feat: 优化通行密钥错误提示与代码结构

- feat(login): 优化通行密钥(Passkey)登录逻辑，支持 Conditional UI 自动填充，并改进错误提示。
- feat(userProfile): 优化双重验证弹窗样式。
- feat(qrcode): 优化二维码生成逻辑与显示。
- feat(passkey): 优化通行密钥错误提示，添加最后使用时间显示。

src/components/dialog/OTPAuthDialog.vue

@@ -0,0 +1,231 @@
+<script lang="ts" setup>
+import { useToast } from 'vue-toastification'
+import QRCode from 'qrcode'
+import { useDisplay } from 'vuetify'
+import { useI18n } from 'vue-i18n'
+import api from '@/api'
+import type { ApiResponse, PassKey } from '@/api/types'
+
+interface Props {
+  modelValue: boolean
+  isOtp: boolean
+  passkeyList?: PassKey[]
+}
+
+const props = withDefaults(defineProps<Props>(), {
+  passkeyList: () => [],
+})
+
+const emit = defineEmits(['update:modelValue', 'update:isOtp', 'verifyPassword'])
+
+const { t } = useI18n()
+const display = useDisplay()
+const $toast = useToast()
+
+// 内部状态
+const show = computed({
+  get: () => props.modelValue,
+  set: value => emit('update:modelValue', value),
+})
+
+// otp uri
+const otpUri = ref('')
+
+// otp secret
+const secret = ref('')
+
+// 确认双重验证密码
+const otpPassword = ref('')
+
+// 二维码图片 base64
+const qrCodeImage = ref('')
+
+// 二维码信息
+const qrCode = ref('')
+
+// 为当前用户获取Otp Uri
+async function getOtpUri() {
+  // 如果已经启用OTP，只打开对话框，不生成新的二维码
+  if (props.isOtp) {
+    qrCode.value = '' // 清空二维码，这样对话框会显示清除界面
+    qrCodeImage.value = ''
+    return
+  }
+
+  // 未启用OTP，生成新的二维码
+  try {
+    const result = (await api.post('mfa/otp/generate')) as ApiResponse<{
+      uri: string
+      secret: string
+    }>
+    if (result.success) {
+      otpUri.value = result.data.uri
+      secret.value = result.data.secret
+      qrCode.value = result.data.uri
+      // 生成二维码图片
+      qrCodeImage.value = await QRCode.toDataURL(result.data.uri, {
+        width: 200,
+        margin: 1,
+      })
+    } else {
+      $toast.error(t('profile.otpGenerateFailed', { message: result.message }))
+    }
+  } catch (error) {
+    console.error(error)
+    $toast.error(t('profile.otpGenerateFailed', { message: error instanceof Error ? error.message : String(error) }))
+  }
+}
+
+// 启用Otp
+async function judgeOtpPassword() {
+  if (!otpPassword.value) {
+    $toast.error(t('profile.otpCodeRequired'))
+    return
+  }
+  try {
+    const result = (await api.post('mfa/otp/verify', {
+      uri: otpUri.value,
+      otpPassword: otpPassword.value,
+    })) as ApiResponse
+
+    if (result.success) {
+      $toast.success(t('profile.otpEnableSuccess'))
+      show.value = false
+      emit('update:isOtp', true)
+    } else {
+      $toast.error(t('profile.otpEnableFailed', { message: result.message }))
+    }
+  } catch (error) {
+    console.error(error)
+    $toast.error(t('profile.otpEnableFailed', { message: error instanceof Error ? error.message : String(error) }))
+  }
+}
+
+// 关闭当前用户的双重验证
+function disableOtp() {
+  // 如果已绑定PassKey，不允许关闭OTP
+  if (props.passkeyList && props.passkeyList.length > 0) {
+    $toast.error(t('profile.disableOtpWithPasskeyError'))
+    return
+  }
+
+  emit('verifyPassword', {
+    title: t('profile.disableTwoFactor'),
+    text: t('profile.confirmToDisableOtp'),
+    callback: async (password: string) => {
+      try {
+        const result = (await api.post('mfa/otp/disable', {
+          password,
+        })) as ApiResponse
+        if (result.success) {
+          emit('update:isOtp', false)
+          $toast.success(t('profile.otpDisableSuccess'))
+          show.value = false
+        } else {
+          $toast.error(t('profile.otpDisableFailed', { message: result.message }))
+        }
+      } catch (error) {
+        console.error(error)
+        $toast.error(t('profile.otpDisableFailed', { message: error instanceof Error ? error.message : String(error) }))
+      }
+    },
+  })
+}
+
+// 监听弹窗打开，自动获取 URI
+watch(
+  () => props.modelValue,
+  val => {
+    if (val) {
+      getOtpUri()
+      otpPassword.value = ''
+    } else {
+      // 弹窗关闭时，清空数据
+      qrCodeImage.value = ''
+      qrCode.value = ''
+      otpUri.value = ''
+      secret.value = ''
+      otpPassword.value = ''
+    }
+  },
+)
+</script>
+
+<template>
+  <VDialog v-model="show" max-width="45rem" scrollable :fullscreen="!display.mdAndUp.value">
+    <VCard>
+      <VCardItem>
+        <VCardTitle>
+          <VIcon icon="mdi-cellphone-key" class="me-2" />
+          {{ props.isOtp && !qrCode ? t('profile.authenticatorManagement') : t('profile.setupAuthenticator') }}
+        </VCardTitle>
+        <VDialogCloseBtn @click="show = false" />
+      </VCardItem>
+      <VDivider />
+      <VCardText>
+        <p class="mb-6">
+          {{ t('profile.authenticatorAppDescription') }}
+        </p>
+        <!-- 如果已启用OTP，显示清除界面 -->
+        <template v-if="props.isOtp && !qrCode">
+          <VAlert type="success" variant="tonal" class="mb-4">
+            {{ t('profile.authenticatorEnabled') }}
+          </VAlert>
+          <p class="mb-6">
+            {{ t('profile.clearAuthenticatorTip') }}
+          </p>
+          <div class="d-flex justify-end flex-wrap gap-4">
+            <VBtn variant="outlined" color="secondary" @click="show = false">
+              {{ t('common.cancel') }}
+            </VBtn>
+            <VBtn color="error" @click="disableOtp">
+              <template #prepend>
+                <VIcon icon="mdi-delete" />
+              </template>
+              {{ t('profile.clearAuthenticator') }}
+            </VBtn>
+          </div>
+        </template>
+
+        <!-- 设置新的OTP -->
+        <template v-else>
+          <div class="my-6 rounded text-center p-3 border" style="width: fit-content; margin: 0 auto">
+            <VImg class="mx-auto" :src="qrCodeImage" width="200" height="200">
+              <template #placeholder>
+                <div class="w-full h-full">
+                  <VSkeletonLoader class="object-cover aspect-w-1 aspect-h-1" />
+                </div>
+              </template>
+            </VImg>
+          </div>
+          <VAlert :title="secret" variant="tonal" type="warning" class="my-4" :text="t('profile.secretKeyTip')">
+            <template #prepend />
+          </VAlert>
+          <VForm @submit.prevent="judgeOtpPassword">
+            <VTextField
+              v-model="otpPassword"
+              type="text"
+              inputmode="numeric"
+              autocomplete="one-time-code"
+              :label="t('profile.enterVerificationCode')"
+              class="mb-8"
+              variant="outlined"
+              prepend-inner-icon="mdi-shield-key"
+            />
+            <div class="d-flex justify-end flex-wrap gap-4">
+              <VBtn variant="outlined" color="secondary" @click="show = false">
+                {{ t('common.cancel') }}
+              </VBtn>
+              <VBtn type="submit">
+                <template #prepend>
+                  <VIcon icon="mdi-check" />
+                </template>
+                {{ t('common.confirm') }}
+              </VBtn>
+            </div>
+          </VForm>
+        </template>
+      </VCardText>
+    </VCard>
+  </VDialog>
+</template>

src/components/dialog/PasskeyDialog.vue

@@ -0,0 +1,312 @@
+<script lang="ts" setup>
+import { bufferToBase64Url, base64UrlToUint8Array } from '@/@core/utils/navigator'
+import { useToast } from 'vue-toastification'
+import { useDisplay } from 'vuetify'
+import { useI18n } from 'vue-i18n'
+import { formatDateDifference } from '@core/utils/formatters'
+import api from '@/api'
+import type { ApiResponse, PassKey } from '@/api/types'
+
+interface Props {
+  modelValue: boolean
+  isOtp: boolean
+}
+
+// WebAuthn 相关接口定义
+interface PublicKeyCredentialDescriptorJSON {
+  id: string
+  type: 'public-key'
+  transports?: AuthenticatorTransport[]
+}
+
+const props = defineProps<Props>()
+
+const emit = defineEmits(['update:modelValue', 'update:passkeyList', 'verifyPassword'])
+
+const { t, locale } = useI18n()
+const display = useDisplay()
+const $toast = useToast()
+
+// 内部状态
+const show = computed({
+  get: () => props.modelValue,
+  set: value => emit('update:modelValue', value),
+})
+
+// PassKey列表
+const passkeyList = ref<PassKey[]>([])
+
+// PassKey注册loading
+const passkeyRegistering = ref(false)
+
+// PassKey名称
+const passkeyName = ref('')
+
+// PassKey challenge
+const passkeyChallenge = ref('')
+
+// 格式化日期
+function formatDate(dateStr: string) {
+  return new Date(dateStr).toLocaleDateString(locale.value)
+}
+
+// 获取PassKey列表
+async function fetchPassKeyList() {
+  try {
+    const result = (await api.get('mfa/passkey/list')) as ApiResponse<PassKey[]>
+    if (result.success) {
+      passkeyList.value = result.data || []
+      emit('update:passkeyList', passkeyList.value)
+    }
+  } catch (error) {
+    console.error(error)
+  }
+}
+
+// 注册PassKey
+async function registerPassKey() {
+  if (!passkeyName.value) {
+    $toast.error(t('profile.passkeyNameRequired'))
+    return
+  }
+
+  // 检查浏览器环境
+  if (!window.PublicKeyCredential) {
+    if (!window.isSecureContext) {
+      $toast.error(t('login.passkeySecureContextRequired'))
+      return
+    }
+    $toast.error(t('login.passkeyNotSupported'))
+    return
+  }
+
+  passkeyRegistering.value = true
+  try {
+    // 1. 开始注册
+    const startResult = (await api.post('mfa/passkey/register/start', {
+      name: passkeyName.value,
+    })) as ApiResponse<{ options: string; challenge: string }>
+
+    if (!startResult.success) {
+      $toast.error(startResult.message || t('profile.passkeyRegisterFailed'))
+      return
+    }
+
+    const { options, challenge } = startResult.data
+    const publicKeyOptions = JSON.parse(options)
+    passkeyChallenge.value = challenge
+
+    // 2. 调用WebAuthn API
+    const credential = (await navigator.credentials.create({
+      publicKey: {
+        ...publicKeyOptions,
+        challenge: base64UrlToUint8Array(publicKeyOptions.challenge),
+        user: {
+          ...publicKeyOptions.user,
+          id: base64UrlToUint8Array(publicKeyOptions.user.id),
+        },
+        excludeCredentials: publicKeyOptions.excludeCredentials?.map((cred: PublicKeyCredentialDescriptorJSON) => ({
+          ...cred,
+          id: base64UrlToUint8Array(cred.id),
+        })),
+      },
+    })) as PublicKeyCredential
+
+    if (!credential) {
+      $toast.error(t('profile.passkeyRegisterCancelled'))
+      return
+    }
+
+    // 3. 转换credential为可传输格式
+    const response = credential.response as AuthenticatorAttestationResponse
+    const credentialJSON = {
+      id: credential.id,
+      rawId: bufferToBase64Url(credential.rawId),
+      type: credential.type,
+      response: {
+        attestationObject: bufferToBase64Url(response.attestationObject),
+        clientDataJSON: bufferToBase64Url(response.clientDataJSON),
+        transports: typeof response.getTransports === 'function' ? response.getTransports() : [],
+      },
+    }
+
+    // 4. 完成注册
+    const finishResult = (await api.post('mfa/passkey/register/finish', {
+      credential: credentialJSON,
+      challenge: passkeyChallenge.value,
+      name: passkeyName.value,
+    })) as ApiResponse
+
+    if (finishResult.success) {
+      $toast.success(t('profile.passkeyRegisterSuccess'))
+      passkeyName.value = ''
+      await fetchPassKeyList()
+    } else {
+      $toast.error(finishResult.message || t('profile.passkeyRegisterFailed'))
+    }
+  } catch (error: any) {
+    console.error('PassKey注册失败:', error)
+    if (error.name === 'NotAllowedError') {
+      $toast.error(t('profile.passkeyRegisterCancelled'))
+    } else if (error.response) {
+      $toast.error(error.response.data?.detail || t('profile.passkeyRegisterFailed'))
+    } else {
+      $toast.error(error.message || t('profile.passkeyRegisterFailed'))
+    }
+  } finally {
+    passkeyRegistering.value = false
+  }
+}
+
+// 删除PassKey
+async function deletePassKey(passkeyId: number) {
+  emit('verifyPassword', {
+    title: t('profile.deletePasskey'),
+    text: t('profile.confirmToDeletePasskey'),
+    callback: async (password: string) => {
+      try {
+        const result = (await api.post('mfa/passkey/delete', {
+          passkey_id: passkeyId,
+          password,
+        })) as ApiResponse
+        if (result.success) {
+          $toast.success(t('profile.passkeyDeleteSuccess'))
+          await fetchPassKeyList()
+        } else {
+          $toast.error(result.message || t('profile.passkeyDeleteFailed'))
+        }
+      } catch (error) {
+        console.error(error)
+        $toast.error(t('profile.passkeyDeleteFailed'))
+      }
+    },
+  })
+}
+
+// 监听弹窗打开，自动加载列表
+watch(
+  () => props.modelValue,
+  val => {
+    if (val) {
+      fetchPassKeyList()
+      passkeyName.value = ''
+    } else {
+      // 弹窗关闭时，清空数据
+      passkeyName.value = ''
+      passkeyChallenge.value = ''
+      passkeyList.value = []
+    }
+  },
+)
+</script>
+
+<template>
+  <VDialog v-model="show" max-width="45rem" scrollable :fullscreen="!display.mdAndUp.value">
+    <VCard>
+      <VCardItem>
+        <VCardTitle>
+          <VIcon icon="material-symbols:passkey" class="me-2" />
+          {{ t('profile.passkeyManagement') }}
+        </VCardTitle>
+        <VDialogCloseBtn @click="show = false" />
+      </VCardItem>
+      <VDivider />
+      <VCardText>
+        <p class="mb-6">
+          {{ t('profile.passkeyAppDescription') }}
+        </p>
+
+        <!-- 安全警告 -->
+        <VAlert type="warning" variant="tonal" class="mb-6" icon="mdi-alert">
+          <i18n-t keypath="profile.passkeyDomainWarning" tag="span">
+            <template #domain>
+              <b>{{ t('profile.accessDomain') }}</b>
+            </template>
+          </i18n-t>
+        </VAlert>
+
+        <!-- 注册新通行密钥 -->
+        <VCard v-if="props.isOtp" variant="tonal" class="mb-6">
+          <VCardText>
+            <h5 class="text-h5 font-weight-medium mb-2">{{ t('profile.registerNewPasskey') }}</h5>
+            <p class="mb-4">{{ t('profile.passkeyDescription') }}</p>
+            <VForm @submit.prevent="registerPassKey">
+              <VTextField
+                v-model="passkeyName"
+                :label="t('profile.passkeyName')"
+                :placeholder="t('profile.passkeyNamePlaceholder')"
+                class="mb-4"
+                variant="outlined"
+                prepend-inner-icon="mdi-form-textbox"
+              />
+              <VBtn color="primary" type="submit" :loading="passkeyRegistering" prepend-icon="mdi-plus">
+                {{ t('profile.registerPasskey') }}
+              </VBtn>
+            </VForm>
+          </VCardText>
+        </VCard>
+
+        <!-- 未启用 OTP 提示 -->
+        <VAlert v-else type="error" variant="tonal" class="mb-6" icon="mdi-shield-lock">
+          <i18n-t keypath="profile.otpRequiredForPasskey" tag="span">
+            <template #otp>
+              <b>{{ t('profile.otpAuthenticator') }}</b>
+            </template>
+          </i18n-t>
+        </VAlert>
+
+        <!-- 已注册的通行密钥列表 -->
+        <div v-if="passkeyList.length > 0" class="mt-6 px-4">
+          <div
+            v-for="passkey in passkeyList"
+            :key="passkey.id"
+            class="py-4 d-flex align-center justify-space-between border-b last:border-0"
+          >
+            <div>
+              <div class="text-body-1 font-weight-bold mb-1">{{ passkey.name }}</div>
+              <div class="text-caption text-disabled d-flex flex-wrap gap-x-3">
+                <span>{{ t('profile.createdAt') }} {{ formatDate(passkey.created_at) }}</span>
+                <span v-if="passkey.last_used_at">
+                  {{ t('profile.lastUsedAt') }} {{ formatDateDifference(passkey.last_used_at) }}
+                </span>
+              </div>
+            </div>
+            <div>
+              <VBtn
+                variant="flat"
+                color="error"
+                size="small"
+                class="rounded delete-btn"
+                @click="deletePassKey(passkey.id)"
+              >
+                <VIcon icon="mdi-trash-can-outline" size="20" />
+              </VBtn>
+            </div>
+          </div>
+        </div>
+        <VAlert v-else type="info" variant="tonal" class="mt-6">
+          {{ t('profile.noPasskeys') }}
+        </VAlert>
+      </VCardText>
+
+      <VCardActions class="justify-end px-6 pb-4">
+        <VBtn variant="outlined" @click="show = false">{{ t('common.close') }}</VBtn>
+      </VCardActions>
+    </VCard>
+  </VDialog>
+</template>
+
+<style scoped>
+.v-btn.delete-btn {
+  min-width: 45px;
+  padding: 0;
+  background-color: rgba(var(--v-theme-error), 0.1);
+  color: rgb(var(--v-theme-error));
+  transition: all 0.2s ease;
+}
+
+.v-btn.delete-btn:hover {
+  background-color: rgba(var(--v-theme-error), 0.2);
+  color: rgb(var(--v-theme-error));
+}
+</style>

src/components/dialog/U115AuthDialog.vue

@@ -1,6 +1,6 @@
 <script lang="ts" setup>
 import api from '@/api'
-import QrcodeVue from 'qrcode.vue'
+import QRCode from 'qrcode'
 import { useI18n } from 'vue-i18n'
 import { useDisplay } from 'vuetify'
 
@@ -24,6 +24,9 @@ const emit = defineEmits(['done', 'close'])
 // 二维码内容
 const qrCodeContent = ref('')
 
+// 二维码图片 base64
+const qrCodeImage = ref('')
+
 // 下方的提示信息
 const text = ref(t('dialog.u115Auth.scanQrCode'))
 
@@ -61,6 +64,11 @@ async function getQrcode() {
     const result: { [key: string]: any } = await api.get('/storage/qrcode/u115')
     if (result.success && result.data) {
       qrCodeContent.value = result.data.codeContent
+      // 生成二维码图片
+      qrCodeImage.value = await QRCode.toDataURL(result.data.codeContent, {
+        width: 200,
+        margin: 1,
+      })
       timeoutTimer = setTimeout(checkQrcode, 3000)
     } else {
       text.value = result.message
@@ -129,7 +137,13 @@ onUnmounted(() => {
       <VDivider />
       <VCardText class="pt-2 flex flex-col items-center justify-center">
         <div class="mt-6 rounded text-center p-3 border">
-          <QrcodeVue class="mx-auto" :value="qrCodeContent" :size="200" />
+          <VImg class="mx-auto" :src="qrCodeImage" width="200" height="200">
+            <template #placeholder>
+              <div class="w-full h-full">
+                <VSkeletonLoader class="object-cover aspect-w-1 aspect-h-1" />
+              </div>
+            </template>
+          </VImg>
         </div>
         <div>
           <VAlert variant="tonal" :type="alertType" class="my-4 text-center" :text="text">