG_PREFIXES = (
+    "/static/",
+    "/api/",
+)
+SKIPPED_REQUEST_LOG_PATHS = {
+    "/favicon.ico",
+}
+COURSE_ID_PATTERN = re.compile(r"^[0-9A-Za-z]{1,32}$")
+COURSE_INDEX_PATTERN = re.compile(r"^[0-9A-Za-z]{1,8}$")
+REGISTRATION_CODE_PATTERN = re.compile(r"^[A-Z0-9-]{6,64}$")
+def _current_actor_label() -> str:
+    role = session.get("role", "guest")
+    if role == "user":
+        return f"user:{session.get('user_id', '-')}"
+    if role == "admin":
+        return f"admin:{session.get('admin_username', '-')}"
+    return "guest"
+@app.before_request
+def before_request_logging() -> None:
+    g.request_started_at = time.perf_counter()
+@app.after_request
+def after_request_logging(response):
+    if request.path in SKIPPED_REQUEST_LOG_PATHS:
+        return response
+    if any(request.path.startswith(prefix) for prefix in SKIPPED_REQUEST_LOG_PREFIXES):
+        return response
+    started_at = getattr(g, "request_started_at", None)
+    duration_ms = 0.0 if started_at is None else (time.perf_counter() - started_at) * 1000
+    remote_addr = request.headers.get("x-forwarded-for") or request.remote_addr or "-"
+    APP_LOGGER.info(
+        "HTTP %s %s -> %s in %.1fms | actor=%s remote=%s",
+        request.method,
+        request.path,
+        response.status_code,
+        duration_ms,
+        _current_actor_label(),
+        remote_addr,
+    )
+    return response
+@app.context_processor
+def inject_globals() -> dict:
+    return {
+        "category_labels": CATEGORY_LABELS,
+        "task_labels": TASK_LABELS,
+        "session_role": session.get("role", "guest"),
+        "refresh_interval_min": MIN_REFRESH_INTERVAL_SECONDS,
+        "refresh_interval_max": MAX_REFRESH_INTERVAL_SECONDS,
+        "default_refresh_interval_seconds": config.poll_interval_seconds,
+        "default_registration_code_max_uses": DEFAULT_REGISTRATION_CODE_MAX_USES,
+    }
+def _login_required(role: str) -> Callable:
+    def decorator(view: Callable) -> Callable:
+        @wraps(view)
+        def wrapped(*args, **kwargs):
+            current_role = session.get("role")
+            if role == "user" and current_role != "user":
+                flash("请先登录学生账号。", "warning")
+                return redirect(url_for("login"))
+            if role == "admin" and current_role != "admin":
+                flash("请先登录管理员账号。", "warning")
+                return redirect(url_for("admin_login"))
+            return view(*args, **kwargs)
+        return wrapped
+    return decorator
+def _get_current_user() -> dict | None:
+    user_id = session.get("user_id")
+    if not user_id:
+        return None
+    return store.get_user(int(user_id))
+def _get_admin_identity() -> dict:
+    return {
+        "username": session.get("admin_username", ""),
+        "is_super_admin": bool(session.get("is_super_admin", False)),
+    }
+def _normalize_course_token(raw_value: str) -> str:
+    return re.sub(r"\s+", "", str(raw_value or "")).upper()
+def _validate_course_target(course_id: str, course_index: str) -> tuple[str, str] | None:
+    normalized_course_id = _normalize_course_token(course_id)
+    normalized_course_index = _normalize_course_token(course_index)
+    if not COURSE_ID_PATTERN.fullmatch(normalized_course_id):
+        return None
+    if not COURSE_INDEX_PATTERN.fullmatch(normalized_course_index):
+        return None
+    return normalized_course_id, normalized_course_index
+def _parse_refresh_interval(raw_value: str | None, *, default: int) -> int:
+    raw_text = str(raw_value or "").strip()
+    if not raw_text:
+        return default
+    try:
+        interval = int(raw_text)
+    except ValueError as exc:
+        raise ValueError(f"刷新间隔必须是 {MIN_REFRESH_INTERVAL_SECONDS} 到 {MAX_REFRESH_INTERVAL_SECONDS} 之间的整数。") from exc
+    if interval < MIN_REFRESH_INTERVAL_SECONDS or interval > MAX_REFRESH_INTERVAL_SECONDS:
+        raise ValueError(f"刷新间隔必须在 {MIN_REFRESH_INTERVAL_SECONDS} 到 {MAX_REFRESH_INTERVAL_SECONDS} 秒之间。")
+    return interval
+def _parse_registration_code_max_uses(raw_value: str | None) -> int:
+    raw_text = str(raw_value or "").strip()
+    if not raw_text:
+        return DEFAULT_REGISTRATION_CODE_MAX_USES
+    try:
+        value = int(raw_text)
+    except ValueError as exc:
+        raise ValueError("注册码可用次数必须是 1 到 99 之间的整数。") from exc
+    if value < 1 or value > 99:
+        raise ValueError("注册码可用次数必须在 1 到 99 之间。")
+    return value
+def _parse_iso_date(raw_value: str | None, label: str) -> str:
+    raw_text = str(raw_value or "").strip()
+    if not raw_text:
+        raise ValueError(f"{label}不能为空。")
+    try:
+        return date_cls.fromisoformat(raw_text).isoformat()
+    except ValueError as exc:
+        raise ValueError(f"{label}格式无效，请使用 YYYY-MM-DD。") from exc
+def _parse_clock_time(raw_value: str | None, label: str) -> str:
+    raw_text = str(raw_value or "").strip()
+    if not raw_text:
+        raise ValueError(f"{label}不能为空。")
+    try:
+        return time_cls.fromisoformat(raw_text).strftime("%H:%M")
+    except ValueError as exc:
+        raise ValueError(f"{label}格式无效，请使用 HH:MM。") from exc
+def _parse_schedule_form(form) -> dict:
+    enabled = str(form.get("schedule_enabled", "")).lower() in {"1", "true", "on", "yes"}
+    start_date_raw = form.get("start_date", "")
+    end_date_raw = form.get("end_date", "")
+    daily_start_time_raw = form.get("daily_start_time", "")
+    daily_stop_time_raw = form.get("daily_stop_time", "")
+    has_any_value = enabled or any(str(value or "").strip() for value in (start_date_raw, end_date_raw, daily_start_time_raw, daily_stop_time_raw))
+    if not has_any_value:
+        return {
+            "is_enabled": False,
+            "start_date": None,
+            "end_date": None,
+            "daily_start_time": None,
+            "daily_stop_time": None,
+        }
+    start_date = _parse_iso_date(start_date_raw, "开始日期")
+    end_date = _parse_iso_date(end_date_raw, "结束日期")
+    daily_start_time = _parse_clock_time(daily_start_time_raw, "每日启动时间")
+    daily_stop_time = _parse_clock_time(daily_stop_time_raw, "每日停止时间")
+    if end_date < start_date:
+        raise ValueError("结束���期不能早于开始日期。")
+    if daily_stop_time <= daily_start_time:
+        raise ValueError("每日停止时间必须晚于每日启动时间。")
+    return {
+        "is_enabled": enabled,
+        "start_date": start_date,
+        "end_date": end_date,
+        "daily_start_time": daily_start_time,
+        "daily_stop_time": daily_stop_time,
+    }
+def _user_owns_course(user_id: int, course_target_id: int) -> bool:
+    return any(course["id"] == course_target_id for course in store.list_courses_for_user(user_id))
+def _build_user_dashboard_context(user: dict) -> dict:
+    return {
+        "current_user": user,
+        "courses": store.list_courses_for_user(user["id"]),
+        "task": store.get_latest_task_for_user(user["id"]),
+        "schedule": store.get_user_schedule(user["id"]),
+        "recent_logs": store.list_recent_logs(user_id=user["id"], limit=config.logs_page_size),
+    }
+def _load_admin_users(*, include_courses: bool = True, include_latest_task: bool = True, include_schedule: bool = True) -> list[dict]:
+    users = store.list_users()
+    for user in users:
+        if include_courses:
+            user["courses"] = store.list_courses_for_user(user["id"])
+        if include_latest_task:
+            user["latest_task"] = store.get_latest_task_for_user(user["id"])
+        if include_schedule:
+            user["schedule"] = store.get_user_schedule(user["id"])
+    return users
+def _build_admin_base_context(active_page: str, *, page_title: str, page_description: str) -> dict:
+    admin_identity = _get_admin_identity()
+    return {
+        "admin_identity": admin_identity,
+        "is_super_admin": admin_identity["is_super_admin"],
+        "admin_page": active_page,
+        "page_title": page_title,
+        "page_description": page_description,
+    }
+def _build_admin_dashboard_context() -> dict:
+    context = _build_admin_base_context(
+        "overview",
+        page_title="Overview",
+        page_description="Review system metrics, recent tasks, and admin-level settings.",
+    )
+    context.update(
+        {
+            "stats": store.get_admin_stats(),
+            "recent_tasks": store.list_recent_tasks(limit=18),
+            "parallel_limit": store.get_parallel_limit(),
+            "admins": store.list_admins(),
+            "status_url": url_for("admin_status"),
+        }
+    )
+    return context
+def _build_admin_users_context() -> dict:
+    context = _build_admin_base_context(
+        "users",
+        page_title="Users",
+        page_description="Manage user accounts, course targets, and task operations.",
+    )
+    context.update(
+        {
+            "users": _load_admin_users(include_courses=True, include_latest_task=True, include_schedule=True),
+        }
+    )
+    return context
+def _build_admin_schedules_context() -> dict:
+    context = _build_admin_base_context(
+        "schedules",
+        page_title="Schedules",
+        page_description="Configure per-user auto start and stop windows by date and time.",
+    )
+    users = _load_admin_users(include_courses=False, include_latest_task=True, include_schedule=True)
+    context.update(
+        {
+            "users": users,
+            "stats": store.get_admin_stats(),
+        }
+    )
+    return context
+def _build_admin_registration_codes_context() -> dict:
+    context = _build_admin_base_context(
+        "registration_codes",
+        page_title="Codes",
+        page_description="Create registration codes and inspect their usage state.",
+    )
+    context.update(
+        {
+            "registration_codes": store.list_registration_codes(limit=60),
+            "stats": store.get_admin_stats(),
+        }
+    )
+    return context
+def _build_admin_logs_context() -> dict:
+    recent_logs = store.list_recent_logs(limit=config.logs_page_size)
+    context = _build_admin_base_context(
+        "logs",
+        page_title="Logs",
+        page_description="Review live global logs for task execution and troubleshooting.",
+    )
+    context.update(
+        {
+            "recent_logs": recent_logs,
+            "log_stream_url": url_for("stream_admin_logs", last_id=recent_logs[-1]["id"] if recent_logs else 0),
+        }
+    )
+    return context
+def _queue_task_for_user(user: dict, *, requested_by: str, requested_by_role: str) -> tuple[dict, bool]:
+    return task_manager.queue_task(user["id"], requested_by=requested_by, requested_by_role=requested_by_role)
+def _latest_log_id(logs: list[dict]) -> int:
+    if not logs:
+        return 0
+    return int(logs[-1]["id"])
+def _admin_post_redirect(default_endpoint: str):
+    target = (request.form.get("next") or request.referrer or "").strip()
+    if target:
+        parsed = urlparse(target)
+        same_host = not parsed.netloc or parsed.netloc == request.host
+        if same_host and (parsed.path or "").startswith("/admin"):
+            safe_target = parsed.path or url_for(default_endpoint)
+            if parsed.query:
+                safe_target = f"{safe_target}?{parsed.query}"
+            return redirect(safe_target)
+    return redirect(url_for(default_endpoint))
+@app.get("/")
+def index():
+    if session.get("role") == "user":
+        return redirect(url_for("dashboard"))
+    if session.get("role") == "admin":
+        return redirect(url_for("admin_dashboard"))
+    return redirect(url_for("login"))
+@app.route("/login", methods=["GET", "POST"])
+def login():
+    if request.method == "POST":
+        student_id = request.form.get("student_id", "").strip()
+        password = request.form.get("password", "")
+        user = store.get_user_by_student_id(student_id)
+        if user is None:
+            flash("没有找到该学号对应的账号。如果你有注册码，请先完成注册。", "danger")
+            return render_template("login.html")
+        if not user["is_active"]:
+            flash("该账号已被管理员禁用。", "danger")
+            return render_template("login.html")
+        try:
+            stored_password = secret_box.decrypt(user["password_encrypted"])
+        except Exception:
+            flash("账号数据损坏，请联系管理员重置密码。", "danger")
+            return render_template("login.html")
+        if stored_password != password:
+            flash("学号或密码不正确。", "danger")
+            return render_template("login.html")
+        session.clear()
+        session["role"] = "user"
+        session["user_id"] = user["id"]
+        return redirect(url_for("dashboard"))
+    return render_template("login.html")
+@app.route("/register", methods=["GET", "POST"])
+def register():
+    if request.method == "POST":
+        registration_code = normalize_registration_code(request.form.get("registration_code", ""))
+        student_id = request.form.get("student_id", "").strip()
+        password = request.form.get("password", "").strip()
+        display_name = request.form.get("display_name", "").strip()
+        if not REGISTRATION_CODE_PATTERN.fullmatch(registration_code):
+            flash("请输入有效的注册码。", "danger")
+            return render_template("register.html")
+        if not student_id.isdigit() or not password:
+            flash("请填写学号和教务处密码。", "danger")
+            return render_template("register.html")
+        try:
+            store.register_user_with_code(
+                registration_code,
+                student_id,
+                secret_box.encrypt(password),
+                display_name,
+                refresh_interval_seconds=config.poll_interval_seconds,
+            )
+        except ValueError as exc:
+            flash(str(exc), "danger")
+            return render_template("register.html")
+        flash("注册成功，请使用学号和教务处密码登录。", "success")
+        return redirect(url_for("login"))
+    return render_template("register.html")
+@app.post("/logout")
+def logout():
+    session.clear()
+    return redirect(url_for("login"))
+@app.route("/admin", methods=["GET", "POST"])
+def admin_login():
+    if request.method == "POST":
+        username = request.form.get("username", "").strip()
+        password = request.form.get("password", "")
+        is_super_admin = username == config.super_admin_username and password == config.super_admin_password
+        admin_row = store.get_admin_by_username(username)
+        is_regular_admin = bool(admin_row and verify_password(admin_row["password_hash"], password))
+        if not is_super_admin and not is_regular_admin:
+            flash("管理员账号或密码错误。", "danger")
+            return render_template("admin_login.html")
+        session.clear()
+        session["role"] = "admin"
+        session["admin_username"] = username
+        session["is_super_admin"] = is_super_admin
+        return redirect(url_for("admin_dashboard"))
+    return render_template("admin_login.html")
+@app.post("/admin/logout")
+def admin_logout():
+    session.clear()
     return redirect(url_for("admin_login"))
+@app.get("/dashboard")
+@_login_required("user")
+def dashboard():
+    user = _get_current_user()
+    if user is None:
+        session.clear()
+        return redirect(url_for("login"))
+    return render_template("dashboard.html", **_build_user_dashboard_context(user))
+@app.post("/dashboard/profile")
+@_login_required("user")
+def update_profile():
+    user = _get_current_user()
+    if user is None:
+        session.clear()
+        return redirect(url_for("login"))
+    password = request.form.get("password", "").strip()
+    display_name = request.form.get("display_name", "").strip()
+    if not password:
+        flash("密码不能为空。", "danger")
+        return redirect(url_for("dashboard"))
+    store.update_user(user["id"], password_encrypted=secret_box.encrypt(password), display_name=display_name)
+    flash("账号信息已更新。", "success")
+    return redirect(url_for("dashboard"))
+@app.post("/dashboard/settings/runtime")
+@_login_required("user")
+def update_runtime_settings():
+    user = _get_current_user()
+    if user is None:
+        session.clear()
+        return redirect(url_for("login"))
+    try:
+        refresh_interval_seconds = _parse_refresh_interval(
+            request.form.get("refresh_interval_seconds"),
+            default=int(user.get("refresh_interval_seconds") or config.poll_interval_seconds),
+        )
+    except ValueError as exc:
+        flash(str(exc), "danger")
+        return redirect(url_for("dashboard"))
+    store.update_user(user["id"], refresh_interval_seconds=refresh_interval_seconds)
+    flash(f"未命中课程后的刷新间隔已更新为 {refresh_interval_seconds} 秒。", "success")
+    return redirect(url_for("dashboard"))
+@app.post("/dashboard/courses")
+@_login_required("user")
+def add_course():
+    user = _get_current_user()
+    if user is None:
+        session.clear()
+        return redirect(url_for("login"))
+    category = request.form.get("category", "free")
+    course_id = request.form.get("course_id", "")
+    course_index = request.form.get("course_index", "")
+    normalized_target = _validate_course_target(course_id, course_index)
+    if normalized_target is None:
+        flash("课程号需要使用 1-32 位字母或数字，课序号需要使用 1-8 位字母或数字。", "danger")
+        return redirect(url_for("dashboard"))
+    normalized_course_id, normalized_course_index = normalized_target
+    store.add_course(user["id"], category, normalized_course_id, normalized_course_index)
+    flash("课程已加入任务列表。", "success")
+    return redirect(url_for("dashboard"))
+@app.post("/dashboard/courses/<int:course_target_id>/delete")
+@_login_required("user")
+def delete_course(course_target_id: int):
+    user = _get_current_user()
+    if user is None:
+        session.clear()
+        return redirect(url_for("login"))
+    if not _user_owns_course(user["id"], course_target_id):
+        flash("不能删除不属于当前账号的课程。", "danger")
+        return redirect(url_for("dashboard"))
+    store.delete_course(course_target_id)
+    flash("课程已移除。", "success")
+    return redirect(url_for("dashboard"))
+@app.post("/dashboard/task/start")
+@_login_required("user")
+def start_task():
+    user = _get_current_user()
+    if user is None:
+        session.clear()
+        return redirect(url_for("login"))
+    task, created = _queue_task_for_user(user, requested_by=user["student_id"], requested_by_role="user")
+    flash("任务已启动。" if created else f"已有任务处于 {TASK_LABELS.get(task['status'], task['status'])} 状态。", "success" if created else "warning")
+    return redirect(url_for("dashboard"))
+@app.post("/dashboard/task/stop")
+@_login_required("user")
+def stop_task():
+    user = _get_current_user()
+    if user is None:
+        session.clear()
+        return redirect(url_for("login"))
+    active_task = store.find_active_task_for_user(user["id"])
+    if active_task and task_manager.stop_task(active_task["id"]):
+        flash("停止请求已发送。", "success")
+    else:
+        flash("当前没有可停止的任务。", "warning")
+    return redirect(url_for("dashboard"))
+@app.get("/admin/dashboard")
+@_login_required("admin")
+def admin_dashboard():
+    return render_template("admin_dashboard.html", **_build_admin_dashboard_context())
+@app.get("/admin/users")
+@_login_required("admin")
+def admin_users():
+    return render_template("admin_users.html", **_build_admin_users_context())
+@app.get("/admin/schedules")
+@_login_required("admin")
+def admin_schedules():
+    return render_template("admin_schedules.html", **_build_admin_schedules_context())
+@app.get("/admin/registration-codes")
+@_login_required("admin")
+def admin_registration_codes():
+    return render_template("admin_registration_codes.html", **_build_admin_registration_codes_context())
+@app.get("/admin/logs")
+@_login_required("admin")
+def admin_logs():
+    return render_template("admin_logs.html", **_build_admin_logs_context())
+@app.post("/admin/settings/parallel-limit")
+@_login_required("admin")
+def update_parallel_limit():
+    try:
+        parallel_limit = max(1, min(8, int(request.form.get("parallel_limit", str(config.default_parallel_limit)))))
+    except ValueError:
+        flash("并行数必须是 1 到 8 的整数。", "danger")
+        return _admin_post_redirect("admin_dashboard")
+    store.set_parallel_limit(parallel_limit)
+    flash(f"并行数已更新为 {parallel_limit}。", "success")
+    return _admin_post_redirect("admin_dashboard")
+@app.post("/admin/users")
+@_login_required("admin")
+def create_user():
+    student_id = request.form.get("student_id", "").strip()
+    password = request.form.get("password", "").strip()
+    display_name = request.form.get("display_name", "").strip()
+    try:
+        refresh_interval_seconds = _parse_refresh_interval(
+            request.form.get("refresh_interval_seconds"),
+            default=config.poll_interval_seconds,
+        )
+    except ValueError as exc:
+        flash(str(exc), "danger")
+        return _admin_post_redirect("admin_users")
+    if not student_id.isdigit() or not password:
+        flash("请填写有效的学号和密码。", "danger")
+        return _admin_post_redirect("admin_users")
+    if store.get_user_by_student_id(student_id):
+        flash("该学号已经存在。", "warning")
+        return _admin_post_redirect("admin_users")
+    store.create_user(
+        student_id,
+        secret_box.encrypt(password),
+        display_name,
+        refresh_interval_seconds=refresh_interval_seconds,
+    )
+    flash("用户已创建。", "success")
+    return _admin_post_redirect("admin_users")
+@app.post("/admin/users/<int:user_id>/update")
+@_login_required("admin")
+def update_user(user_id: int):
+    user = store.get_user(user_id)
+    if user is None:
+        flash("用户不存在。", "danger")
+        return _admin_post_redirect("admin_users")
+    display_name = request.form.get("display_name", user["display_name"]).strip()
+    password = request.form.get("password", "").strip()
+    try:
+        refresh_interval_seconds = _parse_refresh_interval(
+            request.form.get("refresh_interval_seconds"),
+            default=int(user.get("refresh_interval_seconds") or config.poll_interval_seconds),
+        )
+    except ValueError as exc:
+        flash(str(exc), "danger")
+        return _admin_post_redirect("admin_users")
+    if password:
+        store.update_user(
+            user_id,
+            display_name=display_name,
+            password_encrypted=secret_box.encrypt(password),
+            refresh_interval_seconds=refresh_interval_seconds,
+        )
+    else:
+        store.update_user(user_id, display_name=display_name, refresh_interval_seconds=refresh_interval_seconds)
+    flash("用户信息已更新。", "success")
+    return _admin_post_redirect("admin_users")
+@app.post("/admin/users/<int:user_id>/toggle")
+@_login_required("admin")
+def toggle_user(user_id: int):
+    updated = store.toggle_user_active(user_id)
+    if updated is None:
+        flash("用户不存在。", "danger")
+    else:
+        flash("用户状态已切换。", "success")
+    return _admin_post_redirect("admin_users")
+@app.post("/admin/users/<int:user_id>/delete")
+@_login_required("admin")
+def delete_user_by_admin(user_id: int):
+    user = store.get_user(user_id)
+    if user is None:
+        flash("用户不存在。", "danger")
+        return _admin_post_redirect("admin_users")
+    active_task = store.find_active_task_for_user(user_id)
+    if active_task is not None:
+        flash("请先停止该用户当前任务，再删除用户。", "danger")
+        return _admin_post_redirect("admin_users")
+    store.delete_user(user_id)
+    flash("用户及其课程、日志、定时设置已删除。", "success")
+    return _admin_post_redirect("admin_users")
+@app.post("/admin/users/<int:user_id>/schedule")
+@_login_required("admin")
+def update_user_schedule(user_id: int):
+    if store.get_user(user_id) is None:
+        flash("用户不存在。", "danger")
+        return _admin_post_redirect("admin_schedules")
+    try:
+        schedule_payload = _parse_schedule_form(request.form)
+    except ValueError as exc:
+        flash(str(exc), "danger")
+        return _admin_post_redirect("admin_schedules")
+    store.upsert_user_schedule(user_id, **schedule_payload)
+    flash("定时启动终止设置已更新。", "success")
+    return _admin_post_redirect("admin_schedules")
+@app.post("/admin/users/<int:user_id>/courses")
+@_login_required("admin")
+def admin_add_course(user_id: int):
+    if store.get_user(user_id) is None:
+        flash("用户不存在。", "danger")
+        return _admin_post_redirect("admin_users")
+    category = request.form.get("category", "free")
+    course_id = request.form.get("course_id", "")
+    course_index = request.form.get("course_index", "")
+    normalized_target = _validate_course_target(course_id, course_index)
+    if normalized_target is None:
+        flash("课程号需要使用 1-32 位字母或数字，课序号需要使用 1-8 位字母或数字。", "danger")
+        return _admin_post_redirect("admin_users")
+    normalized_course_id, normalized_course_index = normalized_target
+    store.add_course(user_id, category, normalized_course_id, normalized_course_index)
+    flash("课程已添加到对应用户。", "success")
+    return _admin_post_redirect("admin_users")
+@app.post("/admin/courses/<int:course_target_id>/delete")
+@_login_required("admin")
+def admin_delete_course(course_target_id: int):
+    store.delete_course(course_target_id)
+    flash("课程已删除。", "success")
+    return _admin_post_redirect("admin_users")
+@app.post("/admin/users/<int:user_id>/task/start")
+@_login_required("admin")
+def admin_start_user_task(user_id: int):
+    user = store.get_user(user_id)
+    if user is None:
+        flash("用户不存在。", "danger")
+        return _admin_post_redirect("admin_users")
+    admin_identity = _get_admin_identity()
+    task, created = _queue_task_for_user(user, requested_by=admin_identity["username"], requested_by_role="admin")
+    flash("任务已加入队列。" if created else f"该用户已有任务处于 {TASK_LABELS.get(task['status'], task['status'])} 状态。", "success" if created else "warning")
+    return _admin_post_redirect("admin_users")
+@app.post("/admin/users/<int:user_id>/task/stop")
+@_login_required("admin")
+def admin_stop_user_task(user_id: int):
+    active_task = store.find_active_task_for_user(user_id)
+    if active_task and task_manager.stop_task(active_task["id"]):
+        flash("已发送停止请求。", "success")
+    else:
+        flash("当前没有可停止任务。", "warning")
+    return _admin_post_redirect("admin_users")
+@app.post("/admin/admins")
+@_login_required("admin")
+def create_admin():
+    if not session.get("is_super_admin", False):
+        flash("只有超级管理员可以新增管理员。", "danger")
+        return _admin_post_redirect("admin_dashboard")
+    username = request.form.get("username", "").strip()
+    password = request.form.get("password", "").strip()
+    if not username or not password:
+        flash("请填写管理员账号和密码。", "danger")
+        return _admin_post_redirect("admin_dashboard")
+    if username == config.super_admin_username or store.get_admin_by_username(username):
+        flash("该管理员账号已存在。", "warning")
+        return _admin_post_redirect("admin_dashboard")
+    store.create_admin(username, hash_password(password))
+    flash("管理员已创建。", "success")
+    return _admin_post_redirect("admin_dashboard")
+@app.post("/admin/registration-codes")
+@_login_required("admin")
+def create_registration_code():
+    note = request.form.get("note", "").strip()
+    try:
+        max_uses = _parse_registration_code_max_uses(request.form.get("max_uses"))
+    except ValueError as exc:
+        flash(str(exc), "danger")
+        return _admin_post_redirect("admin_registration_codes")
+    admin_identity = _get_admin_identity()
+    created = store.create_registration_code(created_by=admin_identity["username"], note=note, max_uses=max_uses)
+    flash(f"注册码已创建：{created['code']}", "success")
+    return _admin_post_redirect("admin_registration_codes")
+@app.post("/admin/registration-codes/<int:registration_code_id>/toggle")
+@_login_required("admin")
+def toggle_registration_code(registration_code_id: int):
+    updated = store.toggle_registration_code_active(registration_code_id)
+    if updated is None:
+        flash("注册码不存在。", "danger")
+    else:
+        flash("注册码状态已更新。", "success")
+    return _admin_post_redirect("admin_registration_codes")
+@app.get("/api/user/status")
+@_login_required("user")
+def user_status():
+    user = _get_current_user()
+    if user is None:
+        return jsonify({"ok": False}), 401
+    task = store.get_latest_task_for_user(user["id"])
+    return jsonify(
+        {
+            "ok": True,
+            "task": task,
+            "courses": store.list_courses_for_user(user["id"]),
+            "user": {
+                "refresh_interval_seconds": int(user.get("refresh_interval_seconds") or config.poll_interval_seconds),
+            },
+        }
+    )
+@app.get("/api/admin/status")
+@_login_required("admin")
+def admin_status():
+    return jsonify(
+        {
+            "ok": True,
+            "stats": store.get_admin_stats(),
+            "parallel_limit": store.get_parallel_limit(),
+            "recent_tasks": store.list_recent_tasks(limit=12),
+        }
+    )
+@app.get("/api/user/logs/stream")
+@_login_required("user")
+def stream_user_logs():
+    user = _get_current_user()
+    if user is None:
+        return jsonify({"ok": False}), 401
+    last_id = int(request.args.get("last_id", _latest_log_id(store.list_recent_logs(user_id=user["id"], limit=1))))
+    @stream_with_context
+    def generate():
+        current_last_id = last_id
+        while True:
+            logs = store.list_logs_after(current_last_id, user_id=user["id"], limit=60)
+            if logs:
+                for log in logs:
+                    current_last_id = int(log["id"])
+                    yield f"id: {log['id']}\ndata: {json.dumps(log, ensure_ascii=False)}\n\n"
+            else:
+                yield ": keep-alive\n\n"
+            time.sleep(1)
+    response = Response(generate(), mimetype="text/event-stream")
+    response.headers["Cache-Control"] = "no-cache"
+    response.headers["X-Accel-Buffering"] = "no"
+    return response
+@app.get("/api/admin/logs/stream")
+@_login_required("admin")
+def stream_admin_logs():
+    last_id = int(request.args.get("last_id", _latest_log_id(store.list_recent_logs(limit=1))))
+    @stream_with_context
+    def generate():
+        current_last_id = last_id
+        while True:
+            logs = store.list_logs_after(current_last_id, limit=80)
+            if logs:
+                for log in logs:
+                    current_last_id = int(log["id"])
+                    yield f"id: {log['id']}\ndata: {json.dumps(log, ensure_ascii=False)}\n\n"
+            else:
+                yield ": keep-alive\n\n"
+            time.sleep(1)
+    response = Response(generate(), mimetype="text/event-stream")
+    response.headers["Cache-Control"] = "no-cache"
+    response.headers["X-Accel-Buffering"] = "no"
     return response

static/style.css CHANGED Viewed

@@ -1,704 +1,760 @@
-:root {
-    --bg: #07131d;
-    --bg-2: #0d2030;
-    --panel: rgba(10, 24, 36, 0.82);
-    --panel-strong: rgba(8, 18, 28, 0.94);
-    --line: rgba(151, 204, 213, 0.18);
-    --text: #eef6f6;
-    --muted: #9ab7bd;
-    --primary: #2ed3ad;
-    --primary-deep: #109a88;
-    --secondary: #ffb648;
-    --danger: #ff6f61;
-    --shadow: 0 24px 70px rgba(0, 0, 0, 0.36);
-    --radius-lg: 28px;
-    --radius-md: 20px;
-    --radius-sm: 14px;
-    --font-display: "Space Grotesk", sans-serif;
-    --font-body: "Noto Sans SC", sans-serif;
-}
-* {
-    box-sizing: border-box;
-}
-html {
-    scroll-behavior: smooth;
-}
-body {
-    margin: 0;
-    min-height: 100vh;
-    font-family: var(--font-body);
-    color: var(--text);
-    background:
-        radial-gradient(circle at top left, rgba(20, 110, 116, 0.34), transparent 34%),
-        radial-gradient(circle at top right, rgba(255, 182, 72, 0.16), transparent 28%),
-        linear-gradient(135deg, #041019 0%, #07131d 36%, #0d2030 100%);
-}
-button,
-input,
-select {
-    font: inherit;
-}
-code {
-    padding: 0.15rem 0.45rem;
-    border-radius: 999px;
-    background: rgba(255, 255, 255, 0.08);
-    color: #fff5dd;
-}
-.app-body {
-    position: relative;
-    overflow-x: hidden;
-}
-.bg-orb {
-    position: fixed;
-    width: 28rem;
-    height: 28rem;
-    border-radius: 50%;
-    filter: blur(20px);
-    opacity: 0.42;
-    pointer-events: none;
-    animation: drift 14s ease-in-out infinite;
-}
-.bg-orb-a {
-    top: -10rem;
-    left: -6rem;
-    background: radial-gradient(circle, rgba(46, 211, 173, 0.48), transparent 68%);
-}
-.bg-orb-b {
-    right: -8rem;
-    bottom: -10rem;
-    background: radial-gradient(circle, rgba(255, 182, 72, 0.32), transparent 68%);
-    animation-delay: -6s;
-}
-.bg-grid {
-    position: fixed;
-    inset: 0;
-    background-image:
-        linear-gradient(rgba(255, 255, 255, 0.03) 1px, transparent 1px),
-        linear-gradient(90deg, rgba(255, 255, 255, 0.03) 1px, transparent 1px);
-    background-size: 42px 42px;
-    mask-image: radial-gradient(circle at center, black 42%, transparent 100%);
-    pointer-events: none;
-}
-.page-shell {
-    position: relative;
-    z-index: 1;
-    width: min(1240px, calc(100% - 2rem));
-    margin: 0 auto;
-    padding: 2rem 0 3rem;
-}
-.flash-stack {
-    display: grid;
-    gap: 0.75rem;
-    margin-bottom: 1rem;
-}
-.flash {
-    border: 1px solid rgba(255, 255, 255, 0.12);
-    border-radius: var(--radius-sm);
-    padding: 0.9rem 1rem;
-    backdrop-filter: blur(10px);
-    box-shadow: 0 14px 30px rgba(0, 0, 0, 0.18);
-}
-.flash-success {
-    background: rgba(46, 211, 173, 0.16);
-}
-.flash-warning {
-    background: rgba(255, 182, 72, 0.16);
-}
-.flash-danger {
-    background: rgba(255, 111, 97, 0.16);
-}
-.auth-layout,
-.dashboard-shell {
-    display: grid;
-    gap: 1.4rem;
-}
-.auth-layout {
-    min-height: calc(100vh - 7rem);
-    align-items: center;
-    grid-template-columns: 1.15fr 0.9fr;
-}
-.hero-panel,
-.auth-card,
-.card,
-.metric-card,
-.user-card,
-.empty-state-card {
-    position: relative;
-    border: 1px solid var(--line);
-    border-radius: var(--radius-lg);
-    background: var(--panel);
-    backdrop-filter: blur(18px);
-    box-shadow: var(--shadow);
-}
-.hero-panel,
-.auth-card,
-.card,
-.empty-state-card {
-    padding: 1.7rem;
-}
-.hero-panel {
-    overflow: hidden;
-}
-.hero-panel::after,
-.card::after,
-.auth-card::after {
-    content: "";
-    position: absolute;
-    inset: 0;
-    border-radius: inherit;
-    background: linear-gradient(120deg, rgba(255, 255, 255, 0.12), transparent 22%, transparent 78%, rgba(255, 255, 255, 0.05));
-    pointer-events: none;
-}
-.eyebrow,
-.kicker {
-    display: inline-flex;
-    align-items: center;
-    gap: 0.5rem;
-    font-family: var(--font-display);
-    letter-spacing: 0.12em;
-    text-transform: uppercase;
-    font-size: 0.75rem;
-    color: #9fe8da;
-}
-.hero-panel h1,
-.topbar h1,
-.card-head h2,
-.auth-card h2 {
-    margin: 0.5rem 0 0;
-    font-family: var(--font-display);
-    line-height: 1.05;
-}
-.hero-panel h1 {
-    max-width: 13ch;
-    font-size: clamp(2.8rem, 6vw, 5rem);
-}
-.hero-panel p,
-.card-head p,
-.topbar p,
-.auth-card p,
-.metric-card small,
-.auth-footnote {
-    color: var(--muted);
-    line-height: 1.7;
-}
-.hero-metrics {
-    display: grid;
-    grid-template-columns: repeat(3, minmax(0, 1fr));
-    gap: 1rem;
-    margin-top: 2rem;
-}
-.hero-metrics article {
-    padding: 1rem;
-    border-radius: var(--radius-md);
-    background: rgba(255, 255, 255, 0.05);
-    border: 1px solid rgba(255, 255, 255, 0.08);
-}
-.hero-metrics strong,
-.metric-card strong {
-    display: block;
-    font-family: var(--font-display);
-    font-size: 1.2rem;
-    margin-bottom: 0.25rem;
-}
-.auth-card {
-    max-width: 520px;
-    justify-self: end;
-}
-.card-head {
-    display: grid;
-    gap: 0.35rem;
-    margin-bottom: 1.2rem;
-}
-.card-head.compact {
-    margin-bottom: 1rem;
-}
-.card-head.split,
-.topbar {
-    display: flex;
-    align-items: flex-start;
-    justify-content: space-between;
-    gap: 1rem;
-}
-.form-grid {
-    display: grid;
-    gap: 1rem;
-}
-.form-grid-compact {
-    grid-template-columns: repeat(2, minmax(0, 1fr));
-}
-.slim-form {
-    margin-top: 1rem;
-}
-.field {
-    display: grid;
-    gap: 0.45rem;
-}
-.field span {
-    color: #d4ece6;
-    font-size: 0.92rem;
-}
-.field input,
-.field select {
-    width: 100%;
-    border: 1px solid rgba(255, 255, 255, 0.08);
-    border-radius: 16px;
-    padding: 0.95rem 1rem;
-    background: rgba(5, 14, 22, 0.66);
-    color: var(--text);
-    outline: none;
-    transition: border-color 180ms ease, transform 180ms ease, box-shadow 180ms ease;
-}
-.field input:focus,
-.field select:focus {
-    border-color: rgba(46, 211, 173, 0.85);
-    box-shadow: 0 0 0 4px rgba(46, 211, 173, 0.12);
-    transform: translateY(-1px);
-}
-.span-2 {
-    grid-column: span 2;
-}
-.btn {
-    display: inline-flex;
-    align-items: center;
-    justify-content: center;
-    gap: 0.55rem;
-    min-height: 48px;
-    border: 0;
-    border-radius: 999px;
-    padding: 0 1.2rem;
-    cursor: pointer;
-    transition: transform 180ms ease, box-shadow 180ms ease, opacity 180ms ease;
-    text-decoration: none;
-}
-.btn:hover {
-    transform: translateY(-2px);
-    box-shadow: 0 14px 30px rgba(0, 0, 0, 0.24);
-}
-.btn-primary {
-    background: linear-gradient(135deg, var(--primary) 0%, #4be9c3 100%);
-    color: #052119;
-    font-weight: 800;
-}
-.btn-secondary {
-    background: linear-gradient(135deg, var(--secondary) 0%, #ffd07a 100%);
-    color: #24160a;
-    font-weight: 800;
-}
-.btn-ghost {
-    background: rgba(255, 255, 255, 0.06);
-    color: var(--text);
-    border: 1px solid rgba(255, 255, 255, 0.09);
-}
-.btn-ghost.danger {
-    color: #ffd0ca;
-    border-color: rgba(255, 111, 97, 0.34);
-}
-.btn-lg {
-    min-height: 54px;
-}
-.auth-footnote {
-    margin-top: 1rem;
-    padding-top: 1rem;
-    border-top: 1px solid rgba(255, 255, 255, 0.08);
-}
-.topbar {
-    padding: 1rem 0 0.3rem;
-}
-.metric-grid {
-    display: grid;
-    grid-template-columns: repeat(4, minmax(0, 1fr));
-    gap: 1rem;
-}
-.metric-card {
-    padding: 1.25rem;
-}
-.metric-card span {
-    color: var(--muted);
-    font-size: 0.92rem;
-}
-.metric-card strong {
-    font-size: clamp(1.4rem, 4vw, 2.2rem);
-    margin: 0.35rem 0;
-}
-.content-grid {
-    display: grid;
-    gap: 1rem;
-}
-.dashboard-grid {
-    grid-template-columns: repeat(2, minmax(0, 1fr));
-}
-.admin-grid {
-    grid-template-columns: repeat(2, minmax(0, 1fr));
-}
-.status-strip,
-.button-row,
-.chip-row,
-.course-chip-row {
-    display: flex;
-    align-items: center;
-    gap: 0.7rem;
-    flex-wrap: wrap;
-}
-.wrap-row {
-    margin-top: 1rem;
-}
-.status-strip {
-    margin-bottom: 1rem;
-    color: var(--muted);
-}
-.status-pill,
-.chip,
-.live-dot {
-    display: inline-flex;
-    align-items: center;
-    justify-content: center;
-    border-radius: 999px;
-    padding: 0.45rem 0.9rem;
-    font-size: 0.84rem;
-    border: 1px solid rgba(255, 255, 255, 0.1);
-}
-.status-idle,
-.chip {
-    background: rgba(255, 255, 255, 0.05);
-}
-.status-running,
-.status-completed,
-.highlight,
-.live-dot {
-    background: rgba(46, 211, 173, 0.14);
-    color: #96f2dd;
-}
-.status-pending,
-.status-cancel_requested {
-    background: rgba(255, 182, 72, 0.14);
-    color: #ffd48d;
-}
-.status-stopped,
-.status-failed,
-.danger {
-    background: rgba(255, 111, 97, 0.14);
-    color: #ffcec7;
-}
-.live-dot {
-    position: relative;
-    gap: 0.4rem;
-    font-family: var(--font-display);
-    letter-spacing: 0.08em;
-}
-.live-dot::before {
-    content: "";
-    width: 8px;
-    height: 8px;
-    border-radius: 50%;
-    background: currentColor;
-    box-shadow: 0 0 0 0 rgba(150, 242, 221, 0.65);
-    animation: pulse 2.1s infinite;
-}
-.course-table-wrap {
-    overflow-x: auto;
-}
-.data-table {
-    width: 100%;
-    border-collapse: collapse;
-}
-.data-table th,
-.data-table td {
-    text-align: left;
-    padding: 0.95rem 0.85rem;
-    border-bottom: 1px solid rgba(255, 255, 255, 0.08);
-}
-.data-table th {
-    color: #b8d4d4;
-    font-size: 0.9rem;
-}
-.inline-action {
-    border: 0;
-    background: transparent;
-    color: #ffd0ca;
-    cursor: pointer;
-    padding: 0;
-}
-.empty-cell,
-.empty-mini,
-.empty-state-card {
-    color: var(--muted);
-}
-.log-console {
-    min-height: 360px;
-    max-height: 540px;
-    overflow: auto;
-    padding: 1rem;
-    border-radius: 22px;
-    background: rgba(4, 10, 16, 0.92);
-    border: 1px solid rgba(255, 255, 255, 0.06);
-    font-family: ui-monospace, SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", monospace;
-}
-.log-line {
-    display: grid;
-    gap: 0.25rem;
-    padding: 0.8rem 0;
-    border-bottom: 1px dashed rgba(255, 255, 255, 0.08);
-    font-size: 0.92rem;
-}
-.log-line:last-child {
-    border-bottom: 0;
-}
-.log-meta {
-    color: #7ea4aa;
-    font-size: 0.78rem;
-}
-.level-error {
-    color: #ffb5ac;
-}
-.level-warning {
-    color: #ffd59a;
-}
-.level-info {
-    color: #d8ece9;
-}
-.level-success {
-    color: #97f4dd;
-}
-.muted {
-    color: var(--muted);
-}
-.user-card-grid {
-    display: grid;
-    gap: 1rem;
-}
-.user-card {
-    padding: 1.25rem;
-}
-.user-card-head {
-    display: flex;
-    align-items: flex-start;
-    justify-content: space-between;
-    gap: 1rem;
-}
-.user-card h3 {
-    margin: 0;
-    font-family: var(--font-display);
-}
-.user-card p {
-    margin: 0.35rem 0 0;
-    color: var(--muted);
-}
-.course-list {
-    display: grid;
-    gap: 0.65rem;
-    margin-top: 1rem;
-}
-.course-chip-row {
-    justify-content: space-between;
-    padding: 0.8rem 0.95rem;
-    border-radius: 16px;
-    background: rgba(255, 255, 255, 0.05);
-}
-.chip-row.tight {
-    margin-top: 0.85rem;
-}
-.accent-amber {
-    box-shadow: 0 24px 70px rgba(255, 182, 72, 0.16);
-}
-.reveal-up {
-    opacity: 0;
-    transform: translateY(22px);
-    animation: revealUp 0.7s cubic-bezier(0.16, 1, 0.3, 1) forwards;
-}
-.delay-1 {
-    animation-delay: 0.08s;
-}
-.delay-2 {
-    animation-delay: 0.16s;
-}
-.delay-3 {
-    animation-delay: 0.24s;
-}
-.delay-4 {
-    animation-delay: 0.32s;
-}
-@keyframes revealUp {
-    to {
-        opacity: 1;
-        transform: translateY(0);
-    }
-}
-@keyframes drift {
-    0%,
-    100% {
-        transform: translate3d(0, 0, 0) scale(1);
-    }
-    50% {
-        transform: translate3d(16px, -18px, 0) scale(1.05);
-    }
-}
-@keyframes pulse {
-    0% {
-        box-shadow: 0 0 0 0 rgba(150, 242, 221, 0.65);
-    }
-    70% {
-        box-shadow: 0 0 0 14px rgba(150, 242, 221, 0);
-    }
-    100% {
-        box-shadow: 0 0 0 0 rgba(150, 242, 221, 0);
-    }
-}
-@media (max-width: 1100px) {
-    .auth-layout,
-    .dashboard-grid,
-    .admin-grid,
-    .metric-grid,
-    .hero-metrics {
-        grid-template-columns: 1fr;
-    }
-    .auth-card {
-        justify-self: stretch;
-        max-width: none;
-    }
-    .span-2 {
-        grid-column: auto;
-    }
-}
-@media (max-width: 760px) {
-    .page-shell {
-        width: min(100% - 1rem, 100%);
-        padding-top: 1rem;
-        padding-bottom: 2rem;
-    }
-    .hero-panel,
-    .auth-card,
-    .card,
-    .user-card,
-    .empty-state-card {
-        padding: 1.2rem;
-        border-radius: 22px;
-    }
-    .card-head.split,
-    .topbar,
-    .user-card-head {
-        flex-direction: column;
-    }
-    .form-grid-compact {
-        grid-template-columns: 1fr;
-    }
-    .button-row form,
-    .button-row .btn,
-    .btn {
-        width: 100%;
-    }
-    .button-row {
-        width: 100%;
-    }
-    .log-console {
-        min-height: 280px;
-    }
 }

+:root {
+    --bg: #07131d;
+    --bg-2: #0d2030;
+    --panel: rgba(10, 24, 36, 0.82);
+    --panel-strong: rgba(8, 18, 28, 0.94);
+    --line: rgba(151, 204, 213, 0.18);
+    --text: #eef6f6;
+    --muted: #9ab7bd;
+    --primary: #2ed3ad;
+    --primary-deep: #109a88;
+    --secondary: #ffb648;
+    --danger: #ff6f61;
+    --shadow: 0 24px 70px rgba(0, 0, 0, 0.36);
+    --radius-lg: 28px;
+    --radius-md: 20px;
+    --radius-sm: 14px;
+    --font-display: "Space Grotesk", sans-serif;
+    --font-body: "Noto Sans SC", sans-serif;
+}
+* {
+    box-sizing: border-box;
+}
+html {
+    scroll-behavior: smooth;
+}
+body {
+    margin: 0;
+    min-height: 100vh;
+    font-family: var(--font-body);
+    color: var(--text);
+    background:
+        radial-gradient(circle at top left, rgba(20, 110, 116, 0.34), transparent 34%),
+        radial-gradient(circle at top right, rgba(255, 182, 72, 0.16), transparent 28%),
+        linear-gradient(135deg, #041019 0%, #07131d 36%, #0d2030 100%);
+}
+button,
+input,
+select {
+    font: inherit;
+}
+code {
+    padding: 0.15rem 0.45rem;
+    border-radius: 999px;
+    background: rgba(255, 255, 255, 0.08);
+    color: #fff5dd;
+}
+.app-body {
+    position: relative;
+    overflow-x: hidden;
+}
+.bg-orb {
+    position: fixed;
+    width: 28rem;
+    height: 28rem;
+    border-radius: 50%;
+    filter: blur(20px);
+    opacity: 0.42;
+    pointer-events: none;
+    animation: drift 14s ease-in-out infinite;
+}
+.bg-orb-a {
+    top: -10rem;
+    left: -6rem;
+    background: radial-gradient(circle, rgba(46, 211, 173, 0.48), transparent 68%);
+}
+.bg-orb-b {
+    right: -8rem;
+    bottom: -10rem;
+    background: radial-gradient(circle, rgba(255, 182, 72, 0.32), transparent 68%);
+    animation-delay: -6s;
+}
+.bg-grid {
+    position: fixed;
+    inset: 0;
+    background-image:
+        linear-gradient(rgba(255, 255, 255, 0.03) 1px, transparent 1px),
+        linear-gradient(90deg, rgba(255, 255, 255, 0.03) 1px, transparent 1px);
+    background-size: 42px 42px;
+    mask-image: radial-gradient(circle at center, black 42%, transparent 100%);
+    pointer-events: none;
+}
+.page-shell {
+    position: relative;
+    z-index: 1;
+    width: min(1240px, calc(100% - 2rem));
+    margin: 0 auto;
+    padding: 2rem 0 3rem;
+}
+.flash-stack {
+    display: grid;
+    gap: 0.75rem;
+    margin-bottom: 1rem;
+}
+.flash {
+    border: 1px solid rgba(255, 255, 255, 0.12);
+    border-radius: var(--radius-sm);
+    padding: 0.9rem 1rem;
+    backdrop-filter: blur(10px);
+    box-shadow: 0 14px 30px rgba(0, 0, 0, 0.18);
+}
+.flash-success {
+    background: rgba(46, 211, 173, 0.16);
+}
+.flash-warning {
+    background: rgba(255, 182, 72, 0.16);
+}
+.flash-danger {
+    background: rgba(255, 111, 97, 0.16);
+}
+.auth-layout,
+.dashboard-shell {
+    display: grid;
+    gap: 1.4rem;
+}
+.auth-layout {
+    min-height: calc(100vh - 7rem);
+    align-items: center;
+    grid-template-columns: 1.15fr 0.9fr;
+}
+.hero-panel,
+.auth-card,
+.card,
+.metric-card,
+.user-card,
+.empty-state-card {
+    position: relative;
+    border: 1px solid var(--line);
+    border-radius: var(--radius-lg);
+    background: var(--panel);
+    backdrop-filter: blur(18px);
+    box-shadow: var(--shadow);
+}
+.hero-panel,
+.auth-card,
+.card,
+.empty-state-card {
+    padding: 1.7rem;
+}
+.hero-panel {
+    overflow: hidden;
+}
+.hero-panel::after,
+.card::after,
+.auth-card::after {
+    content: "";
+    position: absolute;
+    inset: 0;
+    border-radius: inherit;
+    background: linear-gradient(120deg, rgba(255, 255, 255, 0.12), transparent 22%, transparent 78%, rgba(255, 255, 255, 0.05));
+    pointer-events: none;
+}
+.eyebrow,
+.kicker {
+    display: inline-flex;
+    align-items: center;
+    gap: 0.5rem;
+    font-family: var(--font-display);
+    letter-spacing: 0.12em;
+    text-transform: uppercase;
+    font-size: 0.75rem;
+    color: #9fe8da;
+}
+.hero-panel h1,
+.topbar h1,
+.card-head h2,
+.auth-card h2 {
+    margin: 0.5rem 0 0;
+    font-family: var(--font-display);
+    line-height: 1.05;
+}
+.hero-panel h1 {
+    max-width: 13ch;
+    font-size: clamp(2.8rem, 6vw, 5rem);
+}
+.hero-panel p,
+.card-head p,
+.topbar p,
+.auth-card p,
+.metric-card small,
+.auth-footnote {
+    color: var(--muted);
+    line-height: 1.7;
+}
+.hero-metrics {
+    display: grid;
+    grid-template-columns: repeat(3, minmax(0, 1fr));
+    gap: 1rem;
+    margin-top: 2rem;
+}
+.hero-metrics article {
+    padding: 1rem;
+    border-radius: var(--radius-md);
+    background: rgba(255, 255, 255, 0.05);
+    border: 1px solid rgba(255, 255, 255, 0.08);
+}
+.hero-metrics strong,
+.metric-card strong {
+    display: block;
+    font-family: var(--font-display);
+    font-size: 1.2rem;
+    margin-bottom: 0.25rem;
+}
+.auth-card {
+    max-width: 520px;
+    justify-self: end;
+}
+.card-head {
+    display: grid;
+    gap: 0.35rem;
+    margin-bottom: 1.2rem;
+}
+.card-head.compact {
+    margin-bottom: 1rem;
+}
+.card-head.split,
+.topbar {
+    display: flex;
+    align-items: flex-start;
+    justify-content: space-between;
+    gap: 1rem;
+}
+.form-grid {
+    display: grid;
+    gap: 1rem;
+}
+.form-grid-compact {
+    grid-template-columns: repeat(2, minmax(0, 1fr));
+}
+.slim-form {
+    margin-top: 1rem;
+}
+.field {
+    display: grid;
+    gap: 0.45rem;
+}
+.field span {
+    color: #d4ece6;
+    font-size: 0.92rem;
+}
+.field input,
+.field select {
+    width: 100%;
+    border: 1px solid rgba(255, 255, 255, 0.08);
+    border-radius: 16px;
+    padding: 0.95rem 1rem;
+    background: rgba(5, 14, 22, 0.66);
+    color: var(--text);
+    outline: none;
+    transition: border-color 180ms ease, transform 180ms ease, box-shadow 180ms ease;
+}
+.field input:focus,
+.field select:focus {
+    border-color: rgba(46, 211, 173, 0.85);
+    box-shadow: 0 0 0 4px rgba(46, 211, 173, 0.12);
+    transform: translateY(-1px);
+}
+.span-2 {
+    grid-column: span 2;
+}
+.btn {
+    display: inline-flex;
+    align-items: center;
+    justify-content: center;
+    gap: 0.55rem;
+    min-height: 48px;
+    border: 0;
+    border-radius: 999px;
+    padding: 0 1.2rem;
+    cursor: pointer;
+    transition: transform 180ms ease, box-shadow 180ms ease, opacity 180ms ease;
+    text-decoration: none;
+}
+.btn:hover {
+    transform: translateY(-2px);
+    box-shadow: 0 14px 30px rgba(0, 0, 0, 0.24);
+}
+.btn-primary {
+    background: linear-gradient(135deg, var(--primary) 0%, #4be9c3 100%);
+    color: #052119;
+    font-weight: 800;
+}
+.btn-secondary {
+    background: linear-gradient(135deg, var(--secondary) 0%, #ffd07a 100%);
+    color: #24160a;
+    font-weight: 800;
+}
+.btn-ghost {
+    background: rgba(255, 255, 255, 0.06);
+    color: var(--text);
+    border: 1px solid rgba(255, 255, 255, 0.09);
+}
+.btn-ghost.danger {
+    color: #ffd0ca;
+    border-color: rgba(255, 111, 97, 0.34);
+}
+.btn-lg {
+    min-height: 54px;
+}
+.auth-footnote {
+    margin-top: 1rem;
+    padding-top: 1rem;
+    border-top: 1px solid rgba(255, 255, 255, 0.08);
+}
+.topbar {
+    padding: 1rem 0 0.3rem;
+}
+.admin-nav {
+    display: flex;
+    flex-wrap: wrap;
+    gap: 0.75rem;
+}
+.admin-nav-link {
+    display: inline-flex;
+    align-items: center;
+    justify-content: center;
+    min-height: 44px;
+    padding: 0 1rem;
+    border-radius: 999px;
+    border: 1px solid rgba(255, 255, 255, 0.08);
+    background: rgba(255, 255, 255, 0.04);
+    color: var(--muted);
+    text-decoration: none;
+    transition: transform 180ms ease, background 180ms ease, color 180ms ease, border-color 180ms ease;
+}
+.admin-nav-link:hover {
+    transform: translateY(-1px);
+    color: var(--text);
+    border-color: rgba(255, 255, 255, 0.16);
+}
+.admin-nav-link.active {
+    background: rgba(46, 211, 173, 0.14);
+    color: #96f2dd;
+    border-color: rgba(46, 211, 173, 0.32);
+}
+.metric-grid {
+    display: grid;
+    grid-template-columns: repeat(4, minmax(0, 1fr));
+    gap: 1rem;
+}
+.metric-card {
+    padding: 1.25rem;
+}
+.metric-card span {
+    color: var(--muted);
+    font-size: 0.92rem;
+}
+.metric-card strong {
+    font-size: clamp(1.4rem, 4vw, 2.2rem);
+    margin: 0.35rem 0;
+}
+.content-grid {
+    display: grid;
+    gap: 1rem;
+}
+.dashboard-grid {
+    grid-template-columns: repeat(2, minmax(0, 1fr));
+}
+.admin-grid {
+    grid-template-columns: repeat(2, minmax(0, 1fr));
+}
+.status-strip,
+.button-row,
+.chip-row,
+.course-chip-row {
+    display: flex;
+    align-items: center;
+    gap: 0.7rem;
+    flex-wrap: wrap;
+}
+.wrap-row {
+    margin-top: 1rem;
+}
+.compact-row {
+    margin-top: 0.9rem;
+}
+.status-strip {
+    margin-bottom: 1rem;
+    color: var(--muted);
+}
+.status-pill,
+.chip,
+.live-dot {
+    display: inline-flex;
+    align-items: center;
+    justify-content: center;
+    border-radius: 999px;
+    padding: 0.45rem 0.9rem;
+    font-size: 0.84rem;
+    border: 1px solid rgba(255, 255, 255, 0.1);
+}
+.status-idle,
+.chip {
+    background: rgba(255, 255, 255, 0.05);
+}
+.status-running,
+.status-completed,
+.highlight,
+.live-dot {
+    background: rgba(46, 211, 173, 0.14);
+    color: #96f2dd;
+}
+.status-pending,
+.status-cancel_requested {
+    background: rgba(255, 182, 72, 0.14);
+    color: #ffd48d;
+}
+.status-stopped,
+.status-failed,
+.danger {
+    background: rgba(255, 111, 97, 0.14);
+    color: #ffcec7;
+}
+.live-dot {
+    position: relative;
+    gap: 0.4rem;
+    font-family: var(--font-display);
+    letter-spacing: 0.08em;
+}
+.live-dot::before {
+    content: "";
+    width: 8px;
+    height: 8px;
+    border-radius: 50%;
+    background: currentColor;
+    box-shadow: 0 0 0 0 rgba(150, 242, 221, 0.65);
+    animation: pulse 2.1s infinite;
+}
+.course-table-wrap {
+    overflow-x: auto;
+}
+.data-table {
+    width: 100%;
+    border-collapse: collapse;
+}
+.data-table th,
+.data-table td {
+    text-align: left;
+    padding: 0.95rem 0.85rem;
+    border-bottom: 1px solid rgba(255, 255, 255, 0.08);
+}
+.data-table th {
+    color: #b8d4d4;
+    font-size: 0.9rem;
+}
+.inline-action {
+    border: 0;
+    background: transparent;
+    color: #ffd0ca;
+    cursor: pointer;
+    padding: 0;
+}
+.empty-cell,
+.empty-mini,
+.empty-state-card {
+    color: var(--muted);
+}
+.log-console {
+    min-height: 360px;
+    max-height: 540px;
+    overflow: auto;
+    padding: 1rem;
+    border-radius: 22px;
+    background: rgba(4, 10, 16, 0.92);
+    border: 1px solid rgba(255, 255, 255, 0.06);
+    font-family: ui-monospace, SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", monospace;
+}
+.log-line {
+    display: grid;
+    gap: 0.25rem;
+    padding: 0.8rem 0;
+    border-bottom: 1px dashed rgba(255, 255, 255, 0.08);
+    font-size: 0.92rem;
+}
+.log-line:last-child {
+    border-bottom: 0;
+}
+.log-meta {
+    color: #7ea4aa;
+    font-size: 0.78rem;
+}
+.level-error {
+    color: #ffb5ac;
+}
+.level-warning {
+    color: #ffd59a;
+}
+.level-info {
+    color: #d8ece9;
+}
+.level-success {
+    color: #97f4dd;
+}
+.muted {
+    color: var(--muted);
+}
+.user-card-grid {
+    display: grid;
+    gap: 1rem;
+}
+.user-card {
+    padding: 1.25rem;
+    scroll-margin-top: 1.5rem;
+}
+.subsection-head {
+    margin-top: 1rem;
+    padding-top: 1rem;
+    border-top: 1px solid rgba(255, 255, 255, 0.08);
+}
+.subsection-head h3 {
+    margin: 0.25rem 0 0;
+    font-size: 1.05rem;
+}
+.subsection-head p {
+    margin: 0.4rem 0 0;
+}
+.schedule-form {
+    margin-top: 0.9rem;
+}
+.user-card-head {
+    display: flex;
+    align-items: flex-start;
+    justify-content: space-between;
+    gap: 1rem;
+}
+.user-card h3 {
+    margin: 0;
+    font-family: var(--font-display);
+}
+.user-card p {
+    margin: 0.35rem 0 0;
+    color: var(--muted);
+}
+.course-list {
+    display: grid;
+    gap: 0.65rem;
+    margin-top: 1rem;
+}
+.course-chip-row {
+    justify-content: space-between;
+    padding: 0.8rem 0.95rem;
+    border-radius: 16px;
+    background: rgba(255, 255, 255, 0.05);
+}
+.chip-row.tight {
+    margin-top: 0.85rem;
+}
+.accent-amber {
+    box-shadow: 0 24px 70px rgba(255, 182, 72, 0.16);
+}
+.reveal-up {
+    opacity: 0;
+    transform: translateY(22px);
+    animation: revealUp 0.7s cubic-bezier(0.16, 1, 0.3, 1) forwards;
+}
+.delay-1 {
+    animation-delay: 0.08s;
+}
+.delay-2 {
+    animation-delay: 0.16s;
+}
+.delay-3 {
+    animation-delay: 0.24s;
+}
+.delay-4 {
+    animation-delay: 0.32s;
+}
+@keyframes revealUp {
+    to {
+        opacity: 1;
+        transform: translateY(0);
+    }
+}
+@keyframes drift {
+    0%,
+    100% {
+        transform: translate3d(0, 0, 0) scale(1);
+    }
+    50% {
+        transform: translate3d(16px, -18px, 0) scale(1.05);
+    }
+}
+@keyframes pulse {
+    0% {
+        box-shadow: 0 0 0 0 rgba(150, 242, 221, 0.65);
+    }
+    70% {
+        box-shadow: 0 0 0 14px rgba(150, 242, 221, 0);
+    }
+    100% {
+        box-shadow: 0 0 0 0 rgba(150, 242, 221, 0);
+    }
+}
+@media (max-width: 1100px) {
+    .auth-layout,
+    .dashboard-grid,
+    .admin-grid,
+    .metric-grid,
+    .hero-metrics {
+        grid-template-columns: 1fr;
+    }
+    .auth-card {
+        justify-self: stretch;
+        max-width: none;
+    }
+    .span-2 {
+        grid-column: auto;
+    }
+}
+@media (max-width: 760px) {
+    .page-shell {
+        width: min(100% - 1rem, 100%);
+        padding-top: 1rem;
+        padding-bottom: 2rem;
+    }
+    .hero-panel,
+    .auth-card,
+    .card,
+    .user-card,
+    .empty-state-card {
+        padding: 1.2rem;
+        border-radius: 22px;
+    }
+    .card-head.split,
+    .topbar,
+    .user-card-head {
+        flex-direction: column;
+    }
+    .form-grid-compact {
+        grid-template-columns: 1fr;
+    }
+    .button-row form,
+    .button-row .btn,
+    .btn {
+        width: 100%;
+    }
+    .button-row {
+        width: 100%;
+    }
+    .log-console {
+        min-height: 280px;
+    }
 }

templates/admin_dashboard.html CHANGED Viewed

@@ -1,377 +1,136 @@
-{% extends "base.html" %}
-{% block title %}管理后台 | SCU 选课控制台{% endblock %}
-{% block body_class %}admin-theme{% endblock %}
-{% block content %}
-<section class="dashboard-shell admin-dashboard" data-log-stream-url="{{ url_for('stream_admin_logs', last_id=recent_logs[-1].id if recent_logs else 0) }}" data-status-url="{{ url_for('admin_status') }}">
-    <header class="topbar reveal-up">
-        <div>
-            <span class="eyebrow">Admin Console</span>
-            <h1>管理员后台</h1>
-            <p>当前管理员：{{ admin_identity.username }}{% if is_super_admin %} · 超级管理员{% endif %}</p>
-        </div>
-        <form method="post" action="{{ url_for('admin_logout') }}">
-            <button type="submit" class="btn btn-ghost">退出后台</button>
-        </form>
-    </header>
-    <section class="metric-grid reveal-up delay-1">
-        <article class="metric-card">
-            <span>用户数</span>
-            <strong id="stat-users">{{ stats.users_count }}</strong>
-            <small>已录入的学生账号</small>
-        </article>
-        <article class="metric-card">
-            <span>运行中任务</span>
-            <strong id="stat-running">{{ stats.running_count }}</strong>
-            <small>排队中：<span id="stat-pending">{{ stats.pending_count }}</span></small>
-        </article>
-        <article class="metric-card">
-            <span>总课程目标</span>
-            <strong>{{ stats.courses_count }}</strong>
-            <small>管理员可见全部课程号与课序号</small>
-        </article>
-        <article class="metric-card">
-            <span>有效定时任务</span>
-            <strong>{{ stats.active_schedule_count }}</strong>
-            <small>管理员配置的每日自动启动与停止</small>
-        </article>
-        <article class="metric-card">
-            <span>注册码总数</span>
-            <strong>{{ stats.registration_code_count }}</strong>
-            <small>支持用户按注册码自助注册</small>
-        </article>
-    </section>
-    <section class="content-grid admin-grid">
-        <article class="card reveal-up delay-2">
-            <div class="card-head">
-                <span class="kicker">调度设置</span>
-                <h2>并行数</h2>
-                <p>默认并行数已调整为 4，建议根据 Hugging Face Space 的资源情况适当调节。</p>
-            </div>
-            <form method="post" action="{{ url_for('update_parallel_limit') }}" class="form-grid form-grid-compact">
-                <label class="field">
-                    <span>当前并行数</span>
-                    <input type="number" id="parallel-limit-input" name="parallel_limit" min="1" max="8" value="{{ parallel_limit }}" required>
-                </label>
-                <button type="submit" class="btn btn-primary">更新并行数</button>
-            </form>
-        </article>
-        <article class="card reveal-up delay-2">
-            <div class="card-head">
-                <span class="kicker">新增用户</span>
-                <h2>手动录入用户信息</h2>
-                <p>管理员可以直接录入学生账号，也可以只发注册码让学生自行注册。</p>
-            </div>
-            <form method="post" action="{{ url_for('create_user') }}" class="form-grid form-grid-compact">
-                <label class="field">
-                    <span>学号</span>
-                    <input type="text" name="student_id" inputmode="numeric" placeholder="13 位学号" required>
-                </label>
-                <label class="field">
-                    <span>显示名称</span>
-                    <input type="text" name="display_name" placeholder="可选备注">
-                </label>
-                <label class="field">
-                    <span>刷新间隔</span>
-                    <input type="number" name="refresh_interval_seconds" min="{{ refresh_interval_min }}" max="{{ refresh_interval_max }}" value="{{ default_refresh_interval_seconds }}" required>
-                </label>
-                <label class="field span-2">
-                    <span>密码</span>
-                    <input type="password" name="password" placeholder="教务处密码" required>
-                </label>
-                <button type="submit" class="btn btn-secondary">创建用户</button>
-            </form>
-        </article>
-        <article class="card reveal-up delay-2">
-            <div class="card-head">
-                <span class="kicker">注册码</span>
-                <h2>创建注册码</h2>
-                <p>学生拿到注册码后即可在 <code>/register</code> 页面使用学号和教务处密码完成注册。</p>
-            </div>
-            <form method="post" action="{{ url_for('create_registration_code') }}" class="form-grid form-grid-compact">
-                <label class="field span-2">
-                    <span>备注</span>
-                    <input type="text" name="note" placeholder="例如 2025 春季新用户批次">
-                </label>
-                <label class="field">
-                    <span>可用次数</span>
-                    <input type="number" name="max_uses" min="1" max="99" value="{{ default_registration_code_max_uses }}" required>
-                </label>
-                <button type="submit" class="btn btn-secondary">生成注册码</button>
-            </form>
-        </article>
-        {% if is_super_admin %}
-        <article class="card reveal-up delay-2">
-            <div class="card-head">
-                <span class="kicker">管理员管理</span>
-                <h2>新增管理员</h2>
-                <p>只有超级管理员可以继续创建普通管理员。</p>
-            </div>
-            <form method="post" action="{{ url_for('create_admin') }}" class="form-grid form-grid-compact">
-                <label class="field">
-                    <span>管理员账号</span>
-                    <input type="text" name="username" placeholder="输入管理员账号" required>
-                </label>
-                <label class="field">
-                    <span>管理员密码</span>
-                    <input type="password" name="password" placeholder="输入管理员密码" required>
-                </label>
-                <button type="submit" class="btn btn-ghost">创建管理员</button>
-            </form>
-            <div class="chip-row">
-                <span class="chip highlight">超级管理员：{{ admin_identity.username }}</span>
-                {% for admin in admins %}
-                    <span class="chip">{{ admin.username }}</span>
-                {% endfor %}
-            </div>
-        </article>
-        {% endif %}
-        <article class="card reveal-up delay-3 span-2">
-            <div class="card-head split">
-                <div>
-                    <span class="kicker">任务总览</span>
-                    <h2>最近任务</h2>
-                    <p>用于快速确认任务是否正在排队、执行、停止或失败。</p>
-                </div>
-                <span class="status-pill status-running">实时刷新</span>
             </div>
-            <div class="course-table-wrap">
-                <table class="data-table">
-                    <thead>
-                        <tr>
-                            <th>任务</th>
-                            <th>学号</th>
-                            <th>状态</th>
-                            <th>尝试</th>
-                            <th>错误</th>
-                            <th>刷新间隔</th>
-                            <th>触发者</th>
-                            <th>更新时间</th>
-                        </tr>
-                    </thead>
-                    <tbody>
-                        {% if recent_tasks %}
-                            {% for task in recent_tasks %}
-                                <tr>
-                                    <td>#{{ task.id }}</td>
-                                    <td>{{ task.student_id }}</td>
-                                    <td><span class="status-pill status-{{ task.status }}">{{ task_labels.get(task.status, task.status) }}</span></td>
-                                    <td>{{ task.total_attempts }}</td>
-                                    <td>{{ task.total_errors }}</td>
-                                    <td>{{ task.refresh_interval_seconds or default_refresh_interval_seconds }} 秒</td>
-                                    <td>{{ task.requested_by_role }}:{{ task.requested_by }}</td>
-                                    <td>{{ task.updated_at }}</td>
-                                </tr>
-                            {% endfor %}
-                        {% else %}
                             <tr>
-                                <td colspan="8" class="empty-cell">还没有任务记录。</td>
                             </tr>
-                        {% endif %}
-                    </tbody>
-                </table>
-            </div>
-        </article>
-        <article class="card reveal-up delay-3 span-2">
-            <div class="card-head split">
-                <div>
-                    <span class="kicker">注册码清单</span>
-                    <h2>注册码状态</h2>
-                    <p>可以查看注册码是否启用、可用次数、已用次数以及最近一次使用���况。</p>
-                </div>
-            </div>
-            <div class="course-table-wrap">
-                <table class="data-table">
-                    <thead>
                         <tr>
-                            <th>注册码</th>
-                            <th>备注</th>
-                            <th>状态</th>
-                            <th>使用</th>
-                            <th>最近使用者</th>
-                            <th>操作</th>
                         </tr>
-                    </thead>
-                    <tbody>
-                        {% if registration_codes %}
-                            {% for code in registration_codes %}
-                                <tr>
-                                    <td><code>{{ code.code }}</code></td>
-                                    <td>{{ code.note or '无' }}</td>
-                                    <td>{{ '启用' if code.is_active else '停用' }}</td>
-                                    <td>{{ code.used_count }}/{{ code.max_uses }}</td>
-                                    <td>{{ code.used_by_student_id or '暂无' }}</td>
-                                    <td>
-                                        <form method="post" action="{{ url_for('toggle_registration_code', registration_code_id=code.id) }}">
-                                            <button type="submit" class="inline-action">{{ '停用' if code.is_active else '启用' }}</button>
-                                        </form>
-                                    </td>
-                                </tr>
-                            {% endfor %}
-                        {% else %}
-                            <tr>
-                                <td colspan="6" class="empty-cell">还没有创建注册码。</td>
-                            </tr>
-                        {% endif %}
-                    </tbody>
-                </table>
-            </div>
-        </article>
-        <article class="card reveal-up delay-3 span-2">
-            <div class="card-head split">
-                <div>
-                    <span class="kicker">全局日志</span>
-                    <h2>所有用户的运行日志</h2>
-                    <p>日志会持续流入，便于管理员确认登录、查课、提交结果、定时启动终止与错误信息。</p>
-                </div>
-                <span class="live-dot">LIVE</span>
-            </div>
-            <div class="log-console" id="log-console">
-                {% if recent_logs %}
-                    {% for log in recent_logs %}
-                        <div class="log-line level-{{ log.level|lower }}">
-                            <span class="log-meta">{{ log.created_at }} · {{ log.student_id or 'system' }} · {{ log.scope }} · {{ log.level }}</span>
-                            <span>{{ log.message }}</span>
-                        </div>
-                    {% endfor %}
-                {% else %}
-                    <div class="log-line level-info muted">暂无日志，用户启动任务后这里会自动刷新。</div>
-                {% endif %}
-            </div>
-        </article>
-        <article class="card reveal-up delay-4 span-2">
-            <div class="card-head">
-                <span class="kicker">用户管理</span>
-                <h2>所有用户与课程详情</h2>
-                <p>可以直接修改用户信息、配置定时任务、增减课程，或代替用户启动和停止任务。</p>
-            </div>
-            <div class="user-card-grid">
-                {% for user in users %}
-                    <section class="user-card">
-                        <div class="user-card-head">
-                            <div>
-                                <h3>{{ user.display_name or user.student_id }}</h3>
-                                <p>{{ user.student_id }}</p>
-                            </div>
-                            <span class="status-pill status-{{ user.latest_task.status if user.latest_task else 'idle' }}">
-                                {{ task_labels.get(user.latest_task.status, '未启动') if user.latest_task else '未启动' }}
-                            </span>
-                        </div>
-                        <div class="chip-row tight">
-                            <span class="chip {% if user.is_active %}highlight{% endif %}">{{ '启用中' if user.is_active else '已禁用' }}</span>
-                            <span class="chip">课程 {{ user.course_count }}</span>
-                            <span class="chip">最近任务 {{ user.latest_task.id if user.latest_task else '--' }}</span>
-                            <span class="chip">刷新 {{ user.refresh_interval_seconds or default_refresh_interval_seconds }} 秒</span>
-                            <span class="chip">尝试 {{ user.latest_task.total_attempts if user.latest_task else 0 }}</span>
-                            <span class="chip">错误 {{ user.latest_task.total_errors if user.latest_task else 0 }}</span>
-                            <span class="chip">定时 {{ '开启' if user.schedule and user.schedule.is_enabled else '关闭' }}</span>
-                        </div>
-                        <form method="post" action="{{ url_for('update_user', user_id=user.id) }}" class="form-grid form-grid-compact slim-form">
-                            <label class="field span-2">
-                                <span>显示名称</span>
-                                <input type="text" name="display_name" value="{{ user.display_name }}" placeholder="备注名称">
-                            </label>
-                            <label class="field">
-                                <span>刷新间隔</span>
-                                <input type="number" name="refresh_interval_seconds" min="{{ refresh_interval_min }}" max="{{ refresh_interval_max }}" value="{{ user.refresh_interval_seconds or default_refresh_interval_seconds }}" required>
-                            </label>
-                            <label class="field span-2">
-                                <span>重置密码</span>
-                                <input type="password" name="password" placeholder="留空表示不修改">
-                            </label>
-                            <button type="submit" class="btn btn-ghost">保存用户</button>
-                        </form>
-                        <form method="post" action="{{ url_for('update_user_schedule', user_id=user.id) }}" class="form-grid form-grid-compact slim-form">
-                            <label class="field">
-                                <span>启用定时</span>
-                                <input type="checkbox" name="schedule_enabled" value="1" {% if user.schedule and user.schedule.is_enabled %}checked{% endif %}>
-                            </label>
-                            <label class="field">
-                                <span>开始日期</span>
-                                <input type="date" name="start_date" value="{{ user.schedule.start_date if user.schedule else '' }}">
-                            </label>
-                            <label class="field">
-                                <span>结束日期</span>
-                                <input type="date" name="end_date" value="{{ user.schedule.end_date if user.schedule else '' }}">
-                            </label>
-                            <label class="field">
-                                <span>每日启动</span>
-                                <input type="time" name="daily_start_time" value="{{ user.schedule.daily_start_time if user.schedule else '' }}">
-                            </label>
-                            <label class="field">
-                                <span>每日停止</span>
-                                <input type="time" name="daily_stop_time" value="{{ user.schedule.daily_stop_time if user.schedule else '' }}">
-                            </label>
-                            <button type="submit" class="btn btn-secondary">保存定时设置</button>
-                        </form>
-                        <div class="button-row wrap-row">
-                            <form method="post" action="{{ url_for('toggle_user', user_id=user.id) }}">
-                                <button type="submit" class="btn btn-ghost {% if not user.is_active %}danger{% endif %}">{{ '禁用' if user.is_active else '启用' }}</button>
-                            </form>
-                            <form method="post" action="{{ url_for('admin_start_user_task', user_id=user.id) }}">
-                                <button type="submit" class="btn btn-primary">代启动任务</button>
-                            </form>
-                            <form method="post" action="{{ url_for('admin_stop_user_task', user_id=user.id) }}">
-                                <button type="submit" class="btn btn-ghost danger">代停止任务</button>
-                            </form>
-                            <form method="post" action="{{ url_for('delete_user_by_admin', user_id=user.id) }}">
-                                <button type="submit" class="btn btn-ghost danger">删除用户</button>
-                            </form>
-                        </div>
-                        <form method="post" action="{{ url_for('admin_add_course', user_id=user.id) }}" class="form-grid form-grid-compact slim-form">
-                            <label class="field">
-                                <span>类型</span>
-                                <select name="category">
-                                    <option value="free">自由选课</option>
-                                    <option value="plan">方案选课</option>
-                                </select>
-                            </label>
-                            <label class="field">
-                                <span>课��号</span>
-                                <input type="text" name="course_id" placeholder="例如 888005010A59" autocapitalize="characters" required>
-                            </label>
-                            <label class="field">
-                                <span>课序号</span>
-                                <input type="text" name="course_index" placeholder="例如 01 或 666" autocapitalize="characters" required>
-                            </label>
-                            <button type="submit" class="btn btn-secondary">为该用户加课</button>
-                        </form>
-                        <div class="course-list">
-                            {% if user.courses %}
-                                {% for course in user.courses %}
-                                    <div class="course-chip-row">
-                                        <span>{{ category_labels.get(course.category, course.category) }} · {{ course.course_id }}_{{ course.course_index }}</span>
-                                        <form method="post" action="{{ url_for('admin_delete_course', course_target_id=course.id) }}">
-                                            <button type="submit" class="inline-action">删除</button>
-                                        </form>
-                                    </div>
-                                {% endfor %}
-                            {% else %}
-                                <div class="empty-mini">当前没有课程目标。</div>
-                            {% endif %}
-                        </div>
-                    </section>
-                {% else %}
-                    <div class="empty-state-card">
-                        还没有录入任何用户，请先通过上方表单创建或发放注册码。
-                    </div>
-                {% endfor %}
-            </div>
-        </article>
-    </section>
 </section>
 {% endblock %}

+{% extends "admin_layout.html" %}
+{% block admin_title %}后台总览{% endblock %}
+{% block admin_page_content %}
+<section class="metric-grid reveal-up delay-2">
+    <article class="metric-card">
+        <span>用户数</span>
+        <strong id="stat-users">{{ stats.users_count }}</strong>
+        <small>已录入的学生账号</small>
+    </article>
+    <article class="metric-card">
+        <span>运行中任务</span>
+        <strong id="stat-running">{{ stats.running_count }}</strong>
+        <small>排队中：<span id="stat-pending">{{ stats.pending_count }}</span></small>
+    </article>
+    <article class="metric-card">
+        <span>总课程目标</span>
+        <strong>{{ stats.courses_count }}</strong>
+        <small>管理员可见全部课程号与课序号</small>
+    </article>
+    <article class="metric-card">
+        <span>有效定时任务</span>
+        <strong>{{ stats.active_schedule_count }}</strong>
+        <small>管理员配置的每日自动启动与停止</small>
+    </article>
+    <article class="metric-card">
+        <span>注册码总数</span>
+        <strong>{{ stats.registration_code_count }}</strong>
+        <small>支持用户按注册码自助注册</small>
+    </article>
+</section>
+<section class="content-grid admin-grid">
+    <article class="card reveal-up delay-2">
+        <div class="card-head">
+            <span class="kicker">分页面管理</span>
+            <h2>功能入口</h2>
+            <p>不同功能已经拆分到独立页面，避免全部堆在首页。</p>
+        </div>
+        <div class="button-row wrap-row">
+            <a href="{{ url_for('admin_users') }}" class="btn btn-primary">进入用户管理</a>
+            <a href="{{ url_for('admin_schedules') }}" class="btn btn-secondary">进入定时任务</a>
+            <a href="{{ url_for('admin_registration_codes') }}" class="btn btn-secondary">进入注册码</a>
+            <a href="{{ url_for('admin_logs') }}" class="btn btn-ghost">查看运行日志</a>
+        </div>
+    </article>
+    <article class="card reveal-up delay-2">
+        <div class="card-head">
+            <span class="kicker">调度设置</span>
+            <h2>并行数</h2>
+            <p>默认并行数已调整为 4，建议根据 Hugging Face Space 的资源情况适当调节。</p>
+        </div>
+        <form method="post" action="{{ url_for('update_parallel_limit') }}" class="form-grid form-grid-compact">
+            <label class="field">
+                <span>当前并行数</span>
+                <input type="number" id="parallel-limit-input" name="parallel_limit" min="1" max="8" value="{{ parallel_limit }}" required>
+            </label>
+            <button type="submit" class="btn btn-primary">更新并行数</button>
+        </form>
+    </article>
+    {% if is_super_admin %}
+    <article class="card reveal-up delay-2">
+        <div class="card-head">
+            <span class="kicker">管理员管理</span>
+            <h2>新增管理员</h2>
+            <p>只有超级管理员可以继续创建普通管理员。</p>
+        </div>
+        <form method="post" action="{{ url_for('create_admin') }}" class="form-grid form-grid-compact">
+            <label class="field">
+                <span>管理员账号</span>
+                <input type="text" name="username" placeholder="输入管理员账号" required>
+            </label>
+            <label class="field">
+                <span>管理员密码</span>
+                <input type="password" name="password" placeholder="输入管理员密码" required>
+            </label>
+            <button type="submit" class="btn btn-ghost">创建管理员</button>
+        </form>
+        <div class="chip-row">
+            <span class="chip highlight">超级管理员：{{ admin_identity.username }}</span>
+            {% for admin in admins %}
+                <span class="chip">{{ admin.username }}</span>
+            {% endfor %}
+        </div>
+    </article>
+    {% endif %}
+    <article class="card reveal-up delay-3 span-2">
+        <div class="card-head split">
+            <div>
+                <span class="kicker">任务总览</span>
+                <h2>最近任务</h2>
+                <p>用于快速确认任务是否正在排队、执行、停止或失败。</p>
             </div>
+            <span class="status-pill status-running">实时刷新</span>
+        </div>
+        <div class="course-table-wrap">
+            <table class="data-table">
+                <thead>
+                    <tr>
+                        <th>任务</th>
+                        <th>学号</th>
+                        <th>状态</th>
+                        <th>尝试</th>
+                        <th>错误</th>
+                        <th>刷新间隔</th>
+                        <th>触发者</th>
+                        <th>更新时间</th>
+                    </tr>
+                </thead>
+                <tbody>
+                    {% if recent_tasks %}
+                        {% for task in recent_tasks %}
                             <tr>
+                                <td>#{{ task.id }}</td>
+                                <td>{{ task.student_id }}</td>
+                                <td><span class="status-pill status-{{ task.status }}">{{ task_labels.get(task.status, task.status) }}</span></td>
+                                <td>{{ task.total_attempts }}</td>
+                                <td>{{ task.total_errors }}</td>
+                                <td>{{ task.refresh_interval_seconds or default_refresh_interval_seconds }} 秒</td>
+                                <td>{{ task.requested_by_role }}:{{ task.requested_by }}</td>
+                                <td>{{ task.updated_at }}</td>
                             </tr>
+                        {% endfor %}
+                    {% else %}
                         <tr>
+                            <td colspan="8" class="empty-cell">还没有任务记录。</td>
                         </tr>
+                    {% endif %}
+                </tbody>
+            </table>
+        </div>
+    </article>
 </section>
 {% endblock %}

templates/admin_layout.html ADDED Viewed

	@@ -0,0 +1,27 @@

+{% extends "base.html" %}
+{% block title %}{% block admin_title %}管理后台{% endblock %} | SCU 选课控制台{% endblock %}
+{% block body_class %}admin-theme{% endblock %}
+{% block content %}
+<section class="dashboard-shell admin-dashboard"{% if log_stream_url %} data-log-stream-url="{{ log_stream_url }}"{% endif %}{% if status_url %} data-status-url="{{ status_url }}"{% endif %}>
+    <header class="topbar reveal-up">
+        <div>
+            <span class="eyebrow">Admin Console</span>
+            <h1>管理员后台</h1>
+            <p>当前管理员：{{ admin_identity.username }}{% if is_super_admin %} · 超级管理员{% endif %}</p>
+        </div>
+        <form method="post" action="{{ url_for('admin_logout') }}">
+            <button type="submit" class="btn btn-ghost">退出后台</button>
+        </form>
+    </header>
+    <nav class="admin-nav reveal-up delay-1" aria-label="管理员后台导航">
+        <a href="{{ url_for('admin_dashboard') }}" class="admin-nav-link {% if admin_page == 'overview' %}active{% endif %}">总览</a>
+        <a href="{{ url_for('admin_users') }}" class="admin-nav-link {% if admin_page == 'users' %}active{% endif %}">用户管理</a>
+        <a href="{{ url_for('admin_schedules') }}" class="admin-nav-link {% if admin_page == 'schedules' %}active{% endif %}">定时任务</a>
+        <a href="{{ url_for('admin_registration_codes') }}" class="admin-nav-link {% if admin_page == 'registration_codes' %}active{% endif %}">注册码</a>
+        <a href="{{ url_for('admin_logs') }}" class="admin-nav-link {% if admin_page == 'logs' %}active{% endif %}">运行日志</a>
+    </nav>
+    {% block admin_page_content %}{% endblock %}
+</section>
+{% endblock %}

templates/admin_logs.html ADDED Viewed

	@@ -0,0 +1,28 @@

+{% extends "admin_layout.html" %}
+{% block admin_title %}运行日志{% endblock %}
+{% block admin_page_content %}
+<section class="content-grid admin-grid reveal-up delay-2">
+    <article class="card span-2">
+        <div class="card-head split">
+            <div>
+                <span class="kicker">全局日志</span>
+                <h2>所有用户的运行日志</h2>
+                <p>日志会持续流入，便于管理员确认登录、查课、提交结果、定时启动终止与错误信息。</p>
+            </div>
+            <span class="live-dot">LIVE</span>
+        </div>
+        <div class="log-console" id="log-console">
+            {% if recent_logs %}
+                {% for log in recent_logs %}
+                    <div class="log-line level-{{ log.level|lower }}">
+                        <span class="log-meta">{{ log.created_at }} · {{ log.student_id or 'system' }} · {{ log.scope }} · {{ log.level }}</span>
+                        <span>{{ log.message }}</span>
+                    </div>
+                {% endfor %}
+            {% else %}
+                <div class="log-line level-info muted">暂无日志，用户启动任务后这里会自动刷新。</div>
+            {% endif %}
+        </div>
+    </article>
+</section>
+{% endblock %}

templates/admin_registration_codes.html ADDED Viewed

	@@ -0,0 +1,81 @@

+{% extends "admin_layout.html" %}
+{% block admin_title %}注册码{% endblock %}
+{% block admin_page_content %}
+<section class="content-grid admin-grid reveal-up delay-2">
+    <article class="card">
+        <div class="card-head">
+            <span class="kicker">注册码</span>
+            <h2>创建注册码</h2>
+            <p>学生拿到注册码后即可在 <code>/register</code> 页面使用学号和教务处密码完成注册。</p>
+        </div>
+        <form method="post" action="{{ url_for('create_registration_code') }}" class="form-grid form-grid-compact">
+            <label class="field span-2">
+                <span>备注</span>
+                <input type="text" name="note" placeholder="例如 2025 春季新用户批次">
+            </label>
+            <label class="field">
+                <span>可用次数</span>
+                <input type="number" name="max_uses" min="1" max="99" value="{{ default_registration_code_max_uses }}" required>
+            </label>
+            <button type="submit" class="btn btn-secondary">生成注册码</button>
+        </form>
+    </article>
+    <article class="card">
+        <div class="card-head">
+            <span class="kicker">使用说明</span>
+            <h2>给学生的注册提示</h2>
+            <p>建议提示用户使用学号和教务处密码注册；注册码只负责开通本系统账号，不替代教务处认证。</p>
+        </div>
+        <div class="button-row wrap-row">
+            <a href="{{ url_for('admin_users') }}" class="btn btn-ghost">返回用户管理</a>
+        </div>
+    </article>
+</section>
+<section class="card reveal-up delay-3 span-2">
+    <div class="card-head split">
+        <div>
+            <span class="kicker">注册码清单</span>
+            <h2>注册码状态</h2>
+            <p>可以查看注册码是否启用、可用次数、已用次数以及最近一次使用情况。</p>
+        </div>
+    </div>
+    <div class="course-table-wrap">
+        <table class="data-table">
+            <thead>
+                <tr>
+                    <th>注册码</th>
+                    <th>备注</th>
+                    <th>状态</th>
+                    <th>使用</th>
+                    <th>最近使用者</th>
+                    <th>操作</th>
+                </tr>
+            </thead>
+            <tbody>
+                {% if registration_codes %}
+                    {% for code in registration_codes %}
+                        <tr>
+                            <td><code>{{ code.code }}</code></td>
+                            <td>{{ code.note or '无' }}</td>
+                            <td>{{ '启用' if code.is_active else '停用' }}</td>
+                            <td>{{ code.used_count }}/{{ code.max_uses }}</td>
+                            <td>{{ code.used_by_student_id or '暂无' }}</td>
+                            <td>
+                                <form method="post" action="{{ url_for('toggle_registration_code', registration_code_id=code.id) }}">
+                                    <button type="submit" class="inline-action">{{ '停用' if code.is_active else '启用' }}</button>
+                                </form>
+                            </td>
+                        </tr>
+                    {% endfor %}
+                {% else %}
+                    <tr>
+                        <td colspan="6" class="empty-cell">还没有创建注册码。</td>
+                    </tr>
+                {% endif %}
+            </tbody>
+        </table>
+    </div>
+</section>
+{% endblock %}

templates/admin_schedules.html ADDED Viewed

	@@ -0,0 +1,116 @@

+{% extends "admin_layout.html" %}
+{% block admin_title %}定时任务{% endblock %}
+{% block admin_page_content %}
+<section class="content-grid admin-grid reveal-up delay-2">
+    <article class="card span-2">
+        <div class="card-head split">
+            <div>
+                <span class="kicker">定时任务</span>
+                <h2>定时任务总览</h2>
+                <p>这里会列出每个用户当前的定时状态，并可直接在下方卡片中修改配置。</p>
+            </div>
+            <a href="{{ url_for('admin_users') }}" class="btn btn-ghost">返回用户管理</a>
+        </div>
+        <div class="course-table-wrap">
+            <table class="data-table">
+                <thead>
+                    <tr>
+                        <th>用户</th>
+                        <th>状态</th>
+                        <th>日期范围</th>
+                        <th>每日时段</th>
+                        <th>快速定位</th>
+                    </tr>
+                </thead>
+                <tbody>
+                    {% if users %}
+                        {% for user in users %}
+                            <tr>
+                                <td>{{ user.display_name or user.student_id }}<br><small>{{ user.student_id }}</small></td>
+                                <td>{{ '启用' if user.schedule and user.schedule.is_enabled else '关闭' }}</td>
+                                <td>
+                                    {% if user.schedule and user.schedule.start_date and user.schedule.end_date %}
+                                        {{ user.schedule.start_date }} 至 {{ user.schedule.end_date }}
+                                    {% else %}
+                                        未设置
+                                    {% endif %}
+                                </td>
+                                <td>
+                                    {% if user.schedule and user.schedule.daily_start_time and user.schedule.daily_stop_time %}
+                                        {{ user.schedule.daily_start_time }} - {{ user.schedule.daily_stop_time }}
+                                    {% else %}
+                                        未设置
+                                    {% endif %}
+                                </td>
+                                <td><a href="#user-{{ user.id }}" class="inline-action">前往设置</a></td>
+                            </tr>
+                        {% endfor %}
+                    {% else %}
+                        <tr>
+                            <td colspan="5" class="empty-cell">还没有用户，暂时无法配置定时任务。</td>
+                        </tr>
+                    {% endif %}
+                </tbody>
+            </table>
+        </div>
+    </article>
+</section>
+<section class="card reveal-up delay-3 span-2">
+    <div class="card-head">
+        <span class="kicker">按用户配置</span>
+        <h2>定时启动终止设置</h2>
+        <p>仅管理员可以配置。支持设置从几月几日开始、几月几日结束，以及每天自动启动和停止时间。</p>
+    </div>
+    <div class="user-card-grid">
+        {% for user in users %}
+            <section class="user-card" id="user-{{ user.id }}">
+                <div class="user-card-head">
+                    <div>
+                        <h3>{{ user.display_name or user.student_id }}</h3>
+                        <p>{{ user.student_id }}</p>
+                    </div>
+                    <span class="status-pill status-{{ user.latest_task.status if user.latest_task else 'idle' }}">
+                        {{ task_labels.get(user.latest_task.status, '未启动') if user.latest_task else '未启动' }}
+                    </span>
+                </div>
+                <div class="chip-row tight">
+                    <span class="chip">定时 {{ '开启' if user.schedule and user.schedule.is_enabled else '关闭' }}</span>
+                    <span class="chip">最近任务 {{ user.latest_task.id if user.latest_task else '--' }}</span>
+                    <span class="chip">尝试 {{ user.latest_task.total_attempts if user.latest_task else 0 }}</span>
+                    <span class="chip">错误 {{ user.latest_task.total_errors if user.latest_task else 0 }}</span>
+                </div>
+                <form method="post" action="{{ url_for('update_user_schedule', user_id=user.id) }}" class="form-grid form-grid-compact slim-form schedule-form">
+                    <label class="field">
+                        <span>启用定时</span>
+                        <input type="checkbox" name="schedule_enabled" value="1" {% if user.schedule and user.schedule.is_enabled %}checked{% endif %}>
+                    </label>
+                    <label class="field">
+                        <span>开始日期</span>
+                        <input type="date" name="start_date" value="{{ user.schedule.start_date if user.schedule else '' }}">
+                    </label>
+                    <label class="field">
+                        <span>结束日期</span>
+                        <input type="date" name="end_date" value="{{ user.schedule.end_date if user.schedule else '' }}">
+                    </label>
+                    <label class="field">
+                        <span>每日启动</span>
+                        <input type="time" name="daily_start_time" value="{{ user.schedule.daily_start_time if user.schedule else '' }}">
+                    </label>
+                    <label class="field">
+                        <span>每日停止</span>
+                        <input type="time" name="daily_stop_time" value="{{ user.schedule.daily_stop_time if user.schedule else '' }}">
+                    </label>
+                    <button type="submit" class="btn btn-secondary">保存定时设置</button>
+                </form>
+            </section>
+        {% else %}
+            <div class="empty-state-card">
+                还没有录入任何用户，请先到“用户管理”页面创建用户。
+            </div>
+        {% endfor %}
+    </div>
+</section>
+{% endblock %}

templates/admin_users.html ADDED Viewed

	@@ -0,0 +1,147 @@

+{% extends "admin_layout.html" %}
+{% block admin_title %}用户管理{% endblock %}
+{% block admin_page_content %}
+<section class="content-grid admin-grid reveal-up delay-2">
+    <article class="card">
+        <div class="card-head">
+            <span class="kicker">新增用户</span>
+            <h2>手动录入用户信息</h2>
+            <p>管理员可以直接录入学生账号，课程和定时任务则在对应页面分别管理。</p>
+        </div>
+        <form method="post" action="{{ url_for('create_user') }}" class="form-grid form-grid-compact">
+            <label class="field">
+                <span>学号</span>
+                <input type="text" name="student_id" inputmode="numeric" placeholder="13 位学号" required>
+            </label>
+            <label class="field">
+                <span>显示名称</span>
+                <input type="text" name="display_name" placeholder="可选备注">
+            </label>
+            <label class="field">
+                <span>刷新间隔</span>
+                <input type="number" name="refresh_interval_seconds" min="{{ refresh_interval_min }}" max="{{ refresh_interval_max }}" value="{{ default_refresh_interval_seconds }}" required>
+            </label>
+            <label class="field span-2">
+                <span>密码</span>
+                <input type="password" name="password" placeholder="教务处密码" required>
+            </label>
+            <button type="submit" class="btn btn-secondary">创建用户</button>
+        </form>
+    </article>
+    <article class="card">
+        <div class="card-head">
+            <span class="kicker">跳转提示</span>
+            <h2>功能已拆分</h2>
+            <p>这里负责用户资料、课程和任务操作。定时任务请进入“定时任务”页面，注册码请进入“注册码”页面。</p>
+        </div>
+        <div class="button-row wrap-row">
+            <a href="{{ url_for('admin_schedules') }}" class="btn btn-secondary">去定时任务页</a>
+            <a href="{{ url_for('admin_registration_codes') }}" class="btn btn-ghost">去注册码页</a>
+        </div>
+    </article>
+</section>
+<section class="card reveal-up delay-3 span-2">
+    <div class="card-head">
+        <span class="kicker">用户管理</span>
+        <h2>所有用户与课程详情</h2>
+        <p>可以直接修改用户信息、增减课程，或代替用户启动和停止任务。</p>
+    </div>
+    <div class="user-card-grid">
+        {% for user in users %}
+            <section class="user-card" id="user-{{ user.id }}">
+                <div class="user-card-head">
+                    <div>
+                        <h3>{{ user.display_name or user.student_id }}</h3>
+                        <p>{{ user.student_id }}</p>
+                    </div>
+                    <span class="status-pill status-{{ user.latest_task.status if user.latest_task else 'idle' }}">
+                        {{ task_labels.get(user.latest_task.status, '未启动') if user.latest_task else '未启动' }}
+                    </span>
+                </div>
+                <div class="chip-row tight">
+                    <span class="chip {% if user.is_active %}highlight{% endif %}">{{ '启用中' if user.is_active else '已禁用' }}</span>
+                    <span class="chip">课程 {{ user.course_count }}</span>
+                    <span class="chip">最近任务 {{ user.latest_task.id if user.latest_task else '--' }}</span>
+                    <span class="chip">刷新 {{ user.refresh_interval_seconds or default_refresh_interval_seconds }} 秒</span>
+                    <span class="chip">尝试 {{ user.latest_task.total_attempts if user.latest_task else 0 }}</span>
+                    <span class="chip">错误 {{ user.latest_task.total_errors if user.latest_task else 0 }}</span>
+                    <span class="chip">定时 {{ '开启' if user.schedule and user.schedule.is_enabled else '关闭' }}</span>
+                </div>
+                <form method="post" action="{{ url_for('update_user', user_id=user.id) }}" class="form-grid form-grid-compact slim-form">
+                    <label class="field span-2">
+                        <span>显示名称</span>
+                        <input type="text" name="display_name" value="{{ user.display_name }}" placeholder="备注名称">
+                    </label>
+                    <label class="field">
+                        <span>刷新间隔</span>
+                        <input type="number" name="refresh_interval_seconds" min="{{ refresh_interval_min }}" max="{{ refresh_interval_max }}" value="{{ user.refresh_interval_seconds or default_refresh_interval_seconds }}" required>
+                    </label>
+                    <label class="field span-2">
+                        <span>重置密码</span>
+                        <input type="password" name="password" placeholder="留空表示不修改">
+                    </label>
+                    <button type="submit" class="btn btn-ghost">保存用户</button>
+                </form>
+                <div class="button-row wrap-row compact-row">
+                    <a href="{{ url_for('admin_schedules') }}#user-{{ user.id }}" class="btn btn-secondary">去设定时任务</a>
+                    <form method="post" action="{{ url_for('toggle_user', user_id=user.id) }}">
+                        <button type="submit" class="btn btn-ghost {% if not user.is_active %}danger{% endif %}">{{ '禁用' if user.is_active else '启用' }}</button>
+                    </form>
+                    <form method="post" action="{{ url_for('admin_start_user_task', user_id=user.id) }}">
+                        <button type="submit" class="btn btn-primary">代启动任务</button>
+                    </form>
+                    <form method="post" action="{{ url_for('admin_stop_user_task', user_id=user.id) }}">
+                        <button type="submit" class="btn btn-ghost danger">代停止任务</button>
+                    </form>
+                    <form method="post" action="{{ url_for('delete_user_by_admin', user_id=user.id) }}">
+                        <button type="submit" class="btn btn-ghost danger">删除用户</button>
+                    </form>
+                </div>
+                <form method="post" action="{{ url_for('admin_add_course', user_id=user.id) }}" class="form-grid form-grid-compact slim-form">
+                    <label class="field">
+                        <span>类型</span>
+                        <select name="category">
+                            <option value="free">自由选课</option>
+                            <option value="plan">方案选课</option>
+                        </select>
+                    </label>
+                    <label class="field">
+                        <span>课程号</span>
+                        <input type="text" name="course_id" placeholder="例如 888005010A59" autocapitalize="characters" required>
+                    </label>
+                    <label class="field">
+                        <span>课序号</span>
+                        <input type="text" name="course_index" placeholder="例如 01 或 666" autocapitalize="characters" required>
+                    </label>
+                    <button type="submit" class="btn btn-secondary">为该用户加课</button>
+                </form>
+                <div class="course-list">
+                    {% if user.courses %}
+                        {% for course in user.courses %}
+                            <div class="course-chip-row">
+                                <span>{{ category_labels.get(course.category, course.category) }} · {{ course.course_id }}_{{ course.course_index }}</span>
+                                <form method="post" action="{{ url_for('admin_delete_course', course_target_id=course.id) }}">
+                                    <button type="submit" class="inline-action">删除</button>
+                                </form>
+                            </div>
+                        {% endfor %}
+                    {% else %}
+                        <div class="empty-mini">当前没有课程目标。</div>
+                    {% endif %}
+                </div>
+            </section>
+        {% else %}
+            <div class="empty-state-card">
+                还没有录入任何用户，请先通过上方表单创建用户。
+            </div>
+        {% endfor %}
+    </div>
+</section>
+{% endblock %}