@qq33357486/oh-my-task 1.4.3 → 1.4.5

package/dist/db/schema.sql

@@ -0,0 +1,205 @@
+-- oh-my-task Database Schema (v2)
+-- 从零重写：移除 SOP、assignee、阶段性文档等旧功能
+-- 新增 user_activity、sessions、inserted/notes 等字段
+
+-- ============================================
+-- 用户表
+-- ============================================
+CREATE TABLE IF NOT EXISTS users (
+    id TEXT PRIMARY KEY,
+    name TEXT NOT NULL,
+    email TEXT NOT NULL UNIQUE,
+    password_hash TEXT NOT NULL,
+    role TEXT NOT NULL DEFAULT 'member' CHECK (role IN ('admin', 'member')),
+    reset_token TEXT,
+    reset_token_expires DATETIME,
+    created_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    updated_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP
+);
+
+-- ============================================
+-- 用户 Token 表（用于 MCP/API 认证）
+-- ============================================
+CREATE TABLE IF NOT EXISTS user_tokens (
+    id TEXT PRIMARY KEY,
+    user_id TEXT NOT NULL,
+    name TEXT NOT NULL,
+    token TEXT NOT NULL UNIQUE,
+    last_used_at DATETIME,
+    created_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE
+);
+
+-- ============================================
+-- 用户活动表（用于 DAU/留存统计）
+-- ============================================
+CREATE TABLE IF NOT EXISTS user_activity (
+    id TEXT PRIMARY KEY,
+    user_id TEXT NOT NULL,
+    action TEXT NOT NULL,
+    created_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE
+);
+
+-- ============================================
+-- 项目表
+-- ============================================
+CREATE TABLE IF NOT EXISTS projects (
+    id TEXT PRIMARY KEY,
+    name TEXT NOT NULL,
+    description TEXT,
+    owner_id TEXT NOT NULL,
+    created_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    updated_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    FOREIGN KEY (owner_id) REFERENCES users(id) ON DELETE CASCADE
+);
+
+-- ============================================
+-- 版本表
+-- ============================================
+CREATE TABLE IF NOT EXISTS versions (
+    id TEXT PRIMARY KEY,
+    project_id TEXT NOT NULL,
+    name TEXT NOT NULL,
+    description TEXT,
+    start_date DATE,
+    due_date DATE,
+    locked_at DATETIME DEFAULT NULL,
+    completed_at DATETIME DEFAULT NULL,
+    archived_at DATETIME DEFAULT NULL,
+    sort_order INTEGER NOT NULL DEFAULT 0,
+    created_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    updated_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    FOREIGN KEY (project_id) REFERENCES projects(id) ON DELETE CASCADE
+);
+
+-- ============================================
+-- 任务表
+-- ============================================
+CREATE TABLE IF NOT EXISTS tasks (
+    id TEXT PRIMARY KEY,
+    project_id TEXT NOT NULL,
+    version_id TEXT,
+    parent_id TEXT,
+    title TEXT NOT NULL,
+    description TEXT,
+    notes TEXT,
+    status TEXT NOT NULL DEFAULT 'planned' CHECK (status IN ('planned', 'in_progress', 'done')),
+    estimated_days INTEGER DEFAULT 1,
+    start_date DATE,
+    due_date DATE,
+    actual_start DATETIME,
+    actual_end DATETIME,
+    sort_order INTEGER NOT NULL DEFAULT 0,
+    inserted INTEGER NOT NULL DEFAULT 0 CHECK (inserted IN (0, 1)),
+    deleted_at DATETIME DEFAULT NULL,
+    created_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    updated_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    FOREIGN KEY (project_id) REFERENCES projects(id) ON DELETE CASCADE,
+    FOREIGN KEY (version_id) REFERENCES versions(id) ON DELETE SET NULL,
+    FOREIGN KEY (parent_id) REFERENCES tasks(id) ON DELETE CASCADE
+);
+
+-- ============================================
+-- 任务历史表
+-- ============================================
+CREATE TABLE IF NOT EXISTS task_history (
+    id TEXT PRIMARY KEY,
+    task_id TEXT NOT NULL,
+    action TEXT NOT NULL CHECK (action IN ('created', 'updated', 'status_changed', 'noted')),
+    field TEXT,
+    old_value TEXT,
+    new_value TEXT,
+    reason TEXT,
+    changed_by TEXT,
+    changed_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    FOREIGN KEY (task_id) REFERENCES tasks(id) ON DELETE CASCADE,
+    FOREIGN KEY (changed_by) REFERENCES users(id) ON DELETE SET NULL
+);
+
+-- ============================================
+-- 节假日表
+-- ============================================
+CREATE TABLE IF NOT EXISTS holidays (
+    date DATE PRIMARY KEY,
+    year INTEGER NOT NULL,
+    is_workday INTEGER NOT NULL DEFAULT 0 CHECK (is_workday IN (0, 1)),
+    name TEXT
+);
+
+-- ============================================
+-- 系统配置表
+-- ============================================
+CREATE TABLE IF NOT EXISTS system_config (
+    key TEXT PRIMARY KEY,
+    value TEXT NOT NULL DEFAULT '',
+    description TEXT,
+    updated_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP
+);
+
+-- ============================================
+-- Sessions 表（express-session SQLite store）
+-- better-sqlite3-session-store 需要 sid, sess, expire 列
+-- ============================================
+CREATE TABLE IF NOT EXISTS sessions (
+    sid TEXT NOT NULL PRIMARY KEY,
+    sess TEXT NOT NULL,
+    expire TEXT NOT NULL DEFAULT ''
+);
+
+-- 迁移：如果旧 sessions 表缺少 expire 列或有过时的 expired 列，进行修复
+-- SQLite 不支持 DROP COLUMN，需要重建表
+-- 注意：这里只在必要时执行，不影响已有 session 数据
+-- better-sqlite3-session-store 会在构造时自动执行自己的 CREATE TABLE IF NOT EXISTS
+
+-- ============================================
+-- 初始系统配置
+-- ============================================
+INSERT OR IGNORE INTO system_config (key, value, description) VALUES
+    ('server_url', 'http://localhost:17173', '服务器 URL'),
+    ('smtp_host', '', 'SMTP 服务器地址'),
+    ('smtp_port', '587', 'SMTP 端口'),
+    ('smtp_user', '', 'SMTP 用户名'),
+    ('smtp_pass', '', 'SMTP 密码'),
+    ('smtp_from', '', '发件人邮箱'),
+    ('registration_enabled', '1', '是否开放注册'),
+    ('hcaptcha_site_key', '', 'hCaptcha Site Key'),
+    ('hcaptcha_secret_key', '', 'hCaptcha Secret Key');
+
+-- ============================================
+-- 索引
+-- ============================================
+
+-- users 索引
+CREATE INDEX IF NOT EXISTS idx_users_email ON users(email);
+CREATE INDEX IF NOT EXISTS idx_users_reset_token ON users(reset_token);
+
+-- user_tokens 索引
+CREATE INDEX IF NOT EXISTS idx_user_tokens_user_id ON user_tokens(user_id);
+CREATE INDEX IF NOT EXISTS idx_user_tokens_token ON user_tokens(token);
+
+-- user_activity 索引
+CREATE INDEX IF NOT EXISTS idx_user_activity_user_id ON user_activity(user_id);
+CREATE INDEX IF NOT EXISTS idx_user_activity_action ON user_activity(action);
+CREATE INDEX IF NOT EXISTS idx_user_activity_created_at ON user_activity(created_at);
+
+-- projects 索引
+CREATE INDEX IF NOT EXISTS idx_projects_owner_id ON projects(owner_id);
+
+-- versions 索引
+CREATE INDEX IF NOT EXISTS idx_versions_project_id ON versions(project_id);
+CREATE INDEX IF NOT EXISTS idx_versions_locked_at ON versions(locked_at);
+CREATE INDEX IF NOT EXISTS idx_versions_archived_at ON versions(archived_at);
+
+-- tasks 索引
+CREATE INDEX IF NOT EXISTS idx_tasks_project_id ON tasks(project_id);
+CREATE INDEX IF NOT EXISTS idx_tasks_parent_id ON tasks(parent_id);
+CREATE INDEX IF NOT EXISTS idx_tasks_status ON tasks(status);
+CREATE INDEX IF NOT EXISTS idx_tasks_deleted_at ON tasks(deleted_at);
+CREATE INDEX IF NOT EXISTS idx_tasks_version_id ON tasks(version_id);
+
+-- task_history 索引
+CREATE INDEX IF NOT EXISTS idx_task_history_task_id ON task_history(task_id);
+
+-- holidays 索引
+CREATE INDEX IF NOT EXISTS idx_holidays_year ON holidays(year);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@qq33357486/oh-my-task",
-  "version": "1.4.3",
+  "version": "1.4.5",
   "description": "文档驱动的 AI 编程协作系统 - 通过 MCP 工具管理任务",
   "type": "module",
   "main": "dist/index.js",
@@ -17,7 +17,7 @@
   "scripts": {
     "dev": "tsx watch src/index.ts",
     "dev:all": "tsx scripts/dev.ts",
-    "build": "tsc",
+    "build": "node scripts/clean-dist.cjs && tsc && node scripts/copy-schema.cjs",
     "start": "node dist/index.js",
     "mcp": "tsx src/mcp/server.ts",
     "db:init": "tsx src/db/init.ts"

package/dist/__tests__/auth-admin.test.d.ts

@@ -1,2 +0,0 @@
-export {};
-//# sourceMappingURL=auth-admin.test.d.ts.map

package/dist/__tests__/auth-admin.test.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"auth-admin.test.d.ts","sourceRoot":"","sources":["../../src/__tests__/auth-admin.test.ts"],"names":[],"mappings":""}

package/dist/__tests__/auth-admin.test.js

@@ -1,440 +0,0 @@
-import { describe, it, expect, beforeAll, afterAll, beforeEach } from 'vitest';
-import request from 'supertest';
-import Database from 'better-sqlite3';
-import { mkdirSync, rmSync, existsSync, readFileSync } from 'fs';
-import { join } from 'path';
-import { tmpdir } from 'os';
-// 每个测试用唯一的临时目录，避免并行测试冲突
-let TEST_DIR;
-let TEST_DB_PATH;
-let app;
-// 测试用的用户凭据
-const ADMIN_USER = {
-    name: 'AdminUser',
-    email: 'admin@example.com',
-    password: 'AdminPass123'
-};
-const MEMBER_USER = {
-    name: 'MemberUser',
-    email: 'member@example.com',
-    password: 'MemberPass123'
-};
-const MEMBER_USER2 = {
-    name: 'MemberUser2',
-    email: 'member2@example.com',
-    password: 'MemberPass456'
-};
-let adminCookie;
-let memberCookie;
-let member2Cookie;
-let adminId = 'admin-user-001';
-let memberId = 'member-user-001';
-let member2Id = 'member-user-002';
-beforeAll(async () => {
-    TEST_DIR = join(tmpdir(), `omt-auth-admin-test-${Date.now()}`);
-    TEST_DB_PATH = join(TEST_DIR, 'data', 'data.db');
-    mkdirSync(join(TEST_DIR, 'data'), { recursive: true });
-    process.env.DB_PATH = TEST_DB_PATH;
-    // 初始化数据库
-    const db = new Database(TEST_DB_PATH);
-    db.pragma('journal_mode = WAL');
-    db.pragma('foreign_keys = ON');
-    const schemaSql = readFileSync(join(process.cwd(), 'src', 'db', 'schema.sql'), 'utf-8');
-    db.exec(schemaSql);
-    db.close();
-    // 动态导入 app（需要在数据库初始化后）
-    const serverModule = await import('../api/server.js');
-    app = serverModule.default;
-});
-afterAll(() => {
-    try {
-        if (existsSync(TEST_DIR)) {
-            rmSync(TEST_DIR, { recursive: true, force: true });
-        }
-    }
-    catch {
-        // Windows 可能因文件锁定无法立即删除
-    }
-    delete process.env.DB_PATH;
-});
-/**
- * 辅助函数：创建测试用户并登录
- */
-async function setupUserAndLogin(user, userId, role = 'member') {
-    const db = new Database(TEST_DB_PATH);
-    const bcrypt = await import('bcrypt');
-    const hash = await bcrypt.default.hash(user.password, 12);
-    db.prepare(`
-    INSERT OR REPLACE INTO users (id, name, email, password_hash, role)
-    VALUES (?, ?, ?, ?, ?)
-  `).run(userId, user.name, user.email, hash, role);
-    db.close();
-    const loginRes = await request(app)
-        .post('/api/auth/login')
-        .send({ email: user.email, password: user.password });
-    const setCookie = loginRes.headers['set-cookie'];
-    if (Array.isArray(setCookie)) {
-        return setCookie[0].split(';')[0];
-    }
-    return setCookie.split(';')[0];
-}
-/**
- * 辅助函数：在数据库中创建项目
- */
-function createProjectInDb(ownerId, projectId, name) {
-    const db = new Database(TEST_DB_PATH);
-    db.prepare(`
-    INSERT INTO projects (id, name, owner_id) VALUES (?, ?, ?)
-  `).run(projectId, name, ownerId);
-    db.close();
-}
-/**
- * 辅助函数：在数据库中创建版本
- */
-function createVersionInDb(projectId, versionId, name) {
-    const db = new Database(TEST_DB_PATH);
-    db.prepare(`
-    INSERT INTO versions (id, project_id, name) VALUES (?, ?, ?)
-  `).run(versionId, projectId, name);
-    db.close();
-}
-/**
- * 辅助函数：在数据库中创建任务
- */
-function createTaskInDb(projectId, taskId, title, versionId) {
-    const db = new Database(TEST_DB_PATH);
-    db.prepare(`
-    INSERT INTO tasks (id, project_id, title, version_id) VALUES (?, ?, ?, ?)
-  `).run(taskId, projectId, title, versionId || null);
-    db.close();
-}
-/**
- * 辅助函数：记录用户活动
- */
-function recordActivity(userId, action, createdAt) {
-    const db = new Database(TEST_DB_PATH);
-    db.prepare(`
-    INSERT INTO user_activity (id, user_id, action, created_at) VALUES (?, ?, ?, ?)
-  `).run(`activity-${Date.now()}-${Math.random().toString(36).slice(2)}`, userId, action, createdAt || new Date().toISOString());
-    db.close();
-}
-// ============================================
-// GET /api/users — 管理员查看用户列表
-// ============================================
-describe('GET /api/users', () => {
-    beforeEach(async () => {
-        // 清理并重建测试数据
-        const db = new Database(TEST_DB_PATH);
-        db.prepare('DELETE FROM user_activity');
-        db.prepare('DELETE FROM tasks');
-        db.prepare('DELETE FROM versions');
-        db.prepare('DELETE FROM projects');
-        db.prepare('DELETE FROM users');
-        db.close();
-        adminCookie = await setupUserAndLogin(ADMIN_USER, adminId, 'admin');
-        memberCookie = await setupUserAndLogin(MEMBER_USER, memberId, 'member');
-        member2Cookie = await setupUserAndLogin(MEMBER_USER2, member2Id, 'member');
-    });
-    it('VAL-AUTH-025: 管理员获取分页用户列表', async () => {
-        const res = await request(app)
-            .get('/api/users')
-            .set('Cookie', adminCookie);
-        expect(res.status).toBe(200);
-        expect(res.body.success).toBe(true);
-        expect(res.body.data.users).toBeDefined();
-        expect(res.body.data.users.length).toBe(3); // admin + 2 members
-        expect(res.body.data.pagination).toBeDefined();
-        expect(res.body.data.pagination.total).toBe(3);
-        expect(res.body.data.pagination.page).toBe(1);
-        expect(res.body.data.pagination.total_pages).toBe(1);
-        // 确认返回的用户包含必要字段
-        const user = res.body.data.users[0];
-        expect(user.id).toBeDefined();
-        expect(user.name).toBeDefined();
-        expect(user.email).toBeDefined();
-        expect(user.role).toBeDefined();
-        expect(user.created_at).toBeDefined();
-        // 不包含密码
-        expect(user.password_hash).toBeUndefined();
-    });
-    it('分页参数生效', async () => {
-        const res = await request(app)
-            .get('/api/users?page=1&page_size=2')
-            .set('Cookie', adminCookie);
-        expect(res.status).toBe(200);
-        expect(res.body.data.users.length).toBe(2);
-        expect(res.body.data.pagination.page_size).toBe(2);
-        expect(res.body.data.pagination.total).toBe(3);
-        expect(res.body.data.pagination.total_pages).toBe(2);
-    });
-    it('VAL-AUTH-027: 非管理员访问 GET /api/users 返回 403', async () => {
-        const res = await request(app)
-            .get('/api/users')
-            .set('Cookie', memberCookie);
-        expect(res.status).toBe(403);
-        expect(res.body.success).toBe(false);
-    });
-    it('未认证访问 GET /api/users 返回 401', async () => {
-        const res = await request(app)
-            .get('/api/users');
-        expect(res.status).toBe(401);
-        expect(res.body.success).toBe(false);
-    });
-});
-// ============================================
-// DELETE /api/users/:id — 管理员删除用户
-// ============================================
-describe('DELETE /api/users/:id', () => {
-    beforeEach(async () => {
-        const db = new Database(TEST_DB_PATH);
-        db.prepare('DELETE FROM user_activity');
-        db.prepare('DELETE FROM tasks');
-        db.prepare('DELETE FROM versions');
-        db.prepare('DELETE FROM projects');
-        db.prepare('DELETE FROM users');
-        db.close();
-        adminCookie = await setupUserAndLogin(ADMIN_USER, adminId, 'admin');
-        memberCookie = await setupUserAndLogin(MEMBER_USER, memberId, 'member');
-        member2Cookie = await setupUserAndLogin(MEMBER_USER2, member2Id, 'member');
-    });
-    it('VAL-AUTH-026: 管理员删除他人返回 200', async () => {
-        const res = await request(app)
-            .delete(`/api/users/${memberId}`)
-            .set('Cookie', adminCookie);
-        expect(res.status).toBe(200);
-        expect(res.body.success).toBe(true);
-        expect(res.body.message).toBeDefined();
-        // 验证用户已被删除
-        const db = new Database(TEST_DB_PATH);
-        const user = db.prepare('SELECT * FROM users WHERE id = ?').get(memberId);
-        db.close();
-        expect(user).toBeUndefined();
-    });
-    it('VAL-AUTH-026: 管理员删除自己返回 403', async () => {
-        const res = await request(app)
-            .delete(`/api/users/${adminId}`)
-            .set('Cookie', adminCookie);
-        expect(res.status).toBe(403);
-        expect(res.body.success).toBe(false);
-    });
-    it('VAL-AUTH-027: 非管理员删除用户返回 403', async () => {
-        const res = await request(app)
-            .delete(`/api/users/${member2Id}`)
-            .set('Cookie', memberCookie);
-        expect(res.status).toBe(403);
-        expect(res.body.success).toBe(false);
-    });
-    it('删除不存在的用户返回 404', async () => {
-        const res = await request(app)
-            .delete('/api/users/nonexistent-id')
-            .set('Cookie', adminCookie);
-        expect(res.status).toBe(404);
-        expect(res.body.success).toBe(false);
-    });
-    it('VAL-CROSS-009: 删除用户后其项目/版本/任务被级联删除', async () => {
-        // 为 member 用户创建项目、版本、任务
-        createProjectInDb(memberId, 'proj-member-1', 'Member Project');
-        createVersionInDb('proj-member-1', 'ver-member-1', 'v1');
-        createTaskInDb('proj-member-1', 'task-member-1', 'Member Task', 'ver-member-1');
-        // 确认数据存在
-        const dbBefore = new Database(TEST_DB_PATH);
-        const projBefore = dbBefore.prepare('SELECT * FROM projects WHERE owner_id = ?').all(memberId);
-        expect(projBefore.length).toBe(1);
-        dbBefore.close();
-        // 管理员删除用户
-        const res = await request(app)
-            .delete(`/api/users/${memberId}`)
-            .set('Cookie', adminCookie);
-        expect(res.status).toBe(200);
-        // 验证级联删除
-        const dbAfter = new Database(TEST_DB_PATH);
-        const projects = dbAfter.prepare('SELECT * FROM projects WHERE owner_id = ?').all(memberId);
-        const versions = dbAfter.prepare('SELECT * FROM versions WHERE project_id = ?').all('proj-member-1');
-        const tasks = dbAfter.prepare('SELECT * FROM tasks WHERE project_id = ?').all('proj-member-1');
-        dbAfter.close();
-        expect(projects.length).toBe(0);
-        expect(versions.length).toBe(0);
-        expect(tasks.length).toBe(0);
-    });
-    it('删除用户不影响其他用户的数据', async () => {
-        // 为两个 member 用户创建项目
-        createProjectInDb(memberId, 'proj-member-1', 'Member1 Project');
-        createProjectInDb(member2Id, 'proj-member-2', 'Member2 Project');
-        // 管理员删除 member
-        await request(app)
-            .delete(`/api/users/${memberId}`)
-            .set('Cookie', adminCookie);
-        // member2 的项目应该还在
-        const db = new Database(TEST_DB_PATH);
-        const proj = db.prepare('SELECT * FROM projects WHERE owner_id = ?').all(member2Id);
-        db.close();
-        expect(proj.length).toBe(1);
-        expect(proj[0].name).toBe('Member2 Project');
-    });
-});
-// ============================================
-// GET /api/config — 系统配置
-// ============================================
-describe('GET /api/config', () => {
-    beforeEach(async () => {
-        const db = new Database(TEST_DB_PATH);
-        db.prepare('DELETE FROM users');
-        db.close();
-        adminCookie = await setupUserAndLogin(ADMIN_USER, adminId, 'admin');
-        memberCookie = await setupUserAndLogin(MEMBER_USER, memberId, 'member');
-    });
-    it('VAL-AUTH-028: 管理员获取系统配置', async () => {
-        const res = await request(app)
-            .get('/api/config')
-            .set('Cookie', adminCookie);
-        expect(res.status).toBe(200);
-        expect(res.body.success).toBe(true);
-        expect(res.body.data).toBeDefined();
-        expect(res.body.data.server_url).toBeDefined();
-        expect(res.body.data.registration_enabled).toBeDefined();
-        expect(res.body.data.smtp_host).toBeDefined();
-    });
-    it('VAL-AUTH-027: 非管理员访问 GET /api/config 返回 403', async () => {
-        const res = await request(app)
-            .get('/api/config')
-            .set('Cookie', memberCookie);
-        expect(res.status).toBe(403);
-        expect(res.body.success).toBe(false);
-    });
-});
-// ============================================
-// PUT /api/config — 更新系统配置
-// ============================================
-describe('PUT /api/config', () => {
-    beforeEach(async () => {
-        const db = new Database(TEST_DB_PATH);
-        db.prepare('DELETE FROM users');
-        db.close();
-        adminCookie = await setupUserAndLogin(ADMIN_USER, adminId, 'admin');
-        memberCookie = await setupUserAndLogin(MEMBER_USER, memberId, 'member');
-    });
-    it('VAL-AUTH-028: 管理员更新配置成功', async () => {
-        const res = await request(app)
-            .put('/api/config')
-            .set('Cookie', adminCookie)
-            .send({
-            registration_enabled: '0',
-            smtp_host: 'smtp.example.com'
-        });
-        expect(res.status).toBe(200);
-        expect(res.body.success).toBe(true);
-        expect(res.body.data.registration_enabled).toBe('0');
-        expect(res.body.data.smtp_host).toBe('smtp.example.com');
-    });
-    it('VAL-AUTH-028: 更新后 GET 确认值已变更', async () => {
-        // 更新配置
-        await request(app)
-            .put('/api/config')
-            .set('Cookie', adminCookie)
-            .send({
-            registration_enabled: '0',
-            smtp_host: 'smtp.updated.com',
-            smtp_port: '465'
-        });
-        // GET 确认
-        const getRes = await request(app)
-            .get('/api/config')
-            .set('Cookie', adminCookie);
-        expect(getRes.status).toBe(200);
-        expect(getRes.body.data.registration_enabled).toBe('0');
-        expect(getRes.body.data.smtp_host).toBe('smtp.updated.com');
-        expect(getRes.body.data.smtp_port).toBe('465');
-    });
-    it('VAL-AUTH-027: 非管理员 PUT /api/config 返回 403', async () => {
-        const res = await request(app)
-            .put('/api/config')
-            .set('Cookie', memberCookie)
-            .send({ registration_enabled: '0' });
-        expect(res.status).toBe(403);
-        expect(res.body.success).toBe(false);
-    });
-});
-// ============================================
-// GET /api/admin/stats — 用户统计
-// ============================================
-describe('GET /api/admin/stats', () => {
-    beforeEach(async () => {
-        const db = new Database(TEST_DB_PATH);
-        db.prepare('DELETE FROM user_activity');
-        db.prepare('DELETE FROM tasks');
-        db.prepare('DELETE FROM versions');
-        db.prepare('DELETE FROM projects');
-        db.prepare('DELETE FROM users');
-        db.close();
-        adminCookie = await setupUserAndLogin(ADMIN_USER, adminId, 'admin');
-        memberCookie = await setupUserAndLogin(MEMBER_USER, memberId, 'member');
-    });
-    it('VAL-AUTH-032: 管理员获取用户统计', async () => {
-        const res = await request(app)
-            .get('/api/admin/stats')
-            .set('Cookie', adminCookie);
-        expect(res.status).toBe(200);
-        expect(res.body.success).toBe(true);
-        expect(res.body.data).toBeDefined();
-        // newUsers: 日/周/月新增用户数
-        expect(res.body.data.newUsers).toBeDefined();
-        expect(res.body.data.newUsers.daily).toBeDefined();
-        expect(res.body.data.newUsers.weekly).toBeDefined();
-        expect(res.body.data.newUsers.monthly).toBeDefined();
-        // dau: 日活用户
-        expect(res.body.data.dau).toBeDefined();
-        expect(Array.isArray(res.body.data.dau)).toBe(true);
-        // retention: 留存率
-        expect(res.body.data.retention).toBeDefined();
-    });
-    it('VAL-AUTH-032: 新增用户数统计准确', async () => {
-        const res = await request(app)
-            .get('/api/admin/stats')
-            .set('Cookie', adminCookie);
-        expect(res.status).toBe(200);
-        // 今天创建了 2 个用户（admin + member），所以 daily 至少为 2
-        const daily = res.body.data.newUsers.daily;
-        expect(typeof daily).toBe('number');
-        expect(daily).toBeGreaterThanOrEqual(2);
-    });
-    it('VAL-AUTH-032: DAU 统计返回近 7 天数据', async () => {
-        // 为 member 用户记录一些活动
-        recordActivity(memberId, 'login');
-        recordActivity(adminId, 'login');
-        const res = await request(app)
-            .get('/api/admin/stats')
-            .set('Cookie', adminCookie);
-        expect(res.status).toBe(200);
-        const dau = res.body.data.dau;
-        expect(dau.length).toBe(7);
-        // 每天至少有日期和数量
-        for (const day of dau) {
-            expect(day.date).toBeDefined();
-            expect(day.count).toBeDefined();
-        }
-    });
-    it('VAL-AUTH-032: 留存率返回数据', async () => {
-        const res = await request(app)
-            .get('/api/admin/stats')
-            .set('Cookie', adminCookie);
-        expect(res.status).toBe(200);
-        const retention = res.body.data.retention;
-        expect(retention).toBeDefined();
-        // 留存率应包含 day1, day7 等字段
-        expect(typeof retention).toBe('object');
-    });
-    it('VAL-AUTH-027: 非管理员访问 GET /api/admin/stats 返回 403', async () => {
-        const res = await request(app)
-            .get('/api/admin/stats')
-            .set('Cookie', memberCookie);
-        expect(res.status).toBe(403);
-        expect(res.body.success).toBe(false);
-    });
-    it('未认证访问 GET /api/admin/stats 返回 401', async () => {
-        const res = await request(app)
-            .get('/api/admin/stats');
-        expect(res.status).toBe(401);
-        expect(res.body.success).toBe(false);
-    });
-});
-//# sourceMappingURL=auth-admin.test.js.map