feat: Airwallex 发卡管理后台完整实现

- 后端: FastAPI + SQLAlchemy + SQLite, JWT认证, 代理支持的AirwallexClient
- 前端: React 18 + Vite + Ant Design 5, 中文界面
- 功能: 卡片管理, 持卡人管理, 交易记录, API令牌, 系统设置, 审计日志
- 第三方API: X-API-Key认证, 权限控制
- Docker部署: docker-compose编排前后端

backend/app/routers/auth.py

@@ -0,0 +1,37 @@
+"""Authentication router."""
+from fastapi import APIRouter, Depends, HTTPException, status
+from sqlalchemy.orm import Session
+
+from app.auth import verify_password, create_access_token, get_current_user, AdminUser
+from app.config import settings
+from app.database import get_db
+from app.models.db_models import SystemSetting
+from app.models.schemas import LoginRequest, TokenResponse
+from app.services.audit_log import create_audit_log
+
+router = APIRouter(prefix="/api/auth", tags=["auth"])
+
+
+@router.post("/login", response_model=TokenResponse)
+def login(req: LoginRequest, db: Session = Depends(get_db)):
+    """Admin login endpoint."""
+    if req.username != settings.ADMIN_USERNAME:
+        raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="Invalid credentials")
+
+    # Get password hash from database
+    setting = db.query(SystemSetting).filter(SystemSetting.key == "admin_password_hash").first()
+    if not setting:
+        raise HTTPException(status_code=status.HTTP_500_INTERNAL_SERVER_ERROR, detail="Admin not initialized")
+
+    if not verify_password(req.password, setting.value):
+        raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="Invalid credentials")
+
+    token = create_access_token(data={"sub": req.username})
+    create_audit_log(db, action="login", resource_type="auth", operator=req.username)
+    return TokenResponse(access_token=token, token_type="bearer")
+
+
+@router.get("/me")
+def get_me(user: AdminUser = Depends(get_current_user)):
+    """Get current authenticated user."""
+    return {"username": user.username}