From d46d20f670bc21ed0645de53dbcd53265c7a196e Mon Sep 17 00:00:00 2001
From: yuyx <237899745@qq.com>
Date: Wed, 21 Jan 2026 11:58:39 +0800
Subject: [PATCH] =?UTF-8?q?chore:=20=E7=A7=BB=E9=99=A4=E7=B3=BB=E7=BB=9F?=
 =?UTF-8?q?=E8=AE=BE=E7=BD=AE=E7=9A=84=E5=AF=86=E7=A0=81=E4=BA=8C=E6=AC=A1?=
 =?UTF-8?q?=E9=AA=8C=E8=AF=81?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

移除 /api/admin/settings 路由的 requirePasswordConfirmation 中间件，
简化管理员操作流程。系统设置更新现在仅依赖管理员登录认证。

注意：此修改降低了安全性，建议在生产环境中考虑其他安全措施。

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 backend/server.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/backend/server.js b/backend/server.js
index 0600653..b165455 100644
--- a/backend/server.js
+++ b/backend/server.js
@@ -4555,10 +4555,10 @@ app.get('/api/admin/settings', authMiddleware, adminMiddleware, (req, res) => {
 });
 
 // 更新系统设置
+// 注意：已移除 requirePasswordConfirmation 中间件，依赖管理员登录认证
 app.post('/api/admin/settings',
   authMiddleware,
   adminMiddleware,
-  requirePasswordConfirmation, // 安全修复：添加密码二次验证（系统设置影响全局）
   (req, res) => {
   try {
     const { max_upload_size, smtp, global_theme } = req.body;