Harden auth risk controls and admin reauth

routes/admin_api/update.py

@@ -3,6 +3,7 @@
 from __future__ import annotations
 
 import os
+import time
 import uuid
 
 from flask import jsonify, request, session
@@ -65,6 +66,13 @@ def _parse_bool_field(data: dict, key: str) -> bool | None:
     raise ValueError(f"{key} 必须是 0/1 或 true/false")
 
 
+def _admin_reauth_required() -> bool:
+    try:
+        return time.time() > float(session.get("admin_reauth_until", 0) or 0)
+    except Exception:
+        return True
+
+
 @admin_api_bp.route("/update/status", methods=["GET"])
 @admin_required
 def get_update_status_api():
@@ -146,6 +154,8 @@ def request_update_check_api():
 def request_update_run_api():
     """请求宿主机 Update-Agent 执行一键更新并重启服务。"""
     ensure_update_dirs()
+    if _admin_reauth_required():
+        return jsonify({"error": "需要二次确认", "code": "reauth_required"}), 401
     if _has_pending_request():
         return jsonify({"error": "已有更新请求正在处理中，请稍后再试"}), 409