部分修改[0.2.8.14][ci]

accounts/templates/accounts/profile.html

@@ -39,8 +39,8 @@
     .msg.success { color: #166534; }
     
     /* 图片放大模态框 */
-    .image-modal { position: fixed; inset: 0; background: rgba(0,0,0,0.8); display: none; align-items: center; justify-content: center; z-index: 2000; }
+    .image-modal { position: fixed; inset: 0; background: rgba(0,0,0,0.8); display: none; align-items: center; justify-content: center; z-index: 2000; overflow: hidden; }
-    .image-modal-content { max-width: 90%; max-height: 90%; border-radius: 8px; }
+    .image-modal-content { max-width: 90%; max-height: 90%; border-radius: 8px; transform-origin: center center; cursor: grab; user-select: none; }
     .image-modal-close { position: absolute; top: 20px; right: 30px; color: white; font-size: 40px; font-weight: bold; cursor: pointer; }
   </style>
 </head>
@@ -48,7 +48,7 @@
   <!-- 侧边栏 -->
   <div class="sidebar">
     <div class="user-id-sidebar">
-      <h3>你好，{{ username|default:"访客" }}</h3>
+      <h3>你好，<span id="sidebarUsername">{{ username|default:"访客" }}</span></h3>
     </div>
     <div class="navigation-links">
       <a href="{% url 'main:home' %}">返回主页</a>
@@ -58,6 +58,58 @@
   </div>
 
   <div class="main-content">
+    {% if subpage %}
+    <div class="profile-card">
+      <div class="profile-header">
+        <div class="profile-info">
+          <h2>{{ subpage_title }}</h2>
+        </div>
+      </div>
+      <div style="margin-bottom: 12px;">
+        <a href="{% url 'accounts:profile' %}" style="color:#2d8cf0; text-decoration:none;">返回个人中心</a>
+      </div>
+      {% if subpage == "username" %}
+      <form id="nameForm">
+        <div class="form-group">
+          <label for="newUsername">新用户名</label>
+          <input type="text" id="newUsername" placeholder="请输入新用户名" required>
+        </div>
+        <button type="submit" class="btn">保存</button>
+        <div id="nameMsg" class="msg"></div>
+      </form>
+      {% endif %}
+      {% if subpage == "password" %}
+      <form id="pwdForm">
+        <div class="form-group">
+          <label for="newPassword">新密码</label>
+          <input type="password" id="newPassword" autocomplete="new-password" required>
+        </div>
+        <div class="form-group">
+          <label for="confirmPassword">确认密码</label>
+          <input type="password" id="confirmPassword" autocomplete="new-password" required>
+        </div>
+        <button type="submit" class="btn">保存</button>
+        <div id="pwdMsg" class="msg"></div>
+      </form>
+      {% endif %}
+      {% if subpage == "registration-code" %}
+      <form id="rcForm">
+        <div class="form-group">
+          <label for="newRegCode">新注册码</label>
+          <input type="text" id="newRegCode" placeholder="输入新注册码后替换原有 key" required>
+        </div>
+        <div class="form-group">
+          <label>预览</label>
+          <div id="rcPreview" style="background:#f8fafc; border:1px solid #e5e7eb; border-radius:10px; padding:10px 12px; font-size:13px; color:#334155;">
+            <div style="color:#64748b;">输入注册码后自动显示 key 预览</div>
+          </div>
+        </div>
+        <button type="submit" class="btn">替换</button>
+        <div id="rcMsg" class="msg"></div>
+      </form>
+      {% endif %}
+    </div>
+    {% else %}
     <div class="profile-card">
       <div class="profile-header">
         <div class="profile-info">
@@ -65,7 +117,7 @@
         </div>
       </div>
       <div class="profile-details">
-        <p><span class="label">用户名:</span> {{ profile_user.username }}</p>
+        <p><span class="label">用户名:</span> <span id="profileUsername">{{ profile_user.username }}</span></p>
         <p><span class="label">用户ID:</span> {{ profile_user.user_id }}</p>
         <p><span class="label">注册码:</span> {{ profile_user.registration_code|default:"无" }}</p>
         <p><span class="label">所属:</span> {{ profile_user.key|join:"、"|default:"未填写" }}</p>
@@ -74,6 +126,19 @@
       </div>
     </div>
 
+    <div class="profile-card">
+      <div class="profile-header">
+        <div class="profile-info">
+          <h2>账号设置</h2>
+        </div>
+      </div>
+      <div style="display:flex; gap:12px; flex-wrap:wrap;">
+        <a class="btn" href="{% url 'accounts:profile_username' %}">修改用户名</a>
+        <a class="btn" href="{% url 'accounts:profile_password' %}">修改密码</a>
+        <a class="btn" href="{% url 'accounts:profile_registration_code' %}">替换注册码</a>
+      </div>
+    </div>
+
     <div class="section-title">我的提交</div>
     {% if achievements %}
       <div class="image-grid">
@@ -96,49 +161,6 @@
         <a href="{% url 'elastic:upload_page' %}" style="color: #2d8cf0; text-decoration: none;">去上传第一张图片吧！</a>
       </div>
     {% endif %}
-
-    <div class="profile-card rc-card">
-      <div class="profile-header">
-        <div class="profile-info">
-          <h2>替换注册码</h2>
-        </div>
-      </div>
-      <form id="rcForm">
-        <div class="form-group">
-          <label for="newRegCode">新注册码</label>
-          <input type="text" id="newRegCode" placeholder="输入新注册码后替换原有 key" required>
-        </div>
-        <div class="form-group">
-          <label>预览</label>
-          <div id="rcPreview" style="background:#f8fafc; border:1px solid #e5e7eb; border-radius:10px; padding:10px 12px; font-size:13px; color:#334155;">
-            <div style="color:#64748b;">输入注册码后自动显示 key 预览</div>
-          </div>
-        </div>
-        <button type="submit" class="btn">替换</button>
-        <div id="rcMsg" class="msg"></div>
-      </form>
-    </div>
-
-    {% if permission_name != "管理员" and not profile_user.manage_key %}
-    <div class="profile-card">
-      <div class="profile-header">
-        <div class="profile-info">
-          <h2>修改密码</h2>
-        </div>
-      </div>
-      <form id="pwdForm">
-        <div class="form-group">
-          <label for="newPassword">新密码</label>
-          <input type="password" id="newPassword" autocomplete="new-password" required>
-        </div>
-        <div class="form-group">
-          <label for="confirmPassword">确认密码</label>
-          <input type="password" id="confirmPassword" autocomplete="new-password" required>
-        </div>
-        <button type="submit" class="btn">保存</button>
-        <div id="pwdMsg" class="msg"></div>
-      </form>
-    </div>
     {% endif %}
   </div>
 
@@ -166,20 +188,114 @@
     });
 
     // 图片放大功能
+    let modalScale = 1;
+    let modalTranslateX = 0;
+    let modalTranslateY = 0;
+    let modalDragging = false;
+    let modalDragStartX = 0;
+    let modalDragStartY = 0;
+    let modalDragOriginX = 0;
+    let modalDragOriginY = 0;
+
+    function applyModalTransform() {
+      const modalImg = document.getElementById('modalImg');
+      modalImg.style.transform = `translate(${modalTranslateX}px, ${modalTranslateY}px) scale(${modalScale})`;
+    }
+
+    function resetModalTransform() {
+      modalScale = 1;
+      modalTranslateX = 0;
+      modalTranslateY = 0;
+      applyModalTransform();
+    }
+
+    function clampScale(next) {
+      if (next < 0.2) return 0.2;
+      if (next > 5) return 5;
+      return next;
+    }
+
     function openModal(src) {
       const modal = document.getElementById('imageModal');
       const modalImg = document.getElementById('modalImg');
       modal.style.display = "flex";
       modalImg.src = src;
+      resetModalTransform();
     }
 
     function closeModal() {
       document.getElementById('imageModal').style.display = "none";
     }
 
-    window.onclick = function(event) {
+    const modalEl = document.getElementById('imageModal');
-      const modal = document.getElementById('imageModal');
+    const modalImgEl = document.getElementById('modalImg');
-      if (event.target == modal) closeModal();
+    if (modalEl && modalImgEl) {
+      modalEl.addEventListener('click', (e) => {
+        if (e.target === modalEl) closeModal();
+      });
+
+      modalImgEl.addEventListener('mousedown', (e) => {
+        if (e.button !== 0) return;
+        e.preventDefault();
+        modalDragging = true;
+        modalDragStartX = e.clientX;
+        modalDragStartY = e.clientY;
+        modalDragOriginX = modalTranslateX;
+        modalDragOriginY = modalTranslateY;
+        modalImgEl.style.cursor = 'grabbing';
+      });
+
+      window.addEventListener('mousemove', (e) => {
+        if (!modalDragging) return;
+        const dx = e.clientX - modalDragStartX;
+        const dy = e.clientY - modalDragStartY;
+        modalTranslateX = modalDragOriginX + dx;
+        modalTranslateY = modalDragOriginY + dy;
+        applyModalTransform();
+      });
+
+      window.addEventListener('mouseup', () => {
+        if (!modalDragging) return;
+        modalDragging = false;
+        modalImgEl.style.cursor = 'grab';
+      });
+
+      modalEl.addEventListener('wheel', (e) => {
+        e.preventDefault();
+        const rect = modalImgEl.getBoundingClientRect();
+        const cx = e.clientX - rect.left - rect.width / 2;
+        const cy = e.clientY - rect.top - rect.height / 2;
+        const nextScale = clampScale(modalScale * (e.deltaY < 0 ? 1.1 : 0.9));
+        const ratio = nextScale / modalScale;
+        modalTranslateX = (modalTranslateX - cx) * ratio + cx;
+        modalTranslateY = (modalTranslateY - cy) * ratio + cy;
+        modalScale = nextScale;
+        applyModalTransform();
+      }, { passive: false });
+
+      modalImgEl.addEventListener('touchstart', (e) => {
+        if (e.touches.length !== 1) return;
+        const t = e.touches[0];
+        modalDragging = true;
+        modalDragStartX = t.clientX;
+        modalDragStartY = t.clientY;
+        modalDragOriginX = modalTranslateX;
+        modalDragOriginY = modalTranslateY;
+      }, { passive: true });
+
+      modalImgEl.addEventListener('touchmove', (e) => {
+        if (!modalDragging || e.touches.length !== 1) return;
+        const t = e.touches[0];
+        const dx = t.clientX - modalDragStartX;
+        const dy = t.clientY - modalDragStartY;
+        modalTranslateX = modalDragOriginX + dx;
+        modalTranslateY = modalDragOriginY + dy;
+        applyModalTransform();
+      }, { passive: true });
+
+      modalImgEl.addEventListener('touchend', () => {
+        modalDragging = false;
+      });
     }
 
     const pwdForm = document.getElementById('pwdForm');
@@ -230,6 +346,62 @@
       });
     }
 
+    const nameForm = document.getElementById('nameForm');
+    if (nameForm) {
+      nameForm.addEventListener('submit', async (e) => {
+        e.preventDefault();
+        const msg = document.getElementById('nameMsg');
+        msg.textContent = '';
+        msg.className = 'msg';
+        const input = document.getElementById('newUsername');
+        const newName = (input.value || '').trim();
+        const currentNameEl = document.getElementById('profileUsername');
+        const currentName = (currentNameEl && currentNameEl.textContent ? currentNameEl.textContent : '').trim();
+        if (!newName) {
+          msg.textContent = '请输入用户名';
+          msg.className = 'msg error';
+          return;
+        }
+        if (newName.length > 50) {
+          msg.textContent = '用户名过长';
+          msg.className = 'msg error';
+          return;
+        }
+        if (currentName && newName === currentName) {
+          msg.textContent = '用户名未变化';
+          msg.className = 'msg error';
+          return;
+        }
+        try {
+          const csrftoken = getCookie('csrftoken');
+          const resp = await fetch('/accounts/profile/username/update/', {
+            method: 'POST',
+            credentials: 'same-origin',
+            headers: {
+              'Content-Type': 'application/json',
+              'X-CSRFToken': csrftoken || ''
+            },
+            body: JSON.stringify({ username: newName })
+          });
+          const data = await resp.json();
+          if (resp.ok && data.ok) {
+            msg.textContent = '修改成功';
+            msg.className = 'msg success';
+            if (currentNameEl) currentNameEl.textContent = data.username || newName;
+            const sidebarName = document.getElementById('sidebarUsername');
+            if (sidebarName) sidebarName.textContent = data.username || newName;
+            input.value = '';
+          } else {
+            msg.textContent = (data && data.message) ? data.message : '操作失败';
+            msg.className = 'msg error';
+          }
+        } catch (err) {
+          msg.textContent = '操作失败';
+          msg.className = 'msg error';
+        }
+      });
+    }
+
     const rcForm = document.getElementById('rcForm');
     if (rcForm) {
       let rcPreviewTimer = null;

accounts/urls.py

@@ -13,6 +13,10 @@ urlpatterns = [
     path("register/submit/", views.register_submit, name="register_submit"),
     path("email/send-code/", views.send_email_code, name="send_email_code"),
     path("profile/", views.profile_page, name="profile"),
+    path("profile/username/", views.profile_username_page, name="profile_username"),
+    path("profile/password/", views.profile_password_page, name="profile_password"),
+    path("profile/registration-code/", views.profile_registration_code_page, name="profile_registration_code"),
+    path("profile/username/update/", views.update_profile_username_view, name="update_profile_username"),
     path("profile/registration-code/replace/", views.replace_registration_code_view, name="replace_registration_code"),
     path("profile/registration-code/preview/", views.registration_code_preview_view, name="registration_code_preview"),
     path("registration-code/request/submit/", views.submit_registration_code_request_view, name="submit_registration_code_request"),

accounts/views.py

@@ -71,33 +71,62 @@ def set_session_key(request):
     request.session["session_enc_key_b64"] = base64.b64encode(key_bytes).decode("ascii")
     return JsonResponse({"ok": True})
 
-@require_http_methods(["GET"])
+def _build_profile_context(request):
-@ensure_csrf_cookie
-def profile_page(request):
     session_user_id = request.session.get("user_id")
     if session_user_id is None:
-        return redirect("/accounts/login/")
+        return None
-    
-    # 获取用户信息
     user = get_user_by_id(session_user_id)
     if not user:
-        return redirect("/accounts/login/")
+        return None
-    
-    # 获取个人提交的成就（图片）
     from elastic.es_connect import search_all
     from elastic.views import _attach_image_urls
-    
     raw_results = [r for r in search_all() if str(r.get("writer_id", "")) == str(session_user_id)]
     achievements = _attach_image_urls(request, raw_results)
-    
     permission_name = "管理员" if int(user.get("permission", 1)) == 0 else "普通用户"
-    
+    return {
-    context = {
         "username": request.session.get("username"),
         "profile_user": user,
         "permission_name": permission_name,
         "achievements": achievements,
     }
+
+@require_http_methods(["GET"])
+@ensure_csrf_cookie
+def profile_page(request):
+    context = _build_profile_context(request)
+    if context is None:
+        return redirect("/accounts/login/")
+    context["subpage"] = ""
+    return render(request, "accounts/profile.html", context)
+
+@require_http_methods(["GET"])
+@ensure_csrf_cookie
+def profile_username_page(request):
+    context = _build_profile_context(request)
+    if context is None:
+        return redirect("/accounts/login/")
+    context["subpage"] = "username"
+    context["subpage_title"] = "修改用户名"
+    return render(request, "accounts/profile.html", context)
+
+@require_http_methods(["GET"])
+@ensure_csrf_cookie
+def profile_password_page(request):
+    context = _build_profile_context(request)
+    if context is None:
+        return redirect("/accounts/login/")
+    context["subpage"] = "password"
+    context["subpage_title"] = "修改密码"
+    return render(request, "accounts/profile.html", context)
+
+@require_http_methods(["GET"])
+@ensure_csrf_cookie
+def profile_registration_code_page(request):
+    context = _build_profile_context(request)
+    if context is None:
+        return redirect("/accounts/login/")
+    context["subpage"] = "registration-code"
+    context["subpage_title"] = "替换注册码"
     return render(request, "accounts/profile.html", context)
 
 @require_http_methods(["POST"])
@@ -304,6 +333,34 @@ def replace_registration_code_view(request):
         return JsonResponse({"ok": False, "message": "替换失败"}, status=500)
     return JsonResponse({"ok": True})
 
+@require_http_methods(["POST"])
+@csrf_protect
+def update_profile_username_view(request):
+    session_user_id = request.session.get("user_id")
+    if session_user_id is None:
+        return JsonResponse({"ok": False, "message": "未登录"}, status=401)
+    try:
+        payload = json.loads(request.body.decode("utf-8"))
+    except json.JSONDecodeError:
+        return JsonResponse({"ok": False, "message": "JSON无效"}, status=400)
+    new_username = (payload.get("username") or "").strip()
+    if not new_username:
+        return JsonResponse({"ok": False, "message": "请输入用户名"}, status=400)
+    if len(new_username) > 50:
+        return JsonResponse({"ok": False, "message": "用户名过长"}, status=400)
+    me = get_user_by_id(session_user_id) or {}
+    if str(me.get("username", "")).strip() == new_username:
+        request.session["username"] = new_username
+        return JsonResponse({"ok": True, "username": new_username})
+    existing = es_get_user_by_username(new_username)
+    if existing and str(existing.get("user_id")) != str(session_user_id):
+        return JsonResponse({"ok": False, "message": "用户名已存在"}, status=409)
+    ok = update_user_by_id(session_user_id, username=new_username)
+    if not ok:
+        return JsonResponse({"ok": False, "message": "修改失败"}, status=500)
+    request.session["username"] = new_username
+    return JsonResponse({"ok": True, "username": new_username})
+
 @require_http_methods(["GET"])
 def registration_code_preview_view(request):
     session_user_id = request.session.get("user_id")

elastic/es_connect.py

@@ -831,12 +831,8 @@ def get_user_by_username(username):
 def get_all_users():
     """获取所有用户"""
     try:
-        search = UserDocument.search()
-        search = search.query("match_all")
-        response = search.execute()
-        
         users = []
-        for hit in response:
+        for hit in UserDocument.search().query("match_all").scan():
             users.append({
                 "user_id": hit.user_id,
                 "username": hit.username,
@@ -848,7 +844,6 @@ def get_all_users():
                 "key": list(getattr(hit, 'key', []) or []),
                 "manage_key": list(getattr(hit, 'manage_key', []) or []),
             })
-        
         return users
     except Exception as e:
         print(f"获取所有用户失败: {str(e)}")

elastic/templates/elastic/upload.html

@@ -103,6 +103,7 @@
     <div class="upload-section" id="dropArea">
       <h3>上传文件</h3>
       <p>点击下方按钮选择图片或PDF文件，或拖拽文件到此区域</p>
+      <p style="margin: 8px 0 0; font-size: 13px; color: #64748b;">单次最多上传 {{ max_single_upload_count|default:"3" }} 个文件。</p>
       <form id="uploadForm" enctype="multipart/form-data">
         {% csrf_token %}
         <input type="file" id="fileInput" name="file" accept="image/*,.pdf" multiple />
@@ -155,6 +156,7 @@ const dropArea = document.getElementById('dropArea');
 const progressWrap = document.getElementById('progressWrap');
 const progressBar = document.getElementById('progressBar');
 const progressText = document.getElementById('progressText');
+const MAX_SINGLE_UPLOAD_COUNT = Number('{{ max_single_upload_count|default:"3" }}');
 
 let currentItems = []; // 存储当前待处理的所有文件结果
 let selectedFiles = [];
@@ -277,13 +279,21 @@ function updateFileHint() {
 function addFiles(files) {
   const incoming = Array.from(files || []).filter(f => f && (f.type.startsWith('image/') || f.name.toLowerCase().endsWith('.pdf')));
   const existingKeys = new Set(selectedFiles.map(f => `${f.name}|${f.size}|${f.lastModified}`));
+  const rejected = [];
   incoming.forEach(f => {
     const key = `${f.name}|${f.size}|${f.lastModified}`;
-    if (!existingKeys.has(key)) {
+    if (!existingKeys.has(key) && selectedFiles.length < MAX_SINGLE_UPLOAD_COUNT) {
       existingKeys.add(key);
       selectedFiles.push(f);
+    } else if (!existingKeys.has(key) && selectedFiles.length >= MAX_SINGLE_UPLOAD_COUNT) {
+      rejected.push(f.name);
     }
   });
+  if (rejected.length) {
+    uploadMsg.textContent = `单次最多上传 ${MAX_SINGLE_UPLOAD_COUNT} 个文件，以下文件未加入：${rejected.join('、')}`;
+    uploadMsg.className = 'status-message error';
+    uploadMsg.style.display = 'block';
+  }
   const urls = selectedFiles.map(f => {
     if (f.name.toLowerCase().endsWith('.pdf')) {
         return 'data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSI0OCIgaGVpZ2h0PSI0OCIgdmlld0JveD0iMCAwIDI0IDI0IiBmaWxsPSJub25lIiBzdHJva2U9IiNlZjQ0NDQiIHN0cm9rZS13aWR0aD0iMiIgc3Ryb2tlLWxpbmVjYXA9InJvdW5kIiBzdHJva2UtbGluZWpvaW49InJvdW5kIj48cGF0aCBkPSJNMTQgMmgyYTIgMiAwIDAgMSAyIDJ2MTZhMiAyIDAgMCAxLTIgMmgtMTJhMiAyIDAgMCAxLTItMlY0YTIgMiAwIDAgMSAyLTJoMiIvPjxwYXRoIGQ9Ik0xNCAydjRjMCAxLjEgLjkgMiAyIDJoNCIvPjxwYXRoIGQ9Ik03IDloNSIvPjxwYXRoIGQ9Ik03IDEzaDUiLz48cGF0aCBkPSJNNyAxN2g4Ii8+PC9zdmc+';
@@ -460,6 +470,12 @@ uploadForm.addEventListener('submit', async (e) => {
     uploadMsg.style.display = 'block';
     return;
   }
+  if (selectedFiles.length > MAX_SINGLE_UPLOAD_COUNT) {
+    uploadMsg.textContent = `单次最多上传 ${MAX_SINGLE_UPLOAD_COUNT} 个文件，请分批上传`;
+    uploadMsg.className = 'status-message error';
+    uploadMsg.style.display = 'block';
+    return;
+  }
 
   showProgress();
   setProgress(5, '预处理中');
@@ -494,6 +510,11 @@ uploadForm.addEventListener('submit', async (e) => {
       body: formData,
     });
     clearInterval(timer);
+    const ct = (resp.headers.get('content-type') || '').toLowerCase();
+    if (!ct.includes('application/json')) {
+      const text = await resp.text();
+      throw new Error(text ? String(text).slice(0, 200) : `HTTP ${resp.status}`);
+    }
     const data = await resp.json();
     if (!resp.ok || data.status !== 'success') {
       throw new Error(data.message || '上传识别失败');

elastic/templates/elastic/users.html

@@ -289,40 +289,6 @@
   </div>
 
   <div class="main-content">
-    {% if is_student %}
-    <div class="card">
-      <div class="header"><h2>修改密码</h2></div>
-      <form id="selfPwdForm">
-        <input type="hidden" id="selfUserId" name="user_id" value="{{ user_id }}">
-        <div class="form-group">
-          <label for="password">新密码</label>
-          <input type="password" id="password" name="password" required>
-        </div>
-        <div class="form-group">
-          <label for="confirmPassword">确认密码</label>
-          <input type="password" id="confirmPassword" name="confirmPassword" required>
-        </div>
-        <button type="submit" class="btn btn-primary">保存</button>
-      </form>
-    </div>
-    {% else %}
-    {% if is_tutor %}
-    <div class="card">
-      <div class="header"><h2>修改本人密码</h2></div>
-      <form id="selfPwdForm">
-        <input type="hidden" id="selfUserId" name="user_id" value="{{ user_id }}">
-        <div class="form-group">
-          <label for="password">新密码</label>
-          <input type="password" id="password" name="password" required>
-        </div>
-        <div class="form-group">
-          <label for="confirmPassword">确认密码</label>
-          <input type="password" id="confirmPassword" name="confirmPassword" required>
-        </div>
-        <button type="submit" class="btn btn-primary">保存</button>
-      </form>
-    </div>
-    {% endif %}
     <div class="card">
       <div class="header">
         <h2>用户管理</h2>
@@ -356,7 +322,6 @@
         </table>
       </div>
     </div>
-    {% endif %}
   </div>
 
   <!-- 添加/编辑用户模态框 -->
@@ -971,30 +936,6 @@
     // 页面加载时获取用户列表
     document.addEventListener('DOMContentLoaded', function() {
         initKeyFilter();
-        const selfForm = document.getElementById('selfPwdForm');
-        if (selfForm) {
-            selfForm.addEventListener('submit', async (e) => {
-                e.preventDefault();
-                const uid = document.getElementById('selfUserId').value;
-                const pwd = document.getElementById('password').value;
-                const cpwd = document.getElementById('confirmPassword').value;
-                if (pwd !== cpwd) { showNotification('密码和确认密码不匹配', false); return; }
-                if ((pwd || '').length < 6) { showNotification('密码长度至少为6位', false); return; }
-                try {
-                    const csrftoken = getCookie('csrftoken');
-                    const resp = await fetch(`/elastic/users/${uid}/update/`, {
-                        method: 'POST', credentials: 'same-origin',
-                        headers: { 'Content-Type': 'application/json', 'X-CSRFToken': csrftoken || '' },
-                        body: JSON.stringify({ password: pwd })
-                    });
-                    const result = await resp.json();
-                    if (resp.ok && result.status === 'success') { showNotification('修改成功'); }
-                    else { showNotification(result.message || '操作失败', false); }
-                } catch (error) {
-                    showNotification('保存失败', false);
-                }
-            });
-        }
         const tbody = document.getElementById('usersTableBody');
         if (tbody) {
             const select = document.getElementById('keyFilter');

elastic/views.py

@@ -8,6 +8,7 @@ import base64
 import json
 import csv
 import io
+import mimetypes
 from datetime import datetime, timezone, timedelta
 import tempfile
 import concurrent.futures
@@ -40,6 +41,8 @@ except ImportError as e:
         HAS_PDF_SUPPORT = False
         PDF_ERROR = str(e)
 
+MAX_SINGLE_UPLOAD_COUNT = int(getattr(settings, "MAX_SINGLE_UPLOAD_COUNT", 3))
+
 
 def _filter_results_for_user(request, results):
     session_user_id = request.session.get("user_id")
@@ -614,6 +617,7 @@ def ocr_and_extract_info(image_path: str):
             return base64.b64encode(f.read()).decode("utf-8")
 
     base64_image = encode_image(image_path)
+    mime_type = mimetypes.guess_type(image_path)[0] or "image/jpeg"
 
     # api_key = getattr(settings, "AISTUDIO_API_KEY", "188f57db3766e02ed2c7e18373996d84f4112272")
     # base_url = getattr(settings, "OPENAI_BASE_URL", "https://aistudio.baidu.com/llm/lmapi/v3")
@@ -665,7 +669,7 @@ def ocr_and_extract_info(image_path: str):
                 "role": "user",
                 "content": [
                     {"type": "text", "text": f"请识别这张图片中的信息，将你认为重要的数据转换为不包含嵌套的json，不要显示其它信息以便于解析，直接输出json结果即可。使用“数据类型”字段表示这个东西的大致类型，除此之外你可以自行决定使用哪些json字段。“数据类型”的内容有严格规定，请查看{json.dumps(types, ensure_ascii=False)}中是否包含你所需要的类型，确定不包含后你才可以填入你觉得合适的大致分类。"},
-                    {"type": "image_url", "image_url": {"url": f"data:image/png;base64,{base64_image}"}},
+                    {"type": "image_url", "image_url": {"url": f"data:{mime_type};base64,{base64_image}"}},
                 ],
             },
         ],
@@ -715,6 +719,7 @@ def upload_page(request):
     context = {
         "user_id": user_id_qs or session_user_id,
         "username": me.get("username"),
+        "max_single_upload_count": MAX_SINGLE_UPLOAD_COUNT,
     }
     return render(request, "elastic/upload.html", context)
 
@@ -722,6 +727,7 @@ def upload_page(request):
 # 上传并识别（不入库）
 @require_http_methods(["POST"])
 def upload(request):
+    try:
         if request.session.get("user_id") is None:
             fallback_uid = request.POST.get("user_id") or request.GET.get("user_id")
             if fallback_uid:
@@ -737,15 +743,22 @@ def upload(request):
                 files = [one]
         if not files:
             return JsonResponse({"status": "error", "message": "未选择文件"}, status=400)
+        if len(files) > MAX_SINGLE_UPLOAD_COUNT:
+            return JsonResponse(
+                {
+                    "status": "error",
+                    "message": f"单次最多上传 {MAX_SINGLE_UPLOAD_COUNT} 个文件，请分批上传",
+                },
+                status=400,
+            )
 
         images_dir = os.path.join(settings.MEDIA_ROOT, "images")
         os.makedirs(images_dir, exist_ok=True)
         
-    # 按照原始文件进行分组处理
         file_results = []
         
         for f in files:
-        group_images = [] # 存储该文件生成的所有图片路径信息 (abs_path, filename)
+            group_images = []
             is_pdf = f.name.lower().endswith('.pdf')
             
             if is_pdf:
@@ -780,41 +793,49 @@ def upload(request):
                         dst.write(chunk)
                 group_images.append((abs_path, filename))
 
-        # 对该组图片并行进行 OCR 识别
             def run_ocr(img_info):
                 abs_p, fname = img_info
                 try:
                     data = ocr_and_extract_info(abs_p)
-                return data
+                    return data, None
-            except Exception:
+                except Exception as e:
-                return None
+                    return None, f"{fname}: {str(e)}"
 
             group_data_list = []
+            group_errors = []
             with concurrent.futures.ThreadPoolExecutor(max_workers=min(len(group_images), 8)) as executor:
                 futures = [executor.submit(run_ocr, img_info) for img_info in group_images]
                 for future in concurrent.futures.as_completed(futures):
-                res = future.result()
+                    res, err = future.result()
                     if res:
                         group_data_list.append(res)
+                    elif err:
+                        group_errors.append(err)
 
-        # 合并该文件的多页识别结果
             merged_group_data = {}
             for item in group_data_list:
-            if not isinstance(item, dict): continue
+                if not isinstance(item, dict):
+                    continue
                 for k, v in item.items():
                     key = str(k).strip()
-                if not key: continue
+                    if not key:
+                        continue
                     if key not in merged_group_data or merged_group_data.get(key) in (None, ''):
                         merged_group_data[key] = v
                     elif merged_group_data.get(key) != v:
                         base = key
                         idx = 2
-                    while f"{base}_{idx}" in merged_group_data: idx += 1
+                        while f"{base}_{idx}" in merged_group_data:
+                            idx += 1
                         merged_group_data[f"{base}_{idx}"] = v
 
             if not merged_group_data:
-            # 如果没识别到，至少保留一个空结构或者包含文件名的提示
+                merged_group_data = {
-            merged_group_data = {"文件名": f.name, "提示": "未识别到具体内容"}
+                    "文件名": f.name,
+                    "提示": "未识别到具体内容" if not group_errors else "识别失败",
+                }
+                if group_errors:
+                    merged_group_data["错误信息"] = "；".join(group_errors[:3])
 
             rel_paths = [f"images/{img[1]}" for img in group_images]
             image_urls = [request.build_absolute_uri(settings.MEDIA_URL + rp) for rp in rel_paths]
@@ -831,6 +852,8 @@ def upload(request):
             "message": f"成功处理 {len(file_results)} 个文件，请确认数据后点击录入",
             "items": file_results,
         })
+    except Exception as e:
+        return JsonResponse({"status": "error", "message": str(e) or "上传失败"}, status=500)
 
 
 # 确认并入库
@@ -1025,7 +1048,7 @@ def analytics_types_view(request):
             size_int = int(size) if size is not None else 10
         except Exception:
             size_int = 10
-        data = es_analytics_types(gte=gte, lte=lte, size=size_int)
+        data = es_analytics_types(gte=gte, lte=lte, limit=size_int)
         return JsonResponse({"status": "success", "data": data})
     except Exception as e:
         return JsonResponse({"status": "error", "message": str(e)}, status=500)
@@ -1262,6 +1285,10 @@ def add_key_view(request):
                 request.session.modified = True
             except Exception:
                 pass
+            cur_manage = [str(x).strip() for x in list((me or {}).get("manage_key") or []) if str(x).strip()]
+            if key_name not in cur_manage:
+                cur_manage.append(key_name)
+            es_update_user_by_id(uid, manage_key=cur_manage)
         elif can_manage_reg:
             cur = [str(x).strip() for x in list((me or {}).get("registration_manage_keys") or []) if str(x).strip()]
             if key_name not in cur: