feat: 我的页整合扫一扫/设置与提现、all-chapters去重、内容上传API、文档与后台登录

Co-authored-by: Cursor <cursoragent@cursor.com>

app/api/auth/reset-password/route.ts

@@ -0,0 +1,54 @@
+/**
+ * 忘记密码 / 重置密码（Web 端）
+ * POST { phone, newPassword } -> 按手机号更新密码（无验证码版本，适合内测/内部使用）
+ */
+
+import { NextRequest, NextResponse } from 'next/server'
+import { query } from '@/lib/db'
+import { hashPassword } from '@/lib/password'
+
+export async function POST(request: NextRequest) {
+  try {
+    const body = await request.json()
+    const { phone, newPassword } = body
+
+    if (!phone || !newPassword) {
+      return NextResponse.json(
+        { success: false, error: '请输入手机号和新密码' },
+        { status: 400 }
+      )
+    }
+
+    const trimmedPhone = String(phone).trim()
+    const trimmedPassword = String(newPassword).trim()
+
+    if (trimmedPassword.length < 6) {
+      return NextResponse.json(
+        { success: false, error: '密码至少 6 位' },
+        { status: 400 }
+      )
+    }
+
+    const rows = await query('SELECT id FROM users WHERE phone = ?', [trimmedPhone]) as any[]
+    if (!rows || rows.length === 0) {
+      return NextResponse.json(
+        { success: false, error: '该手机号未注册' },
+        { status: 404 }
+      )
+    }
+
+    const hashed = hashPassword(trimmedPassword)
+    await query('UPDATE users SET password = ?, updated_at = NOW() WHERE phone = ?', [
+      hashed,
+      trimmedPhone,
+    ])
+
+    return NextResponse.json({ success: true, message: '密码已重置，请使用新密码登录' })
+  } catch (e) {
+    console.error('[Auth ResetPassword] error:', e)
+    return NextResponse.json(
+      { success: false, error: '重置失败' },
+      { status: 500 }
+    )
+  }
+}