feat: 添加管理员密码认证功能

Co-authored-by: aider (deepseek/deepseek-v4-pro) <aider@aider.chat>

app.py

@@ -14,6 +14,8 @@ from flask import (
     send_from_directory,
     abort,
     jsonify,
+    session,
+    flash,
 )
 from werkzeug.utils import secure_filename
 from bs4 import BeautifulSoup
@@ -48,6 +50,38 @@ if not config.INDEX_FILE.exists():
         json.dump([], f, ensure_ascii=False, indent=2)
 
 
+@app.context_processor
+def inject_user_status():
+    """向所有模板注入登录状态"""
+    return {"logged_in": "user" in session}
+
+
+# ==================== 登录 / 登出相关路由 ====================
+
+
+@app.route("/login", methods=["GET", "POST"])
+def login():
+    """密码登录（无需用户名）"""
+    if request.method == "GET":
+        return render_template("login.html")
+
+    password = request.form.get("password", "")
+    if password == config.PASSWORD:
+        session["user"] = True
+        flash("登录成功", "success")
+        return redirect(url_for("index"))
+    else:
+        flash("密码错误", "danger")
+        return render_template("login.html")
+
+
+@app.route("/logout")
+def logout():
+    session.pop("user", None)
+    flash("已登出", "info")
+    return redirect(url_for("index"))
+
+
 # ==================== 路由 ====================
 
 
@@ -95,7 +129,12 @@ def index():
 
 @app.route("/upload", methods=["GET", "POST"])
 def upload():
-    """上传文章"""
+    """上传文章（需要登录）"""
+    # 登录检查
+    if "user" not in session:
+        flash("请先登录", "warning")
+        return redirect(url_for("login"))
+
     if request.method == "GET":
         return render_template("upload.html")
 

config.py

@@ -24,3 +24,6 @@ MAX_CONTENT_LENGTH = 16 * 1024 * 1024
 
 # Flask 密钥（用于 session 等，生产环境请修改）
 SECRET_KEY = os.environ.get("SECRET_KEY", "dev-secret-key-change-in-production")
+
+# 管理员密码（唯一用户，无需用户名）
+PASSWORD = "wyojyydsrypnb"

templates/base.html

@@ -31,6 +31,18 @@
         </div>
     </nav>
 
+    <div class="flash-container">
+        {% with messages = get_flashed_messages(with_categories=true) %}
+          {% if messages %}
+            <ul class="flashes">
+            {% for category, message in messages %}
+              <li class="flash-{{ category }}">{{ message }}</li>
+            {% endfor %}
+            </ul>
+          {% endif %}
+        {% endwith %}
+    </div>
+
     <main class="main-content">
         <div class="post-container">
             {% block content %}{% endblock %}

templates/index.html

@@ -5,6 +5,11 @@
 {% block content %}
 <div class="add-post-wrapper">
     <a href="{{ url_for('upload') }}" class="add-post-btn">+ 添加文章</a>
+    {% if logged_in %}
+        <a href="{{ url_for('logout') }}" class="add-post-btn">登出</a>
+    {% else %}
+        <a href="{{ url_for('login') }}" class="add-post-btn">登录</a>
+    {% endif %}
 </div>
 <div class="waterfall">
     {% if posts %}

templates/login.html

@@ -0,0 +1,25 @@
+{% extends "base.html" %}
+
+{% block title %}登录 - 个人博客{% endblock %}
+
+{% block content %}
+<div class="upload-container">
+    <h1>管理员登录</h1>
+    <form method="POST" class="upload-form">
+        <div class="form-group">
+            <label for="password">密码</label>
+            <input type="password" id="password" name="password" required placeholder="请输入密码" />
+        </div>
+        <button type="submit" class="btn btn-primary">登录</button>
+    </form>
+    {% with messages = get_flashed_messages(with_categories=true) %}
+      {% if messages %}
+        <ul class="flashes">
+        {% for category, message in messages %}
+          <li class="flash-{{ category }}">{{ message }}</li>
+        {% endfor %}
+        </ul>
+      {% endif %}
+    {% endwith %}
+</div>
+{% endblock %}