security: 修改admin密码并移除前端默认账户显示

- 将admin默认密码从admin123修改为Zhidi@n2023
- 更新数据库中admin用户密码哈希
- 更新后端配置、环境变量模板及测试脚本中的密码
- 移除登录页默认管理员账户密码提示文字
- 清空登录表单密码默认值，避免泄露
- 重新构建前端dist产物

backend/.env.example

@@ -25,5 +25,5 @@ REFRESH_TOKEN_EXPIRE_DAYS=7
 
 # Default superuser (created on first startup)
 FIRST_SUPERUSER_USERNAME=admin
-FIRST_SUPERUSER_PASSWORD=admin123
+FIRST_SUPERUSER_PASSWORD=Zhidi@n2023
 FIRST_SUPERUSER_EMAIL=admin@datapo.com

backend/app/core/config.py

@@ -29,7 +29,7 @@ class Settings(BaseSettings):
     CORS_ORIGINS: List[str] = ["http://localhost:5173", "http://127.0.0.1:5173"]
 
     FIRST_SUPERUSER_USERNAME: str = "admin"
-    FIRST_SUPERUSER_PASSWORD: str = "admin123"
+    FIRST_SUPERUSER_PASSWORD: str = "Zhidi@n2023"
     FIRST_SUPERUSER_EMAIL: str = "admin@datapo.com"
 
     class Config:

backend/scripts/api_integration_test.py

@@ -1,4 +1,5 @@
 import sys, requests
+
 BASE = "http://localhost:8000"
 API = f"{BASE}/api/v1"
 errors, passed = [], []
@@ -13,19 +14,18 @@ def get_items(resp):
     d = resp.json().get("data", [])
     if isinstance(d, list):
         return d
-    if isinstance(d, dict):
     return d.get("items", [])
-    return []
 
 def get_total(resp):
     return resp.json().get("total", 0)
 
+def main():
     print("\n[1/15] Health")
     r = requests.get(f"{BASE}/health")
     check("health", r.status_code == 200 and r.json().get("status") == "ok")
 
     print("\n[2/15] Auth")
-r = requests.post(f"{API}/auth/login", json={"username": "admin", "password": "admin123"})
+    r = requests.post(f"{API}/auth/login", json={"username": "admin", "password": "Zhidi@n2023"})
     check("login", r.status_code == 200)
     token = r.json().get("data", {}).get("access_token", "")
     check("token", bool(token))
@@ -100,7 +100,6 @@ print("\n[15/15] Compliance")
     r = requests.get(f"{API}/compliance/issues", headers=headers)
     check("compliance issues", r.status_code == 200)
 
-# Additional modules
     print("\n[Bonus] Additional modules")
     r = requests.get(f"{API}/lineage/graph", headers=headers)
     check("lineage graph", r.status_code == 200 and "nodes" in r.json().get("data", {}))
@@ -122,3 +121,6 @@ if errors:
     else:
         print("🎉 All integration tests passed!")
         sys.exit(0)
+
+if __name__ == "__main__":
+    main()

backend/tests/test_auth.py

@@ -47,7 +47,7 @@ def test_health_check():
 
 
 def test_login():
-    response = client.post("/api/v1/auth/login", json={"username": "admin", "password": "admin123"})
+    response = client.post("/api/v1/auth/login", json={"username": "admin", "password": "Zhidi@n2023"})
     assert response.status_code == 200
     data = response.json()
     assert data["code"] == 200

frontend/dist/index.html

@@ -5,7 +5,7 @@
     <link rel="icon" type="image/svg+xml" href="/vite.svg" />
     <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no" />
     <title>DataPointer - 数据分类分级管理平台</title>
-    <script type="module" crossorigin src="/assets/index-54C8aHj2.js"></script>
+    <script type="module" crossorigin src="/assets/index-B2ZsjZSQ.js"></script>
     <link rel="stylesheet" crossorigin href="/assets/index-CdImMPt_.css">
   </head>
   <body>

frontend/src/views/auth/Login.vue

@@ -45,7 +45,7 @@
       </el-form>
 
       <div class="login-footer">
-        <p>默认管理员：admin / admin123</p>
+        <!-- 生产环境不显示默认账户 -->
       </div>
     </div>
   </div>
@@ -65,7 +65,7 @@ const formRef = ref()
 
 const form = reactive({
   username: 'admin',
-  password: 'admin123',
+  password: '',
 })
 
 const rules = {