feat: 安全增强 + 删除密码重置申请功能 + 登录提醒开关

安全增强:
- 新增 SSRF、XXE、模板注入、敏感路径探测检测规则
- security/constants.py: 添加新的威胁类型和检测模式
- security/threat_detector.py: 实现新检测逻辑

删除密码重置申请功能:
- 移除 /api/password_resets 相关API
- 删除 password_reset_requests 数据库表
- 前端移除密码重置申请页面和菜单
- 用户只能通过邮��找回密码，未绑定邮箱需联系管理员

登录提醒全局开关:
- email_service.py: 添加 login_alert_enabled 字段
- routes/api_auth.py: 检查开关状态再发送登录提醒
- EmailPage.vue: 添加新设备登录提醒开关

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

db/admin.py

@@ -287,108 +287,6 @@ def get_hourly_registration_count() -> int:
 # ==================== 密码重置（管理员） ====================
 
 
-def create_password_reset_request(user_id: int, new_password: str):
-    """创建密码重置申请（存储哈希）"""
-    with db_pool.get_db() as conn:
-        cursor = conn.cursor()
-        password_hash = hash_password_bcrypt(new_password)
-        cst_time = get_cst_now_str()
-
-        try:
-            cursor.execute(
-                """
-                INSERT INTO password_reset_requests (user_id, new_password_hash, status, created_at)
-                VALUES (?, ?, 'pending', ?)
-                """,
-                (user_id, password_hash, cst_time),
-            )
-            conn.commit()
-            return cursor.lastrowid
-        except Exception as e:
-            print(f"创建密码重置申请失败: {e}")
-            return None
-
-
-def get_pending_password_resets():
-    """获取待审核的密码重置申请列表"""
-    with db_pool.get_db() as conn:
-        cursor = conn.cursor()
-        cursor.execute(
-            """
-            SELECT r.id, r.user_id, r.created_at, r.status,
-                   u.username, u.email
-            FROM password_reset_requests r
-            JOIN users u ON r.user_id = u.id
-            WHERE r.status = 'pending'
-            ORDER BY r.created_at DESC
-            """
-        )
-        return [dict(row) for row in cursor.fetchall()]
-
-
-def approve_password_reset(request_id: int) -> bool:
-    """批准密码重置申请"""
-    with db_pool.get_db() as conn:
-        cursor = conn.cursor()
-        cst_time = get_cst_now_str()
-
-        try:
-            cursor.execute(
-                """
-                SELECT user_id, new_password_hash
-                FROM password_reset_requests
-                WHERE id = ? AND status = 'pending'
-                """,
-                (request_id,),
-            )
-
-            result = cursor.fetchone()
-            if not result:
-                return False
-
-            user_id = result["user_id"]
-            new_password_hash = result["new_password_hash"]
-
-            cursor.execute("UPDATE users SET password_hash = ? WHERE id = ?", (new_password_hash, user_id))
-
-            cursor.execute(
-                """
-                UPDATE password_reset_requests
-                SET status = 'approved', processed_at = ?
-                WHERE id = ?
-                """,
-                (cst_time, request_id),
-            )
-
-            conn.commit()
-            return True
-        except Exception as e:
-            print(f"批准密码重置失败: {e}")
-            return False
-
-
-def reject_password_reset(request_id: int) -> bool:
-    """拒绝密码重置申请"""
-    with db_pool.get_db() as conn:
-        cursor = conn.cursor()
-        cst_time = get_cst_now_str()
-
-        try:
-            cursor.execute(
-                """
-                UPDATE password_reset_requests
-                SET status = 'rejected', processed_at = ?
-                WHERE id = ? AND status = 'pending'
-                """,
-                (cst_time, request_id),
-            )
-            conn.commit()
-            return cursor.rowcount > 0
-        except Exception as e:
-            print(f"拒绝密码重置失败: {e}")
-            return False
-
-
 def admin_reset_user_password(user_id: int, new_password: str) -> bool:
     """管理员直接重置用户密码"""
     with db_pool.get_db() as conn: