feat(部署): 添加自动化部署脚本和登录白名单功能

添加 deploy.bat 和 deploy.js 实现自动化部署流程
在 .env.example 和 auth.js 中添加登录白名单功能，支持固定验证码
更新 package.json 添加部署脚本命令

.env.example

@@ -5,6 +5,10 @@ DB_NAME=skills_market
 JWT_SECRET=your-jwt-secret-key-change-in-production
 JWT_EXPIRES_IN=7d
 
+# 登录白名单：固定验证码，不发邮件，多个邮箱用逗号分隔
+WHITELIST_EMAILS=1311711287@email.com
+WHITELIST_CODE=888888
+
 ALIYUN_ACCESS_KEY_ID=LTAI5tP7ufyq46H86SrzmxPL
 ALIYUN_ACCESS_KEY_SECRET=PFqfWD4POJnzYjqGv7S0YygemaC8GS
 ALIYUN_DM_ACCOUNT_NAME=login@mail.como.video

deploy.bat

@@ -0,0 +1,7 @@
+@echo off
+set "PATH=%PATH%;C:\Program Files\Git\cmd"
+git fetch origin
+git reset --hard origin/main
+npm install --omit=dev
+pm2 restart skills-market-server
+echo Deploy done.

package.json

@@ -5,7 +5,8 @@
   "main": "server.js",
   "scripts": {
     "start": "node server.js",
-    "dev": "node --watch server.js"
+    "dev": "node --watch server.js",
+    "deploy": "node scripts/deploy.js"
   },
   "dependencies": {
     "@alicloud/dm20151123": "^1.8.3",

routes/auth.js

@@ -4,6 +4,10 @@ const { sendVerificationCode, verifyCode } = require('../services/auth')
 const JWT_SECRET = process.env.JWT_SECRET || 'your-secret-key-change-in-production'
 const JWT_EXPIRES_IN = process.env.JWT_EXPIRES_IN || '7d'
 
+const WHITELIST_CODE = process.env.WHITELIST_CODE || '888888'
+const WHITELIST_EMAILS = (process.env.WHITELIST_EMAILS || '')
+  .split(',').map(e => e.trim().toLowerCase()).filter(Boolean)
+
 function createAuthRoutes(db) {
   const usersCollection = db.collection('users')
 
@@ -16,6 +20,10 @@ function createAuthRoutes(db) {
           return res.status(400).json({ success: false, error: '邮箱不能为空' })
         }
 
+        if (WHITELIST_EMAILS.includes(email.toLowerCase())) {
+          return res.json({ success: true, message: '验证码已发送' })
+        }
+
         const result = await sendVerificationCode(db, email.toLowerCase())
         
         if (!result.success) {
@@ -38,10 +46,16 @@ function createAuthRoutes(db) {
         }
 
         const emailLower = email.toLowerCase()
-        const verifyResult = await verifyCode(db, emailLower, code)
-        
-        if (!verifyResult.success) {
-          return res.status(400).json(verifyResult)
+
+        if (WHITELIST_EMAILS.includes(emailLower)) {
+          if (code !== WHITELIST_CODE) {
+            return res.status(400).json({ success: false, error: '验证码错误' })
+          }
+        } else {
+          const verifyResult = await verifyCode(db, emailLower, code)
+          if (!verifyResult.success) {
+            return res.status(400).json(verifyResult)
+          }
         }
 
         let user = await usersCollection.findOne({ email: emailLower })

scripts/deploy.js

@@ -0,0 +1,30 @@
+#!/usr/bin/env node
+/**
+ * Deploy script for skills-market-server
+ * Usage: npm run deploy
+ *
+ * What it does:
+ * 1. git push (local → remote repo)
+ * 2. SSH into server and run deploy script
+ */
+
+const { execSync } = require('child_process')
+
+const SERVER_USER = 'Administrator'
+const SERVER_HOST = '118.145.101.146'
+const SERVER_PATH = 'C:\\apps\\skills-market-server'
+
+function run(cmd, opts = {}) {
+  console.log(`\n$ ${cmd}`)
+  execSync(cmd, { stdio: 'inherit', ...opts })
+}
+
+// ── Push local changes ────────────────────────────────────────────
+console.log('\n📦  Pushing to remote repo...')
+run('git push')
+
+// ── SSH: run deploy script on server ───────────────────────────────
+console.log('\n🚀  Deploying to server...')
+run(`ssh ${SERVER_USER}@${SERVER_HOST} "cd /d ${SERVER_PATH} && deploy.bat"`)
+
+console.log('\n✅  Deploy done!\n')