Upload 67 files

app/config.py

@@ -28,7 +28,15 @@ class Settings:
     mysql_db: str = os.getenv("SQL_DATABASE", "CAM")
     mysql_ca_file: Path = ROOT_DIR / os.getenv("MYSQL_CA_FILE", "ca.pem")
 
-    upload_root: Path = ROOT_DIR / os.getenv("UPLOAD_ROOT", "data/submissions")
+    docker_root: Path = ROOT_DIR / os.getenv("DOCKER_ROOT", "docker_data")
+
+    @property
+    def upload_root(self) -> Path:
+        return self.docker_root / "submissions"
+
+    @property
+    def task_media_root(self) -> Path:
+        return self.docker_root / "tasks"
 
     @property
     def database_url(self) -> str:
@@ -43,9 +51,12 @@ class Settings:
 
     @property
     def database_connect_args(self) -> dict:
+        if self.database_url.startswith("sqlite"):
+            return {}
         if self.mysql_ca_file.exists():
             return {"ssl": {"ca": str(self.mysql_ca_file)}}
         return {}
 
 
-settings = Settings()
+settings = Settings()
+

app/main.py

@@ -12,6 +12,7 @@ from app.database import SessionLocal
 from app.models import Admin, User
 from app.routes import admin, auth, media, user
 from app.services.bootstrap import initialize_database, seed_super_admin
+from app.services.presence import should_write_presence
 from app.web import local_now, redirect, templates
 
 
@@ -33,7 +34,9 @@ def on_startup() -> None:
 @app.middleware("http")
 async def track_presence(request: Request, call_next):
     response = await call_next(request)
-    if request.url.path.startswith("/static"):
+    if request.url.path.startswith("/static") or request.url.path.startswith("/media"):
+        return response
+    if request.url.path.startswith("/api"):
         return response
 
     admin_id = request.session.get("admin_id")
@@ -41,17 +44,21 @@ async def track_presence(request: Request, call_next):
     if not admin_id and not user_id:
         return response
 
+    now = local_now()
+    if not should_write_presence(request.session, now):
+        return response
+
     db = SessionLocal()
     try:
         if admin_id:
             admin = db.get(Admin, admin_id)
             if admin:
-                admin.last_seen_at = local_now()
+                admin.last_seen_at = now
                 db.add(admin)
         elif user_id:
             user = db.get(User, user_id)
             if user:
-                user.last_seen_at = local_now()
+                user.last_seen_at = now
                 db.add(user)
         db.commit()
     finally:
@@ -77,6 +84,11 @@ def health():
     return {"status": "ok"}
 
 
+@app.get("/favicon.ico", include_in_schema=False)
+def favicon():
+    return redirect("/static/favicon.ico", status_code=307)
+
+
 app.include_router(auth.router)
 app.include_router(user.router)
 app.include_router(admin.router)
@@ -105,4 +117,6 @@ def format_timedelta(value):
 
 
 templates.env.filters["datetime_local"] = format_datetime
-templates.env.filters["duration_human"] = format_timedelta
+templates.env.filters["duration_human"] = format_timedelta
+
+

app/models.py

@@ -4,7 +4,6 @@ from datetime import datetime
 from typing import Optional
 
 from sqlalchemy import Boolean, DateTime, ForeignKey, Integer, String, Text, UniqueConstraint
-from sqlalchemy.dialects.mysql import LONGBLOB
 from sqlalchemy.orm import Mapped, mapped_column, relationship
 
 from app.database import Base
@@ -94,13 +93,13 @@ class Task(TimestampMixin, Base):
     description: Mapped[str] = mapped_column(Text, default="")
     display_order: Mapped[int] = mapped_column(Integer, default=1)
 
-    image_data: Mapped[bytes] = mapped_column(LONGBLOB, deferred=True)
+    image_url: Mapped[Optional[str]] = mapped_column(String(1000), nullable=True)
+    image_path: Mapped[Optional[str]] = mapped_column(String(600), nullable=True)
     image_mime: Mapped[str] = mapped_column(String(120), default="image/jpeg")
     image_filename: Mapped[str] = mapped_column(String(255), default="task.jpg")
 
-    clue_image_data: Mapped[Optional[bytes]] = mapped_column(
-        LONGBLOB, deferred=True, nullable=True
-    )
+    clue_image_url: Mapped[Optional[str]] = mapped_column(String(1000), nullable=True)
+    clue_image_path: Mapped[Optional[str]] = mapped_column(String(600), nullable=True)
     clue_image_mime: Mapped[Optional[str]] = mapped_column(String(120), nullable=True)
     clue_image_filename: Mapped[Optional[str]] = mapped_column(String(255), nullable=True)
     clue_release_at: Mapped[Optional[datetime]] = mapped_column(DateTime, nullable=True)
@@ -151,5 +150,3 @@ class Submission(TimestampMixin, Base):
         back_populates="assigned_submissions",
         foreign_keys=[assigned_admin_id],
     )
-
-

app/routes/admin.py

@@ -3,18 +3,24 @@
 import io
 import zipfile
 from datetime import datetime, timedelta
+from urllib.parse import quote
 from pathlib import Path
 
 from fastapi import APIRouter, Depends, HTTPException, Request
 from fastapi.responses import JSONResponse, StreamingResponse
 from sqlalchemy.orm import Session, joinedload
 
+from app.config import settings
 from app.database import get_db
 from app.models import Activity, Admin, Group, Submission, Task, User
 from app.security import hash_password
-from app.services.images import compress_to_limit, read_and_validate_upload
+from app.services.images import (
+    delete_file_if_exists,
+    list_image_files,
+    resolve_managed_path,
+)
 from app.services.leaderboard import build_leaderboard
-from app.services.presence import is_online
+from app.services.presence import ONLINE_WINDOW_SECONDS, is_online, unix_seconds
 from app.services.review_queue import online_admins, rebalance_pending_reviews
 from app.web import add_flash, local_now, redirect, render
 
@@ -26,9 +32,6 @@ def require_admin(request: Request, db: Session) -> Admin | None:
     admin = db.query(Admin).filter(Admin.id == (request.session.get("admin_id") or 0)).first()
     if not admin or not admin.is_active:
         return None
-    admin.last_seen_at = local_now()
-    db.add(admin)
-    db.flush()
     return admin
 
 
@@ -68,6 +71,20 @@ def ensure_group_capacity(group: Group | None, current_users: list[User] | None
         raise ValueError(f"{group.name} 的人数上限不足，请调整人数上限或减少选中人数。")
 
 
+
+def normalize_image_url(raw_value: str | None, field_label: str, required: bool = False) -> str | None:
+    value = str(raw_value or "").strip()
+    if not value:
+        if required:
+            raise ValueError(f"请填写{field_label}。")
+        return None
+    if not (value.startswith("http://") or value.startswith("https://")):
+        raise ValueError(f"{field_label}必须以 http:// 或 https:// 开头。")
+    if len(value) > 1000:
+        raise ValueError(f"{field_label}过长，请检查链接是否正确。")
+    return value
+
+
 def parse_activity_fields(form) -> dict:
     title = str(form.get("title", "")).strip()
     description = str(form.get("description", "")).strip()
@@ -123,7 +140,7 @@ def apply_task_schedule(activity: Activity, tasks: list[Task]) -> None:
             activity.start_at,
             activity.clue_interval_minutes,
             index,
-            bool(task.clue_image_filename),
+            bool(task.clue_image_url or task.clue_image_path or task.clue_image_filename),
         )
 
 
@@ -155,15 +172,135 @@ def serialize_submission(submission: Submission) -> dict:
     }
 
 
+def display_admin_role(role: str) -> str:
+    return "超级管理员" if role == "superadmin" else "管理员"
+
+
 def serialize_presence_entry(name: str, role_label: str, last_seen_at, now: datetime) -> dict:
     return {
         "name": name,
         "role_label": role_label,
-        "last_seen_at": last_seen_at.strftime("%Y-%m-%d %H:%M") if last_seen_at else "-",
+        "last_seen_at": last_seen_at.strftime("%Y-%m-%d %H:%M:%S") if last_seen_at else "-",
+        "last_seen_ts": unix_seconds(last_seen_at),
         "is_online": is_online(last_seen_at, now),
     }
 
 
+def cleanup_task_files(task: Task) -> None:
+    delete_file_if_exists(task.image_path, settings.task_media_root)
+    delete_file_if_exists(task.clue_image_path, settings.task_media_root)
+
+
+def normalize_path_key(file_path: str | Path) -> str:
+    return str(Path(file_path).resolve())
+
+
+def format_file_size(file_size: int) -> str:
+    if file_size >= 1024 * 1024:
+        return f"{file_size / (1024 * 1024):.2f} MB"
+    if file_size >= 1024:
+        return f"{file_size / 1024:.1f} KB"
+    return f"{file_size} B"
+
+
+def build_image_reference_index(db: Session) -> dict[str, list[dict]]:
+    reference_index: dict[str, list[dict]] = {}
+
+    tasks = db.query(Task).options(joinedload(Task.activity)).all()
+    for task in tasks:
+        if task.image_path:
+            reference_index.setdefault(normalize_path_key(task.image_path), []).append(
+                {
+                    "type": "task",
+                    "label": f"任务主图 · {task.activity.title if task.activity else '未知活动'} / {task.title}",
+                }
+            )
+        if task.clue_image_path:
+            reference_index.setdefault(normalize_path_key(task.clue_image_path), []).append(
+                {
+                    "type": "task",
+                    "label": f"线索图 · {task.activity.title if task.activity else '未知活动'} / {task.title}",
+                }
+            )
+
+    submissions = (
+        db.query(Submission)
+        .options(
+            joinedload(Submission.user),
+            joinedload(Submission.group),
+            joinedload(Submission.task).joinedload(Task.activity),
+        )
+        .all()
+    )
+    for submission in submissions:
+        if not submission.file_path:
+            continue
+        reference_index.setdefault(normalize_path_key(submission.file_path), []).append(
+            {
+                "type": "submission",
+                "label": (
+                    f"用户提交图 · {submission.task.activity.title if submission.task and submission.task.activity else '未知活动'}"
+                    f" / {submission.task.title if submission.task else '未知任务'}"
+                    f" / {submission.group.name if submission.group else '未分组'}"
+                ),
+            }
+        )
+
+    return reference_index
+
+
+def build_image_inventory(db: Session, scope: str) -> tuple[list[dict], dict]:
+    reference_index = build_image_reference_index(db)
+    image_paths = list_image_files(settings.docker_root)
+
+    items: list[dict] = []
+    referenced_count = 0
+    orphan_count = 0
+
+    for image_path in image_paths:
+        relative_path = image_path.relative_to(settings.docker_root).as_posix()
+        references = reference_index.get(normalize_path_key(image_path), [])
+        is_referenced = bool(references)
+        top_level = relative_path.split("/", 1)[0] if "/" in relative_path else relative_path
+
+        if scope == "tasks" and top_level != "tasks":
+            continue
+        if scope == "submissions" and top_level != "submissions":
+            continue
+        if scope == "referenced" and not is_referenced:
+            continue
+        if scope == "orphan" and is_referenced:
+            continue
+
+        if is_referenced:
+            referenced_count += 1
+        else:
+            orphan_count += 1
+
+        encoded_path = quote(relative_path, safe="/")
+        items.append(
+            {
+                "relative_path": relative_path,
+                "file_name": image_path.name,
+                "category": top_level,
+                "size_label": format_file_size(image_path.stat().st_size),
+                "modified_at": datetime.fromtimestamp(image_path.stat().st_mtime).strftime("%Y-%m-%d %H:%M"),
+                "is_referenced": is_referenced,
+                "reference_labels": [item["label"] for item in references],
+                "preview_url": f"/media/library/{encoded_path}",
+                "download_url": f"/media/library/{encoded_path}?download=1",
+            }
+        )
+
+    summary = {
+        "total_count": len(image_paths),
+        "referenced_count": sum(1 for path in image_paths if reference_index.get(normalize_path_key(path))),
+        "orphan_count": sum(1 for path in image_paths if not reference_index.get(normalize_path_key(path))),
+        "docker_root": str(settings.docker_root),
+    }
+    return items, summary
+
+
 def recent_reviews_query(db: Session, activity_id: int | None = None):
     query = (
         db.query(Submission)
@@ -245,40 +382,34 @@ async def collect_task_payloads(
         task_description = (
             str(task_descriptions[index]).strip() if index < len(task_descriptions) else ""
         )
-        primary_upload = task_images[index] if index < len(task_images) else None
-        clue_upload = task_clue_images[index] if index < len(task_clue_images) else None
+        image_url = normalize_image_url(
+            task_images[index] if index < len(task_images) else None,
+            f"第 {index + 1} 个新增任务的主图链接",
+            required=bool(task_title),
+        )
+        clue_image_url = normalize_image_url(
+            task_clue_images[index] if index < len(task_clue_images) else None,
+            f"第 {index + 1} 个新增任务的线索图链接",
+            required=False,
+        )
 
-        if not task_title and (not primary_upload or not getattr(primary_upload, "filename", "")):
+        if not task_title and not image_url:
             continue
-        if not task_title or not primary_upload or not getattr(primary_upload, "filename", ""):
-            raise ValueError(f"第 {index + 1} 个新增任务需要完整填写标题并上传主图。")
-
-        primary_raw = await read_and_validate_upload(primary_upload)
-        primary_bytes, primary_mime = compress_to_limit(primary_raw, 200 * 1024)
-
-        clue_bytes = None
-        clue_mime = None
-        clue_name = None
-        if clue_upload and getattr(clue_upload, "filename", ""):
-            clue_raw = await read_and_validate_upload(clue_upload)
-            clue_bytes, clue_mime = compress_to_limit(clue_raw, 200 * 1024)
-            clue_name = clue_upload.filename
+        if not task_title:
+            raise ValueError(f"第 {index + 1} 个新增任务需要填写标题。")
+        if not image_url:
+            raise ValueError(f"第 {index + 1} 个新增任务需要填写主图链接。")
 
         tasks_payload.append(
             {
                 "title": task_title,
                 "description": task_description,
-                "image_data": primary_bytes,
-                "image_mime": primary_mime,
-                "image_filename": primary_upload.filename,
-                "clue_image_data": clue_bytes,
-                "clue_image_mime": clue_mime,
-                "clue_image_filename": clue_name,
+                "image_url": image_url,
+                "clue_image_url": clue_image_url,
             }
         )
     return tasks_payload
 
-
 @router.get("/admin/dashboard")
 def admin_dashboard(request: Request, db: Session = Depends(get_db)):
     admin = require_admin(request, db)
@@ -342,7 +473,7 @@ def admin_users(request: Request, db: Session = Depends(get_db)):
         request,
         "admin_users.html",
         {"page_title": "用户管理", "admin": admin, "users": users, "groups": groups},
-    )
+    )
 
 @router.post("/admin/users")
 async def create_user(request: Request, db: Session = Depends(get_db)):
@@ -516,10 +647,14 @@ def admin_admins(request: Request, db: Session = Depends(get_db)):
         return redirect("/admin/dashboard")
 
     now = local_now()
+    server_ts = unix_seconds(now)
     admins = db.query(Admin).order_by(Admin.created_at.desc()).all()
     users = db.query(User).options(joinedload(User.group)).order_by(User.full_name.asc()).all()
     admin_statuses = [
-        {**serialize_presence_entry(item.display_name, item.role, item.last_seen_at, now), "username": item.username}
+        {
+            **serialize_presence_entry(item.display_name, display_admin_role(item.role), item.last_seen_at, now),
+            "username": item.username,
+        }
         for item in admins
     ]
     user_statuses = [
@@ -538,6 +673,8 @@ def admin_admins(request: Request, db: Session = Depends(get_db)):
             "admins": admins,
             "admin_statuses": admin_statuses,
             "user_statuses": user_statuses,
+            "presence_server_ts": server_ts,
+            "online_window_seconds": ONLINE_WINDOW_SECONDS,
         },
     )
 
@@ -549,30 +686,29 @@ def presence_overview(request: Request, db: Session = Depends(get_db)):
         return JSONResponse({"error": "forbidden"}, status_code=403)
 
     now = local_now()
+    server_ts = unix_seconds(now)
     admins = db.query(Admin).order_by(Admin.display_name.asc()).all()
     users = db.query(User).options(joinedload(User.group)).order_by(User.full_name.asc()).all()
     return JSONResponse(
         {
+            "server_ts": server_ts,
+            "online_window_seconds": ONLINE_WINDOW_SECONDS,
             "admins": [
                 {
-                    "name": item.display_name,
+                    **serialize_presence_entry(item.display_name, display_admin_role(item.role), item.last_seen_at, now),
                     "username": item.username,
-                    "role": item.role,
-                    "is_online": is_online(item.last_seen_at, now),
-                    "last_seen_at": item.last_seen_at.strftime("%Y-%m-%d %H:%M") if item.last_seen_at else "-",
                 }
                 for item in admins
             ],
             "users": [
                 {
-                    "name": item.full_name,
+                    **serialize_presence_entry(item.full_name, "用户", item.last_seen_at, now),
                     "group_name": item.group.name if item.group else "未分组",
-                    "is_online": is_online(item.last_seen_at, now),
-                    "last_seen_at": item.last_seen_at.strftime("%Y-%m-%d %H:%M") if item.last_seen_at else "-",
                 }
                 for item in users
             ],
-        }
+        },
+        headers={"Cache-Control": "no-store"},
     )
 
 
@@ -605,7 +741,7 @@ async def create_admin(request: Request, db: Session = Depends(get_db)):
     db.add(new_admin)
     db.commit()
     add_flash(request, "success", f"管理员 {display_name} 已创建。")
-    return redirect("/admin/admins")
+    return redirect("/admin/admins")
 
 @router.get("/admin/groups")
 def admin_groups(request: Request, db: Session = Depends(get_db)):
@@ -751,8 +887,8 @@ async def create_activity(request: Request, db: Session = Depends(get_db)):
             form,
             "task_title",
             "task_description",
-            "task_image",
-            "task_clue_image",
+            "task_image_url",
+            "task_clue_image_url",
         )
     except ValueError as exc:
         add_flash(request, "error", str(exc))
@@ -764,10 +900,19 @@ async def create_activity(request: Request, db: Session = Depends(get_db)):
 
     activity = Activity(created_by_id=admin.id, **activity_fields)
     db.add(activity)
+    db.flush()
 
     tasks = []
     for payload in tasks_payload:
-        task = Task(activity=activity, **payload)
+        task = Task(
+            activity=activity,
+            title=payload["title"],
+            description=payload["description"],
+            image_url=payload["image_url"],
+            clue_image_url=payload["clue_image_url"],
+            image_filename=payload["image_url"].split("/")[-1][:255] or "task-link",
+            clue_image_filename=(payload["clue_image_url"].split("/")[-1][:255] if payload["clue_image_url"] else None),
+        )
         tasks.append(task)
         db.add(task)
 
@@ -776,7 +921,6 @@ async def create_activity(request: Request, db: Session = Depends(get_db)):
     add_flash(request, "success", f"活动 {activity.title} 已发布。")
     return redirect("/admin/activities")
 
-
 @router.post("/admin/activities/{activity_id}/edit")
 async def update_activity(activity_id: int, request: Request, db: Session = Depends(get_db)):
     admin = require_admin(request, db)
@@ -802,8 +946,8 @@ async def update_activity(activity_id: int, request: Request, db: Session = Depe
     existing_task_ids = form.getlist("existing_task_id")
     existing_task_titles = form.getlist("existing_task_title")
     existing_task_descriptions = form.getlist("existing_task_description")
-    existing_task_images = form.getlist("existing_task_image")
-    existing_task_clue_images = form.getlist("existing_task_clue_image")
+    existing_task_image_urls = form.getlist("existing_task_image_url")
+    existing_task_clue_urls = form.getlist("existing_task_clue_image_url")
     remove_clue_ids = {
         int(value)
         for value in form.getlist("existing_task_remove_clue")
@@ -829,27 +973,38 @@ async def update_activity(activity_id: int, request: Request, db: Session = Depe
             if not title:
                 raise ValueError(f"第 {index + 1} 个已有任务标题不能为空。")
 
+            image_url = normalize_image_url(
+                existing_task_image_urls[index] if index < len(existing_task_image_urls) else None,
+                f"第 {index + 1} 个已有任务的主图链接",
+                required=True,
+            )
+            clue_image_url = normalize_image_url(
+                existing_task_clue_urls[index] if index < len(existing_task_clue_urls) else None,
+                f"第 {index + 1} 个已有任务的线索图链接",
+                required=False,
+            )
+            if task_id in remove_clue_ids:
+                clue_image_url = None
+
             task.title = title
             task.description = description
-
-            primary_upload = existing_task_images[index] if index < len(existing_task_images) else None
-            clue_upload = existing_task_clue_images[index] if index < len(existing_task_clue_images) else None
-
-            if primary_upload and getattr(primary_upload, "filename", ""):
-                primary_raw = await read_and_validate_upload(primary_upload)
-                primary_bytes, primary_mime = compress_to_limit(primary_raw, 200 * 1024)
-                task.image_data = primary_bytes
-                task.image_mime = primary_mime
-                task.image_filename = primary_upload.filename
-
-            if clue_upload and getattr(clue_upload, "filename", ""):
-                clue_raw = await read_and_validate_upload(clue_upload)
-                clue_bytes, clue_mime = compress_to_limit(clue_raw, 200 * 1024)
-                task.clue_image_data = clue_bytes
-                task.clue_image_mime = clue_mime
-                task.clue_image_filename = clue_upload.filename
-            elif task_id in remove_clue_ids:
-                task.clue_image_data = None
+            task.image_url = image_url
+            task.image_filename = image_url.split("/")[-1][:255] or task.image_filename
+            if task.image_path:
+                delete_file_if_exists(task.image_path, settings.task_media_root)
+                task.image_path = None
+
+            if clue_image_url:
+                task.clue_image_url = clue_image_url
+                task.clue_image_filename = clue_image_url.split("/")[-1][:255] or task.clue_image_filename
+                if task.clue_image_path:
+                    delete_file_if_exists(task.clue_image_path, settings.task_media_root)
+                    task.clue_image_path = None
+            else:
+                if task.clue_image_path:
+                    delete_file_if_exists(task.clue_image_path, settings.task_media_root)
+                task.clue_image_url = None
+                task.clue_image_path = None
                 task.clue_image_mime = None
                 task.clue_image_filename = None
 
@@ -859,8 +1014,8 @@ async def update_activity(activity_id: int, request: Request, db: Session = Depe
             form,
             "new_task_title",
             "new_task_description",
-            "new_task_image",
-            "new_task_clue_image",
+            "new_task_image_url",
+            "new_task_clue_image_url",
         )
     except ValueError as exc:
         add_flash(request, "error", str(exc))
@@ -875,7 +1030,15 @@ async def update_activity(activity_id: int, request: Request, db: Session = Depe
 
     all_tasks = list(ordered_tasks)
     for payload in new_tasks_payload:
-        task = Task(activity=activity, **payload)
+        task = Task(
+            activity=activity,
+            title=payload["title"],
+            description=payload["description"],
+            image_url=payload["image_url"],
+            clue_image_url=payload["clue_image_url"],
+            image_filename=payload["image_url"].split("/")[-1][:255] or "task-link",
+            clue_image_filename=(payload["clue_image_url"].split("/")[-1][:255] if payload["clue_image_url"] else None),
+        )
         db.add(task)
         all_tasks.append(task)
 
@@ -889,7 +1052,6 @@ async def update_activity(activity_id: int, request: Request, db: Session = Depe
     add_flash(request, "success", f"活动 {activity.title} 已更新。")
     return redirect(f"/admin/activities/{activity_id}/edit")
 
-
 @router.post("/admin/tasks/{task_id}/delete")
 async def delete_task(task_id: int, request: Request, db: Session = Depends(get_db)):
     admin = require_admin(request, db)
@@ -908,6 +1070,7 @@ async def delete_task(task_id: int, request: Request, db: Session = Depends(get_
         return redirect(f"/admin/activities/{activity.id}/edit")
 
     cleanup_submission_files(task.submissions)
+    cleanup_task_files(task)
     activity_id = activity.id
     db.delete(task)
     db.flush()
@@ -924,7 +1087,6 @@ async def delete_task(task_id: int, request: Request, db: Session = Depends(get_
     add_flash(request, "success", "任务已删除，剩余任务顺序和线索发布时间已自动更新。")
     return redirect(f"/admin/activities/{activity_id}/edit")
 
-
 @router.post("/admin/activities/{activity_id}/visibility")
 async def update_leaderboard_visibility(activity_id: int, request: Request, db: Session = Depends(get_db)):
     admin = require_admin(request, db)
@@ -940,7 +1102,7 @@ async def update_leaderboard_visibility(activity_id: int, request: Request, db:
     db.add(activity)
     db.commit()
     add_flash(request, "success", f"已更新 {activity.title} 的排行榜可见性。")
-    return redirect("/admin/activities")
+    return redirect("/admin/activities")
 
 @router.get("/admin/reviews")
 def admin_reviews(request: Request, db: Session = Depends(get_db)):
@@ -1093,7 +1255,87 @@ async def download_selected_submissions(request: Request, db: Session = Depends(
         archive,
         media_type="application/zip",
         headers={"Content-Disposition": f'attachment; filename="{filename}"'},
-    )
-
-
+    )
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+@router.get("/admin/images")
+def admin_images(request: Request, db: Session = Depends(get_db)):
+    admin = require_admin(request, db)
+    if not admin:
+        return redirect("/admin")
+
+    scope = request.query_params.get("scope", "all").strip()
+    if scope not in {"all", "tasks", "submissions", "referenced", "orphan"}:
+        scope = "all"
+
+    image_items, summary = build_image_inventory(db, scope)
+    return render(
+        request,
+        "admin_images.html",
+        {
+            "page_title": "图片管理",
+            "admin": admin,
+            "scope": scope,
+            "image_items": image_items,
+            "summary": summary,
+        },
+    )
+
+
+@router.post("/admin/images/delete")
+async def delete_managed_image(request: Request, db: Session = Depends(get_db)):
+    admin = require_admin(request, db)
+    if not admin:
+        return redirect("/admin")
+
+    form = await request.form()
+    relative_path = str(form.get("relative_path", "")).strip()
+    scope = str(form.get("scope", "all")).strip()
+    if scope not in {"all", "tasks", "submissions", "referenced", "orphan"}:
+        scope = "all"
+
+    if not relative_path:
+        add_flash(request, "error", "图片路径不能为空。")
+        return redirect(f"/admin/images?scope={scope}")
+
+    try:
+        file_path = resolve_managed_path(settings.docker_root, relative_path)
+    except ValueError as exc:
+        add_flash(request, "error", str(exc))
+        return redirect(f"/admin/images?scope={scope}")
+
+    if not file_path.exists() or not file_path.is_file():
+        add_flash(request, "error", "图片不存在或已被删除。")
+        return redirect(f"/admin/images?scope={scope}")
+
+    references = build_image_reference_index(db).get(normalize_path_key(file_path), [])
+    if references:
+        add_flash(request, "error", "该图片仍被系统引用，暂时不能直接删除。")
+        return redirect(f"/admin/images?scope={scope}")
+
+    delete_file_if_exists(str(file_path), settings.docker_root)
+    add_flash(request, "success", f"已删除图片：{relative_path}")
+    return redirect(f"/admin/images?scope={scope}")
+
+
+
+
+
+
 

app/routes/auth.py

@@ -8,7 +8,8 @@ from app.auth import get_current_admin, get_current_user, sign_in_admin, sign_in
 from app.database import get_db
 from app.models import Admin, Group, User
 from app.security import hash_password, verify_password
-from app.web import add_flash, redirect, render
+from app.services.presence import should_write_presence, unix_seconds
+from app.web import add_flash, local_now, redirect, render
 
 
 router = APIRouter()
@@ -163,8 +164,31 @@ def change_password(
     return redirect("/account")
 
 
-@router.get("/api/presence/ping")
+@router.api_route("/api/presence/ping", methods=["GET", "POST"])
 def presence_ping(request: Request, db: Session = Depends(get_db)):
-    if not get_current_admin(request, db) and not get_current_user(request, db):
+    admin = get_current_admin(request, db)
+    user = get_current_user(request, db)
+    if not admin and not user:
         return JSONResponse({"ok": False}, status_code=401)
-    return JSONResponse({"ok": True})
+
+    now = local_now()
+    wrote = False
+    if should_write_presence(request.session, now):
+        if admin:
+            admin.last_seen_at = now
+            db.add(admin)
+        elif user:
+            user.last_seen_at = now
+            db.add(user)
+        db.commit()
+        wrote = True
+
+    return JSONResponse(
+        {
+            "ok": True,
+            "wrote": wrote,
+            "server_ts": unix_seconds(now),
+        },
+        headers={"Cache-Control": "no-store"},
+    )
+

app/routes/media.py

@@ -2,28 +2,42 @@
 
 from pathlib import Path
 
-from fastapi import APIRouter, Depends, HTTPException, Request, Response
-from fastapi.responses import FileResponse
+from fastapi import APIRouter, Depends, HTTPException, Request
+from fastapi.responses import FileResponse, RedirectResponse
 from sqlalchemy.orm import Session, joinedload
 
 from app.auth import get_current_admin, get_current_user
+from app.config import settings
 from app.database import get_db
-from app.models import Submission, Task, User
+from app.models import Submission, Task
+from app.services.images import resolve_managed_path
 from app.web import local_now
 
 
 router = APIRouter()
 
 
+def ensure_existing_file(file_path: str | None) -> Path:
+    if not file_path:
+        raise HTTPException(status_code=404, detail="Image not found")
+    path = Path(file_path)
+    if not path.exists() or not path.is_file():
+        raise HTTPException(status_code=404, detail="Image not found")
+    return path
+
+
 @router.get("/media/tasks/{task_id}/image")
 def task_image(task_id: int, request: Request, db: Session = Depends(get_db)):
     if not get_current_user(request, db) and not get_current_admin(request, db):
         raise HTTPException(status_code=401, detail="Unauthorized")
 
     task = db.get(Task, task_id)
-    if not task or not task.image_data:
+    if not task:
         raise HTTPException(status_code=404, detail="Image not found")
-    return Response(content=task.image_data, media_type=task.image_mime)
+    if task.image_url:
+        return RedirectResponse(task.image_url, status_code=307)
+    image_path = ensure_existing_file(task.image_path)
+    return FileResponse(image_path, media_type=task.image_mime, filename=task.image_filename)
 
 
 @router.get("/media/tasks/{task_id}/clue")
@@ -34,11 +48,14 @@ def task_clue(task_id: int, request: Request, db: Session = Depends(get_db)):
         raise HTTPException(status_code=401, detail="Unauthorized")
 
     task = db.get(Task, task_id)
-    if not task or not task.clue_image_data:
+    if not task:
         raise HTTPException(status_code=404, detail="Clue image not found")
     if not admin and (not task.clue_release_at or local_now() < task.clue_release_at):
         raise HTTPException(status_code=403, detail="Clue not released")
-    return Response(content=task.clue_image_data, media_type=task.clue_image_mime)
+    if task.clue_image_url:
+        return RedirectResponse(task.clue_image_url, status_code=307)
+    clue_path = ensure_existing_file(task.clue_image_path)
+    return FileResponse(clue_path, media_type=task.clue_image_mime or "image/jpeg", filename=task.clue_image_filename or clue_path.name)
 
 
 @router.get("/media/submissions/{submission_id}")
@@ -58,9 +75,7 @@ def submission_image(submission_id: int, request: Request, db: Session = Depends
         if not user or not user.group_id or user.group_id != submission.group_id:
             raise HTTPException(status_code=403, detail="Forbidden")
 
-    file_path = Path(submission.file_path)
-    if not file_path.exists():
-        raise HTTPException(status_code=404, detail="Stored file missing")
+    file_path = ensure_existing_file(submission.file_path)
 
     if request.query_params.get("download") == "1":
         return FileResponse(
@@ -68,4 +83,23 @@ def submission_image(submission_id: int, request: Request, db: Session = Depends
             media_type=submission.mime_type,
             filename=submission.original_filename,
         )
-    return Response(content=file_path.read_bytes(), media_type=submission.mime_type)
+    return FileResponse(file_path, media_type=submission.mime_type, filename=submission.original_filename)
+
+
+@router.get("/media/library/{relative_path:path}")
+def managed_library_file(relative_path: str, request: Request, db: Session = Depends(get_db)):
+    admin = get_current_admin(request, db)
+    if not admin:
+        raise HTTPException(status_code=403, detail="Forbidden")
+
+    try:
+        file_path = resolve_managed_path(settings.docker_root, relative_path)
+    except ValueError as exc:
+        raise HTTPException(status_code=400, detail=str(exc)) from exc
+
+    if not file_path.exists() or not file_path.is_file():
+        raise HTTPException(status_code=404, detail="Image not found")
+
+    if request.query_params.get("download") == "1":
+        return FileResponse(file_path, filename=file_path.name)
+    return FileResponse(file_path)

app/routes/user.py

@@ -33,9 +33,6 @@ def require_user(request: Request, db: Session) -> User | None:
     )
     if not user or not user.is_active:
         return None
-    user.last_seen_at = local_now()
-    db.add(user)
-    db.flush()
     return user
 
 
@@ -93,7 +90,7 @@ def activity_detail(activity_id: int, request: Request, db: Session = Depends(ge
     group_submission_by_task = build_group_submission_map(activity, user.group_id)
     group_progress = build_group_progress(activity, user.group_id)
     clue_states = {
-        task.id: bool(task.clue_image_filename and task.clue_release_at and now >= task.clue_release_at)
+        task.id: bool((task.clue_image_url or task.clue_image_path or task.clue_image_filename) and task.clue_release_at and now >= task.clue_release_at)
         for task in activity.tasks
     }
 
@@ -145,7 +142,7 @@ async def submit_task(
 
     try:
         raw = await read_and_validate_upload(photo)
-        compressed, mime_type = compress_to_limit(raw, 2 * 1024 * 1024)
+        compressed, mime_type = compress_to_limit(raw, 200 * 1024)
     except ValueError as exc:
         add_flash(request, "error", str(exc))
         return redirect(f"/activities/{activity_id}")
@@ -215,7 +212,7 @@ def activity_clues(activity_id: int, request: Request, db: Session = Depends(get
         "released_task_ids": [
             task.id
             for task in activity.tasks
-            if task.clue_image_filename and task.clue_release_at and now >= task.clue_release_at
+            if (task.clue_image_url or task.clue_image_path or task.clue_image_filename) and task.clue_release_at and now >= task.clue_release_at
         ],
         "server_time": now.isoformat(timespec="seconds"),
     }
@@ -251,6 +248,11 @@ def activity_status(activity_id: int, request: Request, db: Session = Depends(ge
                 "uploader_name": submission.user.full_name if submission and submission.user else None,
                 "reviewer_name": submission.reviewed_by.display_name if submission and submission.reviewed_by else None,
                 "can_upload": can_upload_now and (not submission or submission.status != "approved"),
+                "clue_released": bool(
+                    (task.clue_image_url or task.clue_image_path or task.clue_image_filename)
+                    and task.clue_release_at
+                    and now >= task.clue_release_at
+                ),
             }
         )
 
@@ -269,4 +271,7 @@ def activity_status(activity_id: int, request: Request, db: Session = Depends(ge
                 for row in leaderboard
             ],
         }
-    )
+    )
+
+
+

app/services/bootstrap.py

@@ -1,5 +1,7 @@
 from __future__ import annotations
 
+from pathlib import Path
+
 from sqlalchemy import inspect, text
 from sqlalchemy.orm import Session
 
@@ -7,6 +9,7 @@ from app.config import settings
 from app.database import Base, engine
 from app.models import Admin
 from app.security import hash_password, verify_password
+from app.services.images import persist_task_asset
 
 
 def ensure_column(table_name: str, column_name: str, ddl: str) -> None:
@@ -35,6 +38,13 @@ def submission_indexes() -> tuple[set[str], set[str]]:
     return unique_names, index_names
 
 
+def task_columns() -> set[str]:
+    inspector = inspect(engine)
+    if "tasks" not in inspector.get_table_names():
+        return set()
+    return {column["name"] for column in inspector.get_columns("tasks")}
+
+
 def ensure_submission_constraints() -> None:
     inspector = inspect(engine)
     if "submissions" not in inspector.get_table_names():
@@ -60,18 +70,87 @@ def ensure_submission_constraints() -> None:
                 )
             )
         except Exception:
-            # Existing historical duplicates may prevent the unique key from being created.
-            # The application layer will still favor a single canonical submission per group/task.
             pass
 
 
+def migrate_task_media_to_files() -> None:
+    columns = task_columns()
+    if not columns:
+        return
+
+    has_image_data = "image_data" in columns
+    has_clue_image_data = "clue_image_data" in columns
+    if not has_image_data and not has_clue_image_data:
+        return
+
+    settings.task_media_root.mkdir(parents=True, exist_ok=True)
+
+    select_sql = f"""
+        SELECT
+            id,
+            activity_id,
+            image_path,
+            clue_image_path,
+            image_url,
+            clue_image_url,
+            {'image_data' if has_image_data else 'NULL'} AS image_data,
+            {'clue_image_data' if has_clue_image_data else 'NULL'} AS clue_image_data
+        FROM tasks
+    """
+
+    with engine.begin() as connection:
+        rows = connection.execute(text(select_sql)).mappings().all()
+        for row in rows:
+            updates: list[str] = []
+            params = {"task_id": row["id"]}
+
+            current_image_path = row.get("image_path")
+            image_exists = bool(current_image_path and Path(current_image_path).exists())
+            if row.get("image_data") and not row.get("image_url") and not image_exists:
+                image_path = persist_task_asset(
+                    settings.task_media_root,
+                    row["activity_id"],
+                    row["id"],
+                    "image",
+                    row["image_data"],
+                )
+                updates.append("image_path = :image_path")
+                params["image_path"] = image_path
+                if has_image_data:
+                    updates.append("image_data = NULL")
+
+            current_clue_path = row.get("clue_image_path")
+            clue_exists = bool(current_clue_path and Path(current_clue_path).exists())
+            if row.get("clue_image_data") and not row.get("clue_image_url") and not clue_exists:
+                clue_image_path = persist_task_asset(
+                    settings.task_media_root,
+                    row["activity_id"],
+                    row["id"],
+                    "clue",
+                    row["clue_image_data"],
+                )
+                updates.append("clue_image_path = :clue_image_path")
+                params["clue_image_path"] = clue_image_path
+                if has_clue_image_data:
+                    updates.append("clue_image_data = NULL")
+
+            if updates:
+                connection.execute(
+                    text(f"UPDATE tasks SET {', '.join(updates)} WHERE id = :task_id"),
+                    params,
+                )
+
+
 def upgrade_schema() -> None:
     ensure_column("admins", "last_seen_at", "last_seen_at DATETIME NULL")
     ensure_column("users", "last_seen_at", "last_seen_at DATETIME NULL")
     ensure_column("activities", "leaderboard_visible", "leaderboard_visible TINYINT(1) NOT NULL DEFAULT 1")
     ensure_column("activities", "clue_interval_minutes", "clue_interval_minutes INT NULL")
     ensure_column("tasks", "display_order", "display_order INT NOT NULL DEFAULT 1")
-    ensure_column("tasks", "clue_image_data", "clue_image_data LONGBLOB NULL")
+    ensure_column("tasks", "image_url", "image_url VARCHAR(1000) NULL")
+    ensure_column("tasks", "image_path", "image_path VARCHAR(600) NULL")
+    ensure_column("tasks", "clue_image_url", "clue_image_url VARCHAR(1000) NULL")
+    ensure_column("tasks", "clue_image_path", "clue_image_path VARCHAR(600) NULL")
     ensure_column("tasks", "clue_image_mime", "clue_image_mime VARCHAR(120) NULL")
     ensure_column("tasks", "clue_image_filename", "clue_image_filename VARCHAR(255) NULL")
     ensure_column("tasks", "clue_release_at", "clue_release_at DATETIME NULL")
@@ -82,22 +161,40 @@ def upgrade_schema() -> None:
     ensure_column("submissions", "approved_at", "approved_at DATETIME NULL")
 
     with engine.begin() as connection:
-        connection.execute(
-            text(
-                """
-                UPDATE submissions AS s
-                JOIN users AS u ON s.user_id = u.id
-                SET s.group_id = u.group_id
-                WHERE s.group_id IS NULL
-                """
+        if engine.dialect.name == "mysql":
+            connection.execute(
+                text(
+                    """
+                    UPDATE submissions AS s
+                    JOIN users AS u ON s.user_id = u.id
+                    SET s.group_id = u.group_id
+                    WHERE s.group_id IS NULL
+                    """
+                )
+            )
+        else:
+            connection.execute(
+                text(
+                    """
+                    UPDATE submissions
+                    SET group_id = (
+                        SELECT users.group_id
+                        FROM users
+                        WHERE users.id = submissions.user_id
+                    )
+                    WHERE group_id IS NULL
+                    """
+                )
             )
-        )
 
     ensure_submission_constraints()
+    migrate_task_media_to_files()
 
 
 def initialize_database() -> None:
+    settings.docker_root.mkdir(parents=True, exist_ok=True)
     settings.upload_root.mkdir(parents=True, exist_ok=True)
+    settings.task_media_root.mkdir(parents=True, exist_ok=True)
     Base.metadata.create_all(bind=engine)
     upgrade_schema()
 
@@ -124,5 +221,5 @@ def seed_super_admin(db: Session) -> None:
         changed = True
     if changed:
         db.add(admin)
-        db.commit()
+        db.commit()
 

app/services/images.py

@@ -9,6 +9,7 @@ from PIL import Image, ImageOps
 
 
 ALLOWED_MIME_TYPES = {"image/jpeg", "image/png", "image/webp", "image/gif", "image/bmp"}
+IMAGE_SUFFIXES = {".jpg", ".jpeg", ".png", ".webp", ".gif", ".bmp"}
 
 
 def _load_rgb_image(data: bytes) -> Image.Image:
@@ -23,29 +24,45 @@ def _load_rgb_image(data: bytes) -> Image.Image:
     return image
 
 
+def _encode_jpeg(image: Image.Image, quality: int) -> bytes:
+    buffer = io.BytesIO()
+    image.save(
+        buffer,
+        format="JPEG",
+        quality=quality,
+        optimize=True,
+        progressive=True,
+    )
+    return buffer.getvalue()
+
+
 def compress_to_limit(data: bytes, limit_bytes: int) -> tuple[bytes, str]:
     image = _load_rgb_image(data)
-    scale = 1.0
-    quality = 92
+    scale_steps = (1.0, 0.94, 0.88, 0.82, 0.76, 0.7, 0.64, 0.58, 0.52, 0.46, 0.4, 0.34, 0.28)
 
-    while scale >= 0.28:
+    for scale in scale_steps:
         resized = image
         if scale < 1.0:
             new_size = (
-                max(240, int(image.width * scale)),
-                max(240, int(image.height * scale)),
+                max(320, int(image.width * scale)),
+                max(320, int(image.height * scale)),
             )
             resized = image.resize(new_size, Image.Resampling.LANCZOS)
 
-        current_quality = quality
-        while current_quality >= 28:
-            buffer = io.BytesIO()
-            resized.save(buffer, format="JPEG", quality=current_quality, optimize=True)
-            payload = buffer.getvalue()
+        best_payload = None
+        low = 28
+        high = 95
+        while low <= high:
+            current_quality = (low + high) // 2
+            payload = _encode_jpeg(resized, current_quality)
             if len(payload) <= limit_bytes:
-                return payload, "image/jpeg"
-            current_quality -= 6
-        scale -= 0.08
+                best_payload = payload
+                low = current_quality + 1
+            else:
+                high = current_quality - 1
+
+        if best_payload is not None:
+            return best_payload, "image/jpeg"
 
     raise ValueError(f"图片压缩后仍超过限制，请上传更清晰度适中的图片（限制 {limit_bytes // 1024}KB）。")
 
@@ -59,6 +76,21 @@ async def read_and_validate_upload(upload: UploadFile) -> bytes:
     return data
 
 
+def persist_task_asset(
+    task_root: Path,
+    activity_id: int,
+    task_id: int,
+    kind: str,
+    content: bytes,
+) -> str:
+    folder = task_root / f"activity_{activity_id}"
+    folder.mkdir(parents=True, exist_ok=True)
+    filename = f"task_{task_id}_{kind}_{uuid4().hex}.jpg"
+    file_path = folder / filename
+    file_path.write_bytes(content)
+    return str(file_path)
+
+
 def persist_submission_image(
     upload_root: Path,
     user_identifier: str,
@@ -71,4 +103,50 @@ def persist_submission_image(
     filename = f"{user_identifier}_{uuid4().hex}.jpg"
     file_path = folder / filename
     file_path.write_bytes(content)
-    return filename, str(file_path), len(content)
+    return filename, str(file_path), len(content)
+
+
+def delete_file_if_exists(file_path: str | None, managed_root: Path | None = None) -> None:
+    if not file_path:
+        return
+    path = Path(file_path)
+    if path.exists():
+        path.unlink(missing_ok=True)
+    if managed_root:
+        prune_empty_parents(path.parent, managed_root)
+
+
+def prune_empty_parents(start_dir: Path, managed_root: Path) -> None:
+    try:
+        root_resolved = managed_root.resolve()
+        current = start_dir.resolve()
+    except FileNotFoundError:
+        return
+
+    while current != root_resolved and root_resolved in current.parents:
+        try:
+            current.rmdir()
+        except OSError:
+            break
+        current = current.parent
+
+
+def list_image_files(root: Path) -> list[Path]:
+    if not root.exists():
+        return []
+    files = [
+        path
+        for path in root.rglob("*")
+        if path.is_file() and path.suffix.lower() in IMAGE_SUFFIXES
+    ]
+    return sorted(files, key=lambda item: (item.stat().st_mtime, str(item).lower()), reverse=True)
+
+
+def resolve_managed_path(root: Path, relative_path: str) -> Path:
+    base = root.resolve()
+    candidate = (base / relative_path).resolve()
+    if candidate != base and base not in candidate.parents:
+        raise ValueError("非法路径")
+    return candidate
+
+

app/services/presence.py

@@ -5,7 +5,10 @@ from datetime import timedelta
 from app.web import local_now
 
 
-ONLINE_WINDOW_SECONDS = 75
+HEARTBEAT_INTERVAL_SECONDS = 5
+ONLINE_WINDOW_SECONDS = 15
+PRESENCE_WRITE_INTERVAL_SECONDS = HEARTBEAT_INTERVAL_SECONDS
+PRESENCE_OVERVIEW_PULL_SECONDS = 5
 
 
 def online_cutoff(reference_time=None):
@@ -16,4 +19,26 @@ def online_cutoff(reference_time=None):
 def is_online(last_seen_at, reference_time=None) -> bool:
     if not last_seen_at:
         return False
-    return last_seen_at >= online_cutoff(reference_time)
+    return last_seen_at >= online_cutoff(reference_time)
+
+
+def unix_seconds(value) -> int | None:
+    if not value:
+        return None
+    return int(value.timestamp())
+
+
+def should_write_presence(session: dict, reference_time=None, force: bool = False) -> bool:
+    now = reference_time or local_now()
+    now_seconds = int(now.timestamp())
+    if force:
+        session["presence_last_written_at"] = now_seconds
+        return True
+
+    last_written = int(session.get("presence_last_written_at", 0) or 0)
+    if now_seconds - last_written < PRESENCE_WRITE_INTERVAL_SECONDS:
+        return False
+
+    session["presence_last_written_at"] = now_seconds
+    return True
+

app/static/style.css

@@ -1093,3 +1093,45 @@ textarea {
     min-height: 900px;
   }
 }
+
+.image-library-grid {
+  display: grid;
+  grid-template-columns: repeat(auto-fit, minmax(280px, 1fr));
+  gap: 18px;
+}
+
+.image-library-card {
+  display: grid;
+  gap: 14px;
+  padding: 16px;
+}
+
+.image-library-thumb {
+  width: 100%;
+  aspect-ratio: 4 / 3;
+  object-fit: cover;
+  border-radius: 22px;
+  background: rgba(255, 255, 255, 0.74);
+  border: 1px solid rgba(78, 148, 97, 0.14);
+}
+
+.image-library-body {
+  display: grid;
+  gap: 12px;
+}
+
+.image-library-path {
+  word-break: break-all;
+}
+
+.image-library-actions {
+  align-items: center;
+}
+
+.compact-stack-list {
+  gap: 8px;
+}
+
+.compact-stack-item {
+  padding: 10px 12px;
+}

app/templates/activity_detail.html

@@ -95,9 +95,9 @@
                 class="clue-toggle {% if clue_ready %}is-ready{% endif %}"
                 type="button"
                 data-clue-toggle
-                data-clue-url="/media/tasks/{{ task.id }}/clue"
-                {% if not task.clue_image_filename %}disabled{% endif %}
-                title="{% if clue_ready %}查看线索提示图{% elif task.clue_image_filename %}线索尚未发布{% else %}未设置线索图{% endif %}"
+                data-clue-url="{{ task.clue_image_url if task.clue_image_url else "/media/tasks/" ~ task.id ~ "/clue" }}"
+                {% if not (task.clue_image_url or task.clue_image_filename or task.clue_image_path) %}disabled{% endif %}
+                title="{% if clue_ready %}查看线索提示图{% elif task.clue_image_url or task.clue_image_filename or task.clue_image_path %}线索尚未发布{% else %}未设置线索图{% endif %}"
               >
                 💡
               </button>
@@ -105,7 +105,7 @@
 
             <div class="task-page-grid">
               <div class="task-page-media">
-                <img src="/media/tasks/{{ task.id }}/image" alt="{{ task.title }}" class="task-media" />
+                <img src="{{ task.image_url if task.image_url else "/media/tasks/" ~ task.id ~ "/image" }}" alt="{{ task.title }}" class="task-media" loading="lazy" decoding="async" />
                 {% if task.clue_release_at %}
                   <div class="release-note">线索发布时间：{{ task.clue_release_at|datetime_local }}</div>
                 {% endif %}
@@ -136,12 +136,12 @@
                 {% if submission %}
                   <div class="submission-preview" data-preview-wrap>
                     <span class="mini-note">当前小组提交预览</span>
-                    <img src="/media/submissions/{{ submission.id }}" alt="{{ task.title }} 提交预览" data-preview-image />
+                    <img src="/media/submissions/{{ submission.id }}" alt="{{ task.title }} 提交预览" data-preview-image loading="lazy" decoding="async" />
                   </div>
                 {% else %}
                   <div class="submission-preview is-hidden" data-preview-wrap>
                     <span class="mini-note">当前小组提交预览</span>
-                    <img src="" alt="提交预览" data-preview-image />
+                    <img alt="提交预览" data-preview-image loading="lazy" decoding="async" />
                   </div>
                 {% endif %}
 
@@ -257,87 +257,81 @@
 
       const refreshStatuses = async () => {
         try {
-          const statusResponse = await fetch('/api/activities/{{ activity.id }}/status', { headers: { 'X-Requested-With': 'fetch' } });
-          if (statusResponse.ok) {
-            const payload = await statusResponse.json();
-            const progress = payload.progress || {};
-            if (heroProgressPill) {
-              heroProgressPill.textContent = `小组完成 ${progress.approved_count || 0}/${progress.total_tasks || 0}`;
-            }
-            if (approvedProgressChip) {
-              approvedProgressChip.textContent = `已完成 ${progress.approved_count || 0}`;
+          const statusResponse = await fetch('/api/activities/{{ activity.id }}/status', {
+            headers: { 'X-Requested-With': 'fetch' },
+          });
+          if (!statusResponse.ok) return;
+
+          const payload = await statusResponse.json();
+          const progress = payload.progress || {};
+          if (heroProgressPill) {
+            heroProgressPill.textContent = `小组完成 ${progress.approved_count || 0}/${progress.total_tasks || 0}`;
+          }
+          if (approvedProgressChip) {
+            approvedProgressChip.textContent = `已完成 ${progress.approved_count || 0}`;
+          }
+          if (pendingProgressChip) {
+            pendingProgressChip.textContent = `待审核 ${progress.pending_count || 0}`;
+          }
+          if (rejectedProgressChip) {
+            rejectedProgressChip.textContent = `被驳回 ${progress.rejected_count || 0}`;
+          }
+
+          (payload.tasks || []).forEach((item) => {
+            const page = pages.find((entry) => entry.dataset.taskId === String(item.task_id));
+            if (!page) return;
+            const statusWrap = page.querySelector('[data-status-wrap]');
+            const feedbackBox = page.querySelector('[data-feedback-box]');
+            const previewWrap = page.querySelector('[data-preview-wrap]');
+            const previewImage = page.querySelector('[data-preview-image]');
+            const uploadInput = page.querySelector('[data-upload-input]');
+            const uploadSubmit = page.querySelector('[data-upload-submit]');
+            const clueButton = page.querySelector('[data-clue-toggle]');
+            let badge = '<span class="status-badge">尚未上传</span>';
+            if (item.status === 'approved') {
+              badge = '<span class="status-badge status-approved">小组打卡成功</span>';
+            } else if (item.status === 'rejected') {
+              badge = '<span class="status-badge status-rejected">小组打卡失败</span>';
+            } else if (item.status === 'pending') {
+              badge = '<span class="status-badge">等待审核</span>';
             }
-            if (pendingProgressChip) {
-              pendingProgressChip.textContent = `待审核 ${progress.pending_count || 0}`;
+            if (statusWrap) {
+              statusWrap.innerHTML = `${badge}<span class="mini-note" data-status-note>${formatStatusNote(item)}</span>`;
             }
-            if (rejectedProgressChip) {
-              rejectedProgressChip.textContent = `被驳回 ${progress.rejected_count || 0}`;
+            if (feedbackBox) {
+              feedbackBox.textContent = item.feedback ? `审核备注：${item.feedback}` : '';
+              feedbackBox.classList.toggle('is-hidden', !item.feedback);
             }
-
-            (payload.tasks || []).forEach((item) => {
-              const page = pages.find((entry) => entry.dataset.taskId === String(item.task_id));
-              if (!page) return;
-              const statusWrap = page.querySelector('[data-status-wrap]');
-              const feedbackBox = page.querySelector('[data-feedback-box]');
-              const previewWrap = page.querySelector('[data-preview-wrap]');
-              const previewImage = page.querySelector('[data-preview-image]');
-              const uploadInput = page.querySelector('[data-upload-input]');
-              const uploadSubmit = page.querySelector('[data-upload-submit]');
-              let badge = '<span class="status-badge">尚未上传</span>';
-              if (item.status === 'approved') {
-                badge = '<span class="status-badge status-approved">小组打卡成功</span>';
-              } else if (item.status === 'rejected') {
-                badge = '<span class="status-badge status-rejected">小组打卡失败</span>';
-              } else if (item.status === 'pending') {
-                badge = '<span class="status-badge">等待审核</span>';
-              }
-              if (statusWrap) {
-                statusWrap.innerHTML = `${badge}<span class="mini-note" data-status-note>${formatStatusNote(item)}</span>`;
-              }
-              if (feedbackBox) {
-                feedbackBox.textContent = item.feedback ? `审核备注：${item.feedback}` : '';
-                feedbackBox.classList.toggle('is-hidden', !item.feedback);
+            if (previewWrap && previewImage) {
+              if (item.submission_id) {
+                previewWrap.classList.remove('is-hidden');
+                const version = encodeURIComponent(item.submitted_at || Date.now());
+                previewImage.src = `/media/submissions/${item.submission_id}?ts=${version}`;
+              } else {
+                previewWrap.classList.add('is-hidden');
+                previewImage.src = '';
               }
-              if (previewWrap && previewImage) {
-                if (item.submission_id) {
-                  previewWrap.classList.remove('is-hidden');
-                  const version = encodeURIComponent(item.submitted_at || Date.now());
-                  previewImage.src = `/media/submissions/${item.submission_id}?ts=${version}`;
-                } else {
-                  previewWrap.classList.add('is-hidden');
-                  previewImage.src = '';
+            }
+            if (uploadInput) {
+              uploadInput.disabled = !item.can_upload;
+            }
+            if (uploadSubmit) {
+              uploadSubmit.disabled = !item.can_upload;
+            }
+            if (clueButton && item.clue_released) {
+              clueButton.classList.add('is-ready');
+              clueButton.title = '查看线索提示图';
+              if (!seenReleased.has(String(item.task_id))) {
+                seenReleased.add(String(item.task_id));
+                page.classList.add('pulse-highlight');
+                setTimeout(() => page.classList.remove('pulse-highlight'), 1800);
+                if (window.matchMedia('(pointer: coarse)').matches && navigator.vibrate) {
+                  navigator.vibrate([220, 80, 220]);
                 }
               }
-              if (uploadInput) {
-                uploadInput.disabled = !item.can_upload;
-              }
-              if (uploadSubmit) {
-                uploadSubmit.disabled = !item.can_upload;
-              }
-            });
-            refreshLeaderboard(payload.leaderboard || []);
-          }
-
-          const clueResponse = await fetch('/api/activities/{{ activity.id }}/clues', { headers: { 'X-Requested-With': 'fetch' } });
-          if (!clueResponse.ok) return;
-          const cluePayload = await clueResponse.json();
-          (cluePayload.released_task_ids || []).forEach((taskId) => {
-            const stringId = String(taskId);
-            const page = pages.find((entry) => entry.dataset.taskId === stringId);
-            if (!page) return;
-            const button = page.querySelector('[data-clue-toggle]');
-            if (!button) return;
-            button.classList.add('is-ready');
-            button.title = '查看线索提示图';
-            if (!seenReleased.has(stringId)) {
-              seenReleased.add(stringId);
-              page.classList.add('pulse-highlight');
-              setTimeout(() => page.classList.remove('pulse-highlight'), 1800);
-              if (window.matchMedia('(pointer: coarse)').matches && navigator.vibrate) {
-                navigator.vibrate([220, 80, 220]);
-              }
             }
           });
+          refreshLeaderboard(payload.leaderboard || []);
         } catch (error) {
           console.debug('task status refresh skipped', error);
         }
@@ -347,4 +341,8 @@
       window.setInterval(refreshStatuses, 10000);
     })();
   </script>
-{% endblock %}
+{% endblock %}
+
+
+
+

app/templates/admin_activities.html

@@ -9,7 +9,7 @@
           <h3>发布活动与打卡任务</h3>
         </div>
       </div>
-      <form method="post" action="/admin/activities" enctype="multipart/form-data" class="form-stack" id="activity-form">
+      <form method="post" action="/admin/activities" class="form-stack" id="activity-form">
         <div class="form-grid cols-2">
           <label>
             <span>活动标题</span>
@@ -41,6 +41,7 @@
           <div>
             <p class="eyebrow">Tasks</p>
             <h3>任务卡片</h3>
+            <p class="mini-note">管理员任务主图和线索图仅支持公开图片链接，不再上传文件；用户打卡图仍会压缩后保存在 Docker 本地目录。</p>
           </div>
           <button class="btn btn-secondary" type="button" id="add-task-btn">新增任务卡片</button>
         </div>
@@ -57,16 +58,16 @@
                 <input type="text" name="task_title" required />
               </label>
               <label>
-                <span>主图</span>
-                <input type="file" name="task_image" accept="image/*" required />
+                <span>主图图床链接</span>
+                <input type="url" name="task_image_url" placeholder="https://..." required />
               </label>
               <label class="full-span">
                 <span>任务描述</span>
                 <textarea name="task_description" rows="2"></textarea>
               </label>
               <label class="full-span">
-                <span>线索图</span>
-                <input type="file" name="task_clue_image" accept="image/*" />
+                <span>线索图图床链接</span>
+                <input type="url" name="task_clue_image_url" placeholder="https://..." />
               </label>
             </div>
           </article>
@@ -147,3 +148,4 @@
     })();
   </script>
 {% endblock %}
+

app/templates/admin_activity_edit.html

@@ -6,7 +6,7 @@
       <a class="ghost-link" href="/admin/activities">返回活动管理</a>
       <p class="eyebrow">Edit Activity</p>
       <h2>{{ activity.title }}</h2>
-      <p class="lead">在这里可以修改活动时间、排行榜可见性、任务内容、任务图片，并删除不再需要的任务。</p>
+      <p class="lead">在这里可以修改活动时间、排行榜可见性、任务内容和图床链接，并删除不再需要的任务。管理员任务图片仅保留链接方式，用户提交图片仍保存在 Docker 本地目录。</p>
     </div>
     <div class="hero-badges">
       <span class="pill">创建人 {{ activity.created_by.display_name }}</span>
@@ -15,7 +15,7 @@
     </div>
   </section>
 
-  <form method="post" action="/admin/activities/{{ activity.id }}/edit" enctype="multipart/form-data" class="form-stack">
+  <form method="post" action="/admin/activities/{{ activity.id }}/edit" class="form-stack">
     <section class="glass-card form-panel wide-panel">
       <div class="section-head">
         <div>
@@ -121,16 +121,16 @@
                 <input type="text" name="existing_task_title" value="{{ task.title }}" required />
               </label>
               <label>
-                <span>替换主图</span>
-                <input type="file" name="existing_task_image" accept="image/*" />
+                <span>主图图床链接</span>
+                <input type="url" name="existing_task_image_url" value="{{ task.image_url or '' }}" placeholder="https://..." required />
               </label>
               <label class="full-span">
                 <span>任务描述</span>
                 <textarea name="existing_task_description" rows="2">{{ task.description or '' }}</textarea>
               </label>
               <label>
-                <span>替换线索图</span>
-                <input type="file" name="existing_task_clue_image" accept="image/*" />
+                <span>线索图图床链接</span>
+                <input type="url" name="existing_task_clue_image_url" value="{{ task.clue_image_url or '' }}" placeholder="https://..." />
               </label>
               <label class="checkbox-row align-end-checkbox">
                 <input type="checkbox" name="existing_task_remove_clue" value="{{ task.id }}" />
@@ -141,12 +141,12 @@
             <div class="editor-preview-grid">
               <div>
                 <span class="mini-note">当前主图</span>
-                <img class="editor-thumb" src="/media/tasks/{{ task.id }}/image" alt="{{ task.title }} 主图" />
+                <img class="editor-thumb" src="{{ task.image_url if task.image_url else '/media/tasks/' ~ task.id ~ '/image' }}" alt="{{ task.title }} 主图" />
               </div>
               <div>
                 <span class="mini-note">当前线索图</span>
-                {% if task.clue_image_filename %}
-                  <img class="editor-thumb" src="/media/tasks/{{ task.id }}/clue" alt="{{ task.title }} 线索图" />
+                {% if task.clue_image_url or task.clue_image_filename or task.clue_image_path %}
+                  <img class="editor-thumb" src="{{ task.clue_image_url if task.clue_image_url else '/media/tasks/' ~ task.id ~ '/clue' }}" alt="{{ task.title }} 线索图" />
                 {% else %}
                   <div class="empty-thumb">未设置线索图</div>
                 {% endif %}
@@ -184,16 +184,16 @@
               <input type="text" name="new_task_title" />
             </label>
             <label>
-              <span>主图</span>
-              <input type="file" name="new_task_image" accept="image/*" />
+              <span>主图图床链接</span>
+              <input type="url" name="new_task_image_url" placeholder="https://..." />
             </label>
             <label class="full-span">
               <span>任务描述</span>
               <textarea name="new_task_description" rows="2"></textarea>
             </label>
             <label class="full-span">
-              <span>线索图</span>
-              <input type="file" name="new_task_clue_image" accept="image/*" />
+              <span>线索图图床链接</span>
+              <input type="url" name="new_task_clue_image_url" placeholder="https://..." />
             </label>
           </div>
         </article>
@@ -253,3 +253,4 @@
     })();
   </script>
 {% endblock %}
+

app/templates/admin_admins.html

@@ -66,6 +66,7 @@
         <div>
           <p class="eyebrow">Presence</p>
           <h3>管理员在线状态</h3>
+          <p class="mini-note">在线心跳按 5 秒同步，连续 15 秒未收到心跳时判定为离线，状态文本按秒自动更新。</p>
         </div>
       </div>
       <div class="stack-list" id="admin-presence-list">
@@ -75,10 +76,17 @@
               <strong>{{ item.name }}</strong>
               <p class="muted">{{ item.username }} · {{ item.role_label }}</p>
             </div>
-            <span class="status-badge {% if item.is_online %}status-approved{% else %}status-rejected{% endif %}">
+            <span
+              class="status-badge {% if item.is_online %}status-approved{% else %}status-rejected{% endif %}"
+              data-presence-badge
+              data-last-seen-ts="{{ item.last_seen_ts or '' }}"
+              title="最近心跳 {{ item.last_seen_at }}"
+            >
               {{ '在线' if item.is_online else '离线' }} · {{ item.last_seen_at }}
             </span>
           </div>
+        {% else %}
+          <p class="muted">暂无管理员在线状态。</p>
         {% endfor %}
       </div>
     </article>
@@ -88,6 +96,7 @@
         <div>
           <p class="eyebrow">Presence</p>
           <h3>所有用户在线状态</h3>
+          <p class="mini-note">仅超级管理员可见，适合现场查看整体在线情况。</p>
         </div>
       </div>
       <div class="stack-list" id="user-presence-list">
@@ -97,10 +106,17 @@
               <strong>{{ item.name }}</strong>
               <p class="muted">{{ item.group_name }}</p>
             </div>
-            <span class="status-badge {% if item.is_online %}status-approved{% else %}status-rejected{% endif %}">
+            <span
+              class="status-badge {% if item.is_online %}status-approved{% else %}status-rejected{% endif %}"
+              data-presence-badge
+              data-last-seen-ts="{{ item.last_seen_ts or '' }}"
+              title="最近心跳 {{ item.last_seen_at }}"
+            >
               {{ '在线' if item.is_online else '离线' }} · {{ item.last_seen_at }}
             </span>
           </div>
+        {% else %}
+          <p class="muted">暂无用户在线状态。</p>
         {% endfor %}
       </div>
     </article>
@@ -112,45 +128,148 @@
       const userList = document.getElementById('user-presence-list');
       if (!adminList || !userList) return;
 
-      const renderItems = (container, items, formatter) => {
-        container.innerHTML = items.map(formatter).join('');
+      let serverTs = Number('{{ presence_server_ts or 0 }}') || Math.floor(Date.now() / 1000);
+      let syncClientTs = Date.now();
+      let onlineWindowSeconds = Number('{{ online_window_seconds or 15 }}') || 15;
+      let snapshotInFlight = false;
+
+      const escapeHtml = (value) => String(value ?? '').replace(/[&<>"']/g, (char) => ({
+        '&': '&amp;',
+        '<': '&lt;',
+        '>': '&gt;',
+        '"': '&quot;',
+        "'": '&#39;'
+      }[char]));
+
+      const estimatedNowTs = () => serverTs + Math.floor((Date.now() - syncClientTs) / 1000);
+
+      const formatElapsed = (seconds) => {
+        if (seconds <= 1) return '刚刚';
+        if (seconds < 60) return `${seconds}秒前`;
+        if (seconds < 3600) return `${Math.floor(seconds / 60)}分钟前`;
+        if (seconds < 86400) {
+          const hours = Math.floor(seconds / 3600);
+          const minutes = Math.floor((seconds % 3600) / 60);
+          return minutes ? `${hours}小时${minutes}分钟前` : `${hours}小时前`;
+        }
+        const days = Math.floor(seconds / 86400);
+        const hours = Math.floor((seconds % 86400) / 3600);
+        return hours ? `${days}天${hours}小时前` : `${days}天前`;
       };
 
-      const adminFormatter = (item) => `
-        <div class="stack-item presence-item">
-          <div>
-            <strong>${item.name}</strong>
-            <p class="muted">${item.username} · ${item.role}</p>
-          </div>
-          <span class="status-badge ${item.is_online ? 'status-approved' : 'status-rejected'}">
-            ${item.is_online ? '在线' : '离线'} · ${item.last_seen_at}
-          </span>
-        </div>`;
+      const getStatusMeta = (lastSeenTs) => {
+        if (!lastSeenTs) {
+          return {
+            online: false,
+            text: '离线 · 暂无心跳',
+          };
+        }
+        const elapsed = Math.max(0, estimatedNowTs() - lastSeenTs);
+        const online = elapsed <= onlineWindowSeconds;
+        return {
+          online,
+          text: `${online ? '在线' : '离线'} · ${formatElapsed(elapsed)}`,
+        };
+      };
 
-      const userFormatter = (item) => `
-        <div class="stack-item presence-item">
-          <div>
-            <strong>${item.name}</strong>
-            <p class="muted">${item.group_name}</p>
-          </div>
-          <span class="status-badge ${item.is_online ? 'status-approved' : 'status-rejected'}">
-            ${item.is_online ? '在线' : '离线'} · ${item.last_seen_at}
-          </span>
-        </div>`;
+      const renderAdminItems = (items) => {
+        if (!items.length) {
+          adminList.innerHTML = '<p class="muted">暂无管理员在线状态。</p>';
+          return;
+        }
+        adminList.innerHTML = items.map((item) => {
+          const status = getStatusMeta(Number(item.last_seen_ts || 0));
+          return `
+            <div class="stack-item presence-item">
+              <div>
+                <strong>${escapeHtml(item.name)}</strong>
+                <p class="muted">${escapeHtml(item.username)} · ${escapeHtml(item.role_label)}</p>
+              </div>
+              <span
+                class="status-badge ${status.online ? 'status-approved' : 'status-rejected'}"
+                data-presence-badge
+                data-last-seen-ts="${item.last_seen_ts || ''}"
+                title="最近心跳 ${escapeHtml(item.last_seen_at || '-') }"
+              >
+                ${status.text}
+              </span>
+            </div>`;
+        }).join('');
+      };
+
+      const renderUserItems = (items) => {
+        if (!items.length) {
+          userList.innerHTML = '<p class="muted">暂无用户在线状态。</p>';
+          return;
+        }
+        userList.innerHTML = items.map((item) => {
+          const status = getStatusMeta(Number(item.last_seen_ts || 0));
+          return `
+            <div class="stack-item presence-item">
+              <div>
+                <strong>${escapeHtml(item.name)}</strong>
+                <p class="muted">${escapeHtml(item.group_name)}</p>
+              </div>
+              <span
+                class="status-badge ${status.online ? 'status-approved' : 'status-rejected'}"
+                data-presence-badge
+                data-last-seen-ts="${item.last_seen_ts || ''}"
+                title="最近心跳 ${escapeHtml(item.last_seen_at || '-') }"
+              >
+                ${status.text}
+              </span>
+            </div>`;
+        }).join('');
+      };
+
+      const refreshPresenceBadges = () => {
+        if (document.hidden) return;
+        document.querySelectorAll('[data-presence-badge]').forEach((badge) => {
+          const lastSeenTs = Number(badge.dataset.lastSeenTs || 0);
+          const status = getStatusMeta(lastSeenTs);
+          badge.textContent = status.text;
+          badge.classList.toggle('status-approved', status.online);
+          badge.classList.toggle('status-rejected', !status.online);
+        });
+      };
 
       const refreshPresence = async () => {
+        if (document.hidden || snapshotInFlight) return;
+        snapshotInFlight = true;
         try {
-          const response = await fetch('/api/admin/presence/overview', { headers: { 'X-Requested-With': 'fetch' } });
+          const response = await fetch('/api/admin/presence/overview', {
+            credentials: 'same-origin',
+            cache: 'no-store',
+            headers: { 'X-Requested-With': 'fetch' },
+          });
           if (!response.ok) return;
           const payload = await response.json();
-          renderItems(adminList, payload.admins || [], adminFormatter);
-          renderItems(userList, payload.users || [], userFormatter);
+          serverTs = Number(payload.server_ts || 0) || Math.floor(Date.now() / 1000);
+          syncClientTs = Date.now();
+          onlineWindowSeconds = Number(payload.online_window_seconds || 0) || onlineWindowSeconds;
+          renderAdminItems(payload.admins || []);
+          renderUserItems(payload.users || []);
+          refreshPresenceBadges();
         } catch (error) {
           console.debug('presence refresh skipped', error);
+        } finally {
+          snapshotInFlight = false;
         }
       };
 
-      window.setInterval(refreshPresence, 15000);
+      refreshPresenceBadges();
+      refreshPresence();
+      window.setInterval(refreshPresenceBadges, 1000);
+      window.setInterval(refreshPresence, 5000);
+      document.addEventListener('visibilitychange', () => {
+        if (!document.hidden) {
+          refreshPresence();
+        }
+      });
+      window.addEventListener('focus', refreshPresence);
     })();
   </script>
-{% endblock %}
+{% endblock %}
+
+
+

app/templates/admin_images.html

@@ -0,0 +1,86 @@
+{% extends 'base.html' %}
+
+{% block content %}
+  <section class="hero-card">
+    <div>
+      <p class="eyebrow">Docker Images</p>
+      <h2>Docker 目录图片管理</h2>
+      <p class="lead">这里会统一展示当前 Docker 本地目录中的用户提交图，以及历史遗留的任务/线索本地图，方便集中预览、下载与清理。新建任务主图与线索图现在使用外部图片链接，不再上传到这里。</p>
+    </div>
+    <div class="hero-badges">
+      <span class="pill">总图片 {{ summary.total_count }}</span>
+      <span class="pill">系统引用 {{ summary.referenced_count }}</span>
+      <span class="pill">孤立图片 {{ summary.orphan_count }}</span>
+    </div>
+  </section>
+
+  <section class="glass-card form-panel wide-panel">
+    <div class="section-head compact-head">
+      <div>
+        <p class="eyebrow">Storage Root</p>
+        <h3>图片目录</h3>
+        <p class="mini-note">{{ summary.docker_root }}</p>
+      </div>
+      <form method="get" action="/admin/images" class="inline-form inline-form-wide">
+        <label>
+          <span>筛选范围</span>
+          <select name="scope">
+            <option value="all" {% if scope == 'all' %}selected{% endif %}>全部图片</option>
+            <option value="tasks" {% if scope == 'tasks' %}selected{% endif %}>历史任务与线索图</option>
+            <option value="submissions" {% if scope == 'submissions' %}selected{% endif %}>用户提交图</option>
+            <option value="referenced" {% if scope == 'referenced' %}selected{% endif %}>系统引用中</option>
+            <option value="orphan" {% if scope == 'orphan' %}selected{% endif %}>孤立图片</option>
+          </select>
+        </label>
+        <button class="btn btn-secondary" type="submit">应用筛选</button>
+      </form>
+    </div>
+  </section>
+
+  <section class="image-library-grid">
+    {% for item in image_items %}
+      <article class="glass-card image-library-card">
+        <img class="image-library-thumb" src="{{ item.preview_url }}" alt="{{ item.file_name }}" />
+        <div class="image-library-body">
+          <strong>{{ item.file_name }}</strong>
+          <p class="muted image-library-path">{{ item.relative_path }}</p>
+          <div class="chip-row">
+            <span class="chip">{{ item.category }}</span>
+            <span class="chip">{{ item.size_label }}</span>
+            <span class="chip">{{ item.modified_at }}</span>
+            <span class="status-badge {% if item.is_referenced %}status-approved{% else %}status-rejected{% endif %}">
+              {{ '已引用' if item.is_referenced else '孤立图片' }}
+            </span>
+          </div>
+          <div class="stack-list compact-stack-list">
+            {% for label in item.reference_labels %}
+              <div class="stack-item stack-item-block compact-stack-item">
+                <p class="muted">{{ label }}</p>
+              </div>
+            {% else %}
+              <p class="muted">当前没有系统记录引用这张图片，可以在确认后清理。</p>
+            {% endfor %}
+          </div>
+          <div class="card-footer image-library-actions">
+            <a class="btn btn-ghost small-btn" href="{{ item.download_url }}">下载图片</a>
+            {% if not item.is_referenced %}
+              <form method="post" action="/admin/images/delete" class="inline-form">
+                <input type="hidden" name="relative_path" value="{{ item.relative_path }}" />
+                <input type="hidden" name="scope" value="{{ scope }}" />
+                <button class="btn btn-danger small-btn" type="submit" onclick="return confirm('确认删除这张未被系统引用的图片吗？');">删除图片</button>
+              </form>
+            {% endif %}
+          </div>
+        </div>
+      </article>
+    {% else %}
+      <article class="glass-card empty-state">
+        <h3>当前筛选下没有图片</h3>
+        <p>可以切换筛选范围，或者等待用户上传新的打卡图片。</p>
+      </article>
+    {% endfor %}
+  </section>
+{% endblock %}
+
+
+

app/templates/base.html

@@ -4,6 +4,7 @@
     <meta charset="UTF-8" />
     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
     <title>{{ page_title or app_name }} · {{ app_name }}</title>
+    <link rel="icon" href="/static/favicon.ico" sizes="any" />
     <link rel="stylesheet" href="/static/style.css" />
   </head>
   <body class="{% if admin %}admin-mode{% else %}user-mode{% endif %}">
@@ -27,6 +28,7 @@
             <a href="/admin/users">用户</a>
             <a href="/admin/groups">小组</a>
             <a href="/admin/activities">活动</a>
+            <a href="/admin/images">图片</a>
             <a href="/admin/reviews">审核</a>
             <a href="/account">账号中心</a>
             {% if admin.role == 'superadmin' %}
@@ -47,13 +49,76 @@
     {% if user or admin %}
       <script>
         (() => {
-          const ping = () => {
-            fetch('/api/presence/ping', { headers: { 'X-Requested-With': 'fetch' } }).catch(() => null);
+          const PRESENCE_INTERVAL_MS = 5000;
+          const INITIAL_JITTER_MS = 1200;
+          let timerId = null;
+          let inFlight = false;
+
+          const shouldPing = () => !document.hidden && navigator.onLine;
+
+          const schedule = (delay = PRESENCE_INTERVAL_MS) => {
+            if (timerId) {
+              window.clearTimeout(timerId);
+            }
+            timerId = window.setTimeout(runPing, delay);
+          };
+
+          const runPing = async () => {
+            if (!shouldPing()) {
+              timerId = null;
+              return;
+            }
+            if (inFlight) {
+              schedule(1000);
+              return;
+            }
+
+            inFlight = true;
+            try {
+              await fetch('/api/presence/ping', {
+                method: 'POST',
+                keepalive: true,
+                credentials: 'same-origin',
+                cache: 'no-store',
+                headers: { 'X-Requested-With': 'fetch' },
+              });
+            } catch (error) {
+              console.debug('presence ping skipped', error);
+            } finally {
+              inFlight = false;
+              schedule();
+            }
           };
-          ping();
-          window.setInterval(ping, 20000);
+
+          document.addEventListener('visibilitychange', () => {
+            if (document.hidden) {
+              if (timerId) {
+                window.clearTimeout(timerId);
+                timerId = null;
+              }
+              return;
+            }
+            runPing();
+          });
+          window.addEventListener('focus', () => {
+            if (!document.hidden) {
+              runPing();
+            }
+          });
+          window.addEventListener('online', runPing);
+          schedule(500 + Math.floor(Math.random() * INITIAL_JITTER_MS));
         })();
       </script>
     {% endif %}
   </body>
-</html>
+</html>
+
+
+
+
+
+
+
+
+
+