update:1.更新用户管理-支持管理员新增用户

backend/app/middleware/auth_middleware.py

@@ -1,9 +1,12 @@
 """
 认证中间件 - 从 Cookie 中提取用户信息并注入到 request.state
 """
-from fastapi import Request
+from fastapi import Request, HTTPException
 from starlette.middleware.base import BaseHTTPMiddleware
 from app.user_manager import user_manager
+from app.logger import get_logger
+
+logger = get_logger(__name__)
 
 
 class AuthMiddleware(BaseHTTPMiddleware):
@@ -20,9 +23,18 @@ class AuthMiddleware(BaseHTTPMiddleware):
         if user_id:
             user = await user_manager.get_user(user_id)
             if user:
-                request.state.user_id = user_id
-                request.state.user = user
-                request.state.is_admin = user.is_admin
+                # 检查用户是否被禁用 (trust_level = -1)
+                if user.trust_level == -1:
+                    logger.warning(f"禁用用户尝试访问: {user_id} ({user.username})")
+                    # 清除用户状态，视为未登录
+                    request.state.user_id = None
+                    request.state.user = None
+                    request.state.is_admin = False
+                else:
+                    # 用户正常，注入状态
+                    request.state.user_id = user_id
+                    request.state.user = user
+                    request.state.is_admin = user.is_admin
             else:
                 # 用户不存在，清除状态
                 request.state.user_id = None