更新管理员登录和鉴权逻辑，优化用户体验；重构相关API以支持更安全的身份验证；调整数据库初始化以兼容新字段，确保用户信息安全；修复部分组件样式和功能，提升整体可用性。

app/api/admin/referral/route.ts

@@ -2,6 +2,7 @@
 // 分销模块管理API
 
 import { NextRequest, NextResponse } from 'next/server'
+import { requireAdminResponse } from '@/lib/admin-auth'
 
 // 模拟分销数据
 let referralRecords = [
@@ -52,6 +53,8 @@ let commissionRecords = [
 
 // GET: 获取分销概览或列表
 export async function GET(req: NextRequest) {
+  const authErr = requireAdminResponse(req)
+  if (authErr) return authErr
   const { searchParams } = new URL(req.url)
   const type = searchParams.get('type') || 'list'
   const page = parseInt(searchParams.get('page') || '1')
@@ -95,6 +98,8 @@ export async function GET(req: NextRequest) {
 
 // POST: 创建分销记录或处理佣金
 export async function POST(req: NextRequest) {
+  const authErr = requireAdminResponse(req)
+  if (authErr) return authErr
   try {
     const body = await req.json()
     const { action, data } = body
@@ -170,6 +175,8 @@ export async function POST(req: NextRequest) {
 
 // PUT: 更新分销记录
 export async function PUT(req: NextRequest) {
+  const authErr = requireAdminResponse(req)
+  if (authErr) return authErr
   try {
     const body = await req.json()
     const { referrerId, status, commissionRate, note } = body
@@ -205,6 +212,8 @@ export async function PUT(req: NextRequest) {
 
 // DELETE: 删除分销记录
 export async function DELETE(req: NextRequest) {
+  const authErr = requireAdminResponse(req)
+  if (authErr) return authErr
   try {
     const { searchParams } = new URL(req.url)
     const referrerId = searchParams.get('id')