feat: add Backend Mode toggle to disable user self-service

Add a system-wide "Backend Mode" that disables user self-registration and self-service while keeping admin panel and API gateway fully functional. When enabled, only admin can log in; all user-facing routes return 403. Backend: - New setting key `backend_mode_enabled` with atomic cached reads (60s TTL) - BackendModeUserGuard middleware blocks non-admin authenticated routes - BackendModeAuthGuard middleware blocks registration/password-reset auth routes - Login/Login2FA/RefreshToken handlers reject non-admin when enabled - TokenPairWithUser struct for role-aware token refresh - 20 unit tests (middleware + service layer) Frontend: - Router guards redirect unauthenticated users to /login - Admin toggle in Settings page - Login page hides register link and footer in backend mode - 9 unit tests for router guard logic - i18n support (en/zh) 27 files changed, 833 insertions(+), 17 deletions(-) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-12 02:42:57 +03:00
parent 9d81467937
commit 6826149a8f
27 changed files with 833 additions and 17 deletions
--- a/frontend/src/i18n/locales/zh.ts
+++ b/frontend/src/i18n/locales/zh.ts
@@ -3987,6 +3987,9 @@ export default {
      site: {
        title: '站点设置',
        description: '自定义站点品牌',
+        backendMode: 'Backend 模式',
+        backendModeDescription:
+          '禁用用户注册、公开页面和自助服务功能。仅管理员可以登录和管理平台。',
        siteName: '站点名称',
        siteNameHint: '显示在邮件和页面标题中',
        siteNamePlaceholder: 'Sub2API',