From f087edab5d1d3dfff2f3e22cb15aefde7059f4b2 Mon Sep 17 00:00:00 2001
From: ck_yeun9 <jackson@oscode.top>
Date: Sun, 15 Feb 2026 21:03:10 +0800
Subject: [PATCH 01/10] feat: implement two-factor authentication features and
 enhance API structure

- Added support for two-factor authentication in the sign-in process, including UI components for entering verification codes and managing two-factor settings.
- Updated API calls to handle different login types (admin and employee) and added endpoints for two-factor operations.
- Enhanced error handling and success notifications for API responses.
- Refactored base API setup to improve code organization and maintainability.
- Added new permission codes related to two-factor authentication for both admin and staff management.
- Updated i18n messages to support new two-factor authentication features and UI elements.
---
 components.d.ts              |   2 +
 src/api/baseapi.js           | 112 +++++++++
 src/api/basicapi.js          | 144 ++++++++++-
 src/api/index.js             |  85 +------
 src/common/permissioncode.js |  10 +
 src/i18n.js                  |  82 ++++++
 src/layouts/MainLayout.vue   | 465 ++++++++++++++++++++++++++++++++++-
 src/views/SignInView.vue     | 212 ++++++++++++++--
 vite.config.js               |   2 +-
 9 files changed, 996 insertions(+), 118 deletions(-)
 create mode 100644 src/api/baseapi.js

diff --git a/components.d.ts b/components.d.ts
index 93fddf8..5135cc6 100644
--- a/components.d.ts
+++ b/components.d.ts
@@ -41,6 +41,7 @@ declare module 'vue' {
     APageHeader: typeof import('ant-design-vue/es')['PageHeader']
     APopconfirm: typeof import('ant-design-vue/es')['Popconfirm']
     AProgress: typeof import('ant-design-vue/es')['Progress']
+    AQrcode: typeof import('ant-design-vue/es')['QRCode']
     ARadio: typeof import('ant-design-vue/es')['Radio']
     ARadioButton: typeof import('ant-design-vue/es')['RadioButton']
     ARadioGroup: typeof import('ant-design-vue/es')['RadioGroup']
@@ -63,6 +64,7 @@ declare module 'vue' {
     ATimeline: typeof import('ant-design-vue/es')['Timeline']
     ATimelineItem: typeof import('ant-design-vue/es')['TimelineItem']
     ATooltip: typeof import('ant-design-vue/es')['Tooltip']
+    ATypographyParagraph: typeof import('ant-design-vue/es')['TypographyParagraph']
     AUpload: typeof import('ant-design-vue/es')['Upload']
     CaretRightOutlined: typeof import('@ant-design/icons-vue')['CaretRightOutlined']
     CarryOutOutlined: typeof import('@ant-design/icons-vue')['CarryOutOutlined']
diff --git a/src/api/baseapi.js b/src/api/baseapi.js
new file mode 100644
index 0000000..a503590
--- /dev/null
+++ b/src/api/baseapi.js
@@ -0,0 +1,112 @@
+import axios from "axios";
+import { csrfTokenManager } from "@/utils/csrf";
+import { handleApiError, handleHttpError } from "@/common/errorHandler";
+
+const api = axios.create({
+  baseURL: import.meta.env.VITE_API_URL,
+  timeout: 30000,
+  withCredentials: true,
+});
+
+export const isApiSuccess = (payload) => {
+  if (!payload || typeof payload !== "object") {
+    return false;
+  }
+  if (typeof payload.Success === "boolean") {
+    return payload.Success;
+  }
+  if (typeof payload.Code === "number") {
+    return payload.Code === 0;
+  }
+  return false;
+};
+
+export const getApiMessage = (payload) =>
+  payload?.Message || payload?.message || "Request failed";
+
+// 创建一个函数来设置认证头
+const setAuthorizationHeader = (config) => {
+  const token = localStorage.getItem("token");
+  if (token) {
+    config.headers.Authorization = `Bearer ${token}`;
+  }
+  return config;
+};
+
+// 创建一个重试机制
+const retryRequest = async (error) => {
+  const failedRequest = error.config;
+
+  // 如果已经重试过，则不再重试
+  if (failedRequest._retry) {
+    return Promise.reject(error);
+  }
+
+  // 标记这个请求已经重试过
+  failedRequest._retry = true;
+
+  // 重新从 localStorage 获取 token
+  const token = localStorage.getItem("token");
+  if (token) {
+    failedRequest.headers.Authorization = `Bearer ${token}`;
+    return api(failedRequest);
+  }
+
+  return Promise.reject(error);
+};
+
+api.interceptors.request.use(
+  async (config) => {
+    // 设置认证头
+    config = setAuthorizationHeader(config);
+
+    // 设置 CSRF Token
+    const csrfToken = csrfTokenManager.getToken();
+    if (csrfToken) {
+      config.headers["X-CSRF-TOKEN-HEADER"] = csrfToken;
+    }
+
+    return config;
+  },
+  async (error) => {
+    // 检查是否是 token 相关错误
+    if (error.isTokenError) {
+      return retryRequest(error);
+    }
+
+    // 其他错误直接拒绝
+    return Promise.reject(error);
+  },
+);
+
+api.interceptors.response.use(
+  (response) => {
+    if (response?.config?.skipBusinessErrorHandling) {
+      return response;
+    }
+
+    const resData = response.data;
+    if (typeof resData === "string" && resData.includes("Version")) {
+      return response;
+    }
+
+    const hasBusinessFlag =
+      typeof resData?.Success === "boolean" ||
+      typeof resData?.Code === "number";
+
+    if (hasBusinessFlag && !isApiSuccess(resData)) {
+      return handleApiError(resData, response);
+    }
+
+    return response;
+  },
+  (error) => {
+    if (error?.config?.skipHttpErrorHandling) {
+      return Promise.reject(error);
+    }
+
+    return handleHttpError(error);
+  },
+);
+
+export default api;
diff --git a/src/api/basicapi.js b/src/api/basicapi.js
index 09f771d..9389e98 100644
--- a/src/api/basicapi.js
+++ b/src/api/basicapi.js
@@ -1,17 +1,51 @@
 import api from "../api";
 
+const LOGIN_ENDPOINTS = {
+  admin: "/Admin/Login",
+  employee: "/Employee/EmployeeLogin",
+};
+
+const TWO_FACTOR_CONTROLLERS = {
+  admin: "Admin",
+  employee: "Employee",
+};
+
+const resolveLoginEndpoint = (loginType = "admin") =>
+  LOGIN_ENDPOINTS[loginType] || LOGIN_ENDPOINTS.admin;
+
+const resolveTwoFactorController = (loginType = "admin") =>
+  TWO_FACTOR_CONTROLLERS[loginType] || TWO_FACTOR_CONTROLLERS.admin;
+
+const toErrorPayload = (error) =>
+  error?.response?.data || {
+    Code: -1,
+    Message: error?.message || "Request failed",
+    Data: null,
+  };
+
+export const isApiSuccess = (payload) => {
+  if (!payload || typeof payload !== "object") return false;
+  if (typeof payload.Success === "boolean") return payload.Success;
+  if (typeof payload.Code === "number") return payload.Code === 0;
+  return false;
+};
+
+export const getApiMessage = (payload) =>
+  payload?.Message || payload?.message || "Request failed";
+
+export const isTwoFactorChallenge = (payload) =>
+  payload?.Code === 1401 && payload?.Data?.RequiresTwoFactor === true;
+
 // 登录
-export const signIn = async (data) => {
+export const signIn = async (data, loginType = "admin") => {
   try {
-    const response = await api.post("/Admin/Login", data);
-    const resData = response.data;
-    if (resData.Success) {
-      return resData;
-    } else {
-      throw new Error(`Login failed with status code: ${response.status}`);
-    }
+    const response = await api.post(resolveLoginEndpoint(loginType), data, {
+      skipBusinessErrorHandling: true,
+      skipHttpErrorHandling: true,
+    });
+    return response.data;
   } catch (error) {
-    throw error;
+    throw toErrorPayload(error);
   }
 };
 
@@ -20,7 +54,7 @@ export const signOut = async (data) => {
   try {
     const response = await api.post("/Admin/Logout", data);
     const resData = response.data;
-    if (resData.Success) {
+    if (isApiSuccess(resData)) {
       return resData;
     } else {
       throw new Error(`Logout failed with status code: ${response.status}`);
@@ -36,3 +70,93 @@ export const getServerVersion = async () => {
   const resData = response.data;
   return resData;
 };
+
+export const fetchTwoFactorStatus = async (loginType = "admin") => {
+  try {
+    const controller = resolveTwoFactorController(loginType);
+    const response = await api.get(`/${controller}/GetTwoFactorStatus`, {
+      skipBusinessErrorHandling: true,
+      skipHttpErrorHandling: true,
+    });
+    return response.data;
+  } catch (error) {
+    throw toErrorPayload(error);
+  }
+};
+
+export const generateTwoFactorSetup = async (loginType = "admin") => {
+  try {
+    const controller = resolveTwoFactorController(loginType);
+    const response = await api.post(
+      `/${controller}/GenerateTwoFactorSetup`,
+      {},
+      {
+        skipBusinessErrorHandling: true,
+        skipHttpErrorHandling: true,
+      },
+    );
+    return response.data;
+  } catch (error) {
+    throw toErrorPayload(error);
+  }
+};
+
+export const enableTwoFactor = async (
+  loginType = "admin",
+  verificationCode = "",
+) => {
+  try {
+    const controller = resolveTwoFactorController(loginType);
+    const response = await api.post(
+      `/${controller}/EnableTwoFactor`,
+      { VerificationCode: verificationCode },
+      {
+        skipBusinessErrorHandling: true,
+        skipHttpErrorHandling: true,
+      },
+    );
+    return response.data;
+  } catch (error) {
+    throw toErrorPayload(error);
+  }
+};
+
+export const disableTwoFactor = async (
+  loginType = "admin",
+  verificationCode = "",
+) => {
+  try {
+    const controller = resolveTwoFactorController(loginType);
+    const response = await api.post(
+      `/${controller}/DisableTwoFactor`,
+      { VerificationCode: verificationCode },
+      {
+        skipBusinessErrorHandling: true,
+        skipHttpErrorHandling: true,
+      },
+    );
+    return response.data;
+  } catch (error) {
+    throw toErrorPayload(error);
+  }
+};
+
+export const regenerateTwoFactorRecoveryCodes = async (
+  loginType = "admin",
+  verificationCode = "",
+) => {
+  try {
+    const controller = resolveTwoFactorController(loginType);
+    const response = await api.post(
+      `/${controller}/RegenerateTwoFactorRecoveryCodes`,
+      { VerificationCode: verificationCode },
+      {
+        skipBusinessErrorHandling: true,
+        skipHttpErrorHandling: true,
+      },
+    );
+    return response.data;
+  } catch (error) {
+    throw toErrorPayload(error);
+  }
+};
diff --git a/src/api/index.js b/src/api/index.js
index 23922dd..a7e7910 100644
--- a/src/api/index.js
+++ b/src/api/index.js
@@ -1,85 +1,4 @@
-import axios from "axios";
-import router from "../router";
-import { csrfTokenManager } from "@/utils/csrf";
-import { handleApiError, handleHttpError } from "@/common/errorHandler";
-
-const api = axios.create({
-  baseURL: import.meta.env.VITE_API_URL,
-  timeout: 30000,
-  withCredentials: true,
-});
-
-// 创建一个函数来设置认证头
-const setAuthorizationHeader = (config) => {
-  const token = localStorage.getItem("token");
-  if (token) {
-    config.headers.Authorization = `Bearer ${token}`;
-  }
-  return config;
-};
-
-// 创建一个重试机制
-const retryRequest = async (error) => {
-  const failedRequest = error.config;
-
-  // 如果已经重试过，则不再重试
-  if (failedRequest._retry) {
-    return Promise.reject(error);
-  }
-
-  // 标记这个请求已经重试过
-  failedRequest._retry = true;
-
-  // 重新从 localStorage 获取 token
-  const token = localStorage.getItem("token");
-  if (token) {
-    failedRequest.headers.Authorization = `Bearer ${token}`;
-    return api(failedRequest);
-  }
-
-  return Promise.reject(error);
-};
-
-api.interceptors.request.use(
-  async (config) => {
-    // 设置认证头
-    config = setAuthorizationHeader(config);
-
-    // 设置 CSRF Token
-    const csrfToken = csrfTokenManager.getToken();
-    if (csrfToken) {
-      config.headers["X-CSRF-TOKEN-HEADER"] = csrfToken;
-    }
-
-    return config;
-  },
-  async (error) => {
-    // 检查是否是 token 相关错误
-    if (error.isTokenError) {
-      return retryRequest(error);
-    }
-
-    // 其他错误直接拒绝
-    return Promise.reject(error);
-  },
-);
-
-api.interceptors.response.use(
-  (response) => {
-    const resData = response.data;
-    if (typeof resData === "string" && resData.includes("Version")) {
-      return response;
-    }
-
-    if (!resData.Success) {
-      return handleApiError(resData, response);
-    }
-
-    return response;
-  },
-  (error) => {
-    return handleHttpError(error);
-  },
-);
+import api from "./baseapi";
 
+export * from "./baseapi";
 export default api;
diff --git a/src/common/permissioncode.js b/src/common/permissioncode.js
index 205e265..e0cbe85 100644
--- a/src/common/permissioncode.js
+++ b/src/common/permissioncode.js
@@ -69,6 +69,11 @@ export const AdministratorManagementPermissions = {
   UPDATE: "administratormanagement.update",
   DELETE: "administratormanagement.delete",
   ASSIGN_VIEW: "system:user:assign.view",
+  GET_TWO_FACTOR: "system:admin:get2fa",
+  GENERATE_TWO_FACTOR: "system:admin:generate2fa",
+  ENABLE_TWO_FACTOR: "system:admin:enable2fa",
+  DISABLE_TWO_FACTOR: "system:admin:disable2fa",
+  RECOVERY_TWO_FACTOR: "system:admin:recovery2fa",
 };
 
 // 角色管理 (Role Management)
@@ -132,6 +137,11 @@ export const StaffManagementPermissions = {
   STATUS: "staffmanagement.status",
   RESET: "staffmanagement.reset",
   ASSIGN_VIEW: "system:user:assign.view",
+  GET_TWO_FACTOR: "staffmanagement.get2fa",
+  GENERATE_TWO_FACTOR: "staffmanagement.generate2fa",
+  ENABLE_TWO_FACTOR: "staffmanagement.enable2fa",
+  DISABLE_TWO_FACTOR: "staffmanagement.disable2fa",
+  RECOVERY_TWO_FACTOR: "staffmanagement.recovery2fa",
 };
 
 // ==================== 房间信息管理模块 ====================
diff --git a/src/i18n.js b/src/i18n.js
index cb0915a..6324814 100644
--- a/src/i18n.js
+++ b/src/i18n.js
@@ -46,6 +46,50 @@ const messages = {
       batchDeleteSuccess: "Batch Delete Success",
       resetPassword: "Reset Password",
       selectYourLang: "Please choose your language",
+      accountType: "Account Type",
+      pleaseSelectAccountType: "Please select account type",
+      accountTypeAdmin: "Admin",
+      accountTypeEmployee: "Employee",
+      twoFactor: "2FA",
+      twoFactorVerification: "Two-Factor Verification",
+      twoFactorAuthentication: "Two-Factor Authentication",
+      twoFactorPrompt:
+        "Please enter a 6-digit authenticator code or a recovery code.",
+      twoFactorCode: "Verification / Recovery Code",
+      verify: "Verify",
+      enabledAt: "Enabled At",
+      lastVerifiedAt: "Last Verified At",
+      remainingRecoveryCodes: "Remaining Recovery Codes",
+      generateTwoFactorSetup: "Generate Setup",
+      twoFactorSetupSecurityTip:
+        "Do not share the setup key. Save it securely.",
+      enterSixDigitCode: "Enter 6-digit code",
+      enterSixDigitCodeToDisable: "Enter 6-digit code to disable",
+      enterTwoFactorOrRecoveryCode: "Enter 6-digit code or recovery code",
+      enterCodeOrRecoveryCode: "Enter 6-digit code or recovery code",
+      enterCodeOrRecoveryCodeToDisable:
+        "Enter 6-digit code or recovery code to disable",
+      enableTwoFactor: "Enable 2FA",
+      disableTwoFactor: "Disable 2FA",
+      invalidTwoFactorCode: "Please input a valid 6-digit verification code.",
+      invalidCodeOrRecoveryCode:
+        "Please input a valid 6-digit code or recovery code.",
+      twoFactorSetupGenerated: "Two-factor setup generated.",
+      twoFactorEnabledSuccess: "2FA enabled successfully.",
+      twoFactorDisabledSuccess: "2FA disabled successfully.",
+      regenerateRecoveryCodes: "Regenerate Recovery Codes",
+      recoveryCodesOneTimeHint: "Recovery codes are shown once. Save them now.",
+      copyAllRecoveryCodes: "Copy All Recovery Codes",
+      recoveryCodesCopiedSuccess: "Recovery codes copied.",
+      recoveryCodesCopyFailed: "Failed to copy recovery codes.",
+      recoveryCodesRegeneratedSuccess:
+        "Recovery codes regenerated successfully.",
+      lowRecoveryCodesWarning:
+        "Only {count} recovery code(s) left. Regenerate soon.",
+      twoFactorRecoveryCodeSetupTip:
+        "2FA enabled. Save your recovery codes now (shown only once).",
+      recoveryCodeLoginTip:
+        "Recovery code was used for this login. Rebind your authenticator and regenerate recovery codes immediately.",
       refreshData: "Refresh Data",
       addSuccess: "Add Success",
       updateSuccess: "Update Success",
@@ -725,6 +769,44 @@ const messages = {
       batchDeleteSuccess: "批量删除成功",
       resetPassword: "重置密码",
       selectYourLang: "请选择您的语言",
+      accountType: "账号类型",
+      pleaseSelectAccountType: "请选择账号类型",
+      accountTypeAdmin: "管理员",
+      accountTypeEmployee: "员工",
+      twoFactor: "两步验证入口",
+      twoFactorVerification: "两步验证",
+      twoFactorAuthentication: "两步验证设置",
+      twoFactorPrompt: "请输入 6 位验证码或恢复备用码",
+      twoFactorCode: "验证码/备用码",
+      verify: "验证",
+      enabledAt: "启用时间",
+      lastVerifiedAt: "最近验证时间",
+      remainingRecoveryCodes: "剩余备用码数量",
+      generateTwoFactorSetup: "生成绑定信息",
+      twoFactorSetupSecurityTip: "请勿泄露绑定密钥，并妥善保管。",
+      enterSixDigitCode: "请输入 6 位验证码",
+      enterSixDigitCodeToDisable: "请输入 6 位验证码以关闭",
+      enterTwoFactorOrRecoveryCode: "请输入 6 位验证码或恢复备用码",
+      enterCodeOrRecoveryCode: "请输入 6 位验证码或恢复备用码",
+      enterCodeOrRecoveryCodeToDisable: "请输入 6 位验证码或恢复备用码以关闭",
+      enableTwoFactor: "启用 2FA",
+      disableTwoFactor: "关闭 2FA",
+      invalidTwoFactorCode: "请输入有效的 6 位验证码",
+      invalidCodeOrRecoveryCode: "请输入有效的 6 位验证码或恢复备用码",
+      twoFactorSetupGenerated: "已生成 2FA 绑定信息",
+      twoFactorEnabledSuccess: "2FA 启用成功",
+      twoFactorDisabledSuccess: "2FA 关闭成功",
+      regenerateRecoveryCodes: "重置恢复备用码",
+      recoveryCodesOneTimeHint: "备用码明文仅展示一次，请立即保存。",
+      copyAllRecoveryCodes: "复制全部备用码",
+      recoveryCodesCopiedSuccess: "备用码已复制",
+      recoveryCodesCopyFailed: "备用码复制失败，请手动复制",
+      recoveryCodesRegeneratedSuccess: "恢复备用码已重置",
+      lowRecoveryCodesWarning: "剩余备用码仅 {count} 个，建议立即重置。",
+      twoFactorRecoveryCodeSetupTip:
+        "2FA 已启用，请立即保存恢复备用码（仅展示一次）。",
+      recoveryCodeLoginTip:
+        "本次登录使用了恢复备用码，请立即重新绑定验证器并重置备用码。",
       refreshData: "刷新数据",
       addSuccess: "添加成功",
       updateSuccess: "更新成功",
diff --git a/src/layouts/MainLayout.vue b/src/layouts/MainLayout.vue
index 5b8ad20..a3bd4aa 100644
--- a/src/layouts/MainLayout.vue
+++ b/src/layouts/MainLayout.vue
@@ -24,6 +24,14 @@
           <a-button type="link" style="margin-right: 10px">{{
             username
           }}</a-button>
+          <a-button
+            v-if="showTwoFactorEntry"
+            type="link"
+            style="margin-right: 10px"
+            @click="openTwoFactorModal"
+          >
+            {{ $t("message.twoFactor") }}
+          </a-button>
           <a-button type="link" style="margin-right: 10px" @click="logout">{{
             $t("message.logout")
           }}</a-button>
@@ -72,6 +80,145 @@
         <router-view />
       </a-layout-content>
     </a-layout>
+
+    <a-modal
+      v-model:open="twoFactorModalOpen"
+      :title="$t('message.twoFactorAuthentication')"
+      :footer="null"
+      :mask-closable="false"
+      @cancel="closeTwoFactorModal"
+    >
+      <a-spin :spinning="twoFactorStatusLoading || twoFactorActionLoading">
+        <a-descriptions :column="1" size="small" bordered>
+          <a-descriptions-item :label="$t('message.status')">
+            {{
+              twoFactorStatus?.IsEnabled
+                ? $t("message.enabled")
+                : $t("message.disabled")
+            }}
+          </a-descriptions-item>
+          <a-descriptions-item :label="$t('message.enabledAt')">
+            {{
+              twoFactorStatus?.EnabledAt
+                ? formatDateTime(twoFactorStatus.EnabledAt)
+                : "-"
+            }}
+          </a-descriptions-item>
+          <a-descriptions-item :label="$t('message.lastVerifiedAt')">
+            {{
+              twoFactorStatus?.LastVerifiedAt
+                ? formatDateTime(twoFactorStatus.LastVerifiedAt)
+                : "-"
+            }}
+          </a-descriptions-item>
+          <a-descriptions-item :label="$t('message.remainingRecoveryCodes')">
+            {{ twoFactorStatus?.RemainingRecoveryCodes ?? "-" }}
+          </a-descriptions-item>
+        </a-descriptions>
+
+        <a-alert
+          v-if="showLowRecoveryCodesWarning"
+          type="warning"
+          show-icon
+          :message="
+            $t('message.lowRecoveryCodesWarning', {
+              count: twoFactorStatus?.RemainingRecoveryCodes ?? 0,
+            })
+          "
+          style="margin-top: 12px"
+        />
+
+        <div v-if="!twoFactorStatus?.IsEnabled" style="margin-top: 16px">
+          <a-button type="primary" @click="handleGenerateTwoFactorSetup">
+            {{ $t("message.generateTwoFactorSetup") }}
+          </a-button>
+        </div>
+
+        <div v-if="twoFactorSetupData" style="margin-top: 16px">
+          <a-alert
+            type="warning"
+            show-icon
+            :message="$t('message.twoFactorSetupSecurityTip')"
+            style="margin-bottom: 12px"
+          />
+          <div
+            style="display: flex; justify-content: center; margin-bottom: 12px"
+          >
+            <a-qrcode :value="twoFactorSetupData.OtpAuthUri" :size="180" />
+          </div>
+          <a-typography-paragraph copyable>
+            {{ twoFactorSetupData.ManualEntryKey }}
+          </a-typography-paragraph>
+          <a-input
+            :value="twoFactorEnableCode"
+            :maxlength="6"
+            :placeholder="$t('message.enterSixDigitCode')"
+            @update:value="updateTwoFactorEnableCode"
+          />
+          <a-button
+            type="primary"
+            style="margin-top: 12px"
+            @click="handleEnableTwoFactor"
+          >
+            {{ $t("message.enableTwoFactor") }}
+          </a-button>
+        </div>
+
+        <div v-if="twoFactorStatus?.IsEnabled" style="margin-top: 16px">
+          <a-alert
+            v-if="showRecoveryCodesGuide"
+            type="warning"
+            show-icon
+            :message="$t('message.twoFactorRecoveryCodeSetupTip')"
+            style="margin-bottom: 12px"
+          />
+          <a-input
+            :value="twoFactorRecoveryCode"
+            :maxlength="32"
+            :placeholder="$t('message.enterCodeOrRecoveryCode')"
+            @update:value="updateTwoFactorRecoveryCode"
+          />
+          <a-button
+            type="primary"
+            style="margin-top: 12px"
+            @click="handleRegenerateRecoveryCodes"
+          >
+            {{ $t("message.regenerateRecoveryCodes") }}
+          </a-button>
+
+          <div v-if="latestRecoveryCodes.length > 0" style="margin-top: 12px">
+            <a-alert
+              type="warning"
+              show-icon
+              :message="$t('message.recoveryCodesOneTimeHint')"
+              style="margin-bottom: 8px"
+            />
+            <a-typography-paragraph style="white-space: pre-line">
+              {{ recoveryCodesText }}
+            </a-typography-paragraph>
+            <a-button type="primary" @click="copyAllRecoveryCodes">
+              {{ $t("message.copyAllRecoveryCodes") }}
+            </a-button>
+          </div>
+
+          <a-input
+            :value="twoFactorDisableCode"
+            :maxlength="32"
+            :placeholder="$t('message.enterCodeOrRecoveryCodeToDisable')"
+            style="margin-top: 16px"
+            @update:value="updateTwoFactorDisableCode"
+          />
+          <a-button
+            danger
+            style="margin-top: 12px"
+            @click="handleDisableTwoFactor"
+          >
+            {{ $t("message.disableTwoFactor") }}
+          </a-button>
+        </div>
+      </a-spin>
+    </a-modal>
+
     <a-layout-footer style="text-align: center">
       © {{ "2024-" + new Date().getFullYear() }} {{ $t("message.org") }}
       {{ $t("message.systemName") }} | {{ $t("message.serverVersion") }}:
@@ -93,15 +240,33 @@ import {
 } from "vue";
 import { useStorage } from "@vueuse/core";
 import { useRoute, useRouter } from "vue-router";
-import { showErrorNotification } from "@/utils/index";
+import {
+  formatDateTime,
+  showErrorNotification,
+  showSuccessNotification,
+} from "@/utils/index";
 import { fetchMenusTree } from "../api/menuapi";
 import { BaseFields } from "@/entities/common.entity";
+import {
+  AdministratorManagementPermissions,
+  StaffManagementPermissions,
+} from "@/common/permissioncode";
 
 import { useI18n } from "vue-i18n";
 import RecursiveMenu from "./Menu/RecursiveMenu.vue";
 import { emitter } from "@/utils/eventBus";
 
-import { getServerVersion, signOut } from "../api/basicapi";
+import {
+  disableTwoFactor,
+  enableTwoFactor,
+  fetchTwoFactorStatus,
+  generateTwoFactorSetup,
+  getApiMessage,
+  isApiSuccess,
+  regenerateTwoFactorRecoveryCodes,
+  signOut,
+  getServerVersion,
+} from "../api/basicapi";
 
 const serverVersion = ref("");
 
@@ -212,6 +377,71 @@ const { locale, t } = useI18n();
 const currentLocale = ref(locale.value);
 const openKeys = useStorage("menu-open-keys", []);
 const currentRouteKey = ref("");
+const loginType = ref(localStorage.getItem("loginType") || "admin");
+const allowedPermissionCodes = ref([]);
+const twoFactorModalOpen = ref(false);
+const twoFactorStatusLoading = ref(false);
+const twoFactorActionLoading = ref(false);
+const twoFactorStatus = ref(null);
+const twoFactorSetupData = ref(null);
+const twoFactorEnableCode = ref("");
+const twoFactorDisableCode = ref("");
+const twoFactorRecoveryCode = ref("");
+const latestRecoveryCodes = ref([]);
+const showRecoveryCodesGuide = ref(false);
+const LOW_RECOVERY_CODES_THRESHOLD = 2;
+const showLowRecoveryCodesWarning = computed(() => {
+  if (!twoFactorStatus.value?.IsEnabled) return false;
+  const remaining = Number(twoFactorStatus.value?.RemainingRecoveryCodes);
+  return (
+    Number.isFinite(remaining) && remaining <= LOW_RECOVERY_CODES_THRESHOLD
+  );
+});
+const recoveryCodesText = computed(() => latestRecoveryCodes.value.join("\n"));
+
+const TWO_FACTOR_PERMISSION_BY_LOGIN_TYPE = {
+  admin: [
+    AdministratorManagementPermissions.GET_TWO_FACTOR,
+    AdministratorManagementPermissions.GENERATE_TWO_FACTOR,
+    AdministratorManagementPermissions.ENABLE_TWO_FACTOR,
+    AdministratorManagementPermissions.DISABLE_TWO_FACTOR,
+    AdministratorManagementPermissions.RECOVERY_TWO_FACTOR,
+  ],
+  employee: [
+    StaffManagementPermissions.GET_TWO_FACTOR,
+    StaffManagementPermissions.GENERATE_TWO_FACTOR,
+    StaffManagementPermissions.ENABLE_TWO_FACTOR,
+    StaffManagementPermissions.DISABLE_TWO_FACTOR,
+    StaffManagementPermissions.RECOVERY_TWO_FACTOR,
+  ],
+};
+
+const parseStoredAllowedPermissions = () => {
+  try {
+    const rawPerms = localStorage.getItem("allowedPerms");
+    const parsedPerms = rawPerms ? JSON.parse(rawPerms) : [];
+    return Array.isArray(parsedPerms) ? parsedPerms : [];
+  } catch (error) {
+    return [];
+  }
+};
+
+const syncAllowedPermissions = () => {
+  allowedPermissionCodes.value = parseStoredAllowedPermissions();
+};
+
+const showTwoFactorEntry = computed(() => {
+  if (!isLoggedIn.value) return false;
+  const requiredPermissions =
+    TWO_FACTOR_PERMISSION_BY_LOGIN_TYPE[loginType.value] || [];
+  if (!Array.isArray(requiredPermissions) || requiredPermissions.length === 0) {
+    return false;
+  }
+  return requiredPermissions.some((code) =>
+    allowedPermissionCodes.value.includes(code),
+  );
+});
+
 const selectedKeys = computed(() => {
   const normalize = (p) => (p || "").replace(/\/$/, "");
   const target = normalize(route.path);
@@ -284,11 +514,12 @@ const refreshMenu = async () => {
     const unique = (arr) => Array.from(new Set(arr.filter(Boolean)));
     const allowedMenuKeys = unique(keys);
     const allowedPaths = unique(paths).map((p) => (p || "").replace(/\/$/, ""));
-    const allowedPerms = unique(perms);
+    const allowedPermList = unique(perms);
 
     localStorage.setItem("allowedMenuKeys", JSON.stringify(allowedMenuKeys));
     localStorage.setItem("allowedPaths", JSON.stringify(allowedPaths));
-    localStorage.setItem("allowedPerms", JSON.stringify(allowedPerms));
+    localStorage.setItem("allowedPerms", JSON.stringify(allowedPermList));
+    allowedPermissionCodes.value = allowedPermList;
 
     // 3) 还原展开状态
     openKeys.value = currentOpenKeys;
@@ -318,10 +549,229 @@ const handleLanguageChange = (value) => {
   currentLocale.value = value;
 };
 
+const normalizeSixDigits = (value) =>
+  String(value || "")
+    .replace(/\D/g, "")
+    .slice(0, 6);
+
+const normalizeCodeOrRecoveryCode = (value) =>
+  String(value || "")
+    .trim()
+    .toUpperCase()
+    .replace(/\s/g, "")
+    .slice(0, 32);
+
+const isSixDigitCode = (value) => /^\d{6}$/.test(String(value || ""));
+
+const isRecoveryCode = (value) =>
+  /^[A-Z0-9-]{6,32}$/.test(String(value || "")) && !isSixDigitCode(value);
+
+const isValidCodeOrRecoveryCode = (value) =>
+  isSixDigitCode(value) || isRecoveryCode(value);
+
+const updateTwoFactorEnableCode = (value) => {
+  twoFactorEnableCode.value = normalizeSixDigits(value);
+};
+
+const updateTwoFactorDisableCode = (value) => {
+  twoFactorDisableCode.value = normalizeCodeOrRecoveryCode(value);
+};
+
+const updateTwoFactorRecoveryCode = (value) => {
+  twoFactorRecoveryCode.value = normalizeCodeOrRecoveryCode(value);
+};
+
+const copyTextWithExecCommand = (text) => {
+  const textArea = document.createElement("textarea");
+  textArea.value = text;
+  textArea.style.position = "fixed";
+  textArea.style.opacity = "0";
+  document.body.appendChild(textArea);
+  textArea.focus();
+  textArea.select();
+  const copied = document.execCommand("copy");
+  document.body.removeChild(textArea);
+  return copied;
+};
+
+const copyAllRecoveryCodes = async () => {
+  const content = recoveryCodesText.value;
+  if (!content) {
+    return;
+  }
+
+  try {
+    if (navigator?.clipboard?.writeText) {
+      await navigator.clipboard.writeText(content);
+    } else if (!copyTextWithExecCommand(content)) {
+      throw new Error("Copy failed");
+    }
+    showSuccessNotification(t("message.recoveryCodesCopiedSuccess"));
+  } catch (error) {
+    showErrorNotification(t("message.recoveryCodesCopyFailed"));
+  }
+};
+
+const loadTwoFactorStatus = async () => {
+  twoFactorStatusLoading.value = true;
+  try {
+    const response = await fetchTwoFactorStatus(loginType.value);
+    if (isApiSuccess(response)) {
+      twoFactorStatus.value = response.Data || null;
+      if (twoFactorStatus.value?.IsEnabled) {
+        twoFactorSetupData.value = null;
+        twoFactorEnableCode.value = "";
+      } else {
+        twoFactorDisableCode.value = "";
+        twoFactorRecoveryCode.value = "";
+        latestRecoveryCodes.value = [];
+        showRecoveryCodesGuide.value = false;
+      }
+    } else {
+      showErrorNotification(getApiMessage(response));
+    }
+  } catch (error) {
+    showErrorNotification(getApiMessage(error));
+  } finally {
+    twoFactorStatusLoading.value = false;
+  }
+};
+
+const openTwoFactorModal = async () => {
+  if (!showTwoFactorEntry.value) {
+    showErrorNotification(t("message.noPermission"));
+    return;
+  }
+  twoFactorModalOpen.value = true;
+  await loadTwoFactorStatus();
+};
+
+const closeTwoFactorModal = () => {
+  twoFactorModalOpen.value = false;
+  twoFactorSetupData.value = null;
+  twoFactorEnableCode.value = "";
+  twoFactorDisableCode.value = "";
+  twoFactorRecoveryCode.value = "";
+  latestRecoveryCodes.value = [];
+  showRecoveryCodesGuide.value = false;
+};
+
+const handleGenerateTwoFactorSetup = async () => {
+  twoFactorActionLoading.value = true;
+  try {
+    const response = await generateTwoFactorSetup(loginType.value);
+    if (isApiSuccess(response)) {
+      twoFactorSetupData.value = response.Data || null;
+      showSuccessNotification(t("message.twoFactorSetupGenerated"));
+    } else {
+      showErrorNotification(getApiMessage(response));
+    }
+  } catch (error) {
+    showErrorNotification(getApiMessage(error));
+  } finally {
+    twoFactorActionLoading.value = false;
+  }
+};
+
+const handleEnableTwoFactor = async () => {
+  if (twoFactorEnableCode.value.length !== 6) {
+    showErrorNotification(t("message.invalidTwoFactorCode"));
+    return;
+  }
+
+  twoFactorActionLoading.value = true;
+  try {
+    const response = await enableTwoFactor(
+      loginType.value,
+      twoFactorEnableCode.value,
+    );
+    if (isApiSuccess(response)) {
+      const recoveryCodes = Array.isArray(response?.Data?.RecoveryCodes)
+        ? response.Data.RecoveryCodes
+        : [];
+      showSuccessNotification(t("message.twoFactorEnabledSuccess"));
+      twoFactorSetupData.value = null;
+      twoFactorEnableCode.value = "";
+      twoFactorRecoveryCode.value = "";
+      latestRecoveryCodes.value = recoveryCodes;
+      showRecoveryCodesGuide.value = recoveryCodes.length > 0;
+      await loadTwoFactorStatus();
+    } else {
+      showErrorNotification(getApiMessage(response));
+    }
+  } catch (error) {
+    showErrorNotification(getApiMessage(error));
+  } finally {
+    twoFactorActionLoading.value = false;
+  }
+};
+
+const handleRegenerateRecoveryCodes = async () => {
+  if (!isValidCodeOrRecoveryCode(twoFactorRecoveryCode.value)) {
+    showErrorNotification(t("message.invalidCodeOrRecoveryCode"));
+    return;
+  }
+
+  twoFactorActionLoading.value = true;
+  try {
+    const response = await regenerateTwoFactorRecoveryCodes(
+      loginType.value,
+      twoFactorRecoveryCode.value,
+    );
+    if (isApiSuccess(response)) {
+      const recoveryCodes = Array.isArray(response?.Data?.RecoveryCodes)
+        ? response.Data.RecoveryCodes
+        : [];
+      latestRecoveryCodes.value = recoveryCodes;
+      twoFactorRecoveryCode.value = "";
+      showRecoveryCodesGuide.value = recoveryCodes.length > 0;
+      showSuccessNotification(t("message.recoveryCodesRegeneratedSuccess"));
+      await loadTwoFactorStatus();
+    } else {
+      showErrorNotification(getApiMessage(response));
+    }
+  } catch (error) {
+    showErrorNotification(getApiMessage(error));
+  } finally {
+    twoFactorActionLoading.value = false;
+  }
+};
+
+const handleDisableTwoFactor = async () => {
+  if (!isValidCodeOrRecoveryCode(twoFactorDisableCode.value)) {
+    showErrorNotification(t("message.invalidCodeOrRecoveryCode"));
+    return;
+  }
+
+  twoFactorActionLoading.value = true;
+  try {
+    const response = await disableTwoFactor(
+      loginType.value,
+      twoFactorDisableCode.value,
+    );
+    if (isApiSuccess(response)) {
+      showSuccessNotification(t("message.twoFactorDisabledSuccess"));
+      twoFactorDisableCode.value = "";
+      twoFactorRecoveryCode.value = "";
+      latestRecoveryCodes.value = [];
+      showRecoveryCodesGuide.value = false;
+      await loadTwoFactorStatus();
+    } else {
+      showErrorNotification(getApiMessage(response));
+    }
+  } catch (error) {
+    showErrorNotification(getApiMessage(error));
+  } finally {
+    twoFactorActionLoading.value = false;
+  }
+};
+
 const checkLoginStatus = () => {
   const storedToken = localStorage.getItem("token");
   if (storedToken) {
     isLoggedIn.value = true;
+    loginType.value = localStorage.getItem("loginType") || "admin";
+    syncAllowedPermissions();
     const storedUsername = localStorage.getItem("username");
     if (storedUsername) {
       username.value = storedUsername;
@@ -330,24 +780,29 @@ const checkLoginStatus = () => {
     }
   } else {
     isLoggedIn.value = false;
+    loginType.value = "admin";
+    allowedPermissionCodes.value = [];
     username.value = "";
   }
 };
 
 const logout = async () => {
   var response = await signOut();
-  if (!response.Success) {
+  if (!isApiSuccess(response)) {
     showErrorNotification(response.Message || t("message.logoutFailed"));
     return;
   }
   localStorage.removeItem("token");
   localStorage.removeItem("username");
   localStorage.removeItem("account");
+  localStorage.removeItem("loginType");
   localStorage.removeItem("allowedPaths");
   localStorage.removeItem("allowedMenuKeys");
   localStorage.removeItem("allowedPerms");
   isLoggedIn.value = false;
+  allowedPermissionCodes.value = [];
   username.value = "";
+  closeTwoFactorModal();
   router.push("/signin");
 };
 
diff --git a/src/views/SignInView.vue b/src/views/SignInView.vue
index 642a926..60e780f 100644
--- a/src/views/SignInView.vue
+++ b/src/views/SignInView.vue
@@ -25,6 +25,22 @@
       style="width: 400px; z-index: 2; box-shadow: 0 2px 8px rgba(0, 0, 0, 0.1)"
     >
       <a-form :model="form" @finish="onFinish" @finish-failed="onFinishFailed">
+        <a-form-item
+          :label="$t('message.accountType')"
+          name="LoginType"
+          :rules="[
+            { required: true, message: $t('message.pleaseSelectAccountType') },
+          ]"
+        >
+          <a-select v-model:value="form.LoginType">
+            <a-select-option value="admin">{{
+              $t("message.accountTypeAdmin")
+            }}</a-select-option>
+            <a-select-option value="employee">{{
+              $t("message.accountTypeEmployee")
+            }}</a-select-option>
+          </a-select>
+        </a-form-item>
         <a-form-item
           :label="usernameLabel"
           name="Account"
@@ -61,6 +77,35 @@
         </p>
       </a-form>
     </a-card>
+
+    <a-modal
+      v-model:open="twoFactorModalOpen"
+      :title="$t('message.twoFactorVerification')"
+      :confirm-loading="twoFactorLoading"
+      :mask-closable="false"
+      :keyboard="false"
+      :ok-text="$t('message.verify')"
+      @ok="submitTwoFactorCode"
+      @cancel="cancelTwoFactorChallenge"
+    >
+      <a-alert
+        type="info"
+        show-icon
+        :message="$t('message.twoFactorPrompt')"
+        style="margin-bottom: 12px"
+      />
+      <a-form layout="vertical">
+        <a-form-item :label="$t('message.twoFactorCode')" required>
+          <a-input
+            :value="twoFactorCode"
+            :maxlength="32"
+            :placeholder="$t('message.enterTwoFactorOrRecoveryCode')"
+            autocomplete="one-time-code"
+            @update:value="updateTwoFactorCode"
+          />
+        </a-form-item>
+      </a-form>
+    </a-modal>
   </div>
 </template>
 
@@ -69,8 +114,18 @@ import bgImage from "@/assets/login_bg.png";
 
 import { ref, reactive, onBeforeMount, computed } from "vue";
 import { useRouter } from "vue-router";
-import { showErrorNotification, showSuccessNotification } from "@/utils/index";
-import { signIn } from "../api/basicapi";
+import {
+  showErrorNotification,
+  showInfoNotification,
+  showSuccessNotification,
+  showWarningNotification,
+} from "@/utils/index";
+import {
+  getApiMessage,
+  isApiSuccess,
+  isTwoFactorChallenge,
+  signIn,
+} from "../api/basicapi";
 import { useI18n } from "vue-i18n";
 
 const { t, locale } = useI18n();
@@ -87,39 +142,158 @@ const passwordLabel = computed(() => t("message.password"));
 
 const router = useRouter();
 const loading = ref(false);
+const twoFactorModalOpen = ref(false);
+const twoFactorLoading = ref(false);
+const twoFactorCode = ref("");
+const pendingLoginContext = ref(null);
+
 const form = reactive({
+  LoginType: "admin",
   Account: "",
   Password: "",
 });
 
-const onFinish = async () => {
-  loading.value = true;
-  try {
-    const response = await signIn(form);
-    if (response.Success) {
-      const userData = response.Data;
+const normalizeTwoFactorCode = (value) =>
+  String(value || "")
+    .trim()
+    .toUpperCase()
+    .replace(/\s/g, "")
+    .slice(0, 32);
 
-      localStorage.setItem("token", userData.UserToken);
-      localStorage.setItem("username", userData.Name);
-      localStorage.setItem("account", userData.Number);
+const isSixDigitCode = (value) => /^\d{6}$/.test(String(value || ""));
 
-      router.push("/");
-      showSuccessNotification(t("message.welcomeBack"));
-    } else {
+const isRecoveryCode = (value) =>
+  /^[A-Z0-9-]{6,32}$/.test(String(value || "")) && !isSixDigitCode(value);
+
+const isValidTwoFactorCode = (value) =>
+  isSixDigitCode(value) || isRecoveryCode(value);
+
+const updateTwoFactorCode = (value) => {
+  twoFactorCode.value = normalizeTwoFactorCode(value);
+};
+
+const buildLoginPayload = (loginType, twoFactorValue = "") => {
+  const account = form.Account.trim();
+  const password = form.Password;
+
+  if (loginType === "employee") {
+    const isEmailAddress = account.includes("@");
+    return {
+      EmployeeId: isEmailAddress ? "" : account,
+      EmailAddress: isEmailAddress ? account : "",
+      Password: password,
+      TwoFactorCode: twoFactorValue,
+    };
+  }
+
+  return {
+    Account: account,
+    Password: password,
+    TwoFactorCode: twoFactorValue,
+  };
+};
+
+const clearTwoFactorChallenge = () => {
+  twoFactorModalOpen.value = false;
+  twoFactorCode.value = "";
+  pendingLoginContext.value = null;
+};
+
+const persistLoginData = async (userData, loginType) => {
+  localStorage.setItem("token", userData.UserToken);
+  localStorage.setItem(
+    "username",
+    userData.Name || userData.UserName || userData.Username || form.Account,
+  );
+  localStorage.setItem(
+    "account",
+    userData.Number || userData.Account || userData.EmployeeId || form.Account,
+  );
+  localStorage.setItem("loginType", loginType);
+
+  clearTwoFactorChallenge();
+  await router.push("/");
+  showSuccessNotification(t("message.welcomeBack"));
+};
+
+const handleLoginResponse = async (result, context, fromTwoFactor = false) => {
+  if (isApiSuccess(result) && result?.Data?.UserToken) {
+    const usedRecoveryCodeLogin = result?.Data?.UsedRecoveryCodeLogin === true;
+    await persistLoginData(result.Data, context.loginType);
+    if (usedRecoveryCodeLogin) {
+      showWarningNotification(t("message.recoveryCodeLoginTip"));
+    }
+    return true;
+  }
+
+  if (isTwoFactorChallenge(result)) {
+    pendingLoginContext.value = context;
+    twoFactorModalOpen.value = true;
+    if (fromTwoFactor) {
       showErrorNotification(
-        response.message || t("message.checkUsernameAndPassword"),
+        getApiMessage(result) || t("message.invalidCodeOrRecoveryCode"),
       );
+    } else {
+      showInfoNotification(t("message.twoFactorPrompt"));
     }
+    return false;
+  }
+
+  showErrorNotification(
+    getApiMessage(result) || t("message.checkUsernameAndPassword"),
+  );
+  return false;
+};
+
+const onFinish = async () => {
+  loading.value = true;
+  const context = {
+    loginType: form.LoginType,
+    payload: buildLoginPayload(form.LoginType),
+  };
+
+  try {
+    const response = await signIn(context.payload, context.loginType);
+    await handleLoginResponse(response, context, false);
   } catch (error) {
-    showErrorNotification(
-      error.response?.data?.message || t("message.pleaseTryAgainLater"),
-    );
+    await handleLoginResponse(error, context, false);
   } finally {
     loading.value = false;
   }
 };
 
-const onFinishFailed = (errorInfo) => {};
+const submitTwoFactorCode = async () => {
+  if (!pendingLoginContext.value) {
+    twoFactorModalOpen.value = false;
+    return;
+  }
+
+  const verificationCode = normalizeTwoFactorCode(twoFactorCode.value);
+  if (!isValidTwoFactorCode(verificationCode)) {
+    showErrorNotification(t("message.invalidCodeOrRecoveryCode"));
+    return;
+  }
+
+  twoFactorLoading.value = true;
+  try {
+    const { loginType, payload } = pendingLoginContext.value;
+    const response = await signIn(
+      { ...payload, TwoFactorCode: verificationCode },
+      loginType,
+    );
+    await handleLoginResponse(response, pendingLoginContext.value, true);
+  } catch (error) {
+    await handleLoginResponse(error, pendingLoginContext.value, true);
+  } finally {
+    twoFactorLoading.value = false;
+  }
+};
+
+const cancelTwoFactorChallenge = () => {
+  clearTwoFactorChallenge();
+};
+
+const onFinishFailed = () => {};
 
 onBeforeMount(() => {
   currentLocale.value = locale.value;
diff --git a/vite.config.js b/vite.config.js
index 1208d8d..66dfa60 100644
--- a/vite.config.js
+++ b/vite.config.js
@@ -113,4 +113,4 @@ export default defineConfig(({ mode }) => {
       },
     },
   };
-});
\ No newline at end of file
+});
-- 
Gitee


From 9a99b6cbe1ed78cd8fb15f3016bf61df5c37b800 Mon Sep 17 00:00:00 2001
From: ck_yeun9 <jackson@oscode.top>
Date: Mon, 16 Feb 2026 16:16:05 +0800
Subject: [PATCH 02/10] =?UTF-8?q?feat:=20=E6=B7=BB=E5=8A=A0=E8=A1=8C?=
 =?UTF-8?q?=E7=89=88=E6=9C=AC=E6=8E=A7=E5=88=B6=E5=8A=9F=E8=83=BD=EF=BC=8C?=
 =?UTF-8?q?=E6=9B=B4=E6=96=B0=E7=9B=B8=E5=85=B3=E8=A7=86=E5=9B=BE=E4=BB=A5?=
 =?UTF-8?q?=E6=94=AF=E6=8C=81=E8=A1=8C=E7=89=88=E6=9C=AC=E6=95=B0=E6=8D=AE?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .gitignore                                    |   1 +
 src/api/baseapi.js                            | 196 +++++++++++++++++-
 src/common/errorHandler.js                    |   8 +-
 src/i18n.js                                   |   3 +
 src/views/base/DepartmentView.vue             |   1 +
 src/views/base/NationView.vue                 |   1 +
 src/views/base/NoticeTypeView.vue             |   6 +-
 src/views/base/PassportView.vue               |   3 +-
 src/views/base/PositionView.vue               |   1 +
 src/views/base/PromotionContentView.vue       |   4 +-
 src/views/base/QualificationView.vue          |   3 +-
 .../customermanagement/CustomerSpendView.vue  |   3 +-
 .../customermanagement/CustomerTypeView.vue   |   3 +-
 src/views/customermanagement/CustomerView.vue |   3 +-
 src/views/customermanagement/VipLevelView.vue |   3 +-
 src/views/finance/InternalFinanceView.vue     |   4 +-
 .../StaffManagementView.vue                   |   3 +-
 .../HydroelectricityInfoView.vue              |   4 +-
 .../GoodsmanagementView.vue                   |   3 +-
 .../roominformation/ReserManagementView.vue   |   3 +-
 src/views/roominformation/RoomConfigView.vue  |   3 +-
 .../roominformation/RoomManagementView.vue    |   3 +-
 src/views/roominformation/RoomMapView.vue     |   3 +-
 src/views/supervision/SupervisionView.vue     |   6 +-
 .../AdminTypeManagementView.vue               |   4 +-
 .../AdministratorManagementView.vue           |   3 +-
 .../systemmanagement/MenuManagementView.vue   |   3 +-
 .../systemmanagement/RoleManagementView.vue   |   3 +-
 28 files changed, 251 insertions(+), 33 deletions(-)

diff --git a/.gitignore b/.gitignore
index 594e684..ba296ca 100644
--- a/.gitignore
+++ b/.gitignore
@@ -10,3 +10,4 @@
 node_modules
 dist
 .vs
+docs/*
diff --git a/src/api/baseapi.js b/src/api/baseapi.js
index a503590..64019dd 100644
--- a/src/api/baseapi.js
+++ b/src/api/baseapi.js
@@ -2,6 +2,8 @@ import axios from "axios";
 import { csrfTokenManager } from "@/utils/csrf";
 import { handleApiError, handleHttpError } from "@/common/errorHandler";
 
+const rowVersionCache = new Map();
+
 const api = axios.create({
   baseURL: import.meta.env.VITE_API_URL,
   timeout: 30000,
@@ -24,7 +26,188 @@ export const isApiSuccess = (payload) => {
 export const getApiMessage = (payload) =>
   payload?.Message || payload?.message || "Request failed";
 
-// 创建一个函数来设置认证头
+const getEntityKeyFromUrl = (url = "") => {
+  if (typeof url !== "string" || url.length === 0) {
+    return "";
+  }
+
+  const normalizedUrl = url.split("?")[0].replace(/^https?:\/\/[^/]+/i, "");
+  const segments = normalizedUrl.split("/").filter(Boolean);
+  const controller = segments[0]?.toLowerCase() || "";
+  const action = segments[1] || "";
+
+  if (!controller) {
+    return "";
+  }
+  if (!action) {
+    return controller;
+  }
+
+  let resource = action
+    .replace(
+      /^(Select|GetAll|Get|Build|Read|Insert|Add|Create|Update|Upd|Delete|Del)/i,
+      "",
+    )
+    .replace(/(AllCanUse|CanUseAll|All|List)$/i, "")
+    .replace(/InfoBy[A-Za-z0-9]+$/i, "")
+    .replace(/Info$/i, "")
+    .replace(/Types$/i, "Type");
+
+  if (/[^s]s$/i.test(resource)) {
+    resource = resource.slice(0, -1);
+  }
+
+  resource = resource.toLowerCase();
+  return `${controller}:${resource || controller}`;
+};
+
+const getRecordId = (record) => {
+  if (!record || typeof record !== "object") {
+    return null;
+  }
+  return record.Id ?? record.id ?? null;
+};
+
+const getRecordRowVersion = (record) => {
+  if (!record || typeof record !== "object") {
+    return null;
+  }
+  return (
+    record.RowVersion ??
+    record.rowVersion ??
+    record.rowversion ??
+    record.row_version ??
+    null
+  );
+};
+
+const isEffectiveRowVersion = (value) => {
+  if (value === undefined || value === null) {
+    return false;
+  }
+
+  if (typeof value === "number") {
+    return Number.isFinite(value) && value > 0;
+  }
+
+  if (typeof value === "string") {
+    const trimmed = value.trim();
+    if (!trimmed) {
+      return false;
+    }
+    const asNumber = Number(trimmed);
+    if (!Number.isNaN(asNumber)) {
+      return asNumber > 0;
+    }
+    return true;
+  }
+
+  return true;
+};
+
+const hasEffectiveRowVersion = (record) => {
+  if (!record || typeof record !== "object") {
+    return false;
+  }
+
+  return (
+    isEffectiveRowVersion(record.RowVersion) ||
+    isEffectiveRowVersion(record.rowVersion) ||
+    isEffectiveRowVersion(record.rowversion) ||
+    isEffectiveRowVersion(record.row_version)
+  );
+};
+
+const saveRowVersionToCache = (entityKey, record) => {
+  if (!entityKey || !record || typeof record !== "object") {
+    return;
+  }
+
+  const id = getRecordId(record);
+  const rowVersion = getRecordRowVersion(record);
+  if (id === null || rowVersion === null) {
+    return;
+  }
+
+  if (!rowVersionCache.has(entityKey)) {
+    rowVersionCache.set(entityKey, new Map());
+  }
+
+  rowVersionCache.get(entityKey).set(String(id), rowVersion);
+};
+
+const saveRowVersionsFromResponse = (response) => {
+  const entityKey = getEntityKeyFromUrl(response?.config?.url);
+  if (!entityKey) {
+    return;
+  }
+
+  const payload = response?.data;
+  const data = payload?.Data ?? payload?.data;
+  if (!data) {
+    return;
+  }
+
+  const items = data?.Items ?? data?.items;
+  if (Array.isArray(items)) {
+    items.forEach((item) => saveRowVersionToCache(entityKey, item));
+    return;
+  }
+
+  if (Array.isArray(data)) {
+    data.forEach((item) => saveRowVersionToCache(entityKey, item));
+    return;
+  }
+
+  if (typeof data === "object") {
+    saveRowVersionToCache(entityKey, data);
+  }
+};
+
+const shouldAttachRowVersion = (config) => {
+  const method = (config?.method || "get").toLowerCase();
+  if (!["post", "put", "patch"].includes(method)) {
+    return false;
+  }
+
+  const url = config?.url || "";
+  return /\/[^/]+\/(?:Update|Upd)[^/?#]*/i.test(url);
+};
+
+const attachRowVersionFromCache = (config) => {
+  if (!shouldAttachRowVersion(config)) {
+    return config;
+  }
+
+  const data = config?.data;
+  if (!data || typeof data !== "object" || Array.isArray(data)) {
+    return config;
+  }
+
+  if (data instanceof FormData || hasEffectiveRowVersion(data)) {
+    return config;
+  }
+
+  const id = getRecordId(data);
+  if (id === null) {
+    return config;
+  }
+
+  const entityKey = getEntityKeyFromUrl(config.url);
+  if (!entityKey) {
+    return config;
+  }
+
+  const entityCache = rowVersionCache.get(entityKey);
+  const rowVersion = entityCache?.get(String(id));
+  if (rowVersion === undefined || rowVersion === null) {
+    return config;
+  }
+
+  data.RowVersion = rowVersion;
+  return config;
+};
+
 const setAuthorizationHeader = (config) => {
   const token = localStorage.getItem("token");
   if (token) {
@@ -33,19 +216,15 @@ const setAuthorizationHeader = (config) => {
   return config;
 };
 
-// 创建一个重试机制
 const retryRequest = async (error) => {
   const failedRequest = error.config;
 
-  // 如果已经重试过，则不再重试
   if (failedRequest._retry) {
     return Promise.reject(error);
   }
 
-  // 标记这个请求已经重试过
   failedRequest._retry = true;
 
-  // 重新从 localStorage 获取 token
   const token = localStorage.getItem("token");
   if (token) {
     failedRequest.headers.Authorization = `Bearer ${token}`;
@@ -57,10 +236,9 @@ const retryRequest = async (error) => {
 
 api.interceptors.request.use(
   async (config) => {
-    // 设置认证头
     config = setAuthorizationHeader(config);
+    config = attachRowVersionFromCache(config);
 
-    // 设置 CSRF Token
     const csrfToken = csrfTokenManager.getToken();
     if (csrfToken) {
       config.headers["X-CSRF-TOKEN-HEADER"] = csrfToken;
@@ -69,18 +247,18 @@ api.interceptors.request.use(
     return config;
   },
   async (error) => {
-    // 检查是否是 token 相关错误
     if (error.isTokenError) {
       return retryRequest(error);
     }
 
-    // 其他错误直接拒绝
     return Promise.reject(error);
   },
 );
 
 api.interceptors.response.use(
   (response) => {
+    saveRowVersionsFromResponse(response);
+
     if (response?.config?.skipBusinessErrorHandling) {
       return response;
     }
diff --git a/src/common/errorHandler.js b/src/common/errorHandler.js
index 8b43ae2..7310478 100644
--- a/src/common/errorHandler.js
+++ b/src/common/errorHandler.js
@@ -29,6 +29,12 @@ export const errorCodeMap = {
     message: i18n.global.t("message.notFound") || "未找到相关资源",
     action: "notify",
   },
+  1409: {
+    message:
+      i18n.global.t("message.concurrencyConflict") ||
+      "数据已被其他用户修改，请刷新后重试",
+    action: "notify",
+  },
   2001: {
     // 参数/校验错误
     message:
@@ -74,7 +80,7 @@ export function handleApiError(resData, response) {
     const token = localStorage.getItem("token");
     if (!token) {
       // 没有 token，直接跳转登录并显示后端消息（如果有）
-      redirectToLogin(backendMessage || i18n.global.t("message.loginExpired") );
+      redirectToLogin(backendMessage || i18n.global.t("message.loginExpired"));
       return Promise.reject({
         success: false,
         code: 1401,
diff --git a/src/i18n.js b/src/i18n.js
index 6324814..d32a238 100644
--- a/src/i18n.js
+++ b/src/i18n.js
@@ -128,6 +128,8 @@ const messages = {
       duplicate: "Duplicate Data",
       serverError: "Server Error",
       networkError: "Network Error",
+      concurrencyConflict:
+        "Data was modified by another user. Please refresh and retry.",
       requestFailed: "Request Failed",
       loginExpired: "Login expired, please log in again",
       unexpectedError: "An unexpected error occurred",
@@ -845,6 +847,7 @@ const messages = {
       duplicate: "重复数据",
       serverError: "服务器错误",
       networkError: "网络错误",
+      concurrencyConflict: "数据已被其他用户修改，请刷新后重试",
       requestFailed: "请求失败",
       loginExpired: "登录已过期,请重新登录",
       unexpectedError: "发生了意外错误",
diff --git a/src/views/base/DepartmentView.vue b/src/views/base/DepartmentView.vue
index 6748cdb..ec09791 100644
--- a/src/views/base/DepartmentView.vue
+++ b/src/views/base/DepartmentView.vue
@@ -487,6 +487,7 @@ const fetchDepartmentData = async () => {
     if (result && Array.isArray(result.Items)) {
       departments.value = result.Items.map((item) => ({
         [DepartmentFields.ID]: item[DepartmentFields.ID],
+        [DepartmentFields.ROWVERSION]: item[DepartmentFields.ROWVERSION],
         [DepartmentFields.NUMBER]: item[DepartmentFields.NUMBER],
         [DepartmentFields.NAME]: item[DepartmentFields.NAME],
         [DepartmentFields.DESCRIPTION]: item[DepartmentFields.DESCRIPTION],
diff --git a/src/views/base/NationView.vue b/src/views/base/NationView.vue
index d20089a..db7009e 100644
--- a/src/views/base/NationView.vue
+++ b/src/views/base/NationView.vue
@@ -372,6 +372,7 @@ const fetchNationData = async () => {
     if (result?.Items) {
       nations.value = result.Items.map((item) => ({
         [NationFields.ID]: item[NationFields.ID],
+        [NationFields.ROWVERSION]: item[NationFields.ROWVERSION],
         [NationFields.NUMBER]: item[NationFields.NUMBER],
         [NationFields.NAME]: item[NationFields.NAME],
         [NationFields.IS_DELETED]: item[NationFields.IS_DELETED],
diff --git a/src/views/base/NoticeTypeView.vue b/src/views/base/NoticeTypeView.vue
index c32b149..28bef0a 100644
--- a/src/views/base/NoticeTypeView.vue
+++ b/src/views/base/NoticeTypeView.vue
@@ -1,4 +1,4 @@
-<template>
+<template>
   <div>
     <h1 style="margin-bottom: 15px">{{ translatedPageTitle }}</h1>
     <div style="margin-bottom: 15px">
@@ -261,7 +261,8 @@ const handleView = (record) => {
 const handleEdit = () => {
   if (selectedRowKeys.value.length === 1) {
     const selectedRecord = notices.value.find(
-      (noticeType) => noticeType[NoticeTypeFields.ID] === selectedRowKeys.value[0],
+      (noticeType) =>
+        noticeType[NoticeTypeFields.ID] === selectedRowKeys.value[0],
     );
     if (selectedRecord) {
       editNoticeType(selectedRecord);
@@ -375,6 +376,7 @@ const fetchNoticeTypeData = async () => {
     if (result?.Items) {
       notices.value = result.Items.map((item) => ({
         [NoticeTypeFields.ID]: item[NoticeTypeFields.ID],
+        [NoticeTypeFields.ROWVERSION]: item[NoticeTypeFields.ROWVERSION],
         [NoticeTypeFields.NUMBER]: item[NoticeTypeFields.NUMBER],
         [NoticeTypeFields.NAME]: item[NoticeTypeFields.NAME],
         [NoticeTypeFields.IS_DELETED]: item[NoticeTypeFields.IS_DELETED],
diff --git a/src/views/base/PassportView.vue b/src/views/base/PassportView.vue
index d91c7ec..3807574 100644
--- a/src/views/base/PassportView.vue
+++ b/src/views/base/PassportView.vue
@@ -1,4 +1,4 @@
-<template>
+<template>
   <div>
     <h1 style="margin-bottom: 15px">{{ translatedPageTitle }}</h1>
     <div style="margin-bottom: 15px">
@@ -370,6 +370,7 @@ const fetchPassportData = async () => {
     if (result?.Items) {
       passports.value = result.Items.map((item) => ({
         [PassportFields.ID]: item[PassportFields.ID],
+        [PassportFields.ROWVERSION]: item[PassportFields.ROWVERSION],
         [PassportFields.NUMBER]: item[PassportFields.NUMBER],
         [PassportFields.NAME]: item[PassportFields.NAME],
         [PassportFields.IS_DELETED]: item[PassportFields.IS_DELETED],
diff --git a/src/views/base/PositionView.vue b/src/views/base/PositionView.vue
index 9087afe..59c6a6b 100644
--- a/src/views/base/PositionView.vue
+++ b/src/views/base/PositionView.vue
@@ -368,6 +368,7 @@ const fetchPositionData = async () => {
     if (result && Array.isArray(result.Items)) {
       positions.value = result.Items.map((item) => ({
         [PositionFields.ID]: item[PositionFields.ID],
+        [PositionFields.ROWVERSION]: item[PositionFields.ROWVERSION],
         [PositionFields.NUMBER]: item[PositionFields.NUMBER],
         [PositionFields.NAME]: item[PositionFields.NAME],
         [PositionFields.IS_DELETED]: item[PositionFields.IS_DELETED],
diff --git a/src/views/base/PromotionContentView.vue b/src/views/base/PromotionContentView.vue
index fbc1357..605c74b 100644
--- a/src/views/base/PromotionContentView.vue
+++ b/src/views/base/PromotionContentView.vue
@@ -1,4 +1,4 @@
-<template>
+<template>
   <div>
     <h1 style="margin-bottom: 15px">{{ translatedPageTitle }}</h1>
     <div style="margin-bottom: 15px">
@@ -394,6 +394,8 @@ const fetchPromotionContentData = async () => {
     if (result?.Items) {
       promotionContents.value = result.Items.map((item) => ({
         [PromotionContentFields.ID]: item[PromotionContentFields.ID],
+        [PromotionContentFields.ROWVERSION]:
+          item[PromotionContentFields.ROWVERSION],
         [PromotionContentFields.NUMBER]: item[PromotionContentFields.NUMBER],
         [PromotionContentFields.MESSAGE]: item[PromotionContentFields.MESSAGE],
         [PromotionContentFields.IS_DELETED]:
diff --git a/src/views/base/QualificationView.vue b/src/views/base/QualificationView.vue
index a48b30a..9333ca4 100644
--- a/src/views/base/QualificationView.vue
+++ b/src/views/base/QualificationView.vue
@@ -1,4 +1,4 @@
-<template>
+<template>
   <div>
     <h1 style="margin-bottom: 15px">{{ translatedPageTitle }}</h1>
     <div style="margin-bottom: 15px">
@@ -378,6 +378,7 @@ const fetchQualificationData = async () => {
     if (result?.Items) {
       qualifications.value = result.Items.map((item) => ({
         [EducationFields.ID]: item[EducationFields.ID],
+        [EducationFields.ROWVERSION]: item[EducationFields.ROWVERSION],
         [EducationFields.NUMBER]: item[EducationFields.NUMBER],
         [EducationFields.NAME]: item[EducationFields.NAME],
         [EducationFields.IS_DELETED]: item[EducationFields.IS_DELETED],
diff --git a/src/views/customermanagement/CustomerSpendView.vue b/src/views/customermanagement/CustomerSpendView.vue
index b74e4ae..915b19c 100644
--- a/src/views/customermanagement/CustomerSpendView.vue
+++ b/src/views/customermanagement/CustomerSpendView.vue
@@ -1,4 +1,4 @@
-<template>
+<template>
   <div>
     <h1 style="margin-bottom: 15px">{{ translatedPageTitle }}</h1>
     <div style="margin-bottom: 15px">
@@ -430,6 +430,7 @@ const fetchSpendInfoData = async () => {
     if (result?.Items) {
       spends.value = result.Items.map((item) => ({
         [SpendInfoFields.ID]: item[SpendInfoFields.ID],
+        [SpendInfoFields.ROWVERSION]: item[SpendInfoFields.ROWVERSION],
         [SpendInfoFields.NUMBER]: item[SpendInfoFields.NUMBER],
         [SpendInfoFields.ROOM_NO]: item[SpendInfoFields.ROOM_NO],
         [SpendInfoFields.CUSTO_NO]: item[SpendInfoFields.CUSTO_NO],
diff --git a/src/views/customermanagement/CustomerTypeView.vue b/src/views/customermanagement/CustomerTypeView.vue
index d9b5ab7..42ad87a 100644
--- a/src/views/customermanagement/CustomerTypeView.vue
+++ b/src/views/customermanagement/CustomerTypeView.vue
@@ -1,4 +1,4 @@
-<template>
+<template>
   <div>
     <h1 style="margin-bottom: 15px">{{ translatedPageTitle }}</h1>
     <div style="margin-bottom: 15px">
@@ -425,6 +425,7 @@ const fetchCustomerTypeData = async () => {
     if (result?.Items) {
       customerTypes.value = result.Items.map((item) => ({
         [CustomerTypeFields.ID]: item[CustomerTypeFields.ID],
+        [CustomerTypeFields.ROWVERSION]: item[CustomerTypeFields.ROWVERSION],
         [CustomerTypeFields.NUMBER]: item[CustomerTypeFields.NUMBER],
         [CustomerTypeFields.NAME]: item[CustomerTypeFields.NAME],
         [CustomerTypeFields.DISCOUNT]: item[CustomerTypeFields.DISCOUNT],
diff --git a/src/views/customermanagement/CustomerView.vue b/src/views/customermanagement/CustomerView.vue
index d7f40ba..12fd099 100644
--- a/src/views/customermanagement/CustomerView.vue
+++ b/src/views/customermanagement/CustomerView.vue
@@ -1,4 +1,4 @@
-<template>
+<template>
   <div>
     <h1 style="margin-bottom: 15px">{{ translatedPageTitle }}</h1>
     <div style="margin-bottom: 15px">
@@ -588,6 +588,7 @@ const fetchCustomerData = async () => {
     if (result?.Items) {
       customers.value = result.Items.map((item) => ({
         [CustomerFields.ID]: item[CustomerFields.ID],
+        [CustomerFields.ROWVERSION]: item[CustomerFields.ROWVERSION],
         [CustomerFields.NUMBER]: item[CustomerFields.NUMBER],
         [CustomerFields.NAME]: item[CustomerFields.NAME],
         [CustomerFields.GENDER]: item[CustomerFields.GENDER],
diff --git a/src/views/customermanagement/VipLevelView.vue b/src/views/customermanagement/VipLevelView.vue
index 0fdc378..8289ae5 100644
--- a/src/views/customermanagement/VipLevelView.vue
+++ b/src/views/customermanagement/VipLevelView.vue
@@ -1,4 +1,4 @@
-<template>
+<template>
   <div>
     <h1 style="margin-bottom: 15px">{{ translatedPageTitle }}</h1>
     <div style="margin-bottom: 15px">
@@ -424,6 +424,7 @@ const fetchVipRuleData = async () => {
     if (result?.Items) {
       viprules.value = result.Items.map((item) => ({
         [VipRuleFields.ID]: item[VipRuleFields.ID],
+        [VipRuleFields.ROWVERSION]: item[VipRuleFields.ROWVERSION],
         [VipRuleFields.NUMBER]: item[VipRuleFields.NUMBER],
         [VipRuleFields.NAME]: item[VipRuleFields.NAME],
         [VipRuleFields.VALUE]: item[VipRuleFields.VALUE],
diff --git a/src/views/finance/InternalFinanceView.vue b/src/views/finance/InternalFinanceView.vue
index 3b39299..c3eab5d 100644
--- a/src/views/finance/InternalFinanceView.vue
+++ b/src/views/finance/InternalFinanceView.vue
@@ -1,4 +1,4 @@
-<template>
+<template>
   <div>
     <h1 style="margin-bottom: 15px">{{ translatedPageTitle }}</h1>
     <div style="margin-bottom: 15px">
@@ -496,6 +496,8 @@ const fetchInternalfinanceData = async () => {
     if (result?.Items) {
       cashs.value = result.Items.map((item) => ({
         [InternalFinanceFields.ID]: item[InternalFinanceFields.ID],
+        [InternalFinanceFields.ROWVERSION]:
+          item[InternalFinanceFields.ROWVERSION],
         [InternalFinanceFields.NUMBER]: item[InternalFinanceFields.NUMBER],
         [InternalFinanceFields.NAME]: item[InternalFinanceFields.NAME],
         [InternalFinanceFields.ASSETVALUE]:
diff --git a/src/views/humanresourcemanagement/StaffManagementView.vue b/src/views/humanresourcemanagement/StaffManagementView.vue
index ef2bea7..1359b78 100644
--- a/src/views/humanresourcemanagement/StaffManagementView.vue
+++ b/src/views/humanresourcemanagement/StaffManagementView.vue
@@ -1,4 +1,4 @@
-<template>
+<template>
   <div>
     <h1 style="margin-bottom: 15px">{{ translatedPageTitle }}</h1>
     <div style="margin-bottom: 15px">
@@ -759,6 +759,7 @@ const fetchStaffData = async () => {
     if (result?.Items) {
       staffs.value = result.Items.map((item) => ({
         [EmployeeFields.ID]: item[EmployeeFields.ID],
+        [EmployeeFields.ROWVERSION]: item[EmployeeFields.ROWVERSION],
         [EmployeeFields.NUMBER]: item[EmployeeFields.NUMBER],
         [EmployeeFields.NAME]: item[EmployeeFields.NAME],
         [EmployeeFields.GENDER]: item[EmployeeFields.GENDER],
diff --git a/src/views/hydroelectricity/HydroelectricityInfoView.vue b/src/views/hydroelectricity/HydroelectricityInfoView.vue
index 5acd731..78b6359 100644
--- a/src/views/hydroelectricity/HydroelectricityInfoView.vue
+++ b/src/views/hydroelectricity/HydroelectricityInfoView.vue
@@ -1,4 +1,4 @@
-<template>
+<template>
   <div>
     <h1 style="margin-bottom: 15px">{{ translatedPageTitle }}</h1>
     <div style="margin-bottom: 15px">
@@ -411,6 +411,8 @@ const fetchHydroelectricityData = async () => {
     if (result?.Items) {
       hydroelectricitys.value = result.Items.map((item) => ({
         [EnergyManagementFields.ID]: item[EnergyManagementFields.ID],
+        [EnergyManagementFields.ROWVERSION]:
+          item[EnergyManagementFields.ROWVERSION],
         [EnergyManagementFields.NUMBER]: item[EnergyManagementFields.NUMBER],
         [EnergyManagementFields.ROOMNUMBER]:
           item[EnergyManagementFields.ROOMNUMBER],
diff --git a/src/views/materialmanagement/GoodsmanagementView.vue b/src/views/materialmanagement/GoodsmanagementView.vue
index 38f8237..43cc47e 100644
--- a/src/views/materialmanagement/GoodsmanagementView.vue
+++ b/src/views/materialmanagement/GoodsmanagementView.vue
@@ -1,4 +1,4 @@
-<template>
+<template>
   <div>
     <h1 style="margin-bottom: 15px">{{ translatedPageTitle }}</h1>
     <div style="margin-bottom: 15px">
@@ -408,6 +408,7 @@ const fetchGoodsData = async () => {
     if (result?.Items) {
       goodss.value = result.Items.map((item) => ({
         [GoodsFields.ID]: item[GoodsFields.ID],
+        [GoodsFields.ROWVERSION]: item[GoodsFields.ROWVERSION],
         [GoodsFields.NUMBER]: item[GoodsFields.NUMBER],
         [GoodsFields.NAME]: item[GoodsFields.NAME],
         [GoodsFields.SPECIFICATION]: item[GoodsFields.SPECIFICATION],
diff --git a/src/views/roominformation/ReserManagementView.vue b/src/views/roominformation/ReserManagementView.vue
index f35889f..0cae28c 100644
--- a/src/views/roominformation/ReserManagementView.vue
+++ b/src/views/roominformation/ReserManagementView.vue
@@ -1,4 +1,4 @@
-<template>
+<template>
   <div>
     <h1 style="margin-bottom: 15px">{{ translatedPageTitle }}</h1>
     <div style="margin-bottom: 15px">
@@ -429,6 +429,7 @@ const fetchReserData = async () => {
     });
     resers.value = result.Items.map((item) => ({
       [ReserFields.ID]: item[ReserFields.ID],
+      [ReserFields.ROWVERSION]: item[ReserFields.ROWVERSION],
       [ReserFields.NUMBER]: item[ReserFields.NUMBER],
       [ReserFields.PHONENUMBER]: item[ReserFields.PHONENUMBER],
       [ReserFields.CHANNEL]: item[ReserFields.CHANNEL],
diff --git a/src/views/roominformation/RoomConfigView.vue b/src/views/roominformation/RoomConfigView.vue
index ee92953..984633f 100644
--- a/src/views/roominformation/RoomConfigView.vue
+++ b/src/views/roominformation/RoomConfigView.vue
@@ -1,4 +1,4 @@
-<template>
+<template>
   <div>
     <h1 style="margin-bottom: 15px">{{ translatedPageTitle }}</h1>
     <div style="margin-bottom: 15px">
@@ -407,6 +407,7 @@ const fetchRoomConfigData = async () => {
     if (result?.Items) {
       roomconfigs.value = result.Items.map((item) => ({
         [RoomConfigFields.ID]: item[RoomConfigFields.ID],
+        [RoomConfigFields.ROWVERSION]: item[RoomConfigFields.ROWVERSION],
         [RoomConfigFields.NO]: item[RoomConfigFields.NO],
         [RoomConfigFields.NAME]: item[RoomConfigFields.NAME],
         [RoomConfigFields.RENT]: item[RoomConfigFields.RENT],
diff --git a/src/views/roominformation/RoomManagementView.vue b/src/views/roominformation/RoomManagementView.vue
index 4c0dc99..b06c0e2 100644
--- a/src/views/roominformation/RoomManagementView.vue
+++ b/src/views/roominformation/RoomManagementView.vue
@@ -1,4 +1,4 @@
-<template>
+<template>
   <div>
     <h1 style="margin-bottom: 15px">{{ translatedPageTitle }}</h1>
     <div style="margin-bottom: 15px">
@@ -430,6 +430,7 @@ const fetchRoomData = async () => {
     });
     rooms.value = result.Items.map((item) => ({
       [RoomFields.ID]: item[RoomFields.ID],
+      [RoomFields.ROWVERSION]: item[RoomFields.ROWVERSION],
       [RoomFields.NO]: item[RoomFields.NO],
       [RoomFields.NAME]: item[RoomFields.NAME],
       [RoomFields.TYPE]: item[RoomFields.TYPE],
diff --git a/src/views/roominformation/RoomMapView.vue b/src/views/roominformation/RoomMapView.vue
index a699cae..600ea33 100644
--- a/src/views/roominformation/RoomMapView.vue
+++ b/src/views/roominformation/RoomMapView.vue
@@ -1,4 +1,4 @@
-<template>
+<template>
   <div>
     <h1 style="margin-bottom: 15px">{{ translatedPageTitle }}</h1>
     <a-button style="margin-bottom: 15px" @click="refreshData"
@@ -153,6 +153,7 @@ const fetchRoomData = async () => {
     if (response?.Items) {
       rooms.value = response.Items.map((item) => ({
         [RoomFields.ID]: item[RoomFields.ID],
+        [RoomFields.ROWVERSION]: item[RoomFields.ROWVERSION],
         [RoomFields.NO]: item[RoomFields.NO],
         [RoomFields.NAME]: item[RoomFields.NAME],
         [RoomFields.STATE]:
diff --git a/src/views/supervision/SupervisionView.vue b/src/views/supervision/SupervisionView.vue
index 8144516..3b7eecf 100644
--- a/src/views/supervision/SupervisionView.vue
+++ b/src/views/supervision/SupervisionView.vue
@@ -1,4 +1,4 @@
-<template>
+<template>
   <div>
     <h1 style="margin-bottom: 15px">{{ translatedPageTitle }}</h1>
     <div style="margin-bottom: 15px">
@@ -495,6 +495,7 @@ const fetchSupervisionInfoData = async () => {
     if (result?.Items) {
       supervisioninfos.value = result.Items.map((item) => ({
         [SupervisionFields.ID]: item[SupervisionFields.ID],
+        [SupervisionFields.ROWVERSION]: item[SupervisionFields.ROWVERSION],
         [SupervisionFields.CHECK_NO]: item[SupervisionFields.CHECK_NO],
         [SupervisionFields.CHECK_CLUB]: item[SupervisionFields.CHECK_CLUB],
         [SupervisionFields.CHECK_CLUB_NAME]:
@@ -560,7 +561,8 @@ const editSupervisionInfo = (record) => {
   form[SupervisionFields.ID] = record[SupervisionFields.ID];
   form[SupervisionFields.CHECK_NO] = record[SupervisionFields.CHECK_NO];
   form[SupervisionFields.CHECK_CLUB] = record[SupervisionFields.CHECK_CLUB];
-  form[SupervisionFields.CHECK_PROGRES] = record[SupervisionFields.CHECK_PROGRES];
+  form[SupervisionFields.CHECK_PROGRES] =
+    record[SupervisionFields.CHECK_PROGRES];
   form[SupervisionFields.CHECK_CASH] = record[SupervisionFields.CHECK_CASH];
   form[SupervisionFields.CHECK_SCORE] = record[SupervisionFields.CHECK_SCORE];
   form[SupervisionFields.CHECK_PERSON] = record[SupervisionFields.CHECK_PERSON];
diff --git a/src/views/systemmanagement/AdminTypeManagementView.vue b/src/views/systemmanagement/AdminTypeManagementView.vue
index 333112a..e5948ba 100644
--- a/src/views/systemmanagement/AdminTypeManagementView.vue
+++ b/src/views/systemmanagement/AdminTypeManagementView.vue
@@ -1,4 +1,4 @@
-<template>
+<template>
   <div>
     <h1 style="margin-bottom: 15px">{{ translatedPageTitle }}</h1>
     <div style="margin-bottom: 15px">
@@ -432,6 +432,8 @@ const fetchAdminTypeData = async () => {
     if (result?.Items) {
       admintypes.value = result.Items.map((item) => ({
         [AdministratorTypeFields.ID]: item[AdministratorTypeFields.ID],
+        [AdministratorTypeFields.ROWVERSION]:
+          item[AdministratorTypeFields.ROWVERSION],
         [AdministratorTypeFields.NUMBER]: item[AdministratorTypeFields.NUMBER],
         [AdministratorTypeFields.NAME]: item[AdministratorTypeFields.NAME],
         [AdministratorTypeFields.IS_DELETED]:
diff --git a/src/views/systemmanagement/AdministratorManagementView.vue b/src/views/systemmanagement/AdministratorManagementView.vue
index 0cb270f..ef2be54 100644
--- a/src/views/systemmanagement/AdministratorManagementView.vue
+++ b/src/views/systemmanagement/AdministratorManagementView.vue
@@ -1,4 +1,4 @@
-<template>
+<template>
   <div>
     <h1 style="margin-bottom: 15px">{{ translatedPageTitle }}</h1>
     <div style="margin-bottom: 15px">
@@ -508,6 +508,7 @@ const fetchAdministratorData = async () => {
     if (result?.Items) {
       admins.value = result.Items.map((item) => ({
         [AdministratorFields.ID]: item[AdministratorFields.ID],
+        [AdministratorFields.ROWVERSION]: item[AdministratorFields.ROWVERSION],
         [AdministratorFields.NUMBER]: item[AdministratorFields.NUMBER],
         [AdministratorFields.NAME]: item[AdministratorFields.NAME],
         [AdministratorFields.ACCOUNT]: item[AdministratorFields.ACCOUNT],
diff --git a/src/views/systemmanagement/MenuManagementView.vue b/src/views/systemmanagement/MenuManagementView.vue
index 7ff8c21..09b769e 100644
--- a/src/views/systemmanagement/MenuManagementView.vue
+++ b/src/views/systemmanagement/MenuManagementView.vue
@@ -1,4 +1,4 @@
-<template>
+<template>
   <div>
     <h1 style="margin-bottom: 15px">{{ translatedPageTitle }}</h1>
     <div style="margin-bottom: 15px">
@@ -447,6 +447,7 @@ const fetchMenuData = async () => {
     if (result?.Items) {
       menus.value = result.Items.map((item) => ({
         [MenuFields.ID]: item[MenuFields.ID],
+        [MenuFields.ROWVERSION]: item[MenuFields.ROWVERSION],
         [MenuFields.KEY]: item[MenuFields.KEY],
         [MenuFields.TITLE]: item[MenuFields.TITLE],
         [MenuFields.PATH]: item[MenuFields.PATH],
diff --git a/src/views/systemmanagement/RoleManagementView.vue b/src/views/systemmanagement/RoleManagementView.vue
index 08fd474..bb53526 100644
--- a/src/views/systemmanagement/RoleManagementView.vue
+++ b/src/views/systemmanagement/RoleManagementView.vue
@@ -1,4 +1,4 @@
-<template>
+<template>
   <div>
     <h1 style="margin-bottom: 15px">{{ translatedPageTitle }}</h1>
     <div style="margin-bottom: 15px">
@@ -563,6 +563,7 @@ const fetchRoleData = async () => {
       roles.value = result.Items.map((item) => ({
         ...item,
         [RoleFields.ID]: item[RoleFields.ID],
+        [RoleFields.ROWVERSION]: item[RoleFields.ROWVERSION],
         [RoleFields.NUMBER]: item[RoleFields.NUMBER],
         [RoleFields.NAME]: item[RoleFields.NAME],
         [RoleFields.DESCRIPTION]: item[RoleFields.DESCRIPTION],
-- 
Gitee


From 7c10033aeccb845ca12badfd48cb4a2f57aa65b1 Mon Sep 17 00:00:00 2001
From: ck_yeun9 <jackson@oscode.top>
Date: Tue, 17 Feb 2026 01:20:50 +0800
Subject: [PATCH 03/10] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E6=94=B9=E8=BF=9B?=
 =?UTF-8?q?=E9=A1=B9=E3=80=82?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/api/baseapi.js                        | 78 +++++++++++++++++++++--
 src/layouts/MainLayout.vue                |  3 +
 src/utils/auth.js                         |  3 +
 src/views/SignInView.vue                  |  2 +
 src/views/supervision/SupervisionView.vue |  2 +-
 5 files changed, 82 insertions(+), 6 deletions(-)

diff --git a/src/api/baseapi.js b/src/api/baseapi.js
index 64019dd..a410d70 100644
--- a/src/api/baseapi.js
+++ b/src/api/baseapi.js
@@ -2,7 +2,14 @@ import axios from "axios";
 import { csrfTokenManager } from "@/utils/csrf";
 import { handleApiError, handleHttpError } from "@/common/errorHandler";
 
+const ACTION_PREFIX_REGEX =
+  /^(Select|GetAll|Get|Build|Read|Insert|Add|Create|Update|Upd|Delete|Del)/i;
+const SUFFIX_CLEANUP_REGEX = /(AllCanUse|CanUseAll|All|List)$/i;
+const ROW_VERSION_CACHE_TTL_MS = 30 * 60 * 1000;
+const ROW_VERSION_CACHE_MAX_ENTITIES = 200;
+
 const rowVersionCache = new Map();
+const rowVersionCacheTouchedAt = new Map();
 
 const api = axios.create({
   baseURL: import.meta.env.VITE_API_URL,
@@ -26,6 +33,46 @@ export const isApiSuccess = (payload) => {
 export const getApiMessage = (payload) =>
   payload?.Message || payload?.message || "Request failed";
 
+export const clearRowVersionCache = (entityKey) => {
+  if (entityKey) {
+    rowVersionCache.delete(entityKey);
+    rowVersionCacheTouchedAt.delete(entityKey);
+    return;
+  }
+
+  rowVersionCache.clear();
+  rowVersionCacheTouchedAt.clear();
+};
+
+const touchRowVersionCacheEntity = (entityKey) => {
+  if (!entityKey) {
+    return;
+  }
+  rowVersionCacheTouchedAt.set(entityKey, Date.now());
+};
+
+const pruneRowVersionCache = () => {
+  const now = Date.now();
+
+  for (const [entityKey, lastTouchedAt] of rowVersionCacheTouchedAt.entries()) {
+    if (now - lastTouchedAt > ROW_VERSION_CACHE_TTL_MS) {
+      clearRowVersionCache(entityKey);
+    }
+  }
+
+  if (rowVersionCache.size <= ROW_VERSION_CACHE_MAX_ENTITIES) {
+    return;
+  }
+
+  const overflowCount = rowVersionCache.size - ROW_VERSION_CACHE_MAX_ENTITIES;
+  const staleEntityKeys = [...rowVersionCacheTouchedAt.entries()]
+    .sort((a, b) => a[1] - b[1])
+    .slice(0, overflowCount)
+    .map(([entityKey]) => entityKey);
+
+  staleEntityKeys.forEach((entityKey) => clearRowVersionCache(entityKey));
+};
+
 const getEntityKeyFromUrl = (url = "") => {
   if (typeof url !== "string" || url.length === 0) {
     return "";
@@ -44,11 +91,8 @@ const getEntityKeyFromUrl = (url = "") => {
   }
 
   let resource = action
-    .replace(
-      /^(Select|GetAll|Get|Build|Read|Insert|Add|Create|Update|Upd|Delete|Del)/i,
-      "",
-    )
-    .replace(/(AllCanUse|CanUseAll|All|List)$/i, "")
+    .replace(ACTION_PREFIX_REGEX, "")
+    .replace(SUFFIX_CLEANUP_REGEX, "")
     .replace(/InfoBy[A-Za-z0-9]+$/i, "")
     .replace(/Info$/i, "")
     .replace(/Types$/i, "Type");
@@ -134,6 +178,7 @@ const saveRowVersionToCache = (entityKey, record) => {
   }
 
   rowVersionCache.get(entityKey).set(String(id), rowVersion);
+  touchRowVersionCacheEntity(entityKey);
 };
 
 const saveRowVersionsFromResponse = (response) => {
@@ -151,16 +196,19 @@ const saveRowVersionsFromResponse = (response) => {
   const items = data?.Items ?? data?.items;
   if (Array.isArray(items)) {
     items.forEach((item) => saveRowVersionToCache(entityKey, item));
+    pruneRowVersionCache();
     return;
   }
 
   if (Array.isArray(data)) {
     data.forEach((item) => saveRowVersionToCache(entityKey, item));
+    pruneRowVersionCache();
     return;
   }
 
   if (typeof data === "object") {
     saveRowVersionToCache(entityKey, data);
+    pruneRowVersionCache();
   }
 };
 
@@ -204,6 +252,7 @@ const attachRowVersionFromCache = (config) => {
     return config;
   }
 
+  touchRowVersionCacheEntity(entityKey);
   data.RowVersion = rowVersion;
   return config;
 };
@@ -236,6 +285,13 @@ const retryRequest = async (error) => {
 
 api.interceptors.request.use(
   async (config) => {
+    const token = localStorage.getItem("token");
+    if (!token && rowVersionCache.size > 0) {
+      clearRowVersionCache();
+    } else {
+      pruneRowVersionCache();
+    }
+
     config = setAuthorizationHeader(config);
     config = attachRowVersionFromCache(config);
 
@@ -287,4 +343,16 @@ api.interceptors.response.use(
   },
 );
 
+if (typeof window !== "undefined") {
+  window.addEventListener("beforeunload", () => {
+    clearRowVersionCache();
+  });
+
+  window.addEventListener("storage", (event) => {
+    if (event.key === "token" && !event.newValue) {
+      clearRowVersionCache();
+    }
+  });
+}
+
 export default api;
diff --git a/src/layouts/MainLayout.vue b/src/layouts/MainLayout.vue
index a3bd4aa..323e4a3 100644
--- a/src/layouts/MainLayout.vue
+++ b/src/layouts/MainLayout.vue
@@ -267,6 +267,7 @@ import {
   signOut,
   getServerVersion,
 } from "../api/basicapi";
+import { clearRowVersionCache } from "@/api/baseapi";
 
 const serverVersion = ref("");
 
@@ -783,6 +784,7 @@ const checkLoginStatus = () => {
     loginType.value = "admin";
     allowedPermissionCodes.value = [];
     username.value = "";
+    clearRowVersionCache();
   }
 };
 
@@ -799,6 +801,7 @@ const logout = async () => {
   localStorage.removeItem("allowedPaths");
   localStorage.removeItem("allowedMenuKeys");
   localStorage.removeItem("allowedPerms");
+  clearRowVersionCache();
   isLoggedIn.value = false;
   allowedPermissionCodes.value = [];
   username.value = "";
diff --git a/src/utils/auth.js b/src/utils/auth.js
index 5803819..c2d6195 100644
--- a/src/utils/auth.js
+++ b/src/utils/auth.js
@@ -3,6 +3,7 @@ import router from "@/router";
 import { showErrorNotification } from "@/utils/index";
 import i18n from "@/i18n";
 import { signOut } from "@/api/basicapi";
+import { clearRowVersionCache } from "@/api/baseapi";
 
 export function redirectToLogin(
   message = i18n.global.t("message.loginExpired"),
@@ -12,6 +13,7 @@ export function redirectToLogin(
   if (clearStorage) {
     localStorage.removeItem("token");
     localStorage.removeItem("username");
+    clearRowVersionCache();
   }
 
   if (router.currentRoute.value.path !== "/signin") {
@@ -34,6 +36,7 @@ export async function handleLogout() {
       localStorage.removeItem("allowedPerms");
       localStorage.removeItem("allowedPaths");
       localStorage.removeItem("allowedMenuKeys");
+      clearRowVersionCache();
       // 重定向到登录页
       router.push("/signin");
     }
diff --git a/src/views/SignInView.vue b/src/views/SignInView.vue
index 60e780f..faca434 100644
--- a/src/views/SignInView.vue
+++ b/src/views/SignInView.vue
@@ -126,6 +126,7 @@ import {
   isTwoFactorChallenge,
   signIn,
 } from "../api/basicapi";
+import { clearRowVersionCache } from "@/api/baseapi";
 import { useI18n } from "vue-i18n";
 
 const { t, locale } = useI18n();
@@ -200,6 +201,7 @@ const clearTwoFactorChallenge = () => {
 };
 
 const persistLoginData = async (userData, loginType) => {
+  clearRowVersionCache();
   localStorage.setItem("token", userData.UserToken);
   localStorage.setItem(
     "username",
diff --git a/src/views/supervision/SupervisionView.vue b/src/views/supervision/SupervisionView.vue
index 3b7eecf..202f166 100644
--- a/src/views/supervision/SupervisionView.vue
+++ b/src/views/supervision/SupervisionView.vue
@@ -1,4 +1,4 @@
-<template>
+<template>
   <div>
     <h1 style="margin-bottom: 15px">{{ translatedPageTitle }}</h1>
     <div style="margin-bottom: 15px">
-- 
Gitee


From aaa9a44e0b85526f9afdf432a32438ffc2f3baa4 Mon Sep 17 00:00:00 2001
From: ck_yeun9 <jackson@oscode.top>
Date: Mon, 16 Feb 2026 19:11:47 +0000
Subject: [PATCH 04/10] =?UTF-8?q?!7=20=E6=94=B9=E8=BF=9Bapi=E8=A7=84?=
 =?UTF-8?q?=E8=8C=83=E3=80=82=20*=20=E4=BF=AE=E5=A4=8D=E9=98=BB=E6=96=AD?=
 =?UTF-8?q?=E9=A1=B9=E3=80=82=20*=20Merge=20branch=20'SupportRowVersion'?=
 =?UTF-8?q?=20of=20gitee.com:java-and-net/topsky-hote=E2=80=A6=20*=20?=
 =?UTF-8?q?=E6=94=B9=E8=BF=9Bapi=E8=A7=84=E8=8C=83=E3=80=82?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/api/administratorapi.js                   |  55 +++--
 src/api/administratortypeapi.js               |  21 +-
 src/api/basicapi.js                           |  53 +++--
 src/api/csrfapi.js                            |   7 +-
 src/api/customerapi.js                        |  23 +-
 src/api/customerpermissionapi.js              |  38 ++--
 src/api/customertypeapi.js                    |  23 +-
 src/api/custotypeapi.js                       |  30 ++-
 src/api/dashboardapi.js                       |  27 ++-
 src/api/departmentapi.js                      |  11 +-
 src/api/employeeapi.js                        |  44 +++-
 src/api/employeepermissionapi.js              |  38 ++--
 src/api/goodsapi.js                           |  21 +-
 src/api/hydroelectricityapi.js                |   9 +-
 src/api/internalfinanceapi.js                 |  23 +-
 src/api/menuapi.js                            |  25 ++-
 src/api/nationapi.js                          |  14 +-
 src/api/noticetypeapi.js                      |  23 +-
 src/api/passportapi.js                        |  28 ++-
 src/api/permissionapi.js                      |  18 +-
 src/api/positionapi.js                        |  23 +-
 src/api/promotioncontentapi.js                |   9 +-
 src/api/qualificationapi.js                   |  23 +-
 src/api/reserapi.js                           |  28 ++-
 src/api/roleapi.js                            |  58 ++++-
 src/api/roomapi.js                            |  27 ++-
 src/api/roomstateapi.js                       |   5 +-
 src/api/roomtypeapi.js                        |  23 +-
 src/api/spendinfoapi.js                       |  18 +-
 src/api/supervisioninfoapi.js                 |  10 +-
 src/api/utilityapi.js                         |  22 +-
 src/api/vipruleapi.js                         |  23 +-
 src/api/workerfeatureapi.js                   |   6 +-
 src/config/apiEndpoints.js                    | 117 ++++++++++
 src/config/apiRoutes.json                     | 141 ++++++++++++
 src/directives/permission.js                  |  70 ++++--
 src/i18n.js                                   |   3 +
 src/layouts/MainLayout.vue                    | 210 +++++++++++++++---
 src/router/index.js                           |  38 +++-
 src/utils/auth.js                             |  33 +--
 src/utils/jwt.js                              |  89 ++++++++
 src/utils/permission.js                       |   9 +-
 src/views/SignInView.vue                      |  10 +
 src/views/dashboard/DashboardView.vue         |  19 +-
 src/views/home/HomeView.vue                   |  20 ++
 .../systemmanagement/RoleManagementView.vue   |   7 +
 .../UnifiedAccountPermissionView.vue          |   6 +
 47 files changed, 1296 insertions(+), 282 deletions(-)
 create mode 100644 src/config/apiEndpoints.js
 create mode 100644 src/config/apiRoutes.json
 create mode 100644 src/utils/jwt.js
 create mode 100644 src/views/home/HomeView.vue

diff --git a/src/api/administratorapi.js b/src/api/administratorapi.js
index c64ebd5..9e802a6 100644
--- a/src/api/administratorapi.js
+++ b/src/api/administratorapi.js
@@ -1,9 +1,25 @@
 import api from "../api";
+import { API_ENDPOINTS } from "../config/apiEndpoints";
 
 // 获取管理员列表
+const buildUserNumberPayload = (userNumber) => {
+  if (userNumber && typeof userNumber === "object") {
+    return {
+      UserNumber: userNumber.UserNumber ?? userNumber.userNumber ?? "",
+    };
+  }
+
+  return { UserNumber: userNumber };
+};
+
 export const fetchAdmins = async (params) => {
   try {
-    const response = await api.get("/Admin/GetAllAdminList", { params });
+    const response = await api.get(
+      API_ENDPOINTS.routes.ADMIN_GET_ALL_ADMIN_LIST,
+      {
+        params,
+      },
+    );
     return response.data.Data;
   } catch (error) {
     throw error;
@@ -13,7 +29,7 @@ export const fetchAdmins = async (params) => {
 // 添加管理员
 export const addAdmin = async (data) => {
   try {
-    const response = await api.post("/Admin/AddAdmin", data);
+    const response = await api.post(API_ENDPOINTS.routes.ADMIN_ADD_ADMIN, data);
     return response.data;
   } catch (error) {
     throw error;
@@ -23,7 +39,7 @@ export const addAdmin = async (data) => {
 // 更新管理员
 export const updateAdmin = async (data) => {
   try {
-    const response = await api.post(`/Admin/UpdAdmin`, data);
+    const response = await api.post(API_ENDPOINTS.routes.ADMIN_UPD_ADMIN, data);
     return response.data;
   } catch (error) {
     throw error;
@@ -33,7 +49,7 @@ export const updateAdmin = async (data) => {
 // 删除管理员
 export const deleteAdmin = async (data) => {
   try {
-    const response = await api.post(`/Admin/DelAdmin`, data);
+    const response = await api.post(API_ENDPOINTS.routes.ADMIN_DEL_ADMIN, data);
     return response.data;
   } catch (error) {
     throw error;
@@ -43,7 +59,10 @@ export const deleteAdmin = async (data) => {
 // 为用户分配角色（全量覆盖）
 export const assignUserRoles = async (data) => {
   try {
-    const response = await api.post("/Admin/AssignUserRoles", data);
+    const response = await api.post(
+      API_ENDPOINTS.routes.ADMIN_ASSIGN_USER_ROLES,
+      data,
+    );
     return response.data;
   } catch (error) {
     throw error;
@@ -53,9 +72,10 @@ export const assignUserRoles = async (data) => {
 // 读取指定用户已分配角色编码集合
 export const readUserRoles = async (userNumber) => {
   try {
-    const response = await api.get("/Admin/ReadUserRoles", {
-      params: { userNumber },
-    });
+    const response = await api.post(
+      API_ENDPOINTS.routes.ADMIN_READ_USER_ROLES,
+      buildUserNumberPayload(userNumber),
+    );
     return response.data?.Data?.Items || [];
   } catch (error) {
     throw error;
@@ -65,9 +85,10 @@ export const readUserRoles = async (userNumber) => {
 // 读取指定用户的角色-权限明细（来自 RolePermission + Permission）
 export const readUserRolePermissions = async (userNumber) => {
   try {
-    const response = await api.get("/Admin/ReadUserRolePermissions", {
-      params: { userNumber },
-    });
+    const response = await api.post(
+      API_ENDPOINTS.routes.ADMIN_READ_USER_ROLE_PERMISSIONS,
+      buildUserNumberPayload(userNumber),
+    );
     return response.data?.Data?.Items || [];
   } catch (error) {
     throw error;
@@ -77,7 +98,10 @@ export const readUserRolePermissions = async (userNumber) => {
 // 为用户分配“直接权限”（全量覆盖）
 export const assignUserPermissions = async (data) => {
   try {
-    const response = await api.post("/Admin/AssignUserPermissions", data);
+    const response = await api.post(
+      API_ENDPOINTS.routes.ADMIN_ASSIGN_USER_PERMISSIONS,
+      data,
+    );
     return response.data;
   } catch (error) {
     throw error;
@@ -87,9 +111,10 @@ export const assignUserPermissions = async (data) => {
 // 读取指定用户的“直接权限”权限编码集合
 export const readUserDirectPermissions = async (userNumber) => {
   try {
-    const response = await api.get("/Admin/ReadUserDirectPermissions", {
-      params: { userNumber },
-    });
+    const response = await api.post(
+      API_ENDPOINTS.routes.ADMIN_READ_USER_DIRECT_PERMISSIONS,
+      buildUserNumberPayload(userNumber),
+    );
     return response.data?.Data?.Items || [];
   } catch (error) {
     throw error;
diff --git a/src/api/administratortypeapi.js b/src/api/administratortypeapi.js
index ab9bec9..1edd162 100644
--- a/src/api/administratortypeapi.js
+++ b/src/api/administratortypeapi.js
@@ -1,9 +1,13 @@
 import api from "../api";
+import { API_ENDPOINTS } from "../config/apiEndpoints";
 
 // 获取管理员类型列表
 export const fetchAdminTypes = async (params) => {
   try {
-    const response = await api.get("/Admin/GetAllAdminTypes", { params });
+    const response = await api.get(
+      API_ENDPOINTS.routes.ADMIN_GET_ALL_ADMIN_TYPES,
+      { params },
+    );
     return response.data.Data;
   } catch (error) {
     throw error;
@@ -13,7 +17,10 @@ export const fetchAdminTypes = async (params) => {
 // 添加管理员类型
 export const addAdminType = async (data) => {
   try {
-    const response = await api.post("/Admin/AddAdminType", data);
+    const response = await api.post(
+      API_ENDPOINTS.routes.ADMIN_ADD_ADMIN_TYPE,
+      data,
+    );
     return response.data;
   } catch (error) {
     throw error;
@@ -23,7 +30,10 @@ export const addAdminType = async (data) => {
 // 更新管理员类型
 export const updateAdminType = async (data) => {
   try {
-    const response = await api.post(`/Admin/UpdAdminType`, data);
+    const response = await api.post(
+      API_ENDPOINTS.routes.ADMIN_UPD_ADMIN_TYPE,
+      data,
+    );
     return response.data;
   } catch (error) {
     throw error;
@@ -33,7 +43,10 @@ export const updateAdminType = async (data) => {
 // 删除管理员类型
 export const deleteAdminType = async (data) => {
   try {
-    const response = await api.post(`/Admin/DelAdminType`, data);
+    const response = await api.post(
+      API_ENDPOINTS.routes.ADMIN_DEL_ADMIN_TYPE,
+      data,
+    );
     return response.data;
   } catch (error) {
     throw error;
diff --git a/src/api/basicapi.js b/src/api/basicapi.js
index 9389e98..02b7731 100644
--- a/src/api/basicapi.js
+++ b/src/api/basicapi.js
@@ -1,19 +1,25 @@
 import api from "../api";
+import { API_ENDPOINTS } from "../config/apiEndpoints";
 
 const LOGIN_ENDPOINTS = {
-  admin: "/Admin/Login",
-  employee: "/Employee/EmployeeLogin",
+  admin: API_ENDPOINTS.login.admin,
+  employee: API_ENDPOINTS.login.employee,
 };
 
 const TWO_FACTOR_CONTROLLERS = {
-  admin: "Admin",
-  employee: "Employee",
+  admin: API_ENDPOINTS.twoFactor.admin,
+  employee: API_ENDPOINTS.twoFactor.employee,
 };
 
-const resolveLoginEndpoint = (loginType = "admin") =>
+const LOGIN_TYPES = {
+  admin: API_ENDPOINTS.loginTypes.admin,
+  employee: API_ENDPOINTS.loginTypes.employee,
+};
+
+const resolveLoginEndpoint = (loginType = LOGIN_TYPES.admin) =>
   LOGIN_ENDPOINTS[loginType] || LOGIN_ENDPOINTS.admin;
 
-const resolveTwoFactorController = (loginType = "admin") =>
+const resolveTwoFactorController = (loginType = LOGIN_TYPES.admin) =>
   TWO_FACTOR_CONTROLLERS[loginType] || TWO_FACTOR_CONTROLLERS.admin;
 
 const toErrorPayload = (error) =>
@@ -37,7 +43,7 @@ export const isTwoFactorChallenge = (payload) =>
   payload?.Code === 1401 && payload?.Data?.RequiresTwoFactor === true;
 
 // 登录
-export const signIn = async (data, loginType = "admin") => {
+export const signIn = async (data, loginType = LOGIN_TYPES.admin) => {
   try {
     const response = await api.post(resolveLoginEndpoint(loginType), data, {
       skipBusinessErrorHandling: true,
@@ -52,7 +58,7 @@ export const signIn = async (data, loginType = "admin") => {
 // 登出
 export const signOut = async (data) => {
   try {
-    const response = await api.post("/Admin/Logout", data);
+    const response = await api.post(API_ENDPOINTS.routes.ADMIN_LOGOUT, data);
     const resData = response.data;
     if (isApiSuccess(resData)) {
       return resData;
@@ -66,29 +72,32 @@ export const signOut = async (data) => {
 
 // 获取服务器版本号
 export const getServerVersion = async () => {
-  const response = await api.get("/version");
+  const response = await api.get(API_ENDPOINTS.routes.VERSION);
   const resData = response.data;
   return resData;
 };
 
-export const fetchTwoFactorStatus = async (loginType = "admin") => {
+export const fetchTwoFactorStatus = async (loginType = LOGIN_TYPES.admin) => {
   try {
     const controller = resolveTwoFactorController(loginType);
-    const response = await api.get(`/${controller}/GetTwoFactorStatus`, {
-      skipBusinessErrorHandling: true,
-      skipHttpErrorHandling: true,
-    });
+    const response = await api.get(
+      API_ENDPOINTS.dynamic.getTwoFactorStatus(controller),
+      {
+        skipBusinessErrorHandling: true,
+        skipHttpErrorHandling: true,
+      },
+    );
     return response.data;
   } catch (error) {
     throw toErrorPayload(error);
   }
 };
 
-export const generateTwoFactorSetup = async (loginType = "admin") => {
+export const generateTwoFactorSetup = async (loginType = LOGIN_TYPES.admin) => {
   try {
     const controller = resolveTwoFactorController(loginType);
     const response = await api.post(
-      `/${controller}/GenerateTwoFactorSetup`,
+      API_ENDPOINTS.dynamic.generateTwoFactorSetup(controller),
       {},
       {
         skipBusinessErrorHandling: true,
@@ -102,13 +111,13 @@ export const generateTwoFactorSetup = async (loginType = "admin") => {
 };
 
 export const enableTwoFactor = async (
-  loginType = "admin",
+  loginType = LOGIN_TYPES.admin,
   verificationCode = "",
 ) => {
   try {
     const controller = resolveTwoFactorController(loginType);
     const response = await api.post(
-      `/${controller}/EnableTwoFactor`,
+      API_ENDPOINTS.dynamic.enableTwoFactor(controller),
       { VerificationCode: verificationCode },
       {
         skipBusinessErrorHandling: true,
@@ -122,13 +131,13 @@ export const enableTwoFactor = async (
 };
 
 export const disableTwoFactor = async (
-  loginType = "admin",
+  loginType = LOGIN_TYPES.admin,
   verificationCode = "",
 ) => {
   try {
     const controller = resolveTwoFactorController(loginType);
     const response = await api.post(
-      `/${controller}/DisableTwoFactor`,
+      API_ENDPOINTS.dynamic.disableTwoFactor(controller),
       { VerificationCode: verificationCode },
       {
         skipBusinessErrorHandling: true,
@@ -142,13 +151,13 @@ export const disableTwoFactor = async (
 };
 
 export const regenerateTwoFactorRecoveryCodes = async (
-  loginType = "admin",
+  loginType = LOGIN_TYPES.admin,
   verificationCode = "",
 ) => {
   try {
     const controller = resolveTwoFactorController(loginType);
     const response = await api.post(
-      `/${controller}/RegenerateTwoFactorRecoveryCodes`,
+      API_ENDPOINTS.dynamic.regenerateTwoFactorRecoveryCodes(controller),
       { VerificationCode: verificationCode },
       {
         skipBusinessErrorHandling: true,
diff --git a/src/api/csrfapi.js b/src/api/csrfapi.js
index 8e327bd..bfcc637 100644
--- a/src/api/csrfapi.js
+++ b/src/api/csrfapi.js
@@ -1,8 +1,9 @@
 import api from "./index";
+import { API_ENDPOINTS } from "../config/apiEndpoints";
 
 export const getCsrfToken = async () => {
   try {
-    const response = await api.get("/Login/GetCSRFToken");
+    const response = await api.get(API_ENDPOINTS.routes.LOGIN_GET_CSRF_TOKEN);
     if (!response.data.Success) {
       throw new Error(response.data.Message);
     }
@@ -14,7 +15,9 @@ export const getCsrfToken = async () => {
 
 export const refreshCsrfToken = async () => {
   try {
-    const response = await api.get("/Login/RefreshCSRFToken");
+    const response = await api.get(
+      API_ENDPOINTS.routes.LOGIN_REFRESH_CSRF_TOKEN,
+    );
     if (!response.data.Success) {
       throw new Error(response.data.Message);
     }
diff --git a/src/api/customerapi.js b/src/api/customerapi.js
index e45e1fc..5cf821d 100644
--- a/src/api/customerapi.js
+++ b/src/api/customerapi.js
@@ -1,9 +1,15 @@
 import api from "../api";
+import { API_ENDPOINTS } from "../config/apiEndpoints";
 
 // 获取客户列表
 export const fetchCustomers = async (params) => {
   try {
-    const response = await api.get("/Customer/SelectCustomers", { params });
+    const response = await api.get(
+      API_ENDPOINTS.routes.CUSTOMER_SELECT_CUSTOMERS,
+      {
+        params,
+      },
+    );
     return response.data.Data;
   } catch (error) {
     throw error;
@@ -13,7 +19,10 @@ export const fetchCustomers = async (params) => {
 // 添加客户
 export const addCustomer = async (data) => {
   try {
-    const response = await api.post("/Customer/InsertCustomerInfo", data);
+    const response = await api.post(
+      API_ENDPOINTS.routes.CUSTOMER_INSERT_CUSTOMER_INFO,
+      data,
+    );
     return response.data;
   } catch (error) {
     throw error;
@@ -23,7 +32,10 @@ export const addCustomer = async (data) => {
 // 更新客户
 export const updateCustomer = async (data) => {
   try {
-    const response = await api.post(`/Customer/UpdCustomerInfo`, data);
+    const response = await api.post(
+      API_ENDPOINTS.routes.CUSTOMER_UPD_CUSTOMER_INFO,
+      data,
+    );
     return response.data;
   } catch (error) {
     throw error;
@@ -33,7 +45,10 @@ export const updateCustomer = async (data) => {
 // 删除客户
 export const deleteCustomer = async (data) => {
   try {
-    const response = await api.post(`/Customer/DelCustomerInfo`, data);
+    const response = await api.post(
+      API_ENDPOINTS.routes.CUSTOMER_DEL_CUSTOMER_INFO,
+      data,
+    );
     return response.data;
   } catch (error) {
     throw error;
diff --git a/src/api/customerpermissionapi.js b/src/api/customerpermissionapi.js
index 2bfdfa8..23b207e 100644
--- a/src/api/customerpermissionapi.js
+++ b/src/api/customerpermissionapi.js
@@ -1,11 +1,23 @@
 import api from "../api";
+import { API_ENDPOINTS } from "../config/apiEndpoints";
 
 // 读取指定客户已分配的角色（返回角色编码集合）
+const buildUserNumberPayload = (customerNumber) => {
+  if (customerNumber && typeof customerNumber === "object") {
+    return {
+      UserNumber: customerNumber.UserNumber ?? customerNumber.userNumber ?? "",
+    };
+  }
+
+  return { UserNumber: customerNumber };
+};
+
 export const readUserRoles = async (customerNumber) => {
   try {
-    const response = await api.get("/CustomerPermission/ReadUserRoles", {
-      params: { userNumber: customerNumber },
-    });
+    const response = await api.post(
+      API_ENDPOINTS.routes.CUSTOMER_PERMISSION_READ_USER_ROLES,
+      buildUserNumberPayload(customerNumber),
+    );
     return response.data?.Data?.Items || [];
   } catch (error) {
     throw error;
@@ -16,7 +28,7 @@ export const readUserRoles = async (customerNumber) => {
 export const assignUserRoles = async (data) => {
   try {
     const response = await api.post(
-      "/CustomerPermission/AssignUserRoles",
+      API_ENDPOINTS.routes.CUSTOMER_PERMISSION_ASSIGN_USER_ROLES,
       data,
     );
     return response.data;
@@ -28,11 +40,9 @@ export const assignUserRoles = async (data) => {
 // 读取客户（通过角色）所拥有的权限明细（列表）
 export const readUserRolePermissions = async (customerNumber) => {
   try {
-    const response = await api.get(
-      "/CustomerPermission/ReadUserRolePermissions",
-      {
-        params: { userNumber: customerNumber },
-      },
+    const response = await api.post(
+      API_ENDPOINTS.routes.CUSTOMER_PERMISSION_READ_USER_ROLE_PERMISSIONS,
+      buildUserNumberPayload(customerNumber),
     );
     return response.data?.Data?.Items || [];
   } catch (error) {
@@ -43,11 +53,9 @@ export const readUserRolePermissions = async (customerNumber) => {
 // 读取客户“直接权限”（非角色继承）权限编码集合
 export const readUserDirectPermissions = async (customerNumber) => {
   try {
-    const response = await api.get(
-      "/CustomerPermission/ReadUserDirectPermissions",
-      {
-        params: { userNumber: customerNumber },
-      },
+    const response = await api.post(
+      API_ENDPOINTS.routes.CUSTOMER_PERMISSION_READ_USER_DIRECT_PERMISSIONS,
+      buildUserNumberPayload(customerNumber),
     );
     return response.data?.Data?.Items || [];
   } catch (error) {
@@ -59,7 +67,7 @@ export const readUserDirectPermissions = async (customerNumber) => {
 export const assignUserPermissions = async (data) => {
   try {
     const response = await api.post(
-      "/CustomerPermission/AssignUserPermissions",
+      API_ENDPOINTS.routes.CUSTOMER_PERMISSION_ASSIGN_USER_PERMISSIONS,
       data,
     );
     return response.data;
diff --git a/src/api/customertypeapi.js b/src/api/customertypeapi.js
index 5ccd0f6..9e184d1 100644
--- a/src/api/customertypeapi.js
+++ b/src/api/customertypeapi.js
@@ -1,9 +1,15 @@
 import api from "../api";
+import { API_ENDPOINTS } from "../config/apiEndpoints";
 
 // 获取客户类型列表
 export const fetchCustomerTypes = async (params) => {
   try {
-    const response = await api.get("/Base/SelectCustoTypeAll", { params });
+    const response = await api.get(
+      API_ENDPOINTS.routes.BASE_SELECT_CUSTO_TYPE_ALL,
+      {
+        params,
+      },
+    );
     return response.data.Data;
   } catch (error) {
     throw error;
@@ -13,7 +19,10 @@ export const fetchCustomerTypes = async (params) => {
 // 添加客户类型
 export const addCustomerType = async (data) => {
   try {
-    const response = await api.post("/Base/InsertCustoType", data);
+    const response = await api.post(
+      API_ENDPOINTS.routes.BASE_INSERT_CUSTO_TYPE,
+      data,
+    );
     return response.data;
   } catch (error) {
     throw error;
@@ -23,7 +32,10 @@ export const addCustomerType = async (data) => {
 // 更新客户类型
 export const updateCustomerType = async (data) => {
   try {
-    const response = await api.post(`/Base/UpdateCustoType`, data);
+    const response = await api.post(
+      API_ENDPOINTS.routes.BASE_UPDATE_CUSTO_TYPE,
+      data,
+    );
     return response.data;
   } catch (error) {
     throw error;
@@ -33,7 +45,10 @@ export const updateCustomerType = async (data) => {
 // 删除客户类型
 export const deleteCustomerType = async (data) => {
   try {
-    const response = await api.post(`/Base/DeleteCustoType`, data);
+    const response = await api.post(
+      API_ENDPOINTS.routes.BASE_DELETE_CUSTO_TYPE,
+      data,
+    );
     return response.data;
   } catch (error) {
     throw error;
diff --git a/src/api/custotypeapi.js b/src/api/custotypeapi.js
index 7e9445f..5a28df8 100644
--- a/src/api/custotypeapi.js
+++ b/src/api/custotypeapi.js
@@ -1,9 +1,15 @@
 import api from "../api";
+import { API_ENDPOINTS } from "../config/apiEndpoints";
 
 // 获取客户类型列表
 export const fetchCustomerTypes = async (params) => {
   try {
-    const response = await api.get("/Base/SelectCustoTypeAll", { params });
+    const response = await api.get(
+      API_ENDPOINTS.routes.BASE_SELECT_CUSTO_TYPE_ALL,
+      {
+        params,
+      },
+    );
     return response.data.Data;
   } catch (error) {
     throw error;
@@ -13,9 +19,10 @@ export const fetchCustomerTypes = async (params) => {
 // 获取可用客户类型列表
 export const fetchCanUseCustomerTypes = async (params) => {
   try {
-    const response = await api.get("/Base/SelectCustoTypeAllCanUse", {
-      params,
-    });
+    const response = await api.get(
+      API_ENDPOINTS.routes.BASE_SELECT_CUSTO_TYPE_ALL_CAN_USE,
+      { params },
+    );
     return response.data.Data;
   } catch (error) {
     throw error;
@@ -25,7 +32,10 @@ export const fetchCanUseCustomerTypes = async (params) => {
 // 添加客户类型
 export const addCustomerType = async (data) => {
   try {
-    const response = await api.post("/Base/InsertCustoType", data);
+    const response = await api.post(
+      API_ENDPOINTS.routes.BASE_INSERT_CUSTO_TYPE,
+      data,
+    );
     return response.data;
   } catch (error) {
     throw error;
@@ -35,7 +45,10 @@ export const addCustomerType = async (data) => {
 // 更新客户类型
 export const updateCustomerType = async (data) => {
   try {
-    const response = await api.post(`/Base/UpdateCustoType`, data);
+    const response = await api.post(
+      API_ENDPOINTS.routes.BASE_UPDATE_CUSTO_TYPE,
+      data,
+    );
     return response.data;
   } catch (error) {
     throw error;
@@ -45,7 +58,10 @@ export const updateCustomerType = async (data) => {
 // 删除客户类型
 export const deleteCustomerType = async (data) => {
   try {
-    const response = await api.post(`/Base/DeleteCustoType`, data);
+    const response = await api.post(
+      API_ENDPOINTS.routes.BASE_DELETE_CUSTO_TYPE,
+      data,
+    );
     return response.data;
   } catch (error) {
     throw error;
diff --git a/src/api/dashboardapi.js b/src/api/dashboardapi.js
index 74910e1..85bb05a 100644
--- a/src/api/dashboardapi.js
+++ b/src/api/dashboardapi.js
@@ -1,9 +1,15 @@
 import api from "../api";
+import { API_ENDPOINTS } from "../config/apiEndpoints";
 
 // 获取房间统计信息
 export const fetchRoomStatistics = async (params) => {
   try {
-    const response = await api.get("/Dashboard/RoomStatistics", { params });
+    const response = await api.get(
+      API_ENDPOINTS.routes.DASHBOARD_ROOM_STATISTICS,
+      {
+        params,
+      },
+    );
     return response.data;
   } catch (error) {
     throw error;
@@ -13,7 +19,10 @@ export const fetchRoomStatistics = async (params) => {
 // 获取业务统计信息
 export const fetchBusinessStatistics = async (params) => {
   try {
-    const response = await api.get("/Dashboard/BusinessStatistics", { params });
+    const response = await api.get(
+      API_ENDPOINTS.routes.DASHBOARD_BUSINESS_STATISTICS,
+      { params },
+    );
     return response.data;
   } catch (error) {
     throw error;
@@ -23,9 +32,10 @@ export const fetchBusinessStatistics = async (params) => {
 // 获取后勤统计信息
 export const fetchLogisticsStatistics = async (params) => {
   try {
-    const response = await api.get("/Dashboard/LogisticsStatistics", {
-      params,
-    });
+    const response = await api.get(
+      API_ENDPOINTS.routes.DASHBOARD_LOGISTICS_STATISTICS,
+      { params },
+    );
     return response.data;
   } catch (error) {
     throw error;
@@ -35,9 +45,10 @@ export const fetchLogisticsStatistics = async (params) => {
 // 获取人事统计信息
 export const fetchHumanResourcesStatistics = async (params) => {
   try {
-    const response = await api.get("/Dashboard/HumanResourcesStatistics", {
-      params,
-    });
+    const response = await api.get(
+      API_ENDPOINTS.routes.DASHBOARD_HUMAN_RESOURCES_STATISTICS,
+      { params },
+    );
     return response.data;
   } catch (error) {
     throw error;
diff --git a/src/api/departmentapi.js b/src/api/departmentapi.js
index 060545a..0193b64 100644
--- a/src/api/departmentapi.js
+++ b/src/api/departmentapi.js
@@ -1,9 +1,12 @@
 import api from "../api";
+import { API_ENDPOINTS } from "../config/apiEndpoints";
 
 // 获取部门列表
 export const fetchDepartments = async (params) => {
   try {
-    const response = await api.get("/Base/SelectDeptAll", { params });
+    const response = await api.get(API_ENDPOINTS.routes.BASE_SELECT_DEPT_ALL, {
+      params,
+    });
     return response.data.Data;
   } catch (error) {
     throw error;
@@ -13,7 +16,7 @@ export const fetchDepartments = async (params) => {
 // 添加部门
 export const addDepartment = async (data) => {
   try {
-    const response = await api.post("/Base/AddDept", data);
+    const response = await api.post(API_ENDPOINTS.routes.BASE_ADD_DEPT, data);
     return response.data;
   } catch (error) {
     throw error;
@@ -23,7 +26,7 @@ export const addDepartment = async (data) => {
 // 更新部门
 export const updateDepartment = async (data) => {
   try {
-    const response = await api.post(`/Base/UpdDept`, data);
+    const response = await api.post(API_ENDPOINTS.routes.BASE_UPD_DEPT, data);
     return response.data;
   } catch (error) {
     throw error;
@@ -33,7 +36,7 @@ export const updateDepartment = async (data) => {
 // 删除部门
 export const deleteDepartment = async (data) => {
   try {
-    const response = await api.post(`/Base/DelDept`, { data });
+    const response = await api.post(API_ENDPOINTS.routes.BASE_DEL_DEPT, { data });
     return response.data;
   } catch (error) {
     throw error;
diff --git a/src/api/employeeapi.js b/src/api/employeeapi.js
index 6de5c87..d34d977 100644
--- a/src/api/employeeapi.js
+++ b/src/api/employeeapi.js
@@ -1,9 +1,15 @@
 import api from "../api";
+import { API_ENDPOINTS } from "../config/apiEndpoints";
 
 // 获取员工列表
 export const fetchEmployees = async (params) => {
   try {
-    const response = await api.get("/Employee/SelectEmployeeAll", { params });
+    const response = await api.get(
+      API_ENDPOINTS.routes.EMPLOYEE_SELECT_EMPLOYEE_ALL,
+      {
+        params,
+      },
+    );
     return response.data.Data;
   } catch (error) {
     throw error;
@@ -13,9 +19,10 @@ export const fetchEmployees = async (params) => {
 //获取员工详情
 export const fetchEmployeeDetail = async (params) => {
   try {
-    const response = await api.get("/Employee/SelectEmployeeInfoByEmployeeId", {
-      params,
-    });
+    const response = await api.get(
+      API_ENDPOINTS.routes.EMPLOYEE_SELECT_EMPLOYEE_INFO_BY_EMPLOYEE_ID,
+      { params },
+    );
     return response.data;
   } catch (error) {
     throw error;
@@ -26,7 +33,7 @@ export const fetchEmployeeDetail = async (params) => {
 export const fetchEmployeeResume = async (params) => {
   try {
     const response = await api.get(
-      "/EmployeeHistory/SelectHistoryByEmployeeId",
+      API_ENDPOINTS.routes.EMPLOYEE_HISTORY_SELECT_HISTORY_BY_EMPLOYEE_ID,
       { params },
     );
     return response.data.Data;
@@ -38,7 +45,10 @@ export const fetchEmployeeResume = async (params) => {
 // 添加员工
 export const addEmployee = async (data) => {
   try {
-    const response = await api.post("/Employee/AddEmployee", data);
+    const response = await api.post(
+      API_ENDPOINTS.routes.EMPLOYEE_ADD_EMPLOYEE,
+      data,
+    );
     return response.data;
   } catch (error) {
     throw error;
@@ -48,7 +58,10 @@ export const addEmployee = async (data) => {
 // 更新员工
 export const updateEmployee = async (data) => {
   try {
-    const response = await api.post(`/Employee/UpdateEmployee`, data);
+    const response = await api.post(
+      API_ENDPOINTS.routes.EMPLOYEE_UPDATE_EMPLOYEE,
+      data,
+    );
     return response.data;
   } catch (error) {
     throw error;
@@ -58,7 +71,10 @@ export const updateEmployee = async (data) => {
 // 禁用/启用员工账号
 export const managerEmployeeAccount = async (data) => {
   try {
-    const response = await api.post(`/Employee/ManagerEmployeeAccount`, data);
+    const response = await api.post(
+      API_ENDPOINTS.routes.EMPLOYEE_MANAGER_EMPLOYEE_ACCOUNT,
+      data,
+    );
     return response.data;
   } catch (error) {
     throw error;
@@ -69,7 +85,8 @@ export const managerEmployeeAccount = async (data) => {
 export const fetchEmployeeRewardPunishment = async (params) => {
   try {
     const response = await api.get(
-      "/RewardPunishment/SelectAllRewardPunishmentByEmployeeId",
+      API_ENDPOINTS.routes
+        .REWARD_PUNISHMENT_SELECT_ALL_REWARD_PUNISHMENT_BY_EMPLOYEE_ID,
       { params },
     );
     return response.data.Data;
@@ -82,7 +99,7 @@ export const fetchEmployeeRewardPunishment = async (params) => {
 export const fetchEmployeeAttendance = async (params) => {
   try {
     const response = await api.get(
-      "/EmployeeCheck/SelectCheckInfoByEmployeeId",
+      API_ENDPOINTS.routes.EMPLOYEE_CHECK_SELECT_CHECK_INFO_BY_EMPLOYEE_ID,
       { params },
     );
     return response.data.Data;
@@ -95,7 +112,7 @@ export const fetchEmployeeAttendance = async (params) => {
 export const resetEmployeePassword = async (data) => {
   try {
     const response = await api.post(
-      `/Employee/ResetEmployeeAccountPassword`,
+      API_ENDPOINTS.routes.EMPLOYEE_RESET_EMPLOYEE_ACCOUNT_PASSWORD,
       data,
     );
     return response.data;
@@ -107,7 +124,10 @@ export const resetEmployeePassword = async (data) => {
 // 上传员工头像
 export const uploadEmployeeAvatar = async (data) => {
   try {
-    const response = await api.post(`/EmployeePhoto/InsertWorkerPhoto`, data);
+    const response = await api.post(
+      API_ENDPOINTS.routes.EMPLOYEE_PHOTO_INSERT_WORKER_PHOTO,
+      data,
+    );
     return response.data;
   } catch (error) {
     throw error;
diff --git a/src/api/employeepermissionapi.js b/src/api/employeepermissionapi.js
index 3aaa475..09456d9 100644
--- a/src/api/employeepermissionapi.js
+++ b/src/api/employeepermissionapi.js
@@ -1,11 +1,23 @@
 import api from "../api";
+import { API_ENDPOINTS } from "../config/apiEndpoints";
 
 // 读取指定员工已分配的角色（返回角色编码集合）
+const buildUserNumberPayload = (employeeId) => {
+  if (employeeId && typeof employeeId === "object") {
+    return {
+      UserNumber: employeeId.UserNumber ?? employeeId.userNumber ?? "",
+    };
+  }
+
+  return { UserNumber: employeeId };
+};
+
 export const readUserRoles = async (employeeId) => {
   try {
-    const response = await api.get("/EmployeePermission/ReadUserRoles", {
-      params: { userNumber: employeeId },
-    });
+    const response = await api.post(
+      API_ENDPOINTS.routes.EMPLOYEE_PERMISSION_READ_USER_ROLES,
+      buildUserNumberPayload(employeeId),
+    );
     return response.data?.Data?.Items || [];
   } catch (error) {
     throw error;
@@ -16,7 +28,7 @@ export const readUserRoles = async (employeeId) => {
 export const assignUserRoles = async (data) => {
   try {
     const response = await api.post(
-      "/EmployeePermission/AssignUserRoles",
+      API_ENDPOINTS.routes.EMPLOYEE_PERMISSION_ASSIGN_USER_ROLES,
       data,
     );
     return response.data;
@@ -28,11 +40,9 @@ export const assignUserRoles = async (data) => {
 // 读取员工（通过角色）所拥有的权限明细（列表）
 export const readUserRolePermissions = async (employeeId) => {
   try {
-    const response = await api.get(
-      "/EmployeePermission/ReadUserRolePermissions",
-      {
-        params: { userNumber: employeeId },
-      },
+    const response = await api.post(
+      API_ENDPOINTS.routes.EMPLOYEE_PERMISSION_READ_USER_ROLE_PERMISSIONS,
+      buildUserNumberPayload(employeeId),
     );
     return response.data?.Data?.Items || [];
   } catch (error) {
@@ -43,11 +53,9 @@ export const readUserRolePermissions = async (employeeId) => {
 // 读取员工“直接权限”（非角色继承）权限编码集合
 export const readUserDirectPermissions = async (employeeId) => {
   try {
-    const response = await api.get(
-      "/EmployeePermission/ReadUserDirectPermissions",
-      {
-        params: { userNumber: employeeId },
-      },
+    const response = await api.post(
+      API_ENDPOINTS.routes.EMPLOYEE_PERMISSION_READ_USER_DIRECT_PERMISSIONS,
+      buildUserNumberPayload(employeeId),
     );
     return response.data?.Data?.Items || [];
   } catch (error) {
@@ -59,7 +67,7 @@ export const readUserDirectPermissions = async (employeeId) => {
 export const assignUserPermissions = async (data) => {
   try {
     const response = await api.post(
-      "/EmployeePermission/AssignUserPermissions",
+      API_ENDPOINTS.routes.EMPLOYEE_PERMISSION_ASSIGN_USER_PERMISSIONS,
       data,
     );
     return response.data;
diff --git a/src/api/goodsapi.js b/src/api/goodsapi.js
index 3d568c4..a55e940 100644
--- a/src/api/goodsapi.js
+++ b/src/api/goodsapi.js
@@ -1,9 +1,13 @@
 import api from "../api";
+import { API_ENDPOINTS } from "../config/apiEndpoints";
 
 // 获取商品列表
 export const fetchGoodss = async (params) => {
   try {
-    const response = await api.get("/Sellthing/SelectSellthingAll", { params });
+    const response = await api.get(
+      API_ENDPOINTS.routes.SELLTHING_SELECT_SELLTHING_ALL,
+      { params },
+    );
     return response.data.Data;
   } catch (error) {
     throw error;
@@ -13,7 +17,10 @@ export const fetchGoodss = async (params) => {
 // 添加商品
 export const addGoods = async (data) => {
   try {
-    const response = await api.post("/Sellthing/InsertSellthing", data);
+    const response = await api.post(
+      API_ENDPOINTS.routes.SELLTHING_INSERT_SELLTHING,
+      data,
+    );
     return response.data;
   } catch (error) {
     throw error;
@@ -23,7 +30,10 @@ export const addGoods = async (data) => {
 // 更新商品
 export const updateGoods = async (data) => {
   try {
-    const response = await api.post(`/Sellthing/UpdateSellthing`, data);
+    const response = await api.post(
+      API_ENDPOINTS.routes.SELLTHING_UPDATE_SELLTHING,
+      data,
+    );
     return response.data;
   } catch (error) {
     throw error;
@@ -33,7 +43,10 @@ export const updateGoods = async (data) => {
 // 删除商品
 export const deleteGoods = async (data) => {
   try {
-    const response = await api.post(`/Sellthing/DeleteSellthing`, data);
+    const response = await api.post(
+      API_ENDPOINTS.routes.SELLTHING_DELETE_SELLTHING,
+      data,
+    );
     return response.data;
   } catch (error) {
     throw error;
diff --git a/src/api/hydroelectricityapi.js b/src/api/hydroelectricityapi.js
index f7228aa..ec1db7d 100644
--- a/src/api/hydroelectricityapi.js
+++ b/src/api/hydroelectricityapi.js
@@ -1,10 +1,11 @@
 import api from "../api";
+import { API_ENDPOINTS } from "../config/apiEndpoints";
 
 // 根据条件查询水电费信息 房间号（可选）使用开始时间（可选）使用结束时间（可选）
 export const fetchHydroelectricitys = async (params) => {
   try {
     const response = await api.get(
-      "/EnergyManagement/SelectEnergyManagementInfo",
+      API_ENDPOINTS.routes.ENERGY_MANAGEMENT_SELECT_ENERGY_MANAGEMENT_INFO,
       { params },
     );
     return response.data.Data;
@@ -17,7 +18,7 @@ export const fetchHydroelectricitys = async (params) => {
 export const addHydroelectricity = async (data) => {
   try {
     const response = await api.post(
-      "/EnergyManagement/InsertEnergyManagementInfo",
+      API_ENDPOINTS.routes.ENERGY_MANAGEMENT_INSERT_ENERGY_MANAGEMENT_INFO,
       data,
     );
     return response.data;
@@ -30,7 +31,7 @@ export const addHydroelectricity = async (data) => {
 export const updateHydroelectricity = async (data) => {
   try {
     const response = await api.post(
-      `/EnergyManagement/UpdateEnergyManagementInfo`,
+      API_ENDPOINTS.routes.ENERGY_MANAGEMENT_UPDATE_ENERGY_MANAGEMENT_INFO,
       data,
     );
     return response.data;
@@ -43,7 +44,7 @@ export const updateHydroelectricity = async (data) => {
 export const deleteHydroelectricity = async (data) => {
   try {
     const response = await api.post(
-      `/EnergyManagement/DeleteEnergyManagementInfo`,
+      API_ENDPOINTS.routes.ENERGY_MANAGEMENT_DELETE_ENERGY_MANAGEMENT_INFO,
       data,
     );
     return response.data;
diff --git a/src/api/internalfinanceapi.js b/src/api/internalfinanceapi.js
index 7905129..afa796e 100644
--- a/src/api/internalfinanceapi.js
+++ b/src/api/internalfinanceapi.js
@@ -1,9 +1,15 @@
 import api from "../api";
+import { API_ENDPOINTS } from "../config/apiEndpoints";
 
 // 获取资产列表
 export const fetchInternalFinances = async (params) => {
   try {
-    const response = await api.get("/Asset/SelectAssetInfoAll", { params });
+    const response = await api.get(
+      API_ENDPOINTS.routes.ASSET_SELECT_ASSET_INFO_ALL,
+      {
+        params,
+      },
+    );
     return response.data.Data;
   } catch (error) {
     throw error;
@@ -13,7 +19,10 @@ export const fetchInternalFinances = async (params) => {
 // 添加资产
 export const addInternalFinance = async (data) => {
   try {
-    const response = await api.post("/Asset/AddAssetInfo", data);
+    const response = await api.post(
+      API_ENDPOINTS.routes.ASSET_ADD_ASSET_INFO,
+      data,
+    );
     return response.data;
   } catch (error) {
     throw error;
@@ -23,7 +32,10 @@ export const addInternalFinance = async (data) => {
 // 更新资产
 export const updateInternalFinance = async (data) => {
   try {
-    const response = await api.post(`/Asset/UpdAssetInfo`, data);
+    const response = await api.post(
+      API_ENDPOINTS.routes.ASSET_UPD_ASSET_INFO,
+      data,
+    );
     return response.data;
   } catch (error) {
     throw error;
@@ -33,7 +45,10 @@ export const updateInternalFinance = async (data) => {
 // 删除资产
 export const deleteInternalFinance = async (data) => {
   try {
-    const response = await api.post(`/Asset/DelAssetInfo`, data);
+    const response = await api.post(
+      API_ENDPOINTS.routes.ASSET_DEL_ASSET_INFO,
+      data,
+    );
     return response.data;
   } catch (error) {
     throw error;
diff --git a/src/api/menuapi.js b/src/api/menuapi.js
index 14926a2..b1215f3 100644
--- a/src/api/menuapi.js
+++ b/src/api/menuapi.js
@@ -1,9 +1,13 @@
 import api from "../api";
+import { API_ENDPOINTS } from "../config/apiEndpoints";
 
 // 获取菜单树
 export const fetchMenusTree = async (menu) => {
   try {
-    const response = await api.post("/Menu/BuildMenuAll", menu);
+    const response = await api.post(
+      API_ENDPOINTS.routes.MENU_BUILD_MENU_ALL,
+      menu,
+    );
 
     // 后端 BaseResponse 使用 PascalCase 字段（Success/Code/Message/Data）
     if (!response.data.Success) {
@@ -18,7 +22,9 @@ export const fetchMenusTree = async (menu) => {
 // 获取菜单列表
 export const fetchMenus = async (params) => {
   try {
-    const response = await api.get("/Menu/SelectMenuAll", { params });
+    const response = await api.get(API_ENDPOINTS.routes.MENU_SELECT_MENU_ALL, {
+      params,
+    });
     return response.data.Data;
   } catch (error) {
     throw error;
@@ -28,7 +34,10 @@ export const fetchMenus = async (params) => {
 // 创建新菜单项
 export const addMenu = async (menu) => {
   try {
-    const response = await api.post("/Menu/InsertMenu", menu);
+    const response = await api.post(
+      API_ENDPOINTS.routes.MENU_INSERT_MENU,
+      menu,
+    );
     return response.data;
   } catch (error) {
     throw error;
@@ -38,7 +47,10 @@ export const addMenu = async (menu) => {
 // 更新菜单项
 export const updateMenu = async (menu) => {
   try {
-    const response = await api.post(`/Menu/UpdateMenu`, menu);
+    const response = await api.post(
+      API_ENDPOINTS.routes.MENU_UPDATE_MENU,
+      menu,
+    );
     return response.data;
   } catch (error) {
     throw error;
@@ -48,7 +60,10 @@ export const updateMenu = async (menu) => {
 // 删除菜单项
 export const deleteMenu = async (menu) => {
   try {
-    const response = await api.post(`/Menu/DeleteMenu`, menu);
+    const response = await api.post(
+      API_ENDPOINTS.routes.MENU_DELETE_MENU,
+      menu,
+    );
     return response.data;
   } catch (error) {
     throw error;
diff --git a/src/api/nationapi.js b/src/api/nationapi.js
index f2f05db..300db81 100644
--- a/src/api/nationapi.js
+++ b/src/api/nationapi.js
@@ -1,9 +1,15 @@
 import api from "../api";
+import { API_ENDPOINTS } from "../config/apiEndpoints";
 
 // 获取民族列表
 export const fetchNations = async (params) => {
   try {
-    const response = await api.get("/Base/SelectNationAll", { params });
+    const response = await api.get(
+      API_ENDPOINTS.routes.BASE_SELECT_NATION_ALL,
+      {
+        params,
+      },
+    );
     return response.data.Data;
   } catch (error) {
     throw error;
@@ -13,7 +19,7 @@ export const fetchNations = async (params) => {
 // 添加民族
 export const addNation = async (data) => {
   try {
-    const response = await api.post("/Base/AddNation", data);
+    const response = await api.post(API_ENDPOINTS.routes.BASE_ADD_NATION, data);
     return response.data;
   } catch (error) {
     throw error;
@@ -23,7 +29,7 @@ export const addNation = async (data) => {
 // 更新民族
 export const updateNation = async (data) => {
   try {
-    const response = await api.post(`/Base/UpdNation`, data);
+    const response = await api.post(API_ENDPOINTS.routes.BASE_UPD_NATION, data);
     return response.data;
   } catch (error) {
     throw error;
@@ -33,7 +39,7 @@ export const updateNation = async (data) => {
 // 删除民族
 export const deleteNation = async (data) => {
   try {
-    const response = await api.post(`/Base/DelNation`, data);
+    const response = await api.post(API_ENDPOINTS.routes.BASE_DEL_NATION, data);
     return response.data;
   } catch (error) {
     throw error;
diff --git a/src/api/noticetypeapi.js b/src/api/noticetypeapi.js
index 712c7c7..fbe5344 100644
--- a/src/api/noticetypeapi.js
+++ b/src/api/noticetypeapi.js
@@ -1,11 +1,13 @@
 import api from "../api";
+import { API_ENDPOINTS } from "../config/apiEndpoints";
 
 // 获取公告类型列表
 export const fetchNoticeTypes = async (params) => {
   try {
-    const response = await api.get("/Base/SelectAppointmentNoticeTypeAll", {
-      params,
-    });
+    const response = await api.get(
+      API_ENDPOINTS.routes.BASE_SELECT_APPOINTMENT_NOTICE_TYPE_ALL,
+      { params },
+    );
     return response.data.Data;
   } catch (error) {
     throw error;
@@ -15,7 +17,10 @@ export const fetchNoticeTypes = async (params) => {
 // 添加公告类型
 export const addNoticeType = async (data) => {
   try {
-    const response = await api.post("/Base/CreateAppointmentNoticeType", data);
+    const response = await api.post(
+      API_ENDPOINTS.routes.BASE_CREATE_APPOINTMENT_NOTICE_TYPE,
+      data,
+    );
     return response.data;
   } catch (error) {
     throw error;
@@ -25,7 +30,10 @@ export const addNoticeType = async (data) => {
 // 更新公告类型
 export const updateNoticeType = async (data) => {
   try {
-    const response = await api.post(`/Base/UpdateAppointmentNoticeType`, data);
+    const response = await api.post(
+      API_ENDPOINTS.routes.BASE_UPDATE_APPOINTMENT_NOTICE_TYPE,
+      data,
+    );
     return response.data;
   } catch (error) {
     throw error;
@@ -35,7 +43,10 @@ export const updateNoticeType = async (data) => {
 // 删除公告类型
 export const deleteNoticeType = async (data) => {
   try {
-    const response = await api.post(`/Base/DeleteAppointmentNoticeType`, data);
+    const response = await api.post(
+      API_ENDPOINTS.routes.BASE_DELETE_APPOINTMENT_NOTICE_TYPE,
+      data,
+    );
     return response.data;
   } catch (error) {
     throw error;
diff --git a/src/api/passportapi.js b/src/api/passportapi.js
index e32787a..01fd8a4 100644
--- a/src/api/passportapi.js
+++ b/src/api/passportapi.js
@@ -1,9 +1,13 @@
 import api from "../api";
+import { API_ENDPOINTS } from "../config/apiEndpoints";
 
 // 获取证件类型列表
 export const fetchPassports = async (params) => {
   try {
-    const response = await api.get("/Base/SelectPassPortTypeAll", { params });
+    const response = await api.get(
+      API_ENDPOINTS.routes.BASE_SELECT_PASS_PORT_TYPE_ALL,
+      { params },
+    );
     return response.data.Data;
   } catch (error) {
     throw error;
@@ -13,9 +17,10 @@ export const fetchPassports = async (params) => {
 // 获取可用证件类型列表
 export const fetchCanUsePassports = async (params) => {
   try {
-    const response = await api.get("/Base/SelectPassPortTypeAllCanUse", {
-      params,
-    });
+    const response = await api.get(
+      API_ENDPOINTS.routes.BASE_SELECT_PASS_PORT_TYPE_ALL_CAN_USE,
+      { params },
+    );
     return response.data.Data;
   } catch (error) {
     throw error;
@@ -25,7 +30,10 @@ export const fetchCanUsePassports = async (params) => {
 // 添加证件类型
 export const addPassport = async (data) => {
   try {
-    const response = await api.post("/Base/InsertPassPortType", data);
+    const response = await api.post(
+      API_ENDPOINTS.routes.BASE_INSERT_PASS_PORT_TYPE,
+      data,
+    );
     return response.data;
   } catch (error) {
     throw error;
@@ -35,7 +43,10 @@ export const addPassport = async (data) => {
 // 更新证件类型
 export const updatePassport = async (data) => {
   try {
-    const response = await api.post(`/Base/UpdatePassPortType`, data);
+    const response = await api.post(
+      API_ENDPOINTS.routes.BASE_UPDATE_PASS_PORT_TYPE,
+      data,
+    );
     return response.data;
   } catch (error) {
     throw error;
@@ -45,7 +56,10 @@ export const updatePassport = async (data) => {
 // 删除证件类型
 export const deletePassport = async (data) => {
   try {
-    const response = await api.post(`/Base/DeletePassPortType`, data);
+    const response = await api.post(
+      API_ENDPOINTS.routes.BASE_DELETE_PASS_PORT_TYPE,
+      data,
+    );
     return response.data;
   } catch (error) {
     throw error;
diff --git a/src/api/permissionapi.js b/src/api/permissionapi.js
index 66c88d6..f4bbeca 100644
--- a/src/api/permissionapi.js
+++ b/src/api/permissionapi.js
@@ -1,10 +1,22 @@
 import api from "../api";
+import { API_ENDPOINTS } from "../config/apiEndpoints";
+
+const buildReadPermissionPayload = (params = {}) => ({
+  PermissionNumber: params.PermissionNumber ?? params.permissionNumber ?? "",
+  PermissionName: params.PermissionName ?? params.permissionName ?? "",
+  MenuKey: params.MenuKey ?? params.menuKey ?? "",
+  Module: params.Module ?? params.module ?? "",
+  Page: params.Page ?? params.page ?? 1,
+  PageSize: params.PageSize ?? params.pageSize ?? 15,
+  IgnorePaging: params.IgnorePaging ?? params.ignorePaging ?? false,
+});
 
 export const selectPermissionList = async (params) => {
   try {
-    const response = await api.get("/Permission/SelectPermissionList", {
-      params,
-    });
+    const response = await api.post(
+      API_ENDPOINTS.routes.PERMISSION_SELECT_PERMISSION_LIST,
+      buildReadPermissionPayload(params),
+    );
     // 返回标准结构 { Items, TotalCount }
     return response.data?.Data || { Items: [], TotalCount: 0 };
   } catch (error) {
diff --git a/src/api/positionapi.js b/src/api/positionapi.js
index e4f0501..0a69921 100644
--- a/src/api/positionapi.js
+++ b/src/api/positionapi.js
@@ -1,9 +1,15 @@
 import api from "../api";
+import { API_ENDPOINTS } from "../config/apiEndpoints";
 
 // 获取职位列表
 export const fetchPositions = async (params) => {
   try {
-    const response = await api.get("/Base/SelectPositionAll", { params });
+    const response = await api.get(
+      API_ENDPOINTS.routes.BASE_SELECT_POSITION_ALL,
+      {
+        params,
+      },
+    );
     return response.data.Data;
   } catch (error) {
     throw error;
@@ -13,7 +19,10 @@ export const fetchPositions = async (params) => {
 // 添加职位
 export const addPosition = async (data) => {
   try {
-    const response = await api.post("/Base/AddPosition", data);
+    const response = await api.post(
+      API_ENDPOINTS.routes.BASE_ADD_POSITION,
+      data,
+    );
     return response.data;
   } catch (error) {
     throw error;
@@ -23,7 +32,10 @@ export const addPosition = async (data) => {
 // 更新职位
 export const updatePosition = async (data) => {
   try {
-    const response = await api.post(`/Base/UpdPosition`, data);
+    const response = await api.post(
+      API_ENDPOINTS.routes.BASE_UPD_POSITION,
+      data,
+    );
     return response.data;
   } catch (error) {
     throw error;
@@ -33,7 +45,10 @@ export const updatePosition = async (data) => {
 // 删除职位
 export const deletePosition = async (data) => {
   try {
-    const response = await api.post(`/Base/DelPosition`, data);
+    const response = await api.post(
+      API_ENDPOINTS.routes.BASE_DEL_POSITION,
+      data,
+    );
     return response.data;
   } catch (error) {
     throw error;
diff --git a/src/api/promotioncontentapi.js b/src/api/promotioncontentapi.js
index 224502c..845a6fe 100644
--- a/src/api/promotioncontentapi.js
+++ b/src/api/promotioncontentapi.js
@@ -1,10 +1,11 @@
 import api from "../api";
+import { API_ENDPOINTS } from "../config/apiEndpoints";
 
 // 获取宣传联动内容列表
 export const fetchPromotionContents = async (params) => {
   try {
     const response = await api.get(
-      "/PromotionContent/SelectPromotionContentAll",
+      API_ENDPOINTS.routes.PROMOTION_CONTENT_SELECT_PROMOTION_CONTENT_ALL,
       { params },
     );
     return response.data.Data;
@@ -17,7 +18,7 @@ export const fetchPromotionContents = async (params) => {
 export const addPromotionContent = async (data) => {
   try {
     const response = await api.post(
-      "/PromotionContent/AddPromotionContent",
+      API_ENDPOINTS.routes.PROMOTION_CONTENT_ADD_PROMOTION_CONTENT,
       data,
     );
     return response.data;
@@ -30,7 +31,7 @@ export const addPromotionContent = async (data) => {
 export const updatePromotionContent = async (data) => {
   try {
     const response = await api.post(
-      `/PromotionContent/UpdatePromotionContent`,
+      API_ENDPOINTS.routes.PROMOTION_CONTENT_UPDATE_PROMOTION_CONTENT,
       data,
     );
     return response.data;
@@ -43,7 +44,7 @@ export const updatePromotionContent = async (data) => {
 export const deletePromotionContent = async (data) => {
   try {
     const response = await api.post(
-      `/PromotionContent/DeletePromotionContent`,
+      API_ENDPOINTS.routes.PROMOTION_CONTENT_DELETE_PROMOTION_CONTENT,
       data,
     );
     return response.data;
diff --git a/src/api/qualificationapi.js b/src/api/qualificationapi.js
index 9276f06..cfa5093 100644
--- a/src/api/qualificationapi.js
+++ b/src/api/qualificationapi.js
@@ -1,9 +1,15 @@
 import api from "../api";
+import { API_ENDPOINTS } from "../config/apiEndpoints";
 
 // 获取学历列表
 export const fetchQualifications = async (params) => {
   try {
-    const response = await api.get("/Base/SelectEducationAll", { params });
+    const response = await api.get(
+      API_ENDPOINTS.routes.BASE_SELECT_EDUCATION_ALL,
+      {
+        params,
+      },
+    );
     return response.data.Data;
   } catch (error) {
     throw error;
@@ -13,7 +19,10 @@ export const fetchQualifications = async (params) => {
 // 添加学历
 export const addQualification = async (data) => {
   try {
-    const response = await api.post("/Base/AddEducation", data);
+    const response = await api.post(
+      API_ENDPOINTS.routes.BASE_ADD_EDUCATION,
+      data,
+    );
     return response.data;
   } catch (error) {
     throw error;
@@ -23,7 +32,10 @@ export const addQualification = async (data) => {
 // 更新学历
 export const updateQualification = async (data) => {
   try {
-    const response = await api.post(`/Base/UpdEducation`, data);
+    const response = await api.post(
+      API_ENDPOINTS.routes.BASE_UPD_EDUCATION,
+      data,
+    );
     return response.data;
   } catch (error) {
     throw error;
@@ -33,7 +45,10 @@ export const updateQualification = async (data) => {
 // 删除学历
 export const deleteQualification = async (data) => {
   try {
-    const response = await api.post(`/Base/DelEducation`, data);
+    const response = await api.post(
+      API_ENDPOINTS.routes.BASE_DEL_EDUCATION,
+      data,
+    );
     return response.data;
   } catch (error) {
     throw error;
diff --git a/src/api/reserapi.js b/src/api/reserapi.js
index 30e2b60..945322a 100644
--- a/src/api/reserapi.js
+++ b/src/api/reserapi.js
@@ -1,9 +1,15 @@
 import api from "../api";
+import { API_ENDPOINTS } from "../config/apiEndpoints";
 
 // 获取预约列表
 export const fetchResers = async (params) => {
   try {
-    const response = await api.get("/Reser/SelectReserAll", { params });
+    const response = await api.get(
+      API_ENDPOINTS.routes.RESER_SELECT_RESER_ALL,
+      {
+        params,
+      },
+    );
     return response.data.Data;
   } catch (error) {
     throw error;
@@ -13,7 +19,10 @@ export const fetchResers = async (params) => {
 // 添加预约
 export const addReser = async (data) => {
   try {
-    const response = await api.post("/Reser/InserReserInfo", data);
+    const response = await api.post(
+      API_ENDPOINTS.routes.RESER_INSER_RESER_INFO,
+      data,
+    );
     return response.data;
   } catch (error) {
     throw error;
@@ -23,7 +32,10 @@ export const addReser = async (data) => {
 // 更新预约
 export const updateReser = async (data) => {
   try {
-    const response = await api.post(`/Reser/UpdateReserInfo`, data);
+    const response = await api.post(
+      API_ENDPOINTS.routes.RESER_UPDATE_RESER_INFO,
+      data,
+    );
     return response.data;
   } catch (error) {
     throw error;
@@ -33,7 +45,10 @@ export const updateReser = async (data) => {
 // 删除预约
 export const deleteReser = async (data) => {
   try {
-    const response = await api.post(`/Reser/DeleteReserInfo`, data);
+    const response = await api.post(
+      API_ENDPOINTS.routes.RESER_DELETE_RESER_INFO,
+      data,
+    );
     return response.data;
   } catch (error) {
     throw error;
@@ -43,7 +58,10 @@ export const deleteReser = async (data) => {
 // 获取预约类型
 export const fetchReserTypes = async (params) => {
   try {
-    const response = await api.get("/Reser/SelectReserTypeAll", { params });
+    const response = await api.get(
+      API_ENDPOINTS.routes.RESER_SELECT_RESER_TYPE_ALL,
+      { params },
+    );
     return response.data.Data;
   } catch (error) {
     throw error;
diff --git a/src/api/roleapi.js b/src/api/roleapi.js
index 4bf02c2..f1821a5 100644
--- a/src/api/roleapi.js
+++ b/src/api/roleapi.js
@@ -1,9 +1,26 @@
 import api from "../api";
+import { API_ENDPOINTS } from "../config/apiEndpoints";
 
 // 获取角色列表
+const buildRoleNumberPayload = (roleNumber) => {
+  if (roleNumber && typeof roleNumber === "object") {
+    return {
+      RoleNumber:
+        roleNumber.RoleNumber ??
+        roleNumber.roleNumber ??
+        roleNumber.roleNo ??
+        "",
+    };
+  }
+
+  return { RoleNumber: roleNumber };
+};
+
 export const fetchRoles = async (params) => {
   try {
-    const response = await api.get("/Role/SelectRoleList", { params });
+    const response = await api.get(API_ENDPOINTS.routes.ROLE_SELECT_ROLE_LIST, {
+      params,
+    });
     return response.data.Data;
   } catch (error) {
     throw error;
@@ -13,7 +30,10 @@ export const fetchRoles = async (params) => {
 // 添加角色
 export const addRole = async (data) => {
   try {
-    const response = await api.post("/Role/InsertRole", data);
+    const response = await api.post(
+      API_ENDPOINTS.routes.ROLE_INSERT_ROLE,
+      data,
+    );
     return response.data;
   } catch (error) {
     throw error;
@@ -23,7 +43,10 @@ export const addRole = async (data) => {
 // 更新角色
 export const updateRole = async (data) => {
   try {
-    const response = await api.post(`/Role/UpdateRole`, data);
+    const response = await api.post(
+      API_ENDPOINTS.routes.ROLE_UPDATE_ROLE,
+      data,
+    );
     return response.data;
   } catch (error) {
     throw error;
@@ -33,7 +56,10 @@ export const updateRole = async (data) => {
 // 删除角色
 export const deleteRole = async (data) => {
   try {
-    const response = await api.post(`/Role/DeleteRole`, data);
+    const response = await api.post(
+      API_ENDPOINTS.routes.ROLE_DELETE_ROLE,
+      data,
+    );
     return response.data;
   } catch (error) {
     throw error;
@@ -43,7 +69,10 @@ export const deleteRole = async (data) => {
 // 角色-权限：全量覆盖式授予
 export const grantRolePermissions = async (data) => {
   try {
-    const response = await api.post("/Role/GrantRolePermissions", data);
+    const response = await api.post(
+      API_ENDPOINTS.routes.ROLE_GRANT_ROLE_PERMISSIONS,
+      data,
+    );
     return response.data;
   } catch (error) {
     throw error;
@@ -53,9 +82,10 @@ export const grantRolePermissions = async (data) => {
 // 读取指定角色已授予的权限（返回后端 Data，页面逻辑做进一步兼容处理）
 export const readRolePermissions = async (roleNumber) => {
   try {
-    const response = await api.get("/Role/ReadRolePermissions", {
-      params: { roleNumber },
-    });
+    const response = await api.post(
+      API_ENDPOINTS.routes.ROLE_READ_ROLE_PERMISSIONS,
+      buildRoleNumberPayload(roleNumber),
+    );
     // 后端返回标准结构 { Code, Message, Data: { Items, TotalCount } }
     // 这里直接返回 Items，便于上层直接按照数组处理
     return response.data?.Data?.Items || [];
@@ -67,9 +97,10 @@ export const readRolePermissions = async (roleNumber) => {
 // 角色-用户：读取指定角色下的管理员编码集合
 export const readRoleUsers = async (roleNumber) => {
   try {
-    const response = await api.get("/Role/ReadRoleUsers", {
-      params: { roleNumber },
-    });
+    const response = await api.post(
+      API_ENDPOINTS.routes.ROLE_READ_ROLE_USERS,
+      buildRoleNumberPayload(roleNumber),
+    );
     // 标准结构 { Code, Message, Data: { Items, TotalCount } }
     return response.data?.Data?.Items || [];
   } catch (error) {
@@ -80,7 +111,10 @@ export const readRoleUsers = async (roleNumber) => {
 // 角色-用户：为角色分配管理员（全量覆盖）
 export const assignRoleUsers = async (data) => {
   try {
-    const response = await api.post("/Role/AssignRoleUsers", data);
+    const response = await api.post(
+      API_ENDPOINTS.routes.ROLE_ASSIGN_ROLE_USERS,
+      data,
+    );
     return response.data;
   } catch (error) {
     throw error;
diff --git a/src/api/roomapi.js b/src/api/roomapi.js
index b3e8aef..4818ea6 100644
--- a/src/api/roomapi.js
+++ b/src/api/roomapi.js
@@ -1,9 +1,12 @@
 import api from "../api";
+import { API_ENDPOINTS } from "../config/apiEndpoints";
 
 // 获取房间列表
 export const fetchRooms = async (params) => {
   try {
-    const response = await api.get("/Room/SelectRoomAll", { params });
+    const response = await api.get(API_ENDPOINTS.routes.ROOM_SELECT_ROOM_ALL, {
+      params,
+    });
     return response.data.Data;
   } catch (error) {
     throw error;
@@ -13,7 +16,12 @@ export const fetchRooms = async (params) => {
 // 获取可使用房间列表
 export const fetchAvailableRooms = async (params) => {
   try {
-    const response = await api.get("/Room/SelectCanUseRoomAll", { params });
+    const response = await api.get(
+      API_ENDPOINTS.routes.ROOM_SELECT_CAN_USE_ROOM_ALL,
+      {
+        params,
+      },
+    );
     return response.data.Data;
   } catch (error) {
     throw error;
@@ -23,7 +31,10 @@ export const fetchAvailableRooms = async (params) => {
 // 添加房间
 export const addRoom = async (data) => {
   try {
-    const response = await api.post("/Room/InsertRoom", data);
+    const response = await api.post(
+      API_ENDPOINTS.routes.ROOM_INSERT_ROOM,
+      data,
+    );
     return response.data;
   } catch (error) {
     throw error;
@@ -33,7 +44,10 @@ export const addRoom = async (data) => {
 // 更新房间
 export const updateRoom = async (data) => {
   try {
-    const response = await api.post(`/Room/UpdateRoom`, data);
+    const response = await api.post(
+      API_ENDPOINTS.routes.ROOM_UPDATE_ROOM,
+      data,
+    );
     return response.data;
   } catch (error) {
     throw error;
@@ -43,7 +57,10 @@ export const updateRoom = async (data) => {
 // 删除房间
 export const deleteRoom = async (data) => {
   try {
-    const response = await api.post(`/Room/DeleteRoom`, data);
+    const response = await api.post(
+      API_ENDPOINTS.routes.ROOM_DELETE_ROOM,
+      data,
+    );
     return response.data;
   } catch (error) {
     throw error;
diff --git a/src/api/roomstateapi.js b/src/api/roomstateapi.js
index 0bddc3d..82a300c 100644
--- a/src/api/roomstateapi.js
+++ b/src/api/roomstateapi.js
@@ -1,9 +1,12 @@
 import api from "../api";
+import { API_ENDPOINTS } from "../config/apiEndpoints";
 
 // 获取房间状态列表
 export const fetchRoomStates = async () => {
   try {
-    const response = await api.get("/Base/SelectRoomStateAll");
+    const response = await api.get(
+      API_ENDPOINTS.routes.BASE_SELECT_ROOM_STATE_ALL,
+    );
     return response.data.Data;
   } catch (error) {
     throw error;
diff --git a/src/api/roomtypeapi.js b/src/api/roomtypeapi.js
index 78a4356..68fae87 100644
--- a/src/api/roomtypeapi.js
+++ b/src/api/roomtypeapi.js
@@ -1,9 +1,15 @@
 import api from "../api";
+import { API_ENDPOINTS } from "../config/apiEndpoints";
 
 // 获取房间类型列表
 export const fetchRoomTypes = async (params) => {
   try {
-    const response = await api.get("/RoomType/SelectRoomTypesAll", { params });
+    const response = await api.get(
+      API_ENDPOINTS.routes.ROOM_TYPE_SELECT_ROOM_TYPES_ALL,
+      {
+        params,
+      },
+    );
     return response.data.Data;
   } catch (error) {
     throw error;
@@ -13,7 +19,10 @@ export const fetchRoomTypes = async (params) => {
 // 添加房间类型
 export const addRoomType = async (data) => {
   try {
-    const response = await api.post("/RoomType/InsertRoomType", data);
+    const response = await api.post(
+      API_ENDPOINTS.routes.ROOM_TYPE_INSERT_ROOM_TYPE,
+      data,
+    );
     return response.data;
   } catch (error) {
     throw error;
@@ -23,7 +32,10 @@ export const addRoomType = async (data) => {
 // 更新房间类型
 export const updateRoomType = async (data) => {
   try {
-    const response = await api.post(`/RoomType/UpdateRoomType`, data);
+    const response = await api.post(
+      API_ENDPOINTS.routes.ROOM_TYPE_UPDATE_ROOM_TYPE,
+      data,
+    );
     return response.data;
   } catch (error) {
     throw error;
@@ -33,7 +45,10 @@ export const updateRoomType = async (data) => {
 // 删除房间类型
 export const deleteRoomType = async (data) => {
   try {
-    const response = await api.post(`/RoomType/DeleteRoomType`, data);
+    const response = await api.post(
+      API_ENDPOINTS.routes.ROOM_TYPE_DELETE_ROOM_TYPE,
+      data,
+    );
     return response.data;
   } catch (error) {
     throw error;
diff --git a/src/api/spendinfoapi.js b/src/api/spendinfoapi.js
index f2424d5..f70d57a 100644
--- a/src/api/spendinfoapi.js
+++ b/src/api/spendinfoapi.js
@@ -1,9 +1,15 @@
 import api from "../api";
+import { API_ENDPOINTS } from "../config/apiEndpoints";
 
 // 获取消费信息列表
 export const fetchSpendInfos = async (params) => {
   try {
-    const response = await api.get("/Spend/SelectSpendInfoAll", { params });
+    const response = await api.get(
+      API_ENDPOINTS.routes.SPEND_SELECT_SPEND_INFO_ALL,
+      {
+        params,
+      },
+    );
     return response.data.Data;
   } catch (error) {
     throw error;
@@ -13,7 +19,10 @@ export const fetchSpendInfos = async (params) => {
 // 添加消费信息
 export const addSpendInfo = async (data) => {
   try {
-    const response = await api.post("/Spend/InsertSpendInfo", data);
+    const response = await api.post(
+      API_ENDPOINTS.routes.SPEND_INSERT_SPEND_INFO,
+      data,
+    );
     return response.data;
   } catch (error) {
     throw error;
@@ -23,7 +32,10 @@ export const addSpendInfo = async (data) => {
 // 更新消费信息
 export const updateSpendInfo = async (data) => {
   try {
-    const response = await api.post(`/Spend/UpdSpendInfo`, data);
+    const response = await api.post(
+      API_ENDPOINTS.routes.SPEND_UPD_SPEND_INFO,
+      data,
+    );
     return response.data;
   } catch (error) {
     throw error;
diff --git a/src/api/supervisioninfoapi.js b/src/api/supervisioninfoapi.js
index b5794b2..a40412b 100644
--- a/src/api/supervisioninfoapi.js
+++ b/src/api/supervisioninfoapi.js
@@ -1,10 +1,12 @@
 import api from "../api";
+import { API_ENDPOINTS } from "../config/apiEndpoints";
 
 // 获取监管统计列表
 export const fetchSupervisionInfos = async (params) => {
   try {
     const response = await api.get(
-      "/SupervisionStatistics/SelectSupervisionStatisticsAll",
+      API_ENDPOINTS.routes
+        .SUPERVISION_STATISTICS_SELECT_SUPERVISION_STATISTICS_ALL,
       { params },
     );
     return response.data.Data;
@@ -17,7 +19,7 @@ export const fetchSupervisionInfos = async (params) => {
 export const addSupervisionInfo = async (data) => {
   try {
     const response = await api.post(
-      "/SupervisionStatistics/InsertSupervisionStatistics",
+      API_ENDPOINTS.routes.SUPERVISION_STATISTICS_INSERT_SUPERVISION_STATISTICS,
       data,
     );
     return response.data;
@@ -30,7 +32,7 @@ export const addSupervisionInfo = async (data) => {
 export const updateSupervisionInfo = async (data) => {
   try {
     const response = await api.post(
-      `/SupervisionStatistics/UpdateSupervisionStatistics`,
+      API_ENDPOINTS.routes.SUPERVISION_STATISTICS_UPDATE_SUPERVISION_STATISTICS,
       data,
     );
     return response.data;
@@ -43,7 +45,7 @@ export const updateSupervisionInfo = async (data) => {
 export const deleteSupervisionInfo = async (data) => {
   try {
     const response = await api.post(
-      `/SupervisionStatistics/DeleteSupervisionStatistics`,
+      API_ENDPOINTS.routes.SUPERVISION_STATISTICS_DELETE_SUPERVISION_STATISTICS,
       data,
     );
     return response.data;
diff --git a/src/api/utilityapi.js b/src/api/utilityapi.js
index 5261438..3f3df4f 100644
--- a/src/api/utilityapi.js
+++ b/src/api/utilityapi.js
@@ -1,11 +1,13 @@
 import api from "../api";
+import { API_ENDPOINTS } from "../config/apiEndpoints";
 
 // 获取操作日志列表
 export const fetchOperationlogs = async (params) => {
   try {
-    const response = await api.get("/Utility/SelectOperationlogAll", {
-      params,
-    });
+    const response = await api.get(
+      API_ENDPOINTS.routes.UTILITY_SELECT_OPERATIONLOG_ALL,
+      { params },
+    );
     return response.data.Data;
   } catch (error) {
     throw error;
@@ -15,7 +17,10 @@ export const fetchOperationlogs = async (params) => {
 // 获取请求日志列表
 export const fetchRequestlogs = async (params) => {
   try {
-    const response = await api.get("/Utility/SelectRequestlogAll", { params });
+    const response = await api.get(
+      API_ENDPOINTS.routes.UTILITY_SELECT_REQUESTLOG_ALL,
+      { params },
+    );
     return response.data.Data;
   } catch (error) {
     throw error;
@@ -25,7 +30,10 @@ export const fetchRequestlogs = async (params) => {
 // 获取身份证地区代码
 export const fetchCardCode = async (cardcode) => {
   try {
-    const response = await api.post("/Utility/SelectCardCode", cardcode);
+    const response = await api.post(
+      API_ENDPOINTS.routes.UTILITY_SELECT_CARD_CODE,
+      cardcode,
+    );
     return response.data;
   } catch (error) {
     throw error;
@@ -36,7 +44,7 @@ export const fetchCardCode = async (cardcode) => {
 export const deleteOperationlogByRange = async (operationlog) => {
   try {
     const response = await api.post(
-      "/Utility/DeleteOperationlogByRange",
+      API_ENDPOINTS.routes.UTILITY_DELETE_OPERATIONLOG_BY_RANGE,
       operationlog,
     );
     return response.data;
@@ -49,7 +57,7 @@ export const deleteOperationlogByRange = async (operationlog) => {
 export const deleteOperationlog = async (operationlog) => {
   try {
     const response = await api.post(
-      "/Utility/DeleteOperationlog",
+      API_ENDPOINTS.routes.UTILITY_DELETE_OPERATIONLOG,
       operationlog,
     );
     return response.data;
diff --git a/src/api/vipruleapi.js b/src/api/vipruleapi.js
index d96e262..8a072ae 100644
--- a/src/api/vipruleapi.js
+++ b/src/api/vipruleapi.js
@@ -1,9 +1,15 @@
 import api from "../api";
+import { API_ENDPOINTS } from "../config/apiEndpoints";
 
 // 获取会员规则列表
 export const fetchVipRules = async (params) => {
   try {
-    const response = await api.get("/VipRule/SelectVipRuleList", { params });
+    const response = await api.get(
+      API_ENDPOINTS.routes.VIP_RULE_SELECT_VIP_RULE_LIST,
+      {
+        params,
+      },
+    );
     return response.data.Data;
   } catch (error) {
     throw error;
@@ -13,7 +19,10 @@ export const fetchVipRules = async (params) => {
 // 添加会员规则
 export const addVipRule = async (data) => {
   try {
-    const response = await api.post("/VipRule/AddVipRule", data);
+    const response = await api.post(
+      API_ENDPOINTS.routes.VIP_RULE_ADD_VIP_RULE,
+      data,
+    );
     return response.data;
   } catch (error) {
     throw error;
@@ -23,7 +32,10 @@ export const addVipRule = async (data) => {
 // 更新会员规则
 export const updateVipRule = async (data) => {
   try {
-    const response = await api.post(`/VipRule/UpdVipRule`, data);
+    const response = await api.post(
+      API_ENDPOINTS.routes.VIP_RULE_UPD_VIP_RULE,
+      data,
+    );
     return response.data;
   } catch (error) {
     throw error;
@@ -33,7 +45,10 @@ export const updateVipRule = async (data) => {
 // 删除会员规则
 export const deleteVipRule = async (data) => {
   try {
-    const response = await api.post(`/VipRule/DelVipRule`, data);
+    const response = await api.post(
+      API_ENDPOINTS.routes.VIP_RULE_DEL_VIP_RULE,
+      data,
+    );
     return response.data;
   } catch (error) {
     throw error;
diff --git a/src/api/workerfeatureapi.js b/src/api/workerfeatureapi.js
index dd2ecec..d75993c 100644
--- a/src/api/workerfeatureapi.js
+++ b/src/api/workerfeatureapi.js
@@ -1,9 +1,13 @@
 import api from "../api";
+import { API_ENDPOINTS } from "../config/apiEndpoints";
 
 // 获取面貌列表
 export const fetchWorkerFeatures = async (params) => {
   try {
-    const response = await api.get("/Base/SelectWorkerFeatureAll", { params });
+    const response = await api.get(
+      API_ENDPOINTS.routes.BASE_SELECT_WORKER_FEATURE_ALL,
+      { params },
+    );
     return response.data.Data;
   } catch (error) {
     throw error;
diff --git a/src/config/apiEndpoints.js b/src/config/apiEndpoints.js
new file mode 100644
index 0000000..fdb5bf6
--- /dev/null
+++ b/src/config/apiEndpoints.js
@@ -0,0 +1,117 @@
+import flatApiRoutes from "./apiRoutes.json";
+
+const ROOT_ROUTE_OVERRIDES = {
+  VERSION: { group: "SYSTEM", name: "VERSION" },
+};
+
+const toSnakeUpper = (value) =>
+  String(value || "")
+    .replace(/([a-z0-9])([A-Z])/g, "$1_$2")
+    .replace(/[^A-Za-z0-9]+/g, "_")
+    .replace(/^_+|_+$/g, "")
+    .toUpperCase();
+
+const getRouteMeta = (flatKey, path) => {
+  const override = ROOT_ROUTE_OVERRIDES[flatKey];
+  if (override) {
+    return override;
+  }
+
+  const segments = String(path || "")
+    .split("/")
+    .filter(Boolean);
+  const controller = segments[0];
+  const group = controller ? toSnakeUpper(controller) : "ROOT";
+  const groupPrefix = `${group}_`;
+
+  if (flatKey.startsWith(groupPrefix)) {
+    return { group, name: flatKey.slice(groupPrefix.length) };
+  }
+
+  const action = segments[1];
+  return {
+    group,
+    name: action ? toSnakeUpper(action) : flatKey,
+  };
+};
+
+const validateFlatRoutes = (flatRoutes) => {
+  const routeByPath = new Map();
+
+  for (const [flatKey, path] of Object.entries(flatRoutes)) {
+    if (typeof path !== "string" || !path.startsWith("/")) {
+      throw new Error(`Invalid API route path for ${flatKey}: ${path}`);
+    }
+
+    const existingKey = routeByPath.get(path);
+    if (existingKey && existingKey !== flatKey) {
+      throw new Error(
+        `Duplicate API route path detected: ${path} (${existingKey}, ${flatKey})`,
+      );
+    }
+
+    routeByPath.set(path, flatKey);
+  }
+};
+
+const buildGroupedRoutes = (flatRoutes) => {
+  const grouped = {};
+
+  for (const [flatKey, path] of Object.entries(flatRoutes)) {
+    const { group, name } = getRouteMeta(flatKey, path);
+    grouped[group] ||= {};
+
+    const existingPath = grouped[group][name];
+    if (existingPath && existingPath !== path) {
+      throw new Error(
+        `Duplicate API route key detected: ${group}.${name} (${existingPath}, ${path})`,
+      );
+    }
+
+    grouped[group][name] = path;
+  }
+
+  return grouped;
+};
+
+validateFlatRoutes(flatApiRoutes);
+
+const groupedRoutes = buildGroupedRoutes(flatApiRoutes);
+
+export const ROUTES = Object.freeze(
+  Object.fromEntries(
+    Object.entries(groupedRoutes).map(([group, routes]) => [
+      group,
+      Object.freeze({ ...routes }),
+    ]),
+  ),
+);
+
+export const LEGACY_ROUTES = Object.freeze({ ...flatApiRoutes });
+
+export const API_ROUTE_KEYS = Object.freeze(Object.keys(LEGACY_ROUTES));
+
+export const API_ENDPOINTS = {
+  routes: Object.freeze({ ...ROUTES, ...LEGACY_ROUTES }),
+  login: {
+    admin: ROUTES.ADMIN.LOGIN,
+    employee: ROUTES.EMPLOYEE.EMPLOYEE_LOGIN,
+  },
+  twoFactor: {
+    admin: "Admin",
+    employee: "Employee",
+  },
+  loginTypes: {
+    admin: "admin",
+    employee: "employee",
+  },
+  dynamic: {
+    getTwoFactorStatus: (controller) => `/${controller}/GetTwoFactorStatus`,
+    generateTwoFactorSetup: (controller) =>
+      `/${controller}/GenerateTwoFactorSetup`,
+    enableTwoFactor: (controller) => `/${controller}/EnableTwoFactor`,
+    disableTwoFactor: (controller) => `/${controller}/DisableTwoFactor`,
+    regenerateTwoFactorRecoveryCodes: (controller) =>
+      `/${controller}/RegenerateTwoFactorRecoveryCodes`,
+  },
+};
diff --git a/src/config/apiRoutes.json b/src/config/apiRoutes.json
new file mode 100644
index 0000000..67b0a60
--- /dev/null
+++ b/src/config/apiRoutes.json
@@ -0,0 +1,141 @@
+{
+  "ADMIN_ADD_ADMIN": "/Admin/AddAdmin",
+  "ADMIN_ADD_ADMIN_TYPE": "/Admin/AddAdminType",
+  "ADMIN_ASSIGN_USER_PERMISSIONS": "/Admin/AssignUserPermissions",
+  "ADMIN_ASSIGN_USER_ROLES": "/Admin/AssignUserRoles",
+  "ADMIN_DEL_ADMIN": "/Admin/DelAdmin",
+  "ADMIN_DEL_ADMIN_TYPE": "/Admin/DelAdminType",
+  "ADMIN_GET_ALL_ADMIN_LIST": "/Admin/GetAllAdminList",
+  "ADMIN_GET_ALL_ADMIN_TYPES": "/Admin/GetAllAdminTypes",
+  "ADMIN_LOGIN": "/Admin/Login",
+  "ADMIN_LOGOUT": "/Admin/Logout",
+  "ADMIN_READ_USER_DIRECT_PERMISSIONS": "/Admin/ReadUserDirectPermissions",
+  "ADMIN_READ_USER_ROLE_PERMISSIONS": "/Admin/ReadUserRolePermissions",
+  "ADMIN_READ_USER_ROLES": "/Admin/ReadUserRoles",
+  "ADMIN_UPD_ADMIN": "/Admin/UpdAdmin",
+  "ADMIN_UPD_ADMIN_TYPE": "/Admin/UpdAdminType",
+  "ASSET_ADD_ASSET_INFO": "/Asset/AddAssetInfo",
+  "ASSET_DEL_ASSET_INFO": "/Asset/DelAssetInfo",
+  "ASSET_SELECT_ASSET_INFO_ALL": "/Asset/SelectAssetInfoAll",
+  "ASSET_UPD_ASSET_INFO": "/Asset/UpdAssetInfo",
+  "BASE_ADD_DEPT": "/Base/AddDept",
+  "BASE_ADD_EDUCATION": "/Base/AddEducation",
+  "BASE_ADD_NATION": "/Base/AddNation",
+  "BASE_ADD_POSITION": "/Base/AddPosition",
+  "BASE_CREATE_APPOINTMENT_NOTICE_TYPE": "/Base/CreateAppointmentNoticeType",
+  "BASE_DEL_DEPT": "/Base/DelDept",
+  "BASE_DEL_EDUCATION": "/Base/DelEducation",
+  "BASE_DEL_NATION": "/Base/DelNation",
+  "BASE_DEL_POSITION": "/Base/DelPosition",
+  "BASE_DELETE_APPOINTMENT_NOTICE_TYPE": "/Base/DeleteAppointmentNoticeType",
+  "BASE_DELETE_CUSTO_TYPE": "/Base/DeleteCustoType",
+  "BASE_DELETE_PASS_PORT_TYPE": "/Base/DeletePassPortType",
+  "BASE_INSERT_CUSTO_TYPE": "/Base/InsertCustoType",
+  "BASE_INSERT_PASS_PORT_TYPE": "/Base/InsertPassPortType",
+  "BASE_SELECT_APPOINTMENT_NOTICE_TYPE_ALL": "/Base/SelectAppointmentNoticeTypeAll",
+  "BASE_SELECT_CUSTO_TYPE_ALL": "/Base/SelectCustoTypeAll",
+  "BASE_SELECT_CUSTO_TYPE_ALL_CAN_USE": "/Base/SelectCustoTypeAllCanUse",
+  "BASE_SELECT_DEPT_ALL": "/Base/SelectDeptAll",
+  "BASE_SELECT_EDUCATION_ALL": "/Base/SelectEducationAll",
+  "BASE_SELECT_NATION_ALL": "/Base/SelectNationAll",
+  "BASE_SELECT_PASS_PORT_TYPE_ALL": "/Base/SelectPassPortTypeAll",
+  "BASE_SELECT_PASS_PORT_TYPE_ALL_CAN_USE": "/Base/SelectPassPortTypeAllCanUse",
+  "BASE_SELECT_POSITION_ALL": "/Base/SelectPositionAll",
+  "BASE_SELECT_ROOM_STATE_ALL": "/Base/SelectRoomStateAll",
+  "BASE_SELECT_WORKER_FEATURE_ALL": "/Base/SelectWorkerFeatureAll",
+  "BASE_UPD_DEPT": "/Base/UpdDept",
+  "BASE_UPD_EDUCATION": "/Base/UpdEducation",
+  "BASE_UPD_NATION": "/Base/UpdNation",
+  "BASE_UPD_POSITION": "/Base/UpdPosition",
+  "BASE_UPDATE_APPOINTMENT_NOTICE_TYPE": "/Base/UpdateAppointmentNoticeType",
+  "BASE_UPDATE_CUSTO_TYPE": "/Base/UpdateCustoType",
+  "BASE_UPDATE_PASS_PORT_TYPE": "/Base/UpdatePassPortType",
+  "CUSTOMER_DEL_CUSTOMER_INFO": "/Customer/DelCustomerInfo",
+  "CUSTOMER_INSERT_CUSTOMER_INFO": "/Customer/InsertCustomerInfo",
+  "CUSTOMER_SELECT_CUSTOMERS": "/Customer/SelectCustomers",
+  "CUSTOMER_UPD_CUSTOMER_INFO": "/Customer/UpdCustomerInfo",
+  "CUSTOMER_PERMISSION_ASSIGN_USER_PERMISSIONS": "/CustomerPermission/AssignUserPermissions",
+  "CUSTOMER_PERMISSION_ASSIGN_USER_ROLES": "/CustomerPermission/AssignUserRoles",
+  "CUSTOMER_PERMISSION_READ_USER_DIRECT_PERMISSIONS": "/CustomerPermission/ReadUserDirectPermissions",
+  "CUSTOMER_PERMISSION_READ_USER_ROLE_PERMISSIONS": "/CustomerPermission/ReadUserRolePermissions",
+  "CUSTOMER_PERMISSION_READ_USER_ROLES": "/CustomerPermission/ReadUserRoles",
+  "DASHBOARD_BUSINESS_STATISTICS": "/Dashboard/BusinessStatistics",
+  "DASHBOARD_HUMAN_RESOURCES_STATISTICS": "/Dashboard/HumanResourcesStatistics",
+  "DASHBOARD_LOGISTICS_STATISTICS": "/Dashboard/LogisticsStatistics",
+  "DASHBOARD_ROOM_STATISTICS": "/Dashboard/RoomStatistics",
+  "EMPLOYEE_ADD_EMPLOYEE": "/Employee/AddEmployee",
+  "EMPLOYEE_EMPLOYEE_LOGIN": "/Employee/EmployeeLogin",
+  "EMPLOYEE_MANAGER_EMPLOYEE_ACCOUNT": "/Employee/ManagerEmployeeAccount",
+  "EMPLOYEE_RESET_EMPLOYEE_ACCOUNT_PASSWORD": "/Employee/ResetEmployeeAccountPassword",
+  "EMPLOYEE_SELECT_EMPLOYEE_ALL": "/Employee/SelectEmployeeAll",
+  "EMPLOYEE_SELECT_EMPLOYEE_INFO_BY_EMPLOYEE_ID": "/Employee/SelectEmployeeInfoByEmployeeId",
+  "EMPLOYEE_UPDATE_EMPLOYEE": "/Employee/UpdateEmployee",
+  "EMPLOYEE_CHECK_SELECT_CHECK_INFO_BY_EMPLOYEE_ID": "/EmployeeCheck/SelectCheckInfoByEmployeeId",
+  "EMPLOYEE_HISTORY_SELECT_HISTORY_BY_EMPLOYEE_ID": "/EmployeeHistory/SelectHistoryByEmployeeId",
+  "EMPLOYEE_PERMISSION_ASSIGN_USER_PERMISSIONS": "/EmployeePermission/AssignUserPermissions",
+  "EMPLOYEE_PERMISSION_ASSIGN_USER_ROLES": "/EmployeePermission/AssignUserRoles",
+  "EMPLOYEE_PERMISSION_READ_USER_DIRECT_PERMISSIONS": "/EmployeePermission/ReadUserDirectPermissions",
+  "EMPLOYEE_PERMISSION_READ_USER_ROLE_PERMISSIONS": "/EmployeePermission/ReadUserRolePermissions",
+  "EMPLOYEE_PERMISSION_READ_USER_ROLES": "/EmployeePermission/ReadUserRoles",
+  "EMPLOYEE_PHOTO_INSERT_WORKER_PHOTO": "/EmployeePhoto/InsertWorkerPhoto",
+  "ENERGY_MANAGEMENT_DELETE_ENERGY_MANAGEMENT_INFO": "/EnergyManagement/DeleteEnergyManagementInfo",
+  "ENERGY_MANAGEMENT_INSERT_ENERGY_MANAGEMENT_INFO": "/EnergyManagement/InsertEnergyManagementInfo",
+  "ENERGY_MANAGEMENT_SELECT_ENERGY_MANAGEMENT_INFO": "/EnergyManagement/SelectEnergyManagementInfo",
+  "ENERGY_MANAGEMENT_UPDATE_ENERGY_MANAGEMENT_INFO": "/EnergyManagement/UpdateEnergyManagementInfo",
+  "LOGIN_GET_CSRF_TOKEN": "/Login/GetCSRFToken",
+  "LOGIN_REFRESH_CSRF_TOKEN": "/Login/RefreshCSRFToken",
+  "MENU_BUILD_MENU_ALL": "/Menu/BuildMenuAll",
+  "MENU_DELETE_MENU": "/Menu/DeleteMenu",
+  "MENU_INSERT_MENU": "/Menu/InsertMenu",
+  "MENU_SELECT_MENU_ALL": "/Menu/SelectMenuAll",
+  "MENU_UPDATE_MENU": "/Menu/UpdateMenu",
+  "PERMISSION_SELECT_PERMISSION_LIST": "/Permission/SelectPermissionList",
+  "PROMOTION_CONTENT_ADD_PROMOTION_CONTENT": "/PromotionContent/AddPromotionContent",
+  "PROMOTION_CONTENT_DELETE_PROMOTION_CONTENT": "/PromotionContent/DeletePromotionContent",
+  "PROMOTION_CONTENT_SELECT_PROMOTION_CONTENT_ALL": "/PromotionContent/SelectPromotionContentAll",
+  "PROMOTION_CONTENT_UPDATE_PROMOTION_CONTENT": "/PromotionContent/UpdatePromotionContent",
+  "RESER_DELETE_RESER_INFO": "/Reser/DeleteReserInfo",
+  "RESER_INSER_RESER_INFO": "/Reser/InserReserInfo",
+  "RESER_SELECT_RESER_ALL": "/Reser/SelectReserAll",
+  "RESER_SELECT_RESER_TYPE_ALL": "/Reser/SelectReserTypeAll",
+  "RESER_UPDATE_RESER_INFO": "/Reser/UpdateReserInfo",
+  "REWARD_PUNISHMENT_SELECT_ALL_REWARD_PUNISHMENT_BY_EMPLOYEE_ID": "/RewardPunishment/SelectAllRewardPunishmentByEmployeeId",
+  "ROLE_ASSIGN_ROLE_USERS": "/Role/AssignRoleUsers",
+  "ROLE_DELETE_ROLE": "/Role/DeleteRole",
+  "ROLE_GRANT_ROLE_PERMISSIONS": "/Role/GrantRolePermissions",
+  "ROLE_INSERT_ROLE": "/Role/InsertRole",
+  "ROLE_READ_ROLE_PERMISSIONS": "/Role/ReadRolePermissions",
+  "ROLE_READ_ROLE_USERS": "/Role/ReadRoleUsers",
+  "ROLE_SELECT_ROLE_LIST": "/Role/SelectRoleList",
+  "ROLE_UPDATE_ROLE": "/Role/UpdateRole",
+  "ROOM_DELETE_ROOM": "/Room/DeleteRoom",
+  "ROOM_INSERT_ROOM": "/Room/InsertRoom",
+  "ROOM_SELECT_CAN_USE_ROOM_ALL": "/Room/SelectCanUseRoomAll",
+  "ROOM_SELECT_ROOM_ALL": "/Room/SelectRoomAll",
+  "ROOM_UPDATE_ROOM": "/Room/UpdateRoom",
+  "ROOM_TYPE_DELETE_ROOM_TYPE": "/RoomType/DeleteRoomType",
+  "ROOM_TYPE_INSERT_ROOM_TYPE": "/RoomType/InsertRoomType",
+  "ROOM_TYPE_SELECT_ROOM_TYPES_ALL": "/RoomType/SelectRoomTypesAll",
+  "ROOM_TYPE_UPDATE_ROOM_TYPE": "/RoomType/UpdateRoomType",
+  "SELLTHING_DELETE_SELLTHING": "/Sellthing/DeleteSellthing",
+  "SELLTHING_INSERT_SELLTHING": "/Sellthing/InsertSellthing",
+  "SELLTHING_SELECT_SELLTHING_ALL": "/Sellthing/SelectSellthingAll",
+  "SELLTHING_UPDATE_SELLTHING": "/Sellthing/UpdateSellthing",
+  "SPEND_INSERT_SPEND_INFO": "/Spend/InsertSpendInfo",
+  "SPEND_SELECT_SPEND_INFO_ALL": "/Spend/SelectSpendInfoAll",
+  "SPEND_UPD_SPEND_INFO": "/Spend/UpdSpendInfo",
+  "SUPERVISION_STATISTICS_DELETE_SUPERVISION_STATISTICS": "/SupervisionStatistics/DeleteSupervisionStatistics",
+  "SUPERVISION_STATISTICS_INSERT_SUPERVISION_STATISTICS": "/SupervisionStatistics/InsertSupervisionStatistics",
+  "SUPERVISION_STATISTICS_SELECT_SUPERVISION_STATISTICS_ALL": "/SupervisionStatistics/SelectSupervisionStatisticsAll",
+  "SUPERVISION_STATISTICS_UPDATE_SUPERVISION_STATISTICS": "/SupervisionStatistics/UpdateSupervisionStatistics",
+  "UTILITY_DELETE_OPERATIONLOG": "/Utility/DeleteOperationlog",
+  "UTILITY_DELETE_OPERATIONLOG_BY_RANGE": "/Utility/DeleteOperationlogByRange",
+  "UTILITY_SELECT_CARD_CODE": "/Utility/SelectCardCode",
+  "UTILITY_SELECT_OPERATIONLOG_ALL": "/Utility/SelectOperationlogAll",
+  "UTILITY_SELECT_REQUESTLOG_ALL": "/Utility/SelectRequestlogAll",
+  "VIP_RULE_ADD_VIP_RULE": "/VipRule/AddVipRule",
+  "VIP_RULE_DEL_VIP_RULE": "/VipRule/DelVipRule",
+  "VIP_RULE_SELECT_VIP_RULE_LIST": "/VipRule/SelectVipRuleList",
+  "VIP_RULE_UPD_VIP_RULE": "/VipRule/UpdVipRule",
+  "VERSION": "/version"
+}
diff --git a/src/directives/permission.js b/src/directives/permission.js
index d05c1cc..9d3bce3 100644
--- a/src/directives/permission.js
+++ b/src/directives/permission.js
@@ -1,40 +1,62 @@
-import { getAllowedMenuKeys, getAllowedPerms } from "@/utils/permission";
+import { hasPermission } from "@/utils/permission";
 
 /**
- * v-perm 指令：支持菜单键或按钮权限码两种来源
- * - 传入 string 或 string[]，例如：v-perm="'system:role:grant'" 或 v-perm="['department.create','department.update']"
- * - .all 修饰符表示需要全部命中（默认任意命中其一即可）
+ * v-perm directive: supports both menu keys and button permission codes.
+ * - accepts string or string[], e.g. v-perm="'system:role:grant'"
+ * - .all modifier means all required keys must match.
  */
 function isPermitted(required, needAll = false) {
-  // 未配置要求时默认放行（方便逐步接入）
-  if (!required || (Array.isArray(required) && required.length === 0))
-    return true;
-
-  // 合并“菜单键集合 + 按钮权限码集合”
-  const allowedSet = new Set([...getAllowedMenuKeys(), ...getAllowedPerms()]);
+  return hasPermission(required, needAll);
+}
 
-  // 首屏或尚未拉取权限列表时（两个集合都为空）默认放行，避免按钮被永久隐藏
-  if (allowedSet.size === 0) {
-    return true;
+function applyPermission(el, required, needAll) {
+  const permitted = isPermitted(required, needAll);
+  if (!permitted) {
+    el.style.display = "none";
+    el.setAttribute("data-permission-hidden", "true");
+    return;
   }
 
-  const reqList = Array.isArray(required) ? required : [required];
-
-  if (needAll) {
-    return reqList.every((k) => allowedSet.has(k));
+  if (el.getAttribute("data-permission-hidden") === "true") {
+    const originalDisplay =
+      el.__permState && typeof el.__permState.originalDisplay === "string"
+        ? el.__permState.originalDisplay
+        : "";
+    el.style.display = originalDisplay;
+    el.removeAttribute("data-permission-hidden");
   }
-  return reqList.some((k) => allowedSet.has(k));
 }
 
 export default {
   beforeMount(el, binding) {
-    const required = binding.value;
-    const needAll = !!binding.modifiers.all;
+    const state = {
+      required: binding.value,
+      needAll: !!binding.modifiers.all,
+      originalDisplay: el.style.display || "",
+      handler: null,
+    };
+
+    state.handler = () => {
+      applyPermission(el, state.required, state.needAll);
+    };
 
-    const permitted = isPermitted(required, needAll);
-    if (!permitted) {
-      el.style.display = "none";
-      el.setAttribute("data-permission-hidden", "true");
+    el.__permState = state;
+    window.addEventListener("permissions-updated", state.handler);
+    state.handler();
+  },
+  updated(el, binding) {
+    if (!el.__permState) {
+      return;
+    }
+
+    el.__permState.required = binding.value;
+    el.__permState.needAll = !!binding.modifiers.all;
+    applyPermission(el, el.__permState.required, el.__permState.needAll);
+  },
+  unmounted(el) {
+    if (el.__permState?.handler) {
+      window.removeEventListener("permissions-updated", el.__permState.handler);
     }
+    delete el.__permState;
   },
 };
diff --git a/src/i18n.js b/src/i18n.js
index d32a238..bc6d3f4 100644
--- a/src/i18n.js
+++ b/src/i18n.js
@@ -90,6 +90,8 @@ const messages = {
         "2FA enabled. Save your recovery codes now (shown only once).",
       recoveryCodeLoginTip:
         "Recovery code was used for this login. Rebind your authenticator and regenerate recovery codes immediately.",
+      permissionCheckError:
+        "Permission check failed,  Please retry or contact administrator.",
       refreshData: "Refresh Data",
       addSuccess: "Add Success",
       updateSuccess: "Update Success",
@@ -809,6 +811,7 @@ const messages = {
         "2FA 已启用，请立即保存恢复备用码（仅展示一次）。",
       recoveryCodeLoginTip:
         "本次登录使用了恢复备用码，请立即重新绑定验证器并重置备用码。",
+      permissionCheckError: "权限检查发生错误，请重试或联系管理员",
       refreshData: "刷新数据",
       addSuccess: "添加成功",
       updateSuccess: "更新成功",
diff --git a/src/layouts/MainLayout.vue b/src/layouts/MainLayout.vue
index 323e4a3..f920faa 100644
--- a/src/layouts/MainLayout.vue
+++ b/src/layouts/MainLayout.vue
@@ -244,9 +244,22 @@ import {
   formatDateTime,
   showErrorNotification,
   showSuccessNotification,
+  showWarningNotification,
 } from "@/utils/index";
 import { fetchMenusTree } from "../api/menuapi";
 import { BaseFields } from "@/entities/common.entity";
+import {
+  readUserDirectPermissions as readAdminUserDirectPermissions,
+  readUserRolePermissions as readAdminUserRolePermissions,
+} from "@/api/administratorapi";
+import {
+  readUserDirectPermissions as readEmployeeUserDirectPermissions,
+  readUserRolePermissions as readEmployeeUserRolePermissions,
+} from "@/api/employeepermissionapi";
+import {
+  readUserDirectPermissions as readCustomerUserDirectPermissions,
+  readUserRolePermissions as readCustomerUserRolePermissions,
+} from "@/api/customerpermissionapi";
 import {
   AdministratorManagementPermissions,
   StaffManagementPermissions,
@@ -268,6 +281,7 @@ import {
   getServerVersion,
 } from "../api/basicapi";
 import { clearRowVersionCache } from "@/api/baseapi";
+import { decodeJwtPayload, getUserIdentity, isTokenExpired } from "@/utils/jwt";
 
 const serverVersion = ref("");
 
@@ -427,6 +441,84 @@ const parseStoredAllowedPermissions = () => {
   }
 };
 
+const unique = (arr) => Array.from(new Set((arr || []).filter(Boolean)));
+
+const extractPermissionCodes = (items) =>
+  unique(
+    (Array.isArray(items) ? items : [])
+      .map((item) =>
+        typeof item === "string"
+          ? item
+          : item?.PermissionNumber || item?.PermissionCode || "",
+      )
+      .filter(Boolean),
+  );
+
+const clearAllowedPathsCache = () => {
+  localStorage.removeItem("allowedPaths");
+  localStorage.removeItem("allowedMenuKeys");
+  localStorage.removeItem("allowedPerms");
+  localStorage.removeItem("allowedPathsToken");
+  localStorage.removeItem("allowedPathsExpire");
+  localStorage.removeItem("allowedPathsIssuedAt");
+};
+
+const getPermissionErrorMessage = () => {
+  const translated = t("message.permissionCheckError");
+  return translated === "message.permissionCheckError"
+    ? "Permission check failed. Please retry or contact administrator."
+    : translated;
+};
+
+const fetchCurrentUserPermissionCodes = async () => {
+  const permissionReadersByLoginType = {
+    admin: {
+      readRolePermissions: readAdminUserRolePermissions,
+      readDirectPermissions: readAdminUserDirectPermissions,
+    },
+    employee: {
+      readRolePermissions: readEmployeeUserRolePermissions,
+      readDirectPermissions: readEmployeeUserDirectPermissions,
+    },
+    customer: {
+      readRolePermissions: readCustomerUserRolePermissions,
+      readDirectPermissions: readCustomerUserDirectPermissions,
+    },
+  };
+
+  const readers =
+    permissionReadersByLoginType[loginType.value] ||
+    permissionReadersByLoginType.admin;
+
+  const identity = getUserIdentity(
+    loginType.value,
+    localStorage.getItem("token") || "",
+    localStorage.getItem("account") || "",
+  );
+
+  if (!identity) {
+    showWarningNotification(getPermissionErrorMessage());
+    return { ok: false, codes: [] };
+  }
+
+  try {
+    const [rolePermissions, directPermissions] = await Promise.all([
+      readers.readRolePermissions(identity),
+      readers.readDirectPermissions(identity),
+    ]);
+
+    const mergedCodes = unique([
+      ...extractPermissionCodes(rolePermissions),
+      ...extractPermissionCodes(directPermissions),
+    ]);
+
+    return { ok: true, codes: mergedCodes };
+  } catch (error) {
+    showWarningNotification(getPermissionErrorMessage());
+    return { ok: false, codes: [] };
+  }
+};
+
 const syncAllowedPermissions = () => {
   allowedPermissionCodes.value = parseStoredAllowedPermissions();
 };
@@ -512,15 +604,45 @@ const refreshMenu = async () => {
     };
     const { keys, paths, perms } = collect(menuData.value, [], [], []);
 
-    const unique = (arr) => Array.from(new Set(arr.filter(Boolean)));
     const allowedMenuKeys = unique(keys);
     const allowedPaths = unique(paths).map((p) => (p || "").replace(/\/$/, ""));
-    const allowedPermList = unique(perms);
+    const allowedPermListFromMenu = unique(perms);
+    const syncedPermissionCodes = await fetchCurrentUserPermissionCodes();
+    const allowedPermList = syncedPermissionCodes.ok
+      ? syncedPermissionCodes.codes
+      : allowedPermListFromMenu;
 
     localStorage.setItem("allowedMenuKeys", JSON.stringify(allowedMenuKeys));
     localStorage.setItem("allowedPaths", JSON.stringify(allowedPaths));
     localStorage.setItem("allowedPerms", JSON.stringify(allowedPermList));
+
+    const currentToken = localStorage.getItem("token") || "";
+    const tokenPayload = decodeJwtPayload(currentToken);
+    const tokenIssuedAt = Number(tokenPayload?.iat);
+    const tokenExpireAt = Number(tokenPayload?.exp);
+
+    localStorage.setItem("allowedPathsToken", currentToken);
+    if (Number.isFinite(tokenIssuedAt)) {
+      localStorage.setItem("allowedPathsIssuedAt", String(tokenIssuedAt));
+    } else {
+      localStorage.removeItem("allowedPathsIssuedAt");
+    }
+    if (Number.isFinite(tokenExpireAt)) {
+      localStorage.setItem("allowedPathsExpire", String(tokenExpireAt));
+    } else {
+      localStorage.removeItem("allowedPathsExpire");
+    }
     allowedPermissionCodes.value = allowedPermList;
+    window.dispatchEvent(new Event("permissions-updated"));
+
+    const normalize = (p) => (p || "").replace(/\/$/, "");
+    const currentPath = normalize(router.currentRoute.value.path);
+    const hasDashboardPath = allowedPaths.some(
+      (path) => normalize(path) === "/dashboard",
+    );
+    if (currentPath === "/dashboard" && !hasDashboardPath) {
+      await router.replace("/home");
+    }
 
     // 3) 还原展开状态
     openKeys.value = currentOpenKeys;
@@ -582,7 +704,12 @@ const updateTwoFactorRecoveryCode = (value) => {
   twoFactorRecoveryCode.value = normalizeCodeOrRecoveryCode(value);
 };
 
-const copyTextWithExecCommand = (text) => {
+const copyTextWithClipboard = async (text) => {
+  if (navigator?.clipboard?.writeText) {
+    await navigator.clipboard.writeText(text);
+    return true;
+  }
+
   const textArea = document.createElement("textarea");
   textArea.value = text;
   textArea.style.position = "fixed";
@@ -590,9 +717,14 @@ const copyTextWithExecCommand = (text) => {
   document.body.appendChild(textArea);
   textArea.focus();
   textArea.select();
-  const copied = document.execCommand("copy");
-  document.body.removeChild(textArea);
-  return copied;
+
+  try {
+    return document.execCommand("copy");
+  } catch (error) {
+    return false;
+  } finally {
+    document.body.removeChild(textArea);
+  }
 };
 
 const copyAllRecoveryCodes = async () => {
@@ -602,9 +734,8 @@ const copyAllRecoveryCodes = async () => {
   }
 
   try {
-    if (navigator?.clipboard?.writeText) {
-      await navigator.clipboard.writeText(content);
-    } else if (!copyTextWithExecCommand(content)) {
+    const copied = await copyTextWithClipboard(content);
+    if (!copied) {
       throw new Error("Copy failed");
     }
     showSuccessNotification(t("message.recoveryCodesCopiedSuccess"));
@@ -768,24 +899,55 @@ const handleDisableTwoFactor = async () => {
 };
 
 const checkLoginStatus = () => {
-  const storedToken = localStorage.getItem("token");
-  if (storedToken) {
+  const storedToken = localStorage.getItem("token") || "";
+
+  if (storedToken && !isTokenExpired(storedToken)) {
     isLoggedIn.value = true;
     loginType.value = localStorage.getItem("loginType") || "admin";
-    syncAllowedPermissions();
-    const storedUsername = localStorage.getItem("username");
-    if (storedUsername) {
-      username.value = storedUsername;
+
+    const tokenPayload = decodeJwtPayload(storedToken);
+    const tokenExpireAt = Number(tokenPayload?.exp);
+    const cachedAllowedToken = localStorage.getItem("allowedPathsToken") || "";
+    const cachedAllowedExpireAt = Number(
+      localStorage.getItem("allowedPathsExpire"),
+    );
+    const now = Math.floor(Date.now() / 1000);
+
+    const isAllowedTokenMismatch =
+      cachedAllowedToken.length > 0 && cachedAllowedToken !== storedToken;
+    const isAllowedCacheExpired =
+      Number.isFinite(cachedAllowedExpireAt) && cachedAllowedExpireAt <= now;
+    const isAllowedExpireMismatch =
+      Number.isFinite(tokenExpireAt) &&
+      Number.isFinite(cachedAllowedExpireAt) &&
+      cachedAllowedExpireAt !== tokenExpireAt;
+
+    if (
+      isAllowedTokenMismatch ||
+      isAllowedCacheExpired ||
+      isAllowedExpireMismatch
+    ) {
+      clearAllowedPathsCache();
+      allowedPermissionCodes.value = [];
     } else {
-      username.value = "User";
+      syncAllowedPermissions();
     }
-  } else {
-    isLoggedIn.value = false;
-    loginType.value = "admin";
-    allowedPermissionCodes.value = [];
-    username.value = "";
-    clearRowVersionCache();
+
+    const storedUsername = localStorage.getItem("username");
+    username.value = storedUsername || "User";
+    return;
   }
+
+  isLoggedIn.value = false;
+  loginType.value = "admin";
+  allowedPermissionCodes.value = [];
+  username.value = "";
+  localStorage.removeItem("token");
+  localStorage.removeItem("username");
+  localStorage.removeItem("account");
+  localStorage.removeItem("loginType");
+  clearAllowedPathsCache();
+  clearRowVersionCache();
 };
 
 const logout = async () => {
@@ -798,9 +960,7 @@ const logout = async () => {
   localStorage.removeItem("username");
   localStorage.removeItem("account");
   localStorage.removeItem("loginType");
-  localStorage.removeItem("allowedPaths");
-  localStorage.removeItem("allowedMenuKeys");
-  localStorage.removeItem("allowedPerms");
+  clearAllowedPathsCache();
   clearRowVersionCache();
   isLoggedIn.value = false;
   allowedPermissionCodes.value = [];
diff --git a/src/router/index.js b/src/router/index.js
index 9d66eee..5c0f328 100644
--- a/src/router/index.js
+++ b/src/router/index.js
@@ -68,6 +68,7 @@ const CustomerAccountPermission = () =>
 const EmployeeAccountPermission = () =>
   import("../views/systemmanagement/EmployeeAccountPermissionView.vue");
 
+const Home = () => import("../views/home/HomeView.vue");
 const Dashboard = () => import("../views/dashboard/DashboardView.vue");
 
 const routes = [
@@ -260,6 +261,12 @@ const routes = [
         component: EmployeeAccountPermission,
         meta: { requiresAuth: true, requiredPerm: "system:user:assign.view" },
       },
+      {
+        path: "/home",
+        name: "home",
+        component: Home,
+        meta: { requiresAuth: true, ignoreAllowedPaths: true },
+      },
       {
         path: "/dashboard",
         name: "dashboard",
@@ -303,6 +310,10 @@ router.beforeEach((to, from, next) => {
       }
 
       // 支持基于"权限码或菜单键"直达的路由控制（未出现在菜单里的独立页面）
+      if (to.meta && to.meta.ignoreAllowedPaths) {
+        return next();
+      }
+
       const requiredPerm = to.meta && to.meta.requiredPerm;
       if (requiredPerm && hasPermission(requiredPerm)) {
         return next();
@@ -310,11 +321,31 @@ router.beforeEach((to, from, next) => {
 
       // 基于后端返回的菜单（权限）结果做前端路由访问控制（路径白名单）
       const raw = localStorage.getItem("allowedPaths");
+      const currentToken = localStorage.getItem("token") || "";
+      const allowedPathsToken = localStorage.getItem("allowedPathsToken") || "";
+      const allowedPathsExpire = Number(
+        localStorage.getItem("allowedPathsExpire"),
+      );
+      const now = Math.floor(Date.now() / 1000);
+      const hasAllowedPathsCache =
+        raw !== null &&
+        allowedPathsToken.length > 0 &&
+        allowedPathsToken === currentToken &&
+        Number.isFinite(allowedPathsExpire) &&
+        allowedPathsExpire > now;
       const parsed = raw ? JSON.parse(raw) : [];
       const allowedPaths = Array.isArray(parsed) ? parsed : [];
 
-      // 尚未拉取菜单（例如刚进入系统时），先放行，由主布局内拉取并写入
-      if (allowedPaths.length > 0) {
+      // 尚未初始化权限缓存时（例如刚进入系统），先放行。
+      // 已初始化但为空数组时，说明当前账号没有可访问路径，应拦截。
+      if (hasAllowedPathsCache) {
+        if (allowedPaths.length === 0) {
+          if ((to.path || "").replace(/\/$/, "") === "/dashboard") {
+            return next({ path: "/home" });
+          }
+          return next({ name: "NotFound" });
+        }
+
         const normalize = (p) => (p || "").replace(/\/$/, "");
         const current = normalize(to.path);
 
@@ -327,6 +358,9 @@ router.beforeEach((to, from, next) => {
           .some((p) => matchPath(p, current));
 
         if (!permitted) {
+          if (current === "/dashboard") {
+            return next({ path: "/home" });
+          }
           return next({ name: "NotFound" });
         }
       }
diff --git a/src/utils/auth.js b/src/utils/auth.js
index c2d6195..993c4bf 100644
--- a/src/utils/auth.js
+++ b/src/utils/auth.js
@@ -1,15 +1,14 @@
-import { jwtDecode } from "jwt-decode";
 import router from "@/router";
 import { showErrorNotification } from "@/utils/index";
 import i18n from "@/i18n";
 import { signOut } from "@/api/basicapi";
 import { clearRowVersionCache } from "@/api/baseapi";
+import { decodeJwtPayload, isTokenExpired } from "@/utils/jwt";
 
 export function redirectToLogin(
   message = i18n.global.t("message.loginExpired"),
   clearStorage = false,
 ) {
-  // 只有在明确指定需要清除存储时才清除
   if (clearStorage) {
     localStorage.removeItem("token");
     localStorage.removeItem("username");
@@ -22,22 +21,21 @@ export function redirectToLogin(
   }
 }
 
-// 处理登出
 export async function handleLogout() {
   try {
     const token = localStorage.getItem("token");
     if (token) {
-      // 调用登出接口
       await signOut();
-      // 清理本地存储
       localStorage.removeItem("token");
       localStorage.removeItem("username");
       localStorage.removeItem("account");
       localStorage.removeItem("allowedPerms");
       localStorage.removeItem("allowedPaths");
       localStorage.removeItem("allowedMenuKeys");
+      localStorage.removeItem("allowedPathsToken");
+      localStorage.removeItem("allowedPathsExpire");
+      localStorage.removeItem("allowedPathsIssuedAt");
       clearRowVersionCache();
-      // 重定向到登录页
       router.push("/signin");
     }
   } catch (error) {
@@ -52,22 +50,15 @@ export function checkTokenValidity(redirect = false) {
     return false;
   }
 
-  try {
-    const decodedToken = jwtDecode(token);
-    const currentTime = Math.floor(Date.now() / 1000);
-
-    // 检查 token 是否快要过期（比如还有5分钟过期）
-    const expiresIn = decodedToken.exp - currentTime;
-    const isNearExpiration = expiresIn < 300; // 5分钟 = 300秒
-
-    if (decodedToken.exp < currentTime || isNearExpiration) {
-      // token 已过期或即将过期
-      return false;
-    }
+  const decodedToken = decodeJwtPayload(token);
+  const expiration = Number(decodedToken?.exp);
+  if (!decodedToken || !Number.isFinite(expiration)) {
+    return false;
+  }
 
-    return true;
-  } catch (error) {
-    // token 解析失败
+  if (isTokenExpired(token, 300)) {
     return false;
   }
+
+  return true;
 }
diff --git a/src/utils/jwt.js b/src/utils/jwt.js
new file mode 100644
index 0000000..2d35289
--- /dev/null
+++ b/src/utils/jwt.js
@@ -0,0 +1,89 @@
+import { jwtDecode } from "jwt-decode";
+
+const IDENTITY_FIELDS_BY_LOGIN_TYPE = {
+  admin: ["sub", "nameid", "UserNumber", "userNumber", "Account", "account"],
+  employee: [
+    "sub",
+    "nameid",
+    "EmployeeId",
+    "employeeId",
+    "UserNumber",
+    "userNumber",
+    "Account",
+    "account",
+  ],
+  customer: ["sub", "nameid", "CustomerId", "customerId", "Account", "account"],
+};
+
+const COMMON_IDENTITY_FIELDS = [
+  "sub",
+  "nameid",
+  "UserNumber",
+  "userNumber",
+  "EmployeeId",
+  "employeeId",
+  "Account",
+  "account",
+];
+
+const normalizeIdentity = (value) => {
+  if (value === null || value === undefined) {
+    return "";
+  }
+
+  const text = String(value).trim();
+  return text.length > 0 ? text : "";
+};
+
+const pickIdentity = (payload, keys) => {
+  for (const key of keys) {
+    const identity = normalizeIdentity(payload?.[key]);
+    if (identity) {
+      return identity;
+    }
+  }
+  return "";
+};
+
+export const decodeJwtPayload = (token) => {
+  const normalizedToken = typeof token === "string" ? token.trim() : "";
+  if (!normalizedToken) {
+    return null;
+  }
+
+  try {
+    return jwtDecode(normalizedToken);
+  } catch (error) {
+    return null;
+  }
+};
+
+export const getTokenExpiration = (token) => {
+  const payload = decodeJwtPayload(token);
+  const exp = Number(payload?.exp);
+  return Number.isFinite(exp) ? exp : null;
+};
+
+export const isTokenExpired = (token, minRemainingSeconds = 0) => {
+  const expiration = getTokenExpiration(token);
+  if (!Number.isFinite(expiration)) {
+    return true;
+  }
+
+  const now = Math.floor(Date.now() / 1000);
+  return expiration - now <= Number(minRemainingSeconds || 0);
+};
+
+export const getUserIdentity = (loginType, token, fallbackIdentity = "") => {
+  const payload = decodeJwtPayload(token);
+  if (!payload) {
+    return normalizeIdentity(fallbackIdentity) || null;
+  }
+
+  const preferredFields = IDENTITY_FIELDS_BY_LOGIN_TYPE[loginType] || [];
+  const identity =
+    pickIdentity(payload, preferredFields) ||
+    pickIdentity(payload, COMMON_IDENTITY_FIELDS);
+
+  return identity || normalizeIdentity(fallbackIdentity) || null;
+};
diff --git a/src/utils/permission.js b/src/utils/permission.js
index fc1bff8..090da8b 100644
--- a/src/utils/permission.js
+++ b/src/utils/permission.js
@@ -18,6 +18,13 @@ export function getAllowedPerms() {
   }
 }
 
+export function isPermissionCacheInitialized() {
+  return (
+    localStorage.getItem("allowedPerms") !== null ||
+    localStorage.getItem("allowedMenuKeys") !== null
+  );
+}
+
 /**
  * 统一的权限判断：支持菜单键或按钮权限码；支持“任意命中/全部命中”两种模式
  * - required: string | string[]
@@ -33,7 +40,7 @@ export function hasPermission(required, needAll = false) {
   const allowedMenuKeys = getAllowedMenuKeys();
 
   // 两者都还未初始化（首次进入系统、尚未拉取菜单）时默认放行，避免首屏闪烁/误隐藏
-  if (allowedPerms.length === 0 && allowedMenuKeys.length === 0) {
+  if (!isPermissionCacheInitialized()) {
     return true;
   }
 
diff --git a/src/views/SignInView.vue b/src/views/SignInView.vue
index faca434..9732c15 100644
--- a/src/views/SignInView.vue
+++ b/src/views/SignInView.vue
@@ -200,7 +200,17 @@ const clearTwoFactorChallenge = () => {
   pendingLoginContext.value = null;
 };
 
+const clearPermissionCache = () => {
+  localStorage.removeItem("allowedPaths");
+  localStorage.removeItem("allowedMenuKeys");
+  localStorage.removeItem("allowedPerms");
+  localStorage.removeItem("allowedPathsToken");
+  localStorage.removeItem("allowedPathsExpire");
+  localStorage.removeItem("allowedPathsIssuedAt");
+};
+
 const persistLoginData = async (userData, loginType) => {
+  clearPermissionCache();
   clearRowVersionCache();
   localStorage.setItem("token", userData.UserToken);
   localStorage.setItem(
diff --git a/src/views/dashboard/DashboardView.vue b/src/views/dashboard/DashboardView.vue
index bc64a51..bf20c7c 100644
--- a/src/views/dashboard/DashboardView.vue
+++ b/src/views/dashboard/DashboardView.vue
@@ -246,6 +246,7 @@ import {
   fetchLogisticsStatistics,
   fetchHumanResourcesStatistics,
 } from "@/api/dashboardapi";
+import { getApiMessage } from "@/api/baseapi";
 import {
   formatDate,
   showErrorNotification,
@@ -289,6 +290,20 @@ const chartInstances = {
   attendance: null,
 };
 
+const resolveErrorMessage = (payload) => {
+  const directMessage = getApiMessage(payload);
+  if (directMessage && directMessage !== "Request failed") {
+    return directMessage;
+  }
+
+  const nestedMessage = getApiMessage(payload?.response?.data);
+  if (nestedMessage && nestedMessage !== "Request failed") {
+    return nestedMessage;
+  }
+
+  return t("message.requestFailed");
+};
+
 const loadData = async () => {
   try {
     const [roomRes, bizRes, logRes, hrRes] = await Promise.all([
@@ -337,7 +352,7 @@ const loadData = async () => {
         recentRecords: logRes.Data.recentRecords || [],
       };
     } else {
-      showErrorNotification(`后勤数据加载失败: ${logRes.Message}`);
+      showErrorNotification(resolveErrorMessage(logRes));
     }
 
     if (hrRes.Success) {
@@ -348,7 +363,7 @@ const loadData = async () => {
       };
     }
   } catch (error) {
-    showErrorNotification(`数据加载失败: ${error.message}`);
+    showErrorNotification(resolveErrorMessage(error));
   } finally {
     loading.value = false;
   }
diff --git a/src/views/home/HomeView.vue b/src/views/home/HomeView.vue
new file mode 100644
index 0000000..0c2cabc
--- /dev/null
+++ b/src/views/home/HomeView.vue
@@ -0,0 +1,20 @@
+<template>
+  <div class="home-page">
+    <a-card :title="$t('message.home')" :bordered="false">
+      <p>{{ $t("message.welcome") }}</p>
+      <p v-if="username">{{ username }}</p>
+    </a-card>
+  </div>
+</template>
+
+<script setup>
+import { computed } from "vue";
+
+const username = computed(() => localStorage.getItem("username") || "");
+</script>
+
+<style scoped>
+.home-page {
+  width: 100%;
+}
+</style>
diff --git a/src/views/systemmanagement/RoleManagementView.vue b/src/views/systemmanagement/RoleManagementView.vue
index bb53526..c862162 100644
--- a/src/views/systemmanagement/RoleManagementView.vue
+++ b/src/views/systemmanagement/RoleManagementView.vue
@@ -303,6 +303,7 @@ import ListFilter from "@/components/common/ListFilter.vue";
 import { getRoleFilterConfig } from "@/filters/role.filter.config";
 import { RoleManagementPermissions } from "@/common/permissioncode";
 import { debounce } from "lodash-es";
+import { emitter } from "@/utils/eventBus";
 
 const { t } = useI18n();
 const route = useRoute();
@@ -321,6 +322,10 @@ const selectedRecord = ref(null);
 const selectedRowKeys = ref([]);
 const selectedRows = ref([]);
 
+const refreshCurrentSessionPermissions = () => {
+  emitter.emit("refresh-menu");
+};
+
 const currentFilterParams = reactive({});
 const roleFilterConfig = computed(() => getRoleFilterConfig(t));
 
@@ -820,6 +825,7 @@ const handleRolePermSave = async () => {
     if (res && res.Success) {
       showSuccessNotification(t("message.updateSuccess"));
       rolePermModalVisible.value = false;
+      refreshCurrentSessionPermissions();
     } else {
       showErrorNotification(res?.Message || t("message.operationFailed"));
     }
@@ -1191,6 +1197,7 @@ const handleRoleUserSave = async () => {
     if (res && res.Success) {
       showSuccessNotification(t("message.updateSuccess"));
       roleUserModalVisible.value = false;
+      refreshCurrentSessionPermissions();
     } else {
       showErrorNotification(res?.Message || t("message.operationFailed"));
     }
diff --git a/src/views/systemmanagement/UnifiedAccountPermissionView.vue b/src/views/systemmanagement/UnifiedAccountPermissionView.vue
index b8683e2..d316275 100644
--- a/src/views/systemmanagement/UnifiedAccountPermissionView.vue
+++ b/src/views/systemmanagement/UnifiedAccountPermissionView.vue
@@ -166,6 +166,7 @@ import { useRoute } from "vue-router";
 import { useI18n } from "vue-i18n";
 import { getPageTitle } from "@/utils/pageTitle";
 import { showErrorNotification, showSuccessNotification } from "@/utils/index";
+import { emitter } from "@/utils/eventBus";
 
 import { selectPermissionList } from "@/api/permissionapi";
 import { AccountPermissionPermissions } from "@/common/permissioncode";
@@ -528,6 +529,10 @@ const listTitleText = computed(() => safeT(listTitleKey.value));
 const waitSelectText = computed(() => safeT(waitSelectKey.value));
 const selectedLabelText = computed(() => safeT(selectedLabelKey.value));
 
+const refreshCurrentSessionPermissions = () => {
+  emitter.emit("refresh-menu");
+};
+
 // 行选择（单选）
 const rowSelection = {
   type: "radio",
@@ -655,6 +660,7 @@ const saveDirectPermissions = async () => {
         loadUserDirectPermissions(selectedUserNumber.value),
         loadUserRolePermissions(selectedUserNumber.value),
       ]);
+      refreshCurrentSessionPermissions();
     } else {
       showErrorNotification(res?.Message || t("message.operationFailed"));
     }
-- 
Gitee


From 70715a1c3386d310772346dc3de785807684724d Mon Sep 17 00:00:00 2001
From: ck_yeun9 <jackson@oscode.top>
Date: Tue, 17 Feb 2026 21:17:55 +0800
Subject: [PATCH 05/10] add home page.

---
 src/api/baseapi.js                    | 148 ++++++-
 src/api/departmentapi.js              |   2 +-
 src/api/menuapi.js                    |  39 +-
 src/common/errorHandler.js            |  27 +-
 src/common/permissioncode.js          | 132 +++---
 src/directives/permission.js          |  46 ++-
 src/i18n.js                           |  56 ++-
 src/layouts/MainLayout.vue            |  89 ++--
 src/router/index.js                   |  56 ++-
 src/utils/auth.js                     |  15 +-
 src/utils/jwt.js                      |   5 +-
 src/views/dashboard/DashboardView.vue |  16 +-
 src/views/home/HomeView.vue           | 573 +++++++++++++++++++++++++-
 13 files changed, 1037 insertions(+), 167 deletions(-)

diff --git a/src/api/baseapi.js b/src/api/baseapi.js
index a410d70..9509cb7 100644
--- a/src/api/baseapi.js
+++ b/src/api/baseapi.js
@@ -7,6 +7,9 @@ const ACTION_PREFIX_REGEX =
 const SUFFIX_CLEANUP_REGEX = /(AllCanUse|CanUseAll|All|List)$/i;
 const ROW_VERSION_CACHE_TTL_MS = 30 * 60 * 1000;
 const ROW_VERSION_CACHE_MAX_ENTITIES = 200;
+const ROW_VERSION_CONFLICT_MESSAGE =
+  "Data has changed, please refresh and retry";
+const ROW_VERSION_CONFLICT_HINT = "数据已变更，请刷新后重试";
 
 const rowVersionCache = new Map();
 const rowVersionCacheTouchedAt = new Map();
@@ -74,14 +77,22 @@ const pruneRowVersionCache = () => {
 };
 
 const getEntityKeyFromUrl = (url = "") => {
-  if (typeof url !== "string" || url.length === 0) {
+  if (typeof url !== "string") {
     return "";
   }
 
-  const normalizedUrl = url.split("?")[0].replace(/^https?:\/\/[^/]+/i, "");
+  const trimmedUrl = url.trim();
+  if (!trimmedUrl) {
+    return "";
+  }
+
+  const normalizedUrl = trimmedUrl
+    .split("?")[0]
+    .replace(/^https?:\/\/[^/]+/i, "")
+    .trim();
   const segments = normalizedUrl.split("/").filter(Boolean);
   const controller = segments[0]?.toLowerCase() || "";
-  const action = segments[1] || "";
+  const action = (segments[1] || "").trim();
 
   if (!controller) {
     return "";
@@ -101,7 +112,11 @@ const getEntityKeyFromUrl = (url = "") => {
     resource = resource.slice(0, -1);
   }
 
-  resource = resource.toLowerCase();
+  resource = resource
+    .trim()
+    .replace(/^[^a-z0-9]+|[^a-z0-9]+$/gi, "")
+    .toLowerCase();
+
   return `${controller}:${resource || controller}`;
 };
 
@@ -125,6 +140,58 @@ const getRecordRowVersion = (record) => {
   );
 };
 
+const getDeleteItemsFromPayload = (payload) => {
+  if (!payload || typeof payload !== "object") {
+    return [];
+  }
+
+  const candidateList = [payload.DelIds, payload.delIds];
+
+  for (const candidate of candidateList) {
+    if (!Array.isArray(candidate)) {
+      continue;
+    }
+
+    return candidate
+      .map((item) => {
+        if (!item || typeof item !== "object" || Array.isArray(item)) {
+          if (
+            item === undefined ||
+            item === null ||
+            String(item).trim() === ""
+          ) {
+            return null;
+          }
+          return { Id: item, RowVersion: null };
+        }
+
+        const itemId = getRecordId(item);
+        if (itemId === null) {
+          return null;
+        }
+
+        return {
+          Id: itemId,
+          RowVersion: getRecordRowVersion(item),
+        };
+      })
+      .filter(Boolean);
+  }
+
+  const scalarCandidateList = [payload.DelId, payload.delId];
+  for (const candidate of scalarCandidateList) {
+    if (
+      candidate !== undefined &&
+      candidate !== null &&
+      String(candidate).trim() !== ""
+    ) {
+      return [{ Id: candidate, RowVersion: null }];
+    }
+  }
+
+  return [];
+};
+
 const isEffectiveRowVersion = (value) => {
   if (value === undefined || value === null) {
     return false;
@@ -162,6 +229,20 @@ const hasEffectiveRowVersion = (record) => {
   );
 };
 
+const getCachedRowVersion = (entityKey, id) => {
+  if (!entityKey || id === null || id === undefined) {
+    return null;
+  }
+
+  const entityCache = rowVersionCache.get(entityKey);
+  const rowVersion = entityCache?.get(String(id));
+  if (rowVersion === undefined || rowVersion === null) {
+    return null;
+  }
+
+  return rowVersion;
+};
+
 const saveRowVersionToCache = (entityKey, record) => {
   if (!entityKey || !record || typeof record !== "object") {
     return;
@@ -218,8 +299,7 @@ const shouldAttachRowVersion = (config) => {
     return false;
   }
 
-  const url = config?.url || "";
-  return /\/[^/]+\/(?:Update|Upd)[^/?#]*/i.test(url);
+  return true;
 };
 
 const attachRowVersionFromCache = (config) => {
@@ -232,7 +312,52 @@ const attachRowVersionFromCache = (config) => {
     return config;
   }
 
-  if (data instanceof FormData || hasEffectiveRowVersion(data)) {
+  if (data instanceof FormData) {
+    return config;
+  }
+
+  const entityKey = getEntityKeyFromUrl(config.url);
+  if (!entityKey) {
+    return config;
+  }
+
+  const deleteItems = getDeleteItemsFromPayload(data);
+  if (deleteItems.length > 0) {
+    const unresolvedIds = [];
+    const resolvedDeleteItems = deleteItems
+      .map((item) => {
+        let rowVersion = item.RowVersion;
+        if (!isEffectiveRowVersion(rowVersion)) {
+          rowVersion = getCachedRowVersion(entityKey, item.Id);
+        }
+
+        if (!isEffectiveRowVersion(rowVersion)) {
+          unresolvedIds.push(item.Id);
+          return null;
+        }
+
+        return {
+          Id: item.Id,
+          RowVersion: rowVersion,
+        };
+      })
+      .filter(Boolean);
+
+    if (unresolvedIds.length > 0) {
+      const conflictError = new Error(
+        ROW_VERSION_CONFLICT_HINT || ROW_VERSION_CONFLICT_MESSAGE,
+      );
+      conflictError.code = 1409;
+      conflictError.data = { unresolvedIds };
+      throw conflictError;
+    }
+
+    data.DelIds = resolvedDeleteItems;
+    delete data.DelId;
+    delete data.delId;
+    delete data.DelRows;
+    delete data.RowVersions;
+    touchRowVersionCacheEntity(entityKey);
     return config;
   }
 
@@ -240,15 +365,12 @@ const attachRowVersionFromCache = (config) => {
   if (id === null) {
     return config;
   }
-
-  const entityKey = getEntityKeyFromUrl(config.url);
-  if (!entityKey) {
+  if (hasEffectiveRowVersion(data)) {
     return config;
   }
 
-  const entityCache = rowVersionCache.get(entityKey);
-  const rowVersion = entityCache?.get(String(id));
-  if (rowVersion === undefined || rowVersion === null) {
+  const rowVersion = getCachedRowVersion(entityKey, id);
+  if (rowVersion === null) {
     return config;
   }
 
diff --git a/src/api/departmentapi.js b/src/api/departmentapi.js
index 0193b64..902710f 100644
--- a/src/api/departmentapi.js
+++ b/src/api/departmentapi.js
@@ -36,7 +36,7 @@ export const updateDepartment = async (data) => {
 // 删除部门
 export const deleteDepartment = async (data) => {
   try {
-    const response = await api.post(API_ENDPOINTS.routes.BASE_DEL_DEPT, { data });
+    const response = await api.post(API_ENDPOINTS.routes.BASE_DEL_DEPT, data);
     return response.data;
   } catch (error) {
     throw error;
diff --git a/src/api/menuapi.js b/src/api/menuapi.js
index b1215f3..92a4ef7 100644
--- a/src/api/menuapi.js
+++ b/src/api/menuapi.js
@@ -1,25 +1,44 @@
 import api from "../api";
 import { API_ENDPOINTS } from "../config/apiEndpoints";
 
-// 获取菜单树
+// Fetch menu tree.
 export const fetchMenusTree = async (menu) => {
   try {
     const response = await api.post(
       API_ENDPOINTS.routes.MENU_BUILD_MENU_ALL,
       menu,
+      {
+        // BuildMenuAll business failures are handled by caller.
+        skipBusinessErrorHandling: true,
+      },
     );
 
-    // 后端 BaseResponse 使用 PascalCase 字段（Success/Code/Message/Data）
-    if (!response.data.Success) {
-      throw new Error(response.data.Message || "获取菜单失败");
+    const payload = response?.data || {};
+    if (!payload.Success) {
+      const error = new Error(
+        payload.Message || payload.message || "Failed to load menu data",
+      );
+      error.code = payload.Code || payload.code || 0;
+      throw error;
     }
-    return response.data.Data;
+
+    return payload.Data;
   } catch (error) {
-    throw error;
+    const message =
+      error?.Message ||
+      error?.message ||
+      error?.response?.data?.Message ||
+      error?.response?.data?.message ||
+      "Failed to load menu data";
+
+    const wrappedError = new Error(String(message));
+    wrappedError.code =
+      error?.code || error?.Code || error?.response?.data?.Code || 0;
+    throw wrappedError;
   }
 };
 
-// 获取菜单列表
+// Fetch menu list.
 export const fetchMenus = async (params) => {
   try {
     const response = await api.get(API_ENDPOINTS.routes.MENU_SELECT_MENU_ALL, {
@@ -31,7 +50,7 @@ export const fetchMenus = async (params) => {
   }
 };
 
-// 创建新菜单项
+// Create menu.
 export const addMenu = async (menu) => {
   try {
     const response = await api.post(
@@ -44,7 +63,7 @@ export const addMenu = async (menu) => {
   }
 };
 
-// 更新菜单项
+// Update menu.
 export const updateMenu = async (menu) => {
   try {
     const response = await api.post(
@@ -57,7 +76,7 @@ export const updateMenu = async (menu) => {
   }
 };
 
-// 删除菜单项
+// Delete menu.
 export const deleteMenu = async (menu) => {
   try {
     const response = await api.post(
diff --git a/src/common/errorHandler.js b/src/common/errorHandler.js
index 7310478..d90cf1e 100644
--- a/src/common/errorHandler.js
+++ b/src/common/errorHandler.js
@@ -3,6 +3,31 @@ import { showErrorNotification, showWarningNotification } from "@/utils";
 import { redirectToLogin, handleLogout } from "@/utils/auth";
 
 // 可扩展的错误码映射表
+const DEFAULT_API_ERROR_MESSAGE = "Request failed";
+
+const readApiMessage = (payload) => {
+  if (!payload || typeof payload !== "object") {
+    return "";
+  }
+  return payload.Message || payload.message || "";
+};
+
+export const resolveErrorMessage = (payload, fallbackMessage) => {
+  const directMessage = readApiMessage(payload);
+  if (directMessage && directMessage !== DEFAULT_API_ERROR_MESSAGE) {
+    return directMessage;
+  }
+
+  const nestedMessage = readApiMessage(payload?.response?.data);
+  if (nestedMessage && nestedMessage !== DEFAULT_API_ERROR_MESSAGE) {
+    return nestedMessage;
+  }
+
+  const localizedFallback =
+    fallbackMessage || i18n.global.t("message.requestFailed");
+  return localizedFallback || DEFAULT_API_ERROR_MESSAGE;
+};
+
 export const errorCodeMap = {
   // 认证/授权相关
   1401: {
@@ -14,7 +39,7 @@ export const errorCodeMap = {
   1402: {
     // 凭证无效（示例）
     message:
-      i18n.global.t("message.invalidCredentials") || "凭证无效，请重新登录",
+      i18n.global.t("message.noPermission") || "无权限执行该操作",
     action: "notify",
   },
   1403: {
diff --git a/src/common/permissioncode.js b/src/common/permissioncode.js
index e0cbe85..bdeaa4a 100644
--- a/src/common/permissioncode.js
+++ b/src/common/permissioncode.js
@@ -49,62 +49,66 @@ export const NoticeTypePermissions = {
 
 // 推广内容 (Promotion Content Management)
 export const PromotionContentPermissions = {
-  CREATE: "promotioncontent.create",
-  UPDATE: "promotioncontent.update",
-  DELETE: "promotioncontent.delete",
+  CREATE: "promotioncontent.addpromotioncontent",
+  UPDATE: "promotioncontent.updatepromotioncontent",
+  DELETE: "promotioncontent.deletepromotioncontent",
 };
 
 // ==================== 系统管理模块 ====================
 
 // 管理员类型 (Administrator Type Management)
 export const AdminTypeManagementPermissions = {
-  CREATE: "admintypemanagement.create",
-  UPDATE: "admintypemanagement.update",
-  DELETE: "admintypemanagement.delete",
+  CREATE: "system:admintype:addadmintype",
+  UPDATE: "system:admintype:updadmintype",
+  DELETE: "system:admintype:deladmintype",
 };
 
 // 管理员管理 (Administrator Management)
 export const AdministratorManagementPermissions = {
-  CREATE: "administratormanagement.create",
-  UPDATE: "administratormanagement.update",
-  DELETE: "administratormanagement.delete",
-  ASSIGN_VIEW: "system:user:assign.view",
-  GET_TWO_FACTOR: "system:admin:get2fa",
-  GENERATE_TWO_FACTOR: "system:admin:generate2fa",
-  ENABLE_TWO_FACTOR: "system:admin:enable2fa",
-  DISABLE_TWO_FACTOR: "system:admin:disable2fa",
-  RECOVERY_TWO_FACTOR: "system:admin:recovery2fa",
+  CREATE: "system:admin:addadmin",
+  UPDATE: "system:admin:updadmin",
+  DELETE: "system:admin:deladmin",
+  ASSIGN_VIEW: "system:user:assign.selectpermissionlist",
+  GET_TWO_FACTOR: "system:admin:gettwofactorstatus",
+  GENERATE_TWO_FACTOR: "system:admin:generatetwofactorsetup",
+  ENABLE_TWO_FACTOR: "system:admin:enabletwofactor",
+  DISABLE_TWO_FACTOR: "system:admin:disabletwofactor",
+  RECOVERY_TWO_FACTOR: "system:admin:regeneratetwofactorrecoverycodes",
 };
 
 // 角色管理 (Role Management)
 export const RoleManagementPermissions = {
-  CREATE: "rolemanagement.create",
-  UPDATE: "rolemanagement.update",
-  DELETE: "rolemanagement.delete",
-  GRANT: "rolemanagement.grant",
-  SYSTEM_ROLE_GRANT: "system:role:grant",
+  CREATE: "system:role:insertrole",
+  UPDATE: "system:role:updaterole",
+  DELETE: "system:role:deleterole",
+  GRANT: "system:role:grantrolepermissions",
+  SYSTEM_ROLE_GRANT: "system:role:assignroleusers",
 };
 
 // 菜单管理 (Menu Management)
 export const MenuManagementPermissions = {
-  CREATE: "menumanagement.create",
-  UPDATE: "menumanagement.update",
-  DELETE: "menumanagement.delete",
+  CREATE: "menumanagement.insertmenu",
+  UPDATE: "menumanagement.updatemenu",
+  DELETE: "menumanagement.deletemenu",
 };
 
 // 账户权限管理 (Account Permission Management)
 export const AccountPermissionPermissions = {
-  ASSIGN: "system:user:assign",
+  ASSIGN: [
+    "system:user:admin:assignuserpermissions",
+    "system:user:employee:assignuserpermissions",
+    "system:user:customer:assignuserpermissions",
+  ],
 };
 
 // ==================== 客户管理模块 ====================
 
 // 客户管理 (Customer Management)
 export const CustomerPermissions = {
-  CREATE: "customer.create",
-  UPDATE: "customer.update",
-  DELETE: "customer.delete",
-  ASSIGN_VIEW: "system:user:assign.view",
+  CREATE: "customer.insertcustomerinfo",
+  UPDATE: "customer.updcustomerinfo",
+  DELETE: "customer.delcustomerinfo",
+  ASSIGN_VIEW: "system:user:assign.selectpermissionlist",
 };
 
 // 客户类型 (Customer Type Management)
@@ -116,90 +120,90 @@ export const CustomerTypePermissions = {
 
 // 客户消费 (Customer Spend Management)
 export const CustomerSpendPermissions = {
-  UPDATE: "customerspend.update",
+  UPDATE: "customerspend.updspendinfo",
 };
 
 // VIP等级 (VIP Level Management)
 export const VipLevelPermissions = {
-  CREATE: "viplevel.create",
-  UPDATE: "viplevel.update",
-  DELETE: "viplevel.delete",
+  CREATE: "viplevel.addviprule",
+  UPDATE: "viplevel.updviprule",
+  DELETE: "viplevel.delviprule",
 };
 
 // ==================== 人力资源管理模块 ====================
 
 // 员工管理 (Staff Management)
 export const StaffManagementPermissions = {
-  CREATE: "staffmanagement.create",
-  UPDATE: "staffmanagement.update",
-  DELETE: "staffmanagement.delete",
-  VIEW: "staffmanagement.view",
-  STATUS: "staffmanagement.status",
-  RESET: "staffmanagement.reset",
-  ASSIGN_VIEW: "system:user:assign.view",
-  GET_TWO_FACTOR: "staffmanagement.get2fa",
-  GENERATE_TWO_FACTOR: "staffmanagement.generate2fa",
-  ENABLE_TWO_FACTOR: "staffmanagement.enable2fa",
-  DISABLE_TWO_FACTOR: "staffmanagement.disable2fa",
-  RECOVERY_TWO_FACTOR: "staffmanagement.recovery2fa",
+  CREATE: "staffmanagement.addemployee",
+  UPDATE: "staffmanagement.updateemployee",
+  DELETE: "staffmanagement.deleteworkerphoto",
+  VIEW: "staffmanagement.selectemployeeinfobyemployeeid",
+  STATUS: "staffmanagement.manageremployeeaccount",
+  RESET: "staffmanagement.resetemployeeaccountpassword",
+  ASSIGN_VIEW: "system:user:assign.selectpermissionlist",
+  GET_TWO_FACTOR: "staffmanagement.gettwofactorstatus",
+  GENERATE_TWO_FACTOR: "staffmanagement.generatetwofactorsetup",
+  ENABLE_TWO_FACTOR: "staffmanagement.enabletwofactor",
+  DISABLE_TWO_FACTOR: "staffmanagement.disabletwofactor",
+  RECOVERY_TWO_FACTOR: "staffmanagement.regeneratetwofactorrecoverycodes",
 };
 
 // ==================== 房间信息管理模块 ====================
 
 // 房间管理 (Room Management)
 export const RoomManagementPermissions = {
-  CREATE: "roommanagement.create",
-  UPDATE: "roommanagement.update",
-  DELETE: "roommanagement.delete",
+  CREATE: "roommanagement.insertroom",
+  UPDATE: "roommanagement.updateroom",
+  DELETE: "roommanagement.deleteroom",
 };
 
 // 房间配置 (Room Config Management)
 export const RoomConfigPermissions = {
-  CREATE: "roomconfig.create",
-  UPDATE: "roomconfig.update",
-  DELETE: "roomconfig.delete",
+  CREATE: "roomconfig.insertroomtype",
+  UPDATE: "roomconfig.updateroomtype",
+  DELETE: "roomconfig.deleteroomtype",
 };
 
 // 预约管理 (Reservation Management)
 export const ReservationManagementPermissions = {
-  CREATE: "resermanagement.create",
-  UPDATE: "resermanagement.update",
-  DELETE: "resermanagement.delete",
+  CREATE: "resermanagement.inserreserinfo",
+  UPDATE: "resermanagement.updatereserinfo",
+  DELETE: "resermanagement.deletereserinfo",
 };
 
 // ==================== 物料管理模块 ====================
 
 // 商品管理 (Goods Management)
 export const GoodsManagementPermissions = {
-  CREATE: "goodsmanagement.create",
-  UPDATE: "goodsmanagement.update",
-  DELETE: "goodsmanagement.delete",
+  CREATE: "goodsmanagement.insertsellthing",
+  UPDATE: "goodsmanagement.updatesellthing",
+  DELETE: "goodsmanagement.deletesellthing",
 };
 
 // ==================== 财务管理模块 ====================
 
 // 内部财务 (Internal Finance Management)
 export const InternalFinancePermissions = {
-  CREATE: "internalfinance.create",
-  UPDATE: "internalfinance.update",
-  DELETE: "internalfinance.delete",
+  CREATE: "internalfinance.addassetinfo",
+  UPDATE: "internalfinance.updassetinfo",
+  DELETE: "internalfinance.delassetinfo",
 };
 
 // ==================== 监督管理模块 ====================
 
 // 监督信息 (Supervision Information)
 export const SupervisionPermissions = {
-  CREATE: "supervisioninfo.create",
-  UPDATE: "supervisioninfo.update",
-  DELETE: "supervisioninfo.delete",
+  CREATE: "supervisioninfo.insertsupervisionstatistics",
+  UPDATE: "supervisioninfo.updatesupervisionstatistics",
+  DELETE: "supervisioninfo.deletesupervisionstatistics",
 };
 
 // ==================== 水电管理模块 ====================
 
 // 水电信息 (Hydroelectricity Information)
 export const HydroelectricityPermissions = {
-  UPDATE: "hydroelectricinformation.update",
-  DELETE: "hydroelectricinformation.delete",
+  UPDATE: "hydroelectricinformation.updateenergymanagementinfo",
+  DELETE: "hydroelectricinformation.deleteenergymanagementinfo",
 };
 
 // ==================== 系统行为管理模块 ====================
diff --git a/src/directives/permission.js b/src/directives/permission.js
index 9d3bce3..516f64c 100644
--- a/src/directives/permission.js
+++ b/src/directives/permission.js
@@ -1,29 +1,55 @@
-import { hasPermission } from "@/utils/permission";
+import {
+  hasPermission,
+  isPermissionCacheInitialized,
+} from "@/utils/permission";
 
 /**
  * v-perm directive: supports both menu keys and button permission codes.
- * - accepts string or string[], e.g. v-perm="'system:role:grant'"
+ * - accepts string or string[], e.g. v-perm="'system:role:grantrolepermissions'"
  * - .all modifier means all required keys must match.
  */
 function isPermitted(required, needAll = false) {
+  if (!required || (Array.isArray(required) && required.length === 0)) {
+    return true;
+  }
+
+  if (!isPermissionCacheInitialized()) {
+    return null;
+  }
+
   return hasPermission(required, needAll);
 }
 
+function hideElement(el) {
+  el.style.display = "none";
+  el.setAttribute("data-permission-hidden", "true");
+}
+
+function restoreElement(el) {
+  const originalDisplay =
+    el.__permState && typeof el.__permState.originalDisplay === "string"
+      ? el.__permState.originalDisplay
+      : "";
+  el.style.display = originalDisplay;
+  el.removeAttribute("data-permission-hidden");
+}
+
 function applyPermission(el, required, needAll) {
   const permitted = isPermitted(required, needAll);
+  if (permitted === null) {
+    hideElement(el);
+    el.setAttribute("data-permission-pending", "true");
+    return;
+  }
+
+  el.removeAttribute("data-permission-pending");
   if (!permitted) {
-    el.style.display = "none";
-    el.setAttribute("data-permission-hidden", "true");
+    hideElement(el);
     return;
   }
 
   if (el.getAttribute("data-permission-hidden") === "true") {
-    const originalDisplay =
-      el.__permState && typeof el.__permState.originalDisplay === "string"
-        ? el.__permState.originalDisplay
-        : "";
-    el.style.display = originalDisplay;
-    el.removeAttribute("data-permission-hidden");
+    restoreElement(el);
   }
 }
 
diff --git a/src/i18n.js b/src/i18n.js
index bc6d3f4..bba2efc 100644
--- a/src/i18n.js
+++ b/src/i18n.js
@@ -4,7 +4,7 @@ const messages = {
   "en-US": {
     message: {
       hello: "hello",
-      welcome: "Welcome to our application!",
+      welcome: "Welcome to our application",
       username: "Username",
       password: "Password",
       pleaseInputUserAccount: "Please input user account",
@@ -28,6 +28,7 @@ const messages = {
       success: "Success",
       error: "Error",
       undefined: "Undefined",
+      my: "My",
       passwordEditTip:
         "Do not change this field if you do not want to change your password.",
       required: "Please enter {field}",
@@ -136,6 +137,32 @@ const messages = {
       loginExpired: "Login expired, please log in again",
       unexpectedError: "An unexpected error occurred",
       serverVersion: "Server Version",
+      homeAccountLabel: "Account",
+      homeUpdatedAtLabel: "Updated At",
+      homeAdminDetailPermissionFallback:
+        "Current account lacks permission to load admin profile details. Showing local account information.",
+      homeSystemEnvironmentTitle: "System Environment",
+      homeApiBaseUrl: "API Base URL",
+      homeRuntimeMode: "Runtime Mode",
+      homeTimezone: "Timezone",
+      homeBrowserLanguage: "Browser Language",
+      homeAppLanguage: "App Language",
+      homeTokenIssuedAt: "Token Issued At",
+      homeTokenExpiresAt: "Token Expires At",
+      homeTokenRemaining: "Token Remaining",
+      homeAccountTypeAdmin: "Admin Account",
+      homeAccountTypeEmployee: "Employee Account",
+      homeCurrentAdminInfo: "Current Admin Info",
+      homeCurrentEmployeeInfo: "Current Employee Info",
+      homeExpired: "Expired",
+      homeEmployeeIdentityNotFound:
+        "Current employee identity is missing. Unable to load employee details.",
+      homeEmployeeDetailEmpty: "Employee detail API returned empty data.",
+      homeEmployeeProfileLoadFailed: "Failed to load employee profile.",
+      homeAdminDetailNotFound:
+        "Admin detail API did not return data for current account.",
+      homeAdminProfileLoadFailed: "Failed to load admin profile.",
+      homeEnvironmentLoadFailed: "Failed to load environment configuration.",
       basic: "Basic Information",
       finance: "Finance Management",
       supervisionmanagement: "Supervision Management",
@@ -733,7 +760,7 @@ const messages = {
   "zh-CN": {
     message: {
       hello: "你好",
-      welcome: "欢迎使用我们的应用程序！",
+      welcome: "欢迎使用我们的应用程序",
       username: "用户账号",
       password: "用户密码",
       pleaseInputUserAccount: "请输入用户账号",
@@ -756,6 +783,7 @@ const messages = {
       success: "成功",
       error: "错误",
       id: "编号",
+      my: "我的",
       passwordEditTip: "留空表示不修改密码",
       required: "请输入 {field}",
       description: "描述",
@@ -1484,6 +1512,30 @@ const messages = {
       present: "正常",
       late: "迟到",
       absent: "旷工",
+      homeAccountLabel: "账号",
+      homeUpdatedAtLabel: "更新时间",
+      homeAdminDetailPermissionFallback:
+        "当前账号缺少管理员详情权限，已降级展示本地账号信息。",
+      homeSystemEnvironmentTitle: "系统环境配置信息",
+      homeApiBaseUrl: "API 基址",
+      homeRuntimeMode: "运行模式",
+      homeTimezone: "时区",
+      homeBrowserLanguage: "浏览器语言",
+      homeAppLanguage: "系统语言",
+      homeTokenIssuedAt: "Token 生效时间",
+      homeTokenExpiresAt: "Token 过期时间",
+      homeTokenRemaining: "Token 剩余有效期",
+      homeAccountTypeAdmin: "管理员账号",
+      homeAccountTypeEmployee: "员工账号",
+      homeCurrentAdminInfo: "当前管理员信息",
+      homeCurrentEmployeeInfo: "当前员工信息",
+      homeExpired: "已过期",
+      homeEmployeeIdentityNotFound: "未找到当前员工标识，无法加载员工详情。",
+      homeEmployeeDetailEmpty: "员工详情接口未返回有效数据。",
+      homeEmployeeProfileLoadFailed: "员工信息加载失败",
+      homeAdminDetailNotFound: "管理员详情接口未返回当前账号数据。",
+      homeAdminProfileLoadFailed: "管理员信息加载失败",
+      homeEnvironmentLoadFailed: "系统环境配置加载失败",
     },
   },
 };
diff --git a/src/layouts/MainLayout.vue b/src/layouts/MainLayout.vue
index f920faa..681e531 100644
--- a/src/layouts/MainLayout.vue
+++ b/src/layouts/MainLayout.vue
@@ -246,6 +246,7 @@ import {
   showSuccessNotification,
   showWarningNotification,
 } from "@/utils/index";
+import { resolveErrorMessage } from "@/common/errorHandler";
 import { fetchMenusTree } from "../api/menuapi";
 import { BaseFields } from "@/entities/common.entity";
 import {
@@ -463,6 +464,52 @@ const clearAllowedPathsCache = () => {
   localStorage.removeItem("allowedPathsIssuedAt");
 };
 
+const normalizePath = (path) => (path || "").replace(/\/$/, "");
+
+const persistAllowedAccessCache = (
+  allowedMenuKeys = [],
+  allowedPaths = [],
+  allowedPerms = [],
+) => {
+  localStorage.setItem("allowedMenuKeys", JSON.stringify(allowedMenuKeys));
+  localStorage.setItem("allowedPaths", JSON.stringify(allowedPaths));
+  localStorage.setItem("allowedPerms", JSON.stringify(allowedPerms));
+
+  const currentToken = localStorage.getItem("token") || "";
+  localStorage.setItem("allowedPathsToken", currentToken);
+
+  const tokenPayload = decodeJwtPayload(currentToken);
+  const tokenIssuedAt = Number(tokenPayload?.iat);
+  const tokenExpireAt = Number(tokenPayload?.exp);
+
+  if (Number.isFinite(tokenIssuedAt)) {
+    localStorage.setItem("allowedPathsIssuedAt", String(tokenIssuedAt));
+  } else {
+    localStorage.removeItem("allowedPathsIssuedAt");
+  }
+
+  if (Number.isFinite(tokenExpireAt)) {
+    localStorage.setItem("allowedPathsExpire", String(tokenExpireAt));
+  } else {
+    localStorage.removeItem("allowedPathsExpire");
+  }
+
+  allowedPermissionCodes.value = allowedPerms;
+  window.dispatchEvent(new Event("permissions-updated"));
+};
+
+const isPermissionDeniedError = (error) => {
+  const code = Number(
+    error?.code || error?.Code || error?.response?.data?.Code || 0,
+  );
+  if (code === 1402 || code === 1403 || code === 403) {
+    return true;
+  }
+
+  const message = resolveErrorMessage(error, "");
+  return /no\s*permission|forbidden|denied|无权限|缺少权限/i.test(message);
+};
+
 const getPermissionErrorMessage = () => {
   const translated = t("message.permissionCheckError");
   return translated === "message.permissionCheckError"
@@ -612,33 +659,10 @@ const refreshMenu = async () => {
       ? syncedPermissionCodes.codes
       : allowedPermListFromMenu;
 
-    localStorage.setItem("allowedMenuKeys", JSON.stringify(allowedMenuKeys));
-    localStorage.setItem("allowedPaths", JSON.stringify(allowedPaths));
-    localStorage.setItem("allowedPerms", JSON.stringify(allowedPermList));
-
-    const currentToken = localStorage.getItem("token") || "";
-    const tokenPayload = decodeJwtPayload(currentToken);
-    const tokenIssuedAt = Number(tokenPayload?.iat);
-    const tokenExpireAt = Number(tokenPayload?.exp);
-
-    localStorage.setItem("allowedPathsToken", currentToken);
-    if (Number.isFinite(tokenIssuedAt)) {
-      localStorage.setItem("allowedPathsIssuedAt", String(tokenIssuedAt));
-    } else {
-      localStorage.removeItem("allowedPathsIssuedAt");
-    }
-    if (Number.isFinite(tokenExpireAt)) {
-      localStorage.setItem("allowedPathsExpire", String(tokenExpireAt));
-    } else {
-      localStorage.removeItem("allowedPathsExpire");
-    }
-    allowedPermissionCodes.value = allowedPermList;
-    window.dispatchEvent(new Event("permissions-updated"));
-
-    const normalize = (p) => (p || "").replace(/\/$/, "");
-    const currentPath = normalize(router.currentRoute.value.path);
+    persistAllowedAccessCache(allowedMenuKeys, allowedPaths, allowedPermList);
+    const currentPath = normalizePath(router.currentRoute.value.path);
     const hasDashboardPath = allowedPaths.some(
-      (path) => normalize(path) === "/dashboard",
+      (path) => normalizePath(path) === "/dashboard",
     );
     if (currentPath === "/dashboard" && !hasDashboardPath) {
       await router.replace("/home");
@@ -647,7 +671,18 @@ const refreshMenu = async () => {
     // 3) 还原展开状态
     openKeys.value = currentOpenKeys;
   } catch (error) {
-    showErrorNotification(error.message);
+    const message = resolveErrorMessage(error, t("message.fetchMenuError"));
+    showErrorNotification(message);
+
+    if (isPermissionDeniedError(error)) {
+      menuData.value = [];
+      persistAllowedAccessCache([], [], []);
+
+      const currentPath = normalizePath(router.currentRoute.value.path);
+      if (currentPath !== "/home") {
+        await router.replace("/home");
+      }
+    }
   }
 };
 
diff --git a/src/router/index.js b/src/router/index.js
index 5c0f328..30ad1c4 100644
--- a/src/router/index.js
+++ b/src/router/index.js
@@ -4,6 +4,45 @@ import { getPageTitle } from "@/utils/pageTitle";
 import i18n from "@/i18n";
 import { hasPermission } from "@/utils/permission";
 
+const normalizePath = (path) => (path || "").replace(/\/$/, "");
+
+const canAccessDashboardFromCache = () => {
+  if (typeof window === "undefined") {
+    return false;
+  }
+
+  const currentToken = localStorage.getItem("token") || "";
+  if (!currentToken) {
+    return false;
+  }
+
+  const rawAllowedPaths = localStorage.getItem("allowedPaths");
+  const allowedPathsToken = localStorage.getItem("allowedPathsToken") || "";
+  const allowedPathsExpire = Number(localStorage.getItem("allowedPathsExpire"));
+  const now = Math.floor(Date.now() / 1000);
+  const hasAllowedPathsCache =
+    rawAllowedPaths !== null &&
+    allowedPathsToken.length > 0 &&
+    allowedPathsToken === currentToken &&
+    Number.isFinite(allowedPathsExpire) &&
+    allowedPathsExpire > now;
+
+  if (!hasAllowedPathsCache) {
+    return false;
+  }
+
+  try {
+    const parsed = rawAllowedPaths ? JSON.parse(rawAllowedPaths) : [];
+    const allowedPaths = Array.isArray(parsed) ? parsed : [];
+    return allowedPaths.some((path) => normalizePath(path) === "/dashboard");
+  } catch (error) {
+    return false;
+  }
+};
+
+const resolveRootRedirectPath = () =>
+  canAccessDashboardFromCache() ? "/dashboard" : "/home";
+
 // 路由组件改为懒加载，减少首屏体积
 const NotFound = () => import("../views/responsepage/NotFound.vue");
 const MainLayout = () => import("../layouts/MainLayout.vue");
@@ -78,7 +117,7 @@ const routes = [
     children: [
       {
         path: "/",
-        redirect: "/dashboard",
+        redirect: () => resolveRootRedirectPath(),
         meta: { requiresAuth: true },
       },
       {
@@ -247,19 +286,28 @@ const routes = [
         path: "/accountpermission",
         name: "accountpermission",
         component: AccountPermission,
-        meta: { requiresAuth: true, requiredPerm: "system:user:assign.view" },
+        meta: {
+          requiresAuth: true,
+          requiredPerm: "system:user:assign.selectpermissionlist",
+        },
       },
       {
         path: "/customeraccountpermission",
         name: "customeraccountpermission",
         component: CustomerAccountPermission,
-        meta: { requiresAuth: true, requiredPerm: "system:user:assign.view" },
+        meta: {
+          requiresAuth: true,
+          requiredPerm: "system:user:assign.selectpermissionlist",
+        },
       },
       {
         path: "/employeeaccountpermission",
         name: "employeeaccountpermission",
         component: EmployeeAccountPermission,
-        meta: { requiresAuth: true, requiredPerm: "system:user:assign.view" },
+        meta: {
+          requiresAuth: true,
+          requiredPerm: "system:user:assign.selectpermissionlist",
+        },
       },
       {
         path: "/home",
diff --git a/src/utils/auth.js b/src/utils/auth.js
index 993c4bf..d4be519 100644
--- a/src/utils/auth.js
+++ b/src/utils/auth.js
@@ -3,7 +3,7 @@ import { showErrorNotification } from "@/utils/index";
 import i18n from "@/i18n";
 import { signOut } from "@/api/basicapi";
 import { clearRowVersionCache } from "@/api/baseapi";
-import { decodeJwtPayload, isTokenExpired } from "@/utils/jwt";
+import { isTokenExpired } from "@/utils/jwt";
 
 export function redirectToLogin(
   message = i18n.global.t("message.loginExpired"),
@@ -44,21 +44,12 @@ export async function handleLogout() {
 }
 
 export function checkTokenValidity(redirect = false) {
+  void redirect;
   const token = localStorage.getItem("token");
 
   if (!token) {
     return false;
   }
 
-  const decodedToken = decodeJwtPayload(token);
-  const expiration = Number(decodedToken?.exp);
-  if (!decodedToken || !Number.isFinite(expiration)) {
-    return false;
-  }
-
-  if (isTokenExpired(token, 300)) {
-    return false;
-  }
-
-  return true;
+  return !isTokenExpired(token, 300);
 }
diff --git a/src/utils/jwt.js b/src/utils/jwt.js
index 2d35289..79d3221 100644
--- a/src/utils/jwt.js
+++ b/src/utils/jwt.js
@@ -75,9 +75,10 @@ export const isTokenExpired = (token, minRemainingSeconds = 0) => {
 };
 
 export const getUserIdentity = (loginType, token, fallbackIdentity = "") => {
+  const normalizedFallbackIdentity = normalizeIdentity(fallbackIdentity);
   const payload = decodeJwtPayload(token);
   if (!payload) {
-    return normalizeIdentity(fallbackIdentity) || null;
+    return normalizedFallbackIdentity || null;
   }
 
   const preferredFields = IDENTITY_FIELDS_BY_LOGIN_TYPE[loginType] || [];
@@ -85,5 +86,5 @@ export const getUserIdentity = (loginType, token, fallbackIdentity = "") => {
     pickIdentity(payload, preferredFields) ||
     pickIdentity(payload, COMMON_IDENTITY_FIELDS);
 
-  return identity || normalizeIdentity(fallbackIdentity) || null;
+  return identity || normalizedFallbackIdentity || null;
 };
diff --git a/src/views/dashboard/DashboardView.vue b/src/views/dashboard/DashboardView.vue
index bf20c7c..be58223 100644
--- a/src/views/dashboard/DashboardView.vue
+++ b/src/views/dashboard/DashboardView.vue
@@ -246,7 +246,7 @@ import {
   fetchLogisticsStatistics,
   fetchHumanResourcesStatistics,
 } from "@/api/dashboardapi";
-import { getApiMessage } from "@/api/baseapi";
+import { resolveErrorMessage } from "@/common/errorHandler";
 import {
   formatDate,
   showErrorNotification,
@@ -290,20 +290,6 @@ const chartInstances = {
   attendance: null,
 };
 
-const resolveErrorMessage = (payload) => {
-  const directMessage = getApiMessage(payload);
-  if (directMessage && directMessage !== "Request failed") {
-    return directMessage;
-  }
-
-  const nestedMessage = getApiMessage(payload?.response?.data);
-  if (nestedMessage && nestedMessage !== "Request failed") {
-    return nestedMessage;
-  }
-
-  return t("message.requestFailed");
-};
-
 const loadData = async () => {
   try {
     const [roomRes, bizRes, logRes, hrRes] = await Promise.all([
diff --git a/src/views/home/HomeView.vue b/src/views/home/HomeView.vue
index 0c2cabc..3d717ce 100644
--- a/src/views/home/HomeView.vue
+++ b/src/views/home/HomeView.vue
@@ -1,20 +1,581 @@
 <template>
   <div class="home-page">
-    <a-card :title="$t('message.home')" :bordered="false">
-      <p>{{ $t("message.welcome") }}</p>
-      <p v-if="username">{{ username }}</p>
-    </a-card>
+    <a-spin :spinning="loading">
+      <a-row :gutter="[16, 16]">
+        <a-col :span="24">
+          <a-card class="welcome-card" :bordered="false">
+            <div class="welcome-title">
+              {{ welcomeTitle }}
+            </div>
+            <a-space wrap>
+              <a-tag color="blue">{{ homeAccountTypeLabel }}</a-tag>
+              <a-tag
+                >{{ t("message.homeAccountLabel") }}:
+                {{ account || "-" }}</a-tag
+              >
+              <a-tag v-if="profileLoadedAt">
+                {{ t("message.homeUpdatedAtLabel") }}: {{ profileLoadedAt }}
+              </a-tag>
+            </a-space>
+          </a-card>
+        </a-col>
+
+        <a-col :xs="24" :xl="12">
+          <a-card :title="homeProfileCardTitle" class="panel-card">
+            <a-alert
+              v-if="profileError && !isAdminPermissionSilentFallback"
+              type="warning"
+              show-icon
+              :message="profileError"
+              style="margin-bottom: 12px"
+            />
+            <a-alert
+              v-if="isAdminLogin && isAdminPermissionSilentFallback"
+              type="info"
+              show-icon
+              :message="t('message.homeAdminDetailPermissionFallback')"
+              style="margin-bottom: 12px"
+            />
+
+            <a-descriptions
+              v-if="isEmployeeLogin"
+              class="description-block"
+              bordered
+              :column="1"
+            >
+              <a-descriptions-item :label="$t('message.staffId')">
+                {{ employeeProfile?.[EmployeeFields.NUMBER] || "-" }}
+              </a-descriptions-item>
+              <a-descriptions-item :label="$t('message.staffName')">
+                {{ employeeProfile?.[EmployeeFields.NAME] || username || "-" }}
+              </a-descriptions-item>
+              <a-descriptions-item :label="$t('message.staffDepartment')">
+                {{ employeeProfile?.[EmployeeFields.DEPARTMENTNAME] || "-" }}
+              </a-descriptions-item>
+              <a-descriptions-item :label="$t('message.staffPosition')">
+                {{ employeeProfile?.[EmployeeFields.POSITIONNAME] || "-" }}
+              </a-descriptions-item>
+              <a-descriptions-item :label="$t('message.staffTel')">
+                {{ employeeProfile?.[EmployeeFields.PHONENUMBER] || "-" }}
+              </a-descriptions-item>
+              <a-descriptions-item :label="$t('message.staffEmailAddress')">
+                {{ employeeProfile?.[EmployeeFields.EMAILADDRESS] || "-" }}
+              </a-descriptions-item>
+              <a-descriptions-item :label="$t('message.staffTime')">
+                {{
+                  formatDate(employeeProfile?.[EmployeeFields.HIREDATE]) || "-"
+                }}
+              </a-descriptions-item>
+            </a-descriptions>
+
+            <a-descriptions
+              v-else
+              class="description-block"
+              bordered
+              :column="1"
+            >
+              <a-descriptions-item :label="$t('message.adminNumber')">
+                {{ adminProfile?.[AdministratorFields.NUMBER] || "-" }}
+              </a-descriptions-item>
+              <a-descriptions-item :label="$t('message.adminName')">
+                {{
+                  adminProfile?.[AdministratorFields.NAME] || username || "-"
+                }}
+              </a-descriptions-item>
+              <a-descriptions-item :label="$t('message.adminAccount')">
+                {{
+                  adminProfile?.[AdministratorFields.ACCOUNT] || account || "-"
+                }}
+              </a-descriptions-item>
+              <a-descriptions-item
+                v-if="!isAdminPermissionSilentFallback"
+                :label="$t('message.adminType')"
+              >
+                {{
+                  adminProfile?.[AdministratorFields.TYPENAME] ||
+                  adminProfile?.[AdministratorFields.TYPE] ||
+                  "-"
+                }}
+              </a-descriptions-item>
+              <a-descriptions-item
+                v-if="!isAdminPermissionSilentFallback"
+                :label="$t('message.isSuperAdminFlag')"
+              >
+                {{
+                  adminProfile?.[AdministratorFields.ISSUPERADMIN] === 1
+                    ? t("message.yes")
+                    : adminProfile?.[AdministratorFields.ISSUPERADMIN] === 0
+                      ? t("message.no")
+                      : "-"
+                }}
+              </a-descriptions-item>
+            </a-descriptions>
+          </a-card>
+        </a-col>
+
+        <a-col v-if="isAdminLogin" :xs="24" :xl="12">
+          <a-card
+            :title="t('message.homeSystemEnvironmentTitle')"
+            class="panel-card"
+          >
+            <a-alert
+              v-if="environmentError"
+              type="warning"
+              show-icon
+              :message="environmentError"
+              style="margin-bottom: 12px"
+            />
+            <a-descriptions class="description-block" bordered :column="1">
+              <a-descriptions-item :label="t('message.serverVersion')">
+                {{ environmentInfo.serverVersion }}
+              </a-descriptions-item>
+              <a-descriptions-item :label="t('message.homeApiBaseUrl')">
+                {{ environmentInfo.apiBaseUrl }}
+              </a-descriptions-item>
+              <a-descriptions-item :label="t('message.homeRuntimeMode')">
+                {{ environmentInfo.mode }}
+              </a-descriptions-item>
+              <a-descriptions-item :label="t('message.homeTimezone')">
+                {{ environmentInfo.timezone }}
+              </a-descriptions-item>
+              <a-descriptions-item :label="t('message.homeBrowserLanguage')">
+                {{ environmentInfo.browserLanguage }}
+              </a-descriptions-item>
+              <a-descriptions-item :label="t('message.homeAppLanguage')">
+                {{ environmentInfo.appLanguage }}
+              </a-descriptions-item>
+              <a-descriptions-item :label="t('message.homeTokenIssuedAt')">
+                {{ environmentInfo.tokenIssuedAt }}
+              </a-descriptions-item>
+              <a-descriptions-item :label="t('message.homeTokenExpiresAt')">
+                {{ environmentInfo.tokenExpireAt }}
+              </a-descriptions-item>
+              <a-descriptions-item :label="t('message.homeTokenRemaining')">
+                {{ environmentInfo.tokenRemaining }}
+              </a-descriptions-item>
+            </a-descriptions>
+          </a-card>
+        </a-col>
+      </a-row>
+    </a-spin>
   </div>
 </template>
 
 <script setup>
-import { computed } from "vue";
+import { computed, onMounted, ref } from "vue";
+import { useI18n } from "vue-i18n";
+import { fetchAdmins } from "@/api/administratorapi";
+import { getServerVersion } from "@/api/basicapi";
+import { fetchEmployeeDetail, fetchEmployees } from "@/api/employeeapi";
+import { resolveErrorMessage } from "@/common/errorHandler";
+import { AdministratorFields } from "@/entities/administrator.entity";
+import { BaseFields } from "@/entities/common.entity";
+import { EmployeeFields } from "@/entities/employee.entity";
+import { formatDate, formatDateTime } from "@/utils";
+import { decodeJwtPayload, getUserIdentity } from "@/utils/jwt";
+
+const { t, locale } = useI18n();
+
+const loading = ref(false);
+const profileError = ref("");
+const environmentError = ref("");
+const adminProfile = ref(null);
+const employeeProfile = ref(null);
+const profileLoadedAt = ref("");
+const isAdminPermissionSilentFallback = ref(false);
+
+const loginType = ref(localStorage.getItem("loginType") || "admin");
+const username = ref(localStorage.getItem("username") || "");
+const account = ref(localStorage.getItem("account") || "");
+
+const environmentInfo = ref({
+  serverVersion: "-",
+  apiBaseUrl: "-",
+  mode: "-",
+  timezone: "-",
+  browserLanguage: "-",
+  appLanguage: "-",
+  tokenIssuedAt: "-",
+  tokenExpireAt: "-",
+  tokenRemaining: "-",
+});
+
+const isAdminLogin = computed(() => loginType.value === "admin");
+const isEmployeeLogin = computed(() => loginType.value === "employee");
+
+const resolvedDisplayName = computed(() => {
+  if (isEmployeeLogin.value) {
+    return employeeProfile.value?.[EmployeeFields.NAME] || username.value;
+  }
+  return adminProfile.value?.[AdministratorFields.NAME] || username.value;
+});
+
+const welcomeTitle = computed(() => {
+  const base = t("message.welcomeBack");
+  return resolvedDisplayName.value
+    ? `${base}，${resolvedDisplayName.value}`
+    : base;
+});
+
+const isPermissionDeniedError = (error) => {
+  const code = Number(
+    error?.code || error?.Code || error?.response?.data?.Code || 0,
+  );
+  if (code === 1402 || code === 1403 || code === 403) {
+    return true;
+  }
+
+  const message = String(resolveErrorMessage(error, "") || "");
+  return /no\s*permission|forbidden|denied|lack\s*permission|无权限|缺少权限|权限不足/i.test(
+    message,
+  );
+};
+
+const buildLocalAdminProfile = () => ({
+  [AdministratorFields.NUMBER]: account.value || "-",
+  [AdministratorFields.NAME]: username.value || "-",
+  [AdministratorFields.ACCOUNT]: account.value || "-",
+});
+
+const enterAdminSilentFallback = () => {
+  isAdminPermissionSilentFallback.value = true;
+  profileError.value = "";
+  environmentError.value = "";
+  adminProfile.value = buildLocalAdminProfile();
+  if (!profileLoadedAt.value) {
+    profileLoadedAt.value = formatDateTime(Date.now());
+  }
+};
+
+const syncAdminSilentFallbackFromErrors = () => {
+  if (!isAdminLogin.value || isAdminPermissionSilentFallback.value) {
+    return;
+  }
+
+  if (
+    isPermissionDeniedError({ message: profileError.value }) ||
+    isPermissionDeniedError({ message: environmentError.value })
+  ) {
+    enterAdminSilentFallback();
+  }
+};
+
+const homeAccountTypeLabel = computed(() =>
+  isEmployeeLogin.value
+    ? t("message.homeAccountTypeEmployee")
+    : t("message.homeAccountTypeAdmin"),
+);
+
+const homeProfileCardTitle = computed(() =>
+  isEmployeeLogin.value
+    ? t("message.homeCurrentEmployeeInfo")
+    : t("message.homeCurrentAdminInfo"),
+);
+
+const normalizeText = (value) => {
+  if (value === null || value === undefined) {
+    return "";
+  }
+  return String(value).trim();
+};
+
+const uniqueText = (values = []) =>
+  Array.from(
+    new Set(
+      values
+        .map((value) => normalizeText(value))
+        .filter((value) => value.length > 0),
+    ),
+  );
+
+const isEmail = (value) =>
+  typeof value === "string" && value.includes("@") && value.includes(".");
+
+const formatUnixSeconds = (value) => {
+  const numericValue = Number(value);
+  if (!Number.isFinite(numericValue) || numericValue <= 0) {
+    return "-";
+  }
+  return formatDateTime(numericValue * 1000) || "-";
+};
+
+const parseServerVersion = (payload) => {
+  if (typeof payload === "string") {
+    const raw = normalizeText(payload);
+    if (!raw) {
+      return "-";
+    }
+    if (raw.includes(":")) {
+      const parsed = normalizeText(raw.split(":").slice(1).join(":"));
+      return parsed || raw;
+    }
+    return raw;
+  }
+
+  const raw =
+    payload?.Version ||
+    payload?.version ||
+    payload?.Data?.Version ||
+    payload?.Data?.version;
+  return normalizeText(raw) || "-";
+};
+
+const formatRemainingTime = (expireAtSeconds) => {
+  const expiresAt = Number(expireAtSeconds);
+  if (!Number.isFinite(expiresAt) || expiresAt <= 0) {
+    return "-";
+  }
+
+  const remainSeconds = expiresAt - Math.floor(Date.now() / 1000);
+  if (remainSeconds <= 0) {
+    return t("message.homeExpired");
+  }
+
+  const hours = Math.floor(remainSeconds / 3600);
+  const minutes = Math.floor((remainSeconds % 3600) / 60);
+  return `${hours}h ${minutes}m`;
+};
+
+const pickAdminFromItems = (items, keyword) => {
+  if (!Array.isArray(items) || items.length === 0) {
+    return null;
+  }
+
+  const normalizedKeyword = normalizeText(keyword);
+  if (!normalizedKeyword) {
+    return items[0];
+  }
+
+  return (
+    items.find((item) => {
+      const number = normalizeText(item?.[AdministratorFields.NUMBER]);
+      const acc = normalizeText(item?.[AdministratorFields.ACCOUNT]);
+      return number === normalizedKeyword || acc === normalizedKeyword;
+    }) || items[0]
+  );
+};
 
-const username = computed(() => localStorage.getItem("username") || "");
+const resolveEmployeeId = async () => {
+  const token = localStorage.getItem("token") || "";
+  const payload = decodeJwtPayload(token) || {};
+  const fallbackIdentity = getUserIdentity(
+    "employee",
+    token,
+    localStorage.getItem("account") || "",
+  );
+
+  const identityCandidates = uniqueText([
+    payload?.EmployeeId,
+    payload?.employeeId,
+    payload?.UserNumber,
+    payload?.userNumber,
+    fallbackIdentity,
+    account.value,
+  ]);
+
+  const directEmployeeId = identityCandidates.find((value) => !isEmail(value));
+  if (directEmployeeId) {
+    return directEmployeeId;
+  }
+
+  const email = identityCandidates.find((value) => isEmail(value));
+  if (!email) {
+    return "";
+  }
+
+  const employeeListResult = await fetchEmployees({
+    [BaseFields.PAGE]: 1,
+    [BaseFields.PAGE_SIZE]: 1,
+    [BaseFields.IS_DELETED]: 0,
+    [EmployeeFields.EMAILADDRESS]: email,
+  });
+
+  const firstEmployee = Array.isArray(employeeListResult?.Items)
+    ? employeeListResult.Items[0]
+    : null;
+  return normalizeText(firstEmployee?.[EmployeeFields.NUMBER]);
+};
+
+const loadEmployeeProfile = async () => {
+  try {
+    const employeeId = await resolveEmployeeId();
+    if (!employeeId) {
+      profileError.value = t("message.homeEmployeeIdNotFound");
+      return;
+    }
+
+    const response = await fetchEmployeeDetail({
+      [EmployeeFields.NUMBER]: employeeId,
+    });
+
+    employeeProfile.value = response?.Data || null;
+    if (!employeeProfile.value) {
+      profileError.value = t("message.homeEmployeeProfileNotFound");
+      return;
+    }
+
+    profileLoadedAt.value = formatDateTime(Date.now());
+  } catch (error) {
+    profileError.value = resolveErrorMessage(
+      error,
+      t("message.homeEmployeeProfileLoadFailed"),
+    );
+  }
+};
+
+const loadAdminProfile = async () => {
+  try {
+    const token = localStorage.getItem("token") || "";
+    const payload = decodeJwtPayload(token) || {};
+    const fallbackIdentity = getUserIdentity(
+      "admin",
+      token,
+      localStorage.getItem("account") || "",
+    );
+
+    const identityCandidates = uniqueText([
+      account.value,
+      payload?.UserNumber,
+      payload?.userNumber,
+      payload?.Account,
+      payload?.account,
+      fallbackIdentity,
+    ]);
+
+    const baseParams = {
+      [BaseFields.PAGE]: 1,
+      [BaseFields.PAGE_SIZE]: 20,
+      [BaseFields.IS_DELETED]: 0,
+    };
+
+    for (const candidate of identityCandidates) {
+      const byAccount = await fetchAdmins({
+        ...baseParams,
+        [AdministratorFields.ACCOUNT]: candidate,
+      });
+      const byAccountProfile = pickAdminFromItems(byAccount?.Items, candidate);
+      if (byAccountProfile) {
+        adminProfile.value = byAccountProfile;
+        profileLoadedAt.value = formatDateTime(Date.now());
+        return;
+      }
+
+      const byNumber = await fetchAdmins({
+        ...baseParams,
+        [AdministratorFields.NUMBER]: candidate,
+      });
+      const byNumberProfile = pickAdminFromItems(byNumber?.Items, candidate);
+      if (byNumberProfile) {
+        adminProfile.value = byNumberProfile;
+        profileLoadedAt.value = formatDateTime(Date.now());
+        return;
+      }
+    }
+
+    profileError.value = t("message.homeAdminProfileNotFound");
+  } catch (error) {
+    profileError.value = resolveErrorMessage(
+      error,
+      t("message.homeAdminProfileLoadFailed"),
+    );
+  }
+};
+
+const loadEnvironmentInfo = async () => {
+  const token = localStorage.getItem("token") || "";
+  const payload = decodeJwtPayload(token) || {};
+
+  const tokenIssuedAt = Number(payload?.iat);
+  const tokenExpireAt = Number(payload?.exp);
+
+  environmentInfo.value = {
+    serverVersion: "-",
+    apiBaseUrl: normalizeText(import.meta.env.VITE_API_URL) || "-",
+    mode: normalizeText(import.meta.env.MODE) || "-",
+    timezone: Intl.DateTimeFormat().resolvedOptions().timeZone || "-",
+    browserLanguage: navigator?.language || "-",
+    appLanguage: localStorage.getItem("locale") || locale.value || "-",
+    tokenIssuedAt: formatUnixSeconds(tokenIssuedAt),
+    tokenExpireAt: formatUnixSeconds(tokenExpireAt),
+    tokenRemaining: formatRemainingTime(tokenExpireAt),
+  };
+
+  try {
+    const versionPayload = await getServerVersion();
+    environmentInfo.value.serverVersion = parseServerVersion(versionPayload);
+  } catch (error) {
+    environmentError.value = resolveErrorMessage(
+      error,
+      t("message.homeEnvironmentLoadFailed"),
+    );
+  }
+};
+
+const loadHomeData = async () => {
+  loading.value = true;
+  isAdminPermissionSilentFallback.value = false;
+  profileError.value = "";
+  environmentError.value = "";
+  adminProfile.value = null;
+  employeeProfile.value = null;
+  profileLoadedAt.value = "";
+
+  try {
+    if (isEmployeeLogin.value) {
+      await loadEmployeeProfile();
+      if (profileError.value) {
+        profileError.value = t("message.homeEmployeeProfileLoadFailed");
+      }
+      return;
+    }
+
+    await loadAdminProfile();
+    syncAdminSilentFallbackFromErrors();
+    if (
+      profileError.value &&
+      !isAdminPermissionSilentFallback.value &&
+      !adminProfile.value
+    ) {
+      profileError.value = t("message.homeAdminProfileLoadFailed");
+    }
+    await loadEnvironmentInfo();
+    syncAdminSilentFallbackFromErrors();
+    if (environmentError.value && !isAdminPermissionSilentFallback.value) {
+      environmentError.value = t("message.homeEnvironmentLoadFailed");
+    }
+  } finally {
+    loading.value = false;
+  }
+};
+
+onMounted(() => {
+  loadHomeData();
+});
 </script>
 
 <style scoped>
 .home-page {
   width: 100%;
 }
+
+.welcome-card {
+  border-radius: 12px;
+  background: linear-gradient(135deg, #f6fbff 0%, #eef5ff 100%);
+}
+
+.welcome-title {
+  margin-bottom: 10px;
+  font-size: 20px;
+  font-weight: 600;
+  color: #1f2a44;
+}
+
+.panel-card {
+  min-height: 360px;
+  border-radius: 12px;
+}
+
+.description-block :deep(.ant-descriptions-item-label) {
+  width: 130px;
+}
 </style>
-- 
Gitee


From 12ab04fde530342068dc1e5f78c5a4385ae4d6e6 Mon Sep 17 00:00:00 2001
From: ck_yeun9 <jackson@oscode.top>
Date: Tue, 17 Feb 2026 22:00:04 +0800
Subject: [PATCH 06/10] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E9=98=BB=E6=96=AD?=
 =?UTF-8?q?=E9=A1=B9=E3=80=82?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/api/baseapi.js          | 112 +++++++++++++++++++++++++++++++-----
 src/layouts/MainLayout.vue  |   1 -
 src/utils/jwt.js            |   7 +--
 src/views/home/HomeView.vue |  27 +++++----
 4 files changed, 115 insertions(+), 32 deletions(-)

diff --git a/src/api/baseapi.js b/src/api/baseapi.js
index 9509cb7..ee7e6d6 100644
--- a/src/api/baseapi.js
+++ b/src/api/baseapi.js
@@ -5,7 +5,7 @@ import { handleApiError, handleHttpError } from "@/common/errorHandler";
 const ACTION_PREFIX_REGEX =
   /^(Select|GetAll|Get|Build|Read|Insert|Add|Create|Update|Upd|Delete|Del)/i;
 const SUFFIX_CLEANUP_REGEX = /(AllCanUse|CanUseAll|All|List)$/i;
-const ROW_VERSION_CACHE_TTL_MS = 30 * 60 * 1000;
+const ROW_VERSION_CACHE_TTL_MS = 10 * 60 * 1000;
 const ROW_VERSION_CACHE_MAX_ENTITIES = 200;
 const ROW_VERSION_CONFLICT_MESSAGE =
   "Data has changed, please refresh and retry";
@@ -302,6 +302,39 @@ const shouldAttachRowVersion = (config) => {
   return true;
 };
 
+const shouldClearRowVersionCacheAfterMutation = (config) => {
+  const method = (config?.method || "get").toLowerCase();
+  if (["put", "patch", "delete"].includes(method)) {
+    return true;
+  }
+
+  if (method !== "post") {
+    return false;
+  }
+
+  const normalizedUrl = String(config?.url || "")
+    .split("?")[0]
+    .replace(/^https?:\/\/[^/]+/i, "")
+    .trim();
+  const segments = normalizedUrl.split("/").filter(Boolean);
+  const action = (segments[1] || "").trim();
+
+  return /^(Insert|Add|Create|Update|Upd|Delete|Del)/i.test(action);
+};
+
+const clearRowVersionCacheAfterMutation = (response) => {
+  if (!shouldClearRowVersionCacheAfterMutation(response?.config)) {
+    return;
+  }
+
+  const entityKey = getEntityKeyFromUrl(response?.config?.url);
+  if (!entityKey) {
+    return;
+  }
+
+  clearRowVersionCache(entityKey);
+};
+
 const attachRowVersionFromCache = (config) => {
   if (!shouldAttachRowVersion(config)) {
     return config;
@@ -405,6 +438,20 @@ const retryRequest = async (error) => {
   return Promise.reject(error);
 };
 
+const toBusinessErrorPayload = (error) => {
+  const code = Number(error?.code || error?.Code);
+  if (!Number.isFinite(code)) {
+    return null;
+  }
+
+  return {
+    Success: false,
+    Code: code,
+    Message: error?.message || "",
+    Data: error?.data,
+  };
+};
+
 api.interceptors.request.use(
   async (config) => {
     const token = localStorage.getItem("token");
@@ -429,6 +476,13 @@ api.interceptors.request.use(
       return retryRequest(error);
     }
 
+    const localBusinessError = toBusinessErrorPayload(error);
+    if (localBusinessError) {
+      return handleApiError(localBusinessError, {
+        config: error?.config || {},
+      });
+    }
+
     return Promise.reject(error);
   },
 );
@@ -436,24 +490,27 @@ api.interceptors.request.use(
 api.interceptors.response.use(
   (response) => {
     saveRowVersionsFromResponse(response);
+    const resData = response.data;
+    const hasBusinessFlag =
+      typeof resData?.Success === "boolean" ||
+      typeof resData?.Code === "number";
 
     if (response?.config?.skipBusinessErrorHandling) {
+      if (!hasBusinessFlag || isApiSuccess(resData)) {
+        clearRowVersionCacheAfterMutation(response);
+      }
       return response;
     }
 
-    const resData = response.data;
     if (typeof resData === "string" && resData.includes("Version")) {
       return response;
     }
 
-    const hasBusinessFlag =
-      typeof resData?.Success === "boolean" ||
-      typeof resData?.Code === "number";
-
     if (hasBusinessFlag && !isApiSuccess(resData)) {
       return handleApiError(resData, response);
     }
 
+    clearRowVersionCacheAfterMutation(response);
     return response;
   },
   (error) => {
@@ -465,15 +522,44 @@ api.interceptors.response.use(
   },
 );
 
-if (typeof window !== "undefined") {
-  window.addEventListener("beforeunload", () => {
+const handleBeforeUnload = () => {
+  clearRowVersionCache();
+};
+
+const handleStorageChange = (event) => {
+  if (event.key === "token" && !event.newValue) {
     clearRowVersionCache();
-  });
+  }
+};
 
-  window.addEventListener("storage", (event) => {
-    if (event.key === "token" && !event.newValue) {
-      clearRowVersionCache();
-    }
+let hasBoundWindowListeners = false;
+
+const bindWindowListeners = () => {
+  if (typeof window === "undefined" || hasBoundWindowListeners) {
+    return;
+  }
+
+  window.addEventListener("beforeunload", handleBeforeUnload);
+  window.addEventListener("storage", handleStorageChange);
+  hasBoundWindowListeners = true;
+};
+
+export const unbindWindowListeners = () => {
+  if (typeof window === "undefined" || !hasBoundWindowListeners) {
+    return;
+  }
+
+  window.removeEventListener("beforeunload", handleBeforeUnload);
+  window.removeEventListener("storage", handleStorageChange);
+  hasBoundWindowListeners = false;
+};
+
+bindWindowListeners();
+
+if (import.meta.hot) {
+  import.meta.hot.dispose(() => {
+    unbindWindowListeners();
+    clearRowVersionCache();
   });
 }
 
diff --git a/src/layouts/MainLayout.vue b/src/layouts/MainLayout.vue
index 681e531..e387884 100644
--- a/src/layouts/MainLayout.vue
+++ b/src/layouts/MainLayout.vue
@@ -540,7 +540,6 @@ const fetchCurrentUserPermissionCodes = async () => {
   const identity = getUserIdentity(
     loginType.value,
     localStorage.getItem("token") || "",
-    localStorage.getItem("account") || "",
   );
 
   if (!identity) {
diff --git a/src/utils/jwt.js b/src/utils/jwt.js
index 79d3221..3ad55d8 100644
--- a/src/utils/jwt.js
+++ b/src/utils/jwt.js
@@ -74,11 +74,10 @@ export const isTokenExpired = (token, minRemainingSeconds = 0) => {
   return expiration - now <= Number(minRemainingSeconds || 0);
 };
 
-export const getUserIdentity = (loginType, token, fallbackIdentity = "") => {
-  const normalizedFallbackIdentity = normalizeIdentity(fallbackIdentity);
+export const getUserIdentity = (loginType, token) => {
   const payload = decodeJwtPayload(token);
   if (!payload) {
-    return normalizedFallbackIdentity || null;
+    return null;
   }
 
   const preferredFields = IDENTITY_FIELDS_BY_LOGIN_TYPE[loginType] || [];
@@ -86,5 +85,5 @@ export const getUserIdentity = (loginType, token, fallbackIdentity = "") => {
     pickIdentity(payload, preferredFields) ||
     pickIdentity(payload, COMMON_IDENTITY_FIELDS);
 
-  return identity || normalizedFallbackIdentity || null;
+  return identity || null;
 };
diff --git a/src/views/home/HomeView.vue b/src/views/home/HomeView.vue
index 3d717ce..ba2327f 100644
--- a/src/views/home/HomeView.vue
+++ b/src/views/home/HomeView.vue
@@ -171,7 +171,7 @@ import { resolveErrorMessage } from "@/common/errorHandler";
 import { AdministratorFields } from "@/entities/administrator.entity";
 import { BaseFields } from "@/entities/common.entity";
 import { EmployeeFields } from "@/entities/employee.entity";
-import { formatDate, formatDateTime } from "@/utils";
+import { formatDate, formatDateTime, showErrorNotification } from "@/utils";
 import { decodeJwtPayload, getUserIdentity } from "@/utils/jwt";
 
 const { t, locale } = useI18n();
@@ -358,18 +358,14 @@ const pickAdminFromItems = (items, keyword) => {
 const resolveEmployeeId = async () => {
   const token = localStorage.getItem("token") || "";
   const payload = decodeJwtPayload(token) || {};
-  const fallbackIdentity = getUserIdentity(
-    "employee",
-    token,
-    localStorage.getItem("account") || "",
-  );
+  const tokenIdentity = getUserIdentity("employee", token);
 
   const identityCandidates = uniqueText([
     payload?.EmployeeId,
     payload?.employeeId,
     payload?.UserNumber,
     payload?.userNumber,
-    fallbackIdentity,
+    tokenIdentity,
     account.value,
   ]);
 
@@ -427,11 +423,7 @@ const loadAdminProfile = async () => {
   try {
     const token = localStorage.getItem("token") || "";
     const payload = decodeJwtPayload(token) || {};
-    const fallbackIdentity = getUserIdentity(
-      "admin",
-      token,
-      localStorage.getItem("account") || "",
-    );
+    const tokenIdentity = getUserIdentity("admin", token);
 
     const identityCandidates = uniqueText([
       account.value,
@@ -439,7 +431,7 @@ const loadAdminProfile = async () => {
       payload?.userNumber,
       payload?.Account,
       payload?.account,
-      fallbackIdentity,
+      tokenIdentity,
     ]);
 
     const baseParams = {
@@ -549,7 +541,14 @@ const loadHomeData = async () => {
 };
 
 onMounted(() => {
-  loadHomeData();
+  loadHomeData().catch(() => {
+    const localizedMessage = t("message.homeLoadFailed");
+    showErrorNotification(
+      localizedMessage === "message.homeLoadFailed"
+        ? t("message.requestFailed")
+        : localizedMessage,
+    );
+  });
 });
 </script>
 
-- 
Gitee


From 2414dc0caec78d69541ebfd9e993b194d2d22895 Mon Sep 17 00:00:00 2001
From: ck_yeun9 <jackson@oscode.top>
Date: Tue, 17 Feb 2026 23:54:28 +0800
Subject: [PATCH 07/10] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E6=94=B9=E8=BF=9B?=
 =?UTF-8?q?=E9=A1=B9=E3=80=82=20=E4=BF=AE=E5=A4=8D=E6=97=A0=E6=9D=A1?=
 =?UTF-8?q?=E4=BB=B6=E6=8F=90=E7=A4=BA=E6=9D=83=E9=99=90=E5=BC=82=E5=B8=B8?=
 =?UTF-8?q?=E9=94=99=E8=AF=AF=E3=80=82?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/api/baseapi.js           |  49 +++++-----
 src/api/basicapi.js          |   4 +-
 src/common/errorCodes.js     |  39 ++++++++
 src/common/errorHandler.js   |  42 +++++----
 src/config/apiEndpoints.js   |   8 +-
 src/config/apiRoutes.js      | 168 +++++++++++++++++++++++++++++++++++
 src/config/apiRoutes.json    | 141 -----------------------------
 src/directives/permission.js |  25 +++---
 src/layouts/MainLayout.vue   |  50 +++++++++--
 src/router/index.js          |   4 +-
 src/utils/auth.js            | 126 +++++++++++++++++++++++++-
 src/utils/initialize.js      |   2 +-
 src/utils/jwt.js             |   3 +
 src/utils/permission.js      |  47 ++++++----
 src/views/home/HomeView.vue  |   3 +-
 15 files changed, 485 insertions(+), 226 deletions(-)
 create mode 100644 src/common/errorCodes.js
 create mode 100644 src/config/apiRoutes.js
 delete mode 100644 src/config/apiRoutes.json

diff --git a/src/api/baseapi.js b/src/api/baseapi.js
index ee7e6d6..3adfae4 100644
--- a/src/api/baseapi.js
+++ b/src/api/baseapi.js
@@ -11,8 +11,8 @@ const ROW_VERSION_CONFLICT_MESSAGE =
   "Data has changed, please refresh and retry";
 const ROW_VERSION_CONFLICT_HINT = "数据已变更，请刷新后重试";
 
+// entityKey -> { rows: Map<recordId, rowVersion>, touchedAt: number }
 const rowVersionCache = new Map();
-const rowVersionCacheTouchedAt = new Map();
 
 const api = axios.create({
   baseURL: import.meta.env.VITE_API_URL,
@@ -39,41 +39,46 @@ export const getApiMessage = (payload) =>
 export const clearRowVersionCache = (entityKey) => {
   if (entityKey) {
     rowVersionCache.delete(entityKey);
-    rowVersionCacheTouchedAt.delete(entityKey);
     return;
   }
 
   rowVersionCache.clear();
-  rowVersionCacheTouchedAt.clear();
 };
 
 const touchRowVersionCacheEntity = (entityKey) => {
   if (!entityKey) {
     return;
   }
-  rowVersionCacheTouchedAt.set(entityKey, Date.now());
+
+  const existingEntry = rowVersionCache.get(entityKey);
+  if (!existingEntry) {
+    return;
+  }
+
+  existingEntry.touchedAt = Date.now();
+  // Move to tail so Map order reflects LRU (tail = most recently used).
+  rowVersionCache.delete(entityKey);
+  rowVersionCache.set(entityKey, existingEntry);
 };
 
 const pruneRowVersionCache = () => {
   const now = Date.now();
 
-  for (const [entityKey, lastTouchedAt] of rowVersionCacheTouchedAt.entries()) {
-    if (now - lastTouchedAt > ROW_VERSION_CACHE_TTL_MS) {
+  for (const [entityKey, cacheEntry] of rowVersionCache.entries()) {
+    const lastTouchedAt = Number(cacheEntry?.touchedAt || 0);
+    if (!lastTouchedAt || now - lastTouchedAt > ROW_VERSION_CACHE_TTL_MS) {
       clearRowVersionCache(entityKey);
     }
   }
 
-  if (rowVersionCache.size <= ROW_VERSION_CACHE_MAX_ENTITIES) {
-    return;
+  // Evict from head while overflow exists (head = least recently used).
+  while (rowVersionCache.size > ROW_VERSION_CACHE_MAX_ENTITIES) {
+    const lruEntityKey = rowVersionCache.keys().next().value;
+    if (!lruEntityKey) {
+      break;
+    }
+    clearRowVersionCache(lruEntityKey);
   }
-
-  const overflowCount = rowVersionCache.size - ROW_VERSION_CACHE_MAX_ENTITIES;
-  const staleEntityKeys = [...rowVersionCacheTouchedAt.entries()]
-    .sort((a, b) => a[1] - b[1])
-    .slice(0, overflowCount)
-    .map(([entityKey]) => entityKey);
-
-  staleEntityKeys.forEach((entityKey) => clearRowVersionCache(entityKey));
 };
 
 const getEntityKeyFromUrl = (url = "") => {
@@ -234,12 +239,13 @@ const getCachedRowVersion = (entityKey, id) => {
     return null;
   }
 
-  const entityCache = rowVersionCache.get(entityKey);
-  const rowVersion = entityCache?.get(String(id));
+  const cacheEntry = rowVersionCache.get(entityKey);
+  const rowVersion = cacheEntry?.rows?.get(String(id));
   if (rowVersion === undefined || rowVersion === null) {
     return null;
   }
 
+  touchRowVersionCacheEntity(entityKey);
   return rowVersion;
 };
 
@@ -255,10 +261,13 @@ const saveRowVersionToCache = (entityKey, record) => {
   }
 
   if (!rowVersionCache.has(entityKey)) {
-    rowVersionCache.set(entityKey, new Map());
+    rowVersionCache.set(entityKey, {
+      rows: new Map(),
+      touchedAt: Date.now(),
+    });
   }
 
-  rowVersionCache.get(entityKey).set(String(id), rowVersion);
+  rowVersionCache.get(entityKey).rows.set(String(id), rowVersion);
   touchRowVersionCacheEntity(entityKey);
 };
 
diff --git a/src/api/basicapi.js b/src/api/basicapi.js
index 02b7731..b442f33 100644
--- a/src/api/basicapi.js
+++ b/src/api/basicapi.js
@@ -1,5 +1,6 @@
 import api from "../api";
 import { API_ENDPOINTS } from "../config/apiEndpoints";
+import { isTokenInvalidBusinessCode } from "@/common/errorCodes";
 
 const LOGIN_ENDPOINTS = {
   admin: API_ENDPOINTS.login.admin,
@@ -40,7 +41,8 @@ export const getApiMessage = (payload) =>
   payload?.Message || payload?.message || "Request failed";
 
 export const isTwoFactorChallenge = (payload) =>
-  payload?.Code === 1401 && payload?.Data?.RequiresTwoFactor === true;
+  isTokenInvalidBusinessCode(payload?.Code) &&
+  payload?.Data?.RequiresTwoFactor === true;
 
 // 登录
 export const signIn = async (data, loginType = LOGIN_TYPES.admin) => {
diff --git a/src/common/errorCodes.js b/src/common/errorCodes.js
new file mode 100644
index 0000000..64863ba
--- /dev/null
+++ b/src/common/errorCodes.js
@@ -0,0 +1,39 @@
+export const API_SUCCESS_CODE = 0;
+
+export const HTTP_STATUS = Object.freeze({
+  UNAUTHORIZED: 401,
+  FORBIDDEN: 403,
+});
+
+export const ERROR_CODES = Object.freeze({
+  AUTH_TOKEN_EXPIRED: 1401,
+  AUTH_INVALID_CREDENTIAL: 1402,
+  AUTH_PERMISSION_DENIED: 1403,
+  RESOURCE_NOT_FOUND: 1404,
+  CONCURRENCY_CONFLICT: 1409,
+  VALIDATION_FAILED: 2001,
+  DUPLICATE_DATA: 3001,
+  SERVER_ERROR: 1500,
+  NETWORK_ERROR: 9001,
+  NETWORK_TIMEOUT: 9002,
+});
+
+export const normalizeCode = (value) => {
+  const code = Number(value);
+  return Number.isFinite(code) ? code : 0;
+};
+
+export const isTokenInvalidBusinessCode = (code) =>
+  normalizeCode(code) === ERROR_CODES.AUTH_TOKEN_EXPIRED;
+
+export const isPermissionDeniedBusinessCode = (code) => {
+  const normalized = normalizeCode(code);
+  return (
+    normalized === ERROR_CODES.AUTH_INVALID_CREDENTIAL ||
+    normalized === ERROR_CODES.AUTH_PERMISSION_DENIED
+  );
+};
+
+export const isPermissionDeniedErrorCode = (code) =>
+  isPermissionDeniedBusinessCode(code) ||
+  normalizeCode(code) === HTTP_STATUS.FORBIDDEN;
diff --git a/src/common/errorHandler.js b/src/common/errorHandler.js
index d90cf1e..44441d7 100644
--- a/src/common/errorHandler.js
+++ b/src/common/errorHandler.js
@@ -1,9 +1,14 @@
 import i18n from "@/i18n";
 import { showErrorNotification, showWarningNotification } from "@/utils";
 import { redirectToLogin, handleLogout } from "@/utils/auth";
+import {
+  ERROR_CODES,
+  HTTP_STATUS,
+  isTokenInvalidBusinessCode,
+} from "@/common/errorCodes";
 
 // 可扩展的错误码映射表
-const DEFAULT_API_ERROR_MESSAGE = "Request failed";
+const DEFAULT_API_ERROR_MESSAGE = i18n.global.t("message.requestFailed");
 
 const readApiMessage = (payload) => {
   if (!payload || typeof payload !== "object") {
@@ -30,55 +35,54 @@ export const resolveErrorMessage = (payload, fallbackMessage) => {
 
 export const errorCodeMap = {
   // 认证/授权相关
-  1401: {
+  [ERROR_CODES.AUTH_TOKEN_EXPIRED]: {
     // token 失效：通常需要用户重新登录
     message: i18n.global.t("message.loginExpired") || "登录已过期，请重新登录",
     action: "redirect",
     clearStorage: true,
   },
-  1402: {
+  [ERROR_CODES.AUTH_INVALID_CREDENTIAL]: {
     // 凭证无效（示例）
-    message:
-      i18n.global.t("message.noPermission") || "无权限执行该操作",
+    message: i18n.global.t("message.noPermission") || "无权限执行该操作",
     action: "notify",
   },
-  1403: {
+  [ERROR_CODES.AUTH_PERMISSION_DENIED]: {
     // 权限不足
     message: i18n.global.t("message.noPermission") || "无权限执行该操作",
     action: "notify",
   },
 
   // 资源/数据相关
-  1404: {
+  [ERROR_CODES.RESOURCE_NOT_FOUND]: {
     // 资源未找到
     message: i18n.global.t("message.notFound") || "未找到相关资源",
     action: "notify",
   },
-  1409: {
+  [ERROR_CODES.CONCURRENCY_CONFLICT]: {
     message:
       i18n.global.t("message.concurrencyConflict") ||
       "数据已被其他用户修改，请刷新后重试",
     action: "notify",
   },
-  2001: {
+  [ERROR_CODES.VALIDATION_FAILED]: {
     // 参数/校验错误
     message:
       i18n.global.t("message.validationFailed") || "参数校验失败，请检查输入",
     action: "notify",
   },
-  3001: {
+  [ERROR_CODES.DUPLICATE_DATA]: {
     // 数据已存在/重复
     message: i18n.global.t("message.duplicate") || "数据已存在，无法重复创建",
     action: "notify",
   },
 
   // 服务端/网络
-  1500: {
+  [ERROR_CODES.SERVER_ERROR]: {
     message:
       i18n.global.t("message.serverError") || "服务器内部错误，请稍后重试",
     action: "notify",
   },
-  9001: {
+  [ERROR_CODES.NETWORK_ERROR]: {
     // 网络/连接异常（客户端定义）
     message:
       i18n.global.t("message.networkError") || "网络连接异常，请检查网络",
@@ -99,7 +103,7 @@ export function handleApiError(resData, response) {
 
   // Token 相关优先处理，保留重试逻辑：当后端返回 1401 且本地还有 token 时，触发重试机制
   if (
-    code === 1401 ||
+    isTokenInvalidBusinessCode(code) ||
     (typeof message === "string" && message.includes("Token"))
   ) {
     const token = localStorage.getItem("token");
@@ -108,7 +112,7 @@ export function handleApiError(resData, response) {
       redirectToLogin(backendMessage || i18n.global.t("message.loginExpired"));
       return Promise.reject({
         success: false,
-        code: 1401,
+        code: ERROR_CODES.AUTH_TOKEN_EXPIRED,
         message: backendMessage || i18n.global.t("message.loginExpired"),
       });
     }
@@ -182,20 +186,20 @@ export function handleHttpError(error) {
       // 忽略解析错误，继续执行后续的 HTTP 层处理
     }
 
-    if (status === 401) {
+    if (status === HTTP_STATUS.UNAUTHORIZED) {
       redirectToLogin(i18n.global.t("message.loginExpired"), true);
       return Promise.reject({
         success: false,
-        code: 401,
+        code: HTTP_STATUS.UNAUTHORIZED,
         message: i18n.global.t("message.loginExpired"),
       });
     }
 
-    if (status === 403) {
+    if (status === HTTP_STATUS.FORBIDDEN) {
       showErrorNotification(i18n.global.t("message.noPermission") || "无权限");
       return Promise.reject({
         success: false,
-        code: 403,
+        code: HTTP_STATUS.FORBIDDEN,
         message: i18n.global.t("message.noPermission"),
       });
     }
@@ -231,7 +235,7 @@ export function handleHttpError(error) {
   showErrorNotification(displayMessage);
   return Promise.reject({
     success: false,
-    code: isTimeout ? 9002 : 9001,
+    code: isTimeout ? ERROR_CODES.NETWORK_TIMEOUT : ERROR_CODES.NETWORK_ERROR,
     message: displayMessage,
   });
 }
diff --git a/src/config/apiEndpoints.js b/src/config/apiEndpoints.js
index fdb5bf6..3f6677e 100644
--- a/src/config/apiEndpoints.js
+++ b/src/config/apiEndpoints.js
@@ -1,4 +1,4 @@
-import flatApiRoutes from "./apiRoutes.json";
+import { FLAT_API_ROUTES } from "./apiRoutes";
 
 const ROOT_ROUTE_OVERRIDES = {
   VERSION: { group: "SYSTEM", name: "VERSION" },
@@ -74,9 +74,9 @@ const buildGroupedRoutes = (flatRoutes) => {
   return grouped;
 };
 
-validateFlatRoutes(flatApiRoutes);
+validateFlatRoutes(FLAT_API_ROUTES);
 
-const groupedRoutes = buildGroupedRoutes(flatApiRoutes);
+const groupedRoutes = buildGroupedRoutes(FLAT_API_ROUTES);
 
 export const ROUTES = Object.freeze(
   Object.fromEntries(
@@ -87,7 +87,7 @@ export const ROUTES = Object.freeze(
   ),
 );
 
-export const LEGACY_ROUTES = Object.freeze({ ...flatApiRoutes });
+export const LEGACY_ROUTES = Object.freeze({ ...FLAT_API_ROUTES });
 
 export const API_ROUTE_KEYS = Object.freeze(Object.keys(LEGACY_ROUTES));
 
diff --git a/src/config/apiRoutes.js b/src/config/apiRoutes.js
new file mode 100644
index 0000000..95f389c
--- /dev/null
+++ b/src/config/apiRoutes.js
@@ -0,0 +1,168 @@
+// Security baseline:
+// - Keep only endpoints actually used by the current frontend.
+// - Do not expose a full backend endpoint catalog in client bundles.
+export const FLAT_API_ROUTES = Object.freeze({
+  ADMIN_ADD_ADMIN: "/Admin/AddAdmin",
+  ADMIN_ADD_ADMIN_TYPE: "/Admin/AddAdminType",
+  ADMIN_ASSIGN_USER_PERMISSIONS: "/Admin/AssignUserPermissions",
+  ADMIN_ASSIGN_USER_ROLES: "/Admin/AssignUserRoles",
+  ADMIN_DEL_ADMIN: "/Admin/DelAdmin",
+  ADMIN_DEL_ADMIN_TYPE: "/Admin/DelAdminType",
+  ADMIN_GET_ALL_ADMIN_LIST: "/Admin/GetAllAdminList",
+  ADMIN_GET_ALL_ADMIN_TYPES: "/Admin/GetAllAdminTypes",
+  ADMIN_LOGIN: "/Admin/Login",
+  ADMIN_LOGOUT: "/Admin/Logout",
+  ADMIN_READ_USER_DIRECT_PERMISSIONS: "/Admin/ReadUserDirectPermissions",
+  ADMIN_READ_USER_ROLE_PERMISSIONS: "/Admin/ReadUserRolePermissions",
+  ADMIN_READ_USER_ROLES: "/Admin/ReadUserRoles",
+  ADMIN_UPD_ADMIN: "/Admin/UpdAdmin",
+  ADMIN_UPD_ADMIN_TYPE: "/Admin/UpdAdminType",
+  ASSET_ADD_ASSET_INFO: "/Asset/AddAssetInfo",
+  ASSET_DEL_ASSET_INFO: "/Asset/DelAssetInfo",
+  ASSET_SELECT_ASSET_INFO_ALL: "/Asset/SelectAssetInfoAll",
+  ASSET_UPD_ASSET_INFO: "/Asset/UpdAssetInfo",
+  BASE_ADD_DEPT: "/Base/AddDept",
+  BASE_ADD_EDUCATION: "/Base/AddEducation",
+  BASE_ADD_NATION: "/Base/AddNation",
+  BASE_ADD_POSITION: "/Base/AddPosition",
+  BASE_CREATE_APPOINTMENT_NOTICE_TYPE: "/Base/CreateAppointmentNoticeType",
+  BASE_DEL_DEPT: "/Base/DelDept",
+  BASE_DEL_EDUCATION: "/Base/DelEducation",
+  BASE_DEL_NATION: "/Base/DelNation",
+  BASE_DEL_POSITION: "/Base/DelPosition",
+  BASE_DELETE_APPOINTMENT_NOTICE_TYPE: "/Base/DeleteAppointmentNoticeType",
+  BASE_DELETE_CUSTO_TYPE: "/Base/DeleteCustoType",
+  BASE_DELETE_PASS_PORT_TYPE: "/Base/DeletePassPortType",
+  BASE_INSERT_CUSTO_TYPE: "/Base/InsertCustoType",
+  BASE_INSERT_PASS_PORT_TYPE: "/Base/InsertPassPortType",
+  BASE_SELECT_APPOINTMENT_NOTICE_TYPE_ALL:
+    "/Base/SelectAppointmentNoticeTypeAll",
+  BASE_SELECT_CUSTO_TYPE_ALL: "/Base/SelectCustoTypeAll",
+  BASE_SELECT_CUSTO_TYPE_ALL_CAN_USE: "/Base/SelectCustoTypeAllCanUse",
+  BASE_SELECT_DEPT_ALL: "/Base/SelectDeptAll",
+  BASE_SELECT_EDUCATION_ALL: "/Base/SelectEducationAll",
+  BASE_SELECT_NATION_ALL: "/Base/SelectNationAll",
+  BASE_SELECT_PASS_PORT_TYPE_ALL: "/Base/SelectPassPortTypeAll",
+  BASE_SELECT_PASS_PORT_TYPE_ALL_CAN_USE: "/Base/SelectPassPortTypeAllCanUse",
+  BASE_SELECT_POSITION_ALL: "/Base/SelectPositionAll",
+  BASE_SELECT_ROOM_STATE_ALL: "/Base/SelectRoomStateAll",
+  BASE_SELECT_WORKER_FEATURE_ALL: "/Base/SelectWorkerFeatureAll",
+  BASE_UPD_DEPT: "/Base/UpdDept",
+  BASE_UPD_EDUCATION: "/Base/UpdEducation",
+  BASE_UPD_NATION: "/Base/UpdNation",
+  BASE_UPD_POSITION: "/Base/UpdPosition",
+  BASE_UPDATE_APPOINTMENT_NOTICE_TYPE: "/Base/UpdateAppointmentNoticeType",
+  BASE_UPDATE_CUSTO_TYPE: "/Base/UpdateCustoType",
+  BASE_UPDATE_PASS_PORT_TYPE: "/Base/UpdatePassPortType",
+  CUSTOMER_DEL_CUSTOMER_INFO: "/Customer/DelCustomerInfo",
+  CUSTOMER_INSERT_CUSTOMER_INFO: "/Customer/InsertCustomerInfo",
+  CUSTOMER_PERMISSION_ASSIGN_USER_PERMISSIONS:
+    "/CustomerPermission/AssignUserPermissions",
+  CUSTOMER_PERMISSION_ASSIGN_USER_ROLES: "/CustomerPermission/AssignUserRoles",
+  CUSTOMER_PERMISSION_READ_USER_DIRECT_PERMISSIONS:
+    "/CustomerPermission/ReadUserDirectPermissions",
+  CUSTOMER_PERMISSION_READ_USER_ROLE_PERMISSIONS:
+    "/CustomerPermission/ReadUserRolePermissions",
+  CUSTOMER_PERMISSION_READ_USER_ROLES: "/CustomerPermission/ReadUserRoles",
+  CUSTOMER_SELECT_CUSTOMERS: "/Customer/SelectCustomers",
+  CUSTOMER_UPD_CUSTOMER_INFO: "/Customer/UpdCustomerInfo",
+  DASHBOARD_BUSINESS_STATISTICS: "/Dashboard/BusinessStatistics",
+  DASHBOARD_HUMAN_RESOURCES_STATISTICS: "/Dashboard/HumanResourcesStatistics",
+  DASHBOARD_LOGISTICS_STATISTICS: "/Dashboard/LogisticsStatistics",
+  DASHBOARD_ROOM_STATISTICS: "/Dashboard/RoomStatistics",
+  EMPLOYEE_ADD_EMPLOYEE: "/Employee/AddEmployee",
+  EMPLOYEE_CHECK_SELECT_CHECK_INFO_BY_EMPLOYEE_ID:
+    "/EmployeeCheck/SelectCheckInfoByEmployeeId",
+  EMPLOYEE_EMPLOYEE_LOGIN: "/Employee/EmployeeLogin",
+  EMPLOYEE_HISTORY_SELECT_HISTORY_BY_EMPLOYEE_ID:
+    "/EmployeeHistory/SelectHistoryByEmployeeId",
+  EMPLOYEE_MANAGER_EMPLOYEE_ACCOUNT: "/Employee/ManagerEmployeeAccount",
+  EMPLOYEE_PERMISSION_ASSIGN_USER_PERMISSIONS:
+    "/EmployeePermission/AssignUserPermissions",
+  EMPLOYEE_PERMISSION_ASSIGN_USER_ROLES: "/EmployeePermission/AssignUserRoles",
+  EMPLOYEE_PERMISSION_READ_USER_DIRECT_PERMISSIONS:
+    "/EmployeePermission/ReadUserDirectPermissions",
+  EMPLOYEE_PERMISSION_READ_USER_ROLE_PERMISSIONS:
+    "/EmployeePermission/ReadUserRolePermissions",
+  EMPLOYEE_PERMISSION_READ_USER_ROLES: "/EmployeePermission/ReadUserRoles",
+  EMPLOYEE_PHOTO_INSERT_WORKER_PHOTO: "/EmployeePhoto/InsertWorkerPhoto",
+  EMPLOYEE_RESET_EMPLOYEE_ACCOUNT_PASSWORD:
+    "/Employee/ResetEmployeeAccountPassword",
+  EMPLOYEE_SELECT_EMPLOYEE_ALL: "/Employee/SelectEmployeeAll",
+  EMPLOYEE_SELECT_EMPLOYEE_INFO_BY_EMPLOYEE_ID:
+    "/Employee/SelectEmployeeInfoByEmployeeId",
+  EMPLOYEE_UPDATE_EMPLOYEE: "/Employee/UpdateEmployee",
+  ENERGY_MANAGEMENT_DELETE_ENERGY_MANAGEMENT_INFO:
+    "/EnergyManagement/DeleteEnergyManagementInfo",
+  ENERGY_MANAGEMENT_INSERT_ENERGY_MANAGEMENT_INFO:
+    "/EnergyManagement/InsertEnergyManagementInfo",
+  ENERGY_MANAGEMENT_SELECT_ENERGY_MANAGEMENT_INFO:
+    "/EnergyManagement/SelectEnergyManagementInfo",
+  ENERGY_MANAGEMENT_UPDATE_ENERGY_MANAGEMENT_INFO:
+    "/EnergyManagement/UpdateEnergyManagementInfo",
+  LOGIN_GET_CSRF_TOKEN: "/Login/GetCSRFToken",
+  LOGIN_REFRESH_CSRF_TOKEN: "/Login/RefreshCSRFToken",
+  MENU_BUILD_MENU_ALL: "/Menu/BuildMenuAll",
+  MENU_DELETE_MENU: "/Menu/DeleteMenu",
+  MENU_INSERT_MENU: "/Menu/InsertMenu",
+  MENU_SELECT_MENU_ALL: "/Menu/SelectMenuAll",
+  MENU_UPDATE_MENU: "/Menu/UpdateMenu",
+  PERMISSION_SELECT_PERMISSION_LIST: "/Permission/SelectPermissionList",
+  PROMOTION_CONTENT_ADD_PROMOTION_CONTENT:
+    "/PromotionContent/AddPromotionContent",
+  PROMOTION_CONTENT_DELETE_PROMOTION_CONTENT:
+    "/PromotionContent/DeletePromotionContent",
+  PROMOTION_CONTENT_SELECT_PROMOTION_CONTENT_ALL:
+    "/PromotionContent/SelectPromotionContentAll",
+  PROMOTION_CONTENT_UPDATE_PROMOTION_CONTENT:
+    "/PromotionContent/UpdatePromotionContent",
+  RESER_DELETE_RESER_INFO: "/Reser/DeleteReserInfo",
+  RESER_INSER_RESER_INFO: "/Reser/InserReserInfo",
+  RESER_SELECT_RESER_ALL: "/Reser/SelectReserAll",
+  RESER_SELECT_RESER_TYPE_ALL: "/Reser/SelectReserTypeAll",
+  RESER_UPDATE_RESER_INFO: "/Reser/UpdateReserInfo",
+  REWARD_PUNISHMENT_SELECT_ALL_REWARD_PUNISHMENT_BY_EMPLOYEE_ID:
+    "/RewardPunishment/SelectAllRewardPunishmentByEmployeeId",
+  ROLE_ASSIGN_ROLE_USERS: "/Role/AssignRoleUsers",
+  ROLE_DELETE_ROLE: "/Role/DeleteRole",
+  ROLE_GRANT_ROLE_PERMISSIONS: "/Role/GrantRolePermissions",
+  ROLE_INSERT_ROLE: "/Role/InsertRole",
+  ROLE_READ_ROLE_PERMISSIONS: "/Role/ReadRolePermissions",
+  ROLE_READ_ROLE_USERS: "/Role/ReadRoleUsers",
+  ROLE_SELECT_ROLE_LIST: "/Role/SelectRoleList",
+  ROLE_UPDATE_ROLE: "/Role/UpdateRole",
+  ROOM_DELETE_ROOM: "/Room/DeleteRoom",
+  ROOM_INSERT_ROOM: "/Room/InsertRoom",
+  ROOM_SELECT_CAN_USE_ROOM_ALL: "/Room/SelectCanUseRoomAll",
+  ROOM_SELECT_ROOM_ALL: "/Room/SelectRoomAll",
+  ROOM_TYPE_DELETE_ROOM_TYPE: "/RoomType/DeleteRoomType",
+  ROOM_TYPE_INSERT_ROOM_TYPE: "/RoomType/InsertRoomType",
+  ROOM_TYPE_SELECT_ROOM_TYPES_ALL: "/RoomType/SelectRoomTypesAll",
+  ROOM_TYPE_UPDATE_ROOM_TYPE: "/RoomType/UpdateRoomType",
+  ROOM_UPDATE_ROOM: "/Room/UpdateRoom",
+  SELLTHING_DELETE_SELLTHING: "/Sellthing/DeleteSellthing",
+  SELLTHING_INSERT_SELLTHING: "/Sellthing/InsertSellthing",
+  SELLTHING_SELECT_SELLTHING_ALL: "/Sellthing/SelectSellthingAll",
+  SELLTHING_UPDATE_SELLTHING: "/Sellthing/UpdateSellthing",
+  SPEND_INSERT_SPEND_INFO: "/Spend/InsertSpendInfo",
+  SPEND_SELECT_SPEND_INFO_ALL: "/Spend/SelectSpendInfoAll",
+  SPEND_UPD_SPEND_INFO: "/Spend/UpdSpendInfo",
+  SUPERVISION_STATISTICS_DELETE_SUPERVISION_STATISTICS:
+    "/SupervisionStatistics/DeleteSupervisionStatistics",
+  SUPERVISION_STATISTICS_INSERT_SUPERVISION_STATISTICS:
+    "/SupervisionStatistics/InsertSupervisionStatistics",
+  SUPERVISION_STATISTICS_SELECT_SUPERVISION_STATISTICS_ALL:
+    "/SupervisionStatistics/SelectSupervisionStatisticsAll",
+  SUPERVISION_STATISTICS_UPDATE_SUPERVISION_STATISTICS:
+    "/SupervisionStatistics/UpdateSupervisionStatistics",
+  UTILITY_DELETE_OPERATIONLOG: "/Utility/DeleteOperationlog",
+  UTILITY_DELETE_OPERATIONLOG_BY_RANGE: "/Utility/DeleteOperationlogByRange",
+  UTILITY_SELECT_CARD_CODE: "/Utility/SelectCardCode",
+  UTILITY_SELECT_OPERATIONLOG_ALL: "/Utility/SelectOperationlogAll",
+  UTILITY_SELECT_REQUESTLOG_ALL: "/Utility/SelectRequestlogAll",
+  VERSION: "/version",
+  VIP_RULE_ADD_VIP_RULE: "/VipRule/AddVipRule",
+  VIP_RULE_DEL_VIP_RULE: "/VipRule/DelVipRule",
+  VIP_RULE_SELECT_VIP_RULE_LIST: "/VipRule/SelectVipRuleList",
+  VIP_RULE_UPD_VIP_RULE: "/VipRule/UpdVipRule",
+});
diff --git a/src/config/apiRoutes.json b/src/config/apiRoutes.json
deleted file mode 100644
index 67b0a60..0000000
--- a/src/config/apiRoutes.json
+++ /dev/null
@@ -1,141 +0,0 @@
-{
-  "ADMIN_ADD_ADMIN": "/Admin/AddAdmin",
-  "ADMIN_ADD_ADMIN_TYPE": "/Admin/AddAdminType",
-  "ADMIN_ASSIGN_USER_PERMISSIONS": "/Admin/AssignUserPermissions",
-  "ADMIN_ASSIGN_USER_ROLES": "/Admin/AssignUserRoles",
-  "ADMIN_DEL_ADMIN": "/Admin/DelAdmin",
-  "ADMIN_DEL_ADMIN_TYPE": "/Admin/DelAdminType",
-  "ADMIN_GET_ALL_ADMIN_LIST": "/Admin/GetAllAdminList",
-  "ADMIN_GET_ALL_ADMIN_TYPES": "/Admin/GetAllAdminTypes",
-  "ADMIN_LOGIN": "/Admin/Login",
-  "ADMIN_LOGOUT": "/Admin/Logout",
-  "ADMIN_READ_USER_DIRECT_PERMISSIONS": "/Admin/ReadUserDirectPermissions",
-  "ADMIN_READ_USER_ROLE_PERMISSIONS": "/Admin/ReadUserRolePermissions",
-  "ADMIN_READ_USER_ROLES": "/Admin/ReadUserRoles",
-  "ADMIN_UPD_ADMIN": "/Admin/UpdAdmin",
-  "ADMIN_UPD_ADMIN_TYPE": "/Admin/UpdAdminType",
-  "ASSET_ADD_ASSET_INFO": "/Asset/AddAssetInfo",
-  "ASSET_DEL_ASSET_INFO": "/Asset/DelAssetInfo",
-  "ASSET_SELECT_ASSET_INFO_ALL": "/Asset/SelectAssetInfoAll",
-  "ASSET_UPD_ASSET_INFO": "/Asset/UpdAssetInfo",
-  "BASE_ADD_DEPT": "/Base/AddDept",
-  "BASE_ADD_EDUCATION": "/Base/AddEducation",
-  "BASE_ADD_NATION": "/Base/AddNation",
-  "BASE_ADD_POSITION": "/Base/AddPosition",
-  "BASE_CREATE_APPOINTMENT_NOTICE_TYPE": "/Base/CreateAppointmentNoticeType",
-  "BASE_DEL_DEPT": "/Base/DelDept",
-  "BASE_DEL_EDUCATION": "/Base/DelEducation",
-  "BASE_DEL_NATION": "/Base/DelNation",
-  "BASE_DEL_POSITION": "/Base/DelPosition",
-  "BASE_DELETE_APPOINTMENT_NOTICE_TYPE": "/Base/DeleteAppointmentNoticeType",
-  "BASE_DELETE_CUSTO_TYPE": "/Base/DeleteCustoType",
-  "BASE_DELETE_PASS_PORT_TYPE": "/Base/DeletePassPortType",
-  "BASE_INSERT_CUSTO_TYPE": "/Base/InsertCustoType",
-  "BASE_INSERT_PASS_PORT_TYPE": "/Base/InsertPassPortType",
-  "BASE_SELECT_APPOINTMENT_NOTICE_TYPE_ALL": "/Base/SelectAppointmentNoticeTypeAll",
-  "BASE_SELECT_CUSTO_TYPE_ALL": "/Base/SelectCustoTypeAll",
-  "BASE_SELECT_CUSTO_TYPE_ALL_CAN_USE": "/Base/SelectCustoTypeAllCanUse",
-  "BASE_SELECT_DEPT_ALL": "/Base/SelectDeptAll",
-  "BASE_SELECT_EDUCATION_ALL": "/Base/SelectEducationAll",
-  "BASE_SELECT_NATION_ALL": "/Base/SelectNationAll",
-  "BASE_SELECT_PASS_PORT_TYPE_ALL": "/Base/SelectPassPortTypeAll",
-  "BASE_SELECT_PASS_PORT_TYPE_ALL_CAN_USE": "/Base/SelectPassPortTypeAllCanUse",
-  "BASE_SELECT_POSITION_ALL": "/Base/SelectPositionAll",
-  "BASE_SELECT_ROOM_STATE_ALL": "/Base/SelectRoomStateAll",
-  "BASE_SELECT_WORKER_FEATURE_ALL": "/Base/SelectWorkerFeatureAll",
-  "BASE_UPD_DEPT": "/Base/UpdDept",
-  "BASE_UPD_EDUCATION": "/Base/UpdEducation",
-  "BASE_UPD_NATION": "/Base/UpdNation",
-  "BASE_UPD_POSITION": "/Base/UpdPosition",
-  "BASE_UPDATE_APPOINTMENT_NOTICE_TYPE": "/Base/UpdateAppointmentNoticeType",
-  "BASE_UPDATE_CUSTO_TYPE": "/Base/UpdateCustoType",
-  "BASE_UPDATE_PASS_PORT_TYPE": "/Base/UpdatePassPortType",
-  "CUSTOMER_DEL_CUSTOMER_INFO": "/Customer/DelCustomerInfo",
-  "CUSTOMER_INSERT_CUSTOMER_INFO": "/Customer/InsertCustomerInfo",
-  "CUSTOMER_SELECT_CUSTOMERS": "/Customer/SelectCustomers",
-  "CUSTOMER_UPD_CUSTOMER_INFO": "/Customer/UpdCustomerInfo",
-  "CUSTOMER_PERMISSION_ASSIGN_USER_PERMISSIONS": "/CustomerPermission/AssignUserPermissions",
-  "CUSTOMER_PERMISSION_ASSIGN_USER_ROLES": "/CustomerPermission/AssignUserRoles",
-  "CUSTOMER_PERMISSION_READ_USER_DIRECT_PERMISSIONS": "/CustomerPermission/ReadUserDirectPermissions",
-  "CUSTOMER_PERMISSION_READ_USER_ROLE_PERMISSIONS": "/CustomerPermission/ReadUserRolePermissions",
-  "CUSTOMER_PERMISSION_READ_USER_ROLES": "/CustomerPermission/ReadUserRoles",
-  "DASHBOARD_BUSINESS_STATISTICS": "/Dashboard/BusinessStatistics",
-  "DASHBOARD_HUMAN_RESOURCES_STATISTICS": "/Dashboard/HumanResourcesStatistics",
-  "DASHBOARD_LOGISTICS_STATISTICS": "/Dashboard/LogisticsStatistics",
-  "DASHBOARD_ROOM_STATISTICS": "/Dashboard/RoomStatistics",
-  "EMPLOYEE_ADD_EMPLOYEE": "/Employee/AddEmployee",
-  "EMPLOYEE_EMPLOYEE_LOGIN": "/Employee/EmployeeLogin",
-  "EMPLOYEE_MANAGER_EMPLOYEE_ACCOUNT": "/Employee/ManagerEmployeeAccount",
-  "EMPLOYEE_RESET_EMPLOYEE_ACCOUNT_PASSWORD": "/Employee/ResetEmployeeAccountPassword",
-  "EMPLOYEE_SELECT_EMPLOYEE_ALL": "/Employee/SelectEmployeeAll",
-  "EMPLOYEE_SELECT_EMPLOYEE_INFO_BY_EMPLOYEE_ID": "/Employee/SelectEmployeeInfoByEmployeeId",
-  "EMPLOYEE_UPDATE_EMPLOYEE": "/Employee/UpdateEmployee",
-  "EMPLOYEE_CHECK_SELECT_CHECK_INFO_BY_EMPLOYEE_ID": "/EmployeeCheck/SelectCheckInfoByEmployeeId",
-  "EMPLOYEE_HISTORY_SELECT_HISTORY_BY_EMPLOYEE_ID": "/EmployeeHistory/SelectHistoryByEmployeeId",
-  "EMPLOYEE_PERMISSION_ASSIGN_USER_PERMISSIONS": "/EmployeePermission/AssignUserPermissions",
-  "EMPLOYEE_PERMISSION_ASSIGN_USER_ROLES": "/EmployeePermission/AssignUserRoles",
-  "EMPLOYEE_PERMISSION_READ_USER_DIRECT_PERMISSIONS": "/EmployeePermission/ReadUserDirectPermissions",
-  "EMPLOYEE_PERMISSION_READ_USER_ROLE_PERMISSIONS": "/EmployeePermission/ReadUserRolePermissions",
-  "EMPLOYEE_PERMISSION_READ_USER_ROLES": "/EmployeePermission/ReadUserRoles",
-  "EMPLOYEE_PHOTO_INSERT_WORKER_PHOTO": "/EmployeePhoto/InsertWorkerPhoto",
-  "ENERGY_MANAGEMENT_DELETE_ENERGY_MANAGEMENT_INFO": "/EnergyManagement/DeleteEnergyManagementInfo",
-  "ENERGY_MANAGEMENT_INSERT_ENERGY_MANAGEMENT_INFO": "/EnergyManagement/InsertEnergyManagementInfo",
-  "ENERGY_MANAGEMENT_SELECT_ENERGY_MANAGEMENT_INFO": "/EnergyManagement/SelectEnergyManagementInfo",
-  "ENERGY_MANAGEMENT_UPDATE_ENERGY_MANAGEMENT_INFO": "/EnergyManagement/UpdateEnergyManagementInfo",
-  "LOGIN_GET_CSRF_TOKEN": "/Login/GetCSRFToken",
-  "LOGIN_REFRESH_CSRF_TOKEN": "/Login/RefreshCSRFToken",
-  "MENU_BUILD_MENU_ALL": "/Menu/BuildMenuAll",
-  "MENU_DELETE_MENU": "/Menu/DeleteMenu",
-  "MENU_INSERT_MENU": "/Menu/InsertMenu",
-  "MENU_SELECT_MENU_ALL": "/Menu/SelectMenuAll",
-  "MENU_UPDATE_MENU": "/Menu/UpdateMenu",
-  "PERMISSION_SELECT_PERMISSION_LIST": "/Permission/SelectPermissionList",
-  "PROMOTION_CONTENT_ADD_PROMOTION_CONTENT": "/PromotionContent/AddPromotionContent",
-  "PROMOTION_CONTENT_DELETE_PROMOTION_CONTENT": "/PromotionContent/DeletePromotionContent",
-  "PROMOTION_CONTENT_SELECT_PROMOTION_CONTENT_ALL": "/PromotionContent/SelectPromotionContentAll",
-  "PROMOTION_CONTENT_UPDATE_PROMOTION_CONTENT": "/PromotionContent/UpdatePromotionContent",
-  "RESER_DELETE_RESER_INFO": "/Reser/DeleteReserInfo",
-  "RESER_INSER_RESER_INFO": "/Reser/InserReserInfo",
-  "RESER_SELECT_RESER_ALL": "/Reser/SelectReserAll",
-  "RESER_SELECT_RESER_TYPE_ALL": "/Reser/SelectReserTypeAll",
-  "RESER_UPDATE_RESER_INFO": "/Reser/UpdateReserInfo",
-  "REWARD_PUNISHMENT_SELECT_ALL_REWARD_PUNISHMENT_BY_EMPLOYEE_ID": "/RewardPunishment/SelectAllRewardPunishmentByEmployeeId",
-  "ROLE_ASSIGN_ROLE_USERS": "/Role/AssignRoleUsers",
-  "ROLE_DELETE_ROLE": "/Role/DeleteRole",
-  "ROLE_GRANT_ROLE_PERMISSIONS": "/Role/GrantRolePermissions",
-  "ROLE_INSERT_ROLE": "/Role/InsertRole",
-  "ROLE_READ_ROLE_PERMISSIONS": "/Role/ReadRolePermissions",
-  "ROLE_READ_ROLE_USERS": "/Role/ReadRoleUsers",
-  "ROLE_SELECT_ROLE_LIST": "/Role/SelectRoleList",
-  "ROLE_UPDATE_ROLE": "/Role/UpdateRole",
-  "ROOM_DELETE_ROOM": "/Room/DeleteRoom",
-  "ROOM_INSERT_ROOM": "/Room/InsertRoom",
-  "ROOM_SELECT_CAN_USE_ROOM_ALL": "/Room/SelectCanUseRoomAll",
-  "ROOM_SELECT_ROOM_ALL": "/Room/SelectRoomAll",
-  "ROOM_UPDATE_ROOM": "/Room/UpdateRoom",
-  "ROOM_TYPE_DELETE_ROOM_TYPE": "/RoomType/DeleteRoomType",
-  "ROOM_TYPE_INSERT_ROOM_TYPE": "/RoomType/InsertRoomType",
-  "ROOM_TYPE_SELECT_ROOM_TYPES_ALL": "/RoomType/SelectRoomTypesAll",
-  "ROOM_TYPE_UPDATE_ROOM_TYPE": "/RoomType/UpdateRoomType",
-  "SELLTHING_DELETE_SELLTHING": "/Sellthing/DeleteSellthing",
-  "SELLTHING_INSERT_SELLTHING": "/Sellthing/InsertSellthing",
-  "SELLTHING_SELECT_SELLTHING_ALL": "/Sellthing/SelectSellthingAll",
-  "SELLTHING_UPDATE_SELLTHING": "/Sellthing/UpdateSellthing",
-  "SPEND_INSERT_SPEND_INFO": "/Spend/InsertSpendInfo",
-  "SPEND_SELECT_SPEND_INFO_ALL": "/Spend/SelectSpendInfoAll",
-  "SPEND_UPD_SPEND_INFO": "/Spend/UpdSpendInfo",
-  "SUPERVISION_STATISTICS_DELETE_SUPERVISION_STATISTICS": "/SupervisionStatistics/DeleteSupervisionStatistics",
-  "SUPERVISION_STATISTICS_INSERT_SUPERVISION_STATISTICS": "/SupervisionStatistics/InsertSupervisionStatistics",
-  "SUPERVISION_STATISTICS_SELECT_SUPERVISION_STATISTICS_ALL": "/SupervisionStatistics/SelectSupervisionStatisticsAll",
-  "SUPERVISION_STATISTICS_UPDATE_SUPERVISION_STATISTICS": "/SupervisionStatistics/UpdateSupervisionStatistics",
-  "UTILITY_DELETE_OPERATIONLOG": "/Utility/DeleteOperationlog",
-  "UTILITY_DELETE_OPERATIONLOG_BY_RANGE": "/Utility/DeleteOperationlogByRange",
-  "UTILITY_SELECT_CARD_CODE": "/Utility/SelectCardCode",
-  "UTILITY_SELECT_OPERATIONLOG_ALL": "/Utility/SelectOperationlogAll",
-  "UTILITY_SELECT_REQUESTLOG_ALL": "/Utility/SelectRequestlogAll",
-  "VIP_RULE_ADD_VIP_RULE": "/VipRule/AddVipRule",
-  "VIP_RULE_DEL_VIP_RULE": "/VipRule/DelVipRule",
-  "VIP_RULE_SELECT_VIP_RULE_LIST": "/VipRule/SelectVipRuleList",
-  "VIP_RULE_UPD_VIP_RULE": "/VipRule/UpdVipRule",
-  "VERSION": "/version"
-}
diff --git a/src/directives/permission.js b/src/directives/permission.js
index 516f64c..3bec722 100644
--- a/src/directives/permission.js
+++ b/src/directives/permission.js
@@ -3,6 +3,8 @@ import {
   isPermissionCacheInitialized,
 } from "@/utils/permission";
 
+const permStateMap = new WeakMap();
+
 /**
  * v-perm directive: supports both menu keys and button permission codes.
  * - accepts string or string[], e.g. v-perm="'system:role:grantrolepermissions'"
@@ -26,9 +28,10 @@ function hideElement(el) {
 }
 
 function restoreElement(el) {
+  const state = permStateMap.get(el);
   const originalDisplay =
-    el.__permState && typeof el.__permState.originalDisplay === "string"
-      ? el.__permState.originalDisplay
+    state && typeof state.originalDisplay === "string"
+      ? state.originalDisplay
       : "";
   el.style.display = originalDisplay;
   el.removeAttribute("data-permission-hidden");
@@ -66,23 +69,25 @@ export default {
       applyPermission(el, state.required, state.needAll);
     };
 
-    el.__permState = state;
+    permStateMap.set(el, state);
     window.addEventListener("permissions-updated", state.handler);
     state.handler();
   },
   updated(el, binding) {
-    if (!el.__permState) {
+    const state = permStateMap.get(el);
+    if (!state) {
       return;
     }
 
-    el.__permState.required = binding.value;
-    el.__permState.needAll = !!binding.modifiers.all;
-    applyPermission(el, el.__permState.required, el.__permState.needAll);
+    state.required = binding.value;
+    state.needAll = !!binding.modifiers.all;
+    applyPermission(el, state.required, state.needAll);
   },
   unmounted(el) {
-    if (el.__permState?.handler) {
-      window.removeEventListener("permissions-updated", el.__permState.handler);
+    const state = permStateMap.get(el);
+    if (state?.handler) {
+      window.removeEventListener("permissions-updated", state.handler);
     }
-    delete el.__permState;
+    permStateMap.delete(el);
   },
 };
diff --git a/src/layouts/MainLayout.vue b/src/layouts/MainLayout.vue
index e387884..4f24b48 100644
--- a/src/layouts/MainLayout.vue
+++ b/src/layouts/MainLayout.vue
@@ -282,6 +282,7 @@ import {
   getServerVersion,
 } from "../api/basicapi";
 import { clearRowVersionCache } from "@/api/baseapi";
+import { isPermissionDeniedErrorCode } from "@/common/errorCodes";
 import { decodeJwtPayload, getUserIdentity, isTokenExpired } from "@/utils/jwt";
 
 const serverVersion = ref("");
@@ -502,7 +503,7 @@ const isPermissionDeniedError = (error) => {
   const code = Number(
     error?.code || error?.Code || error?.response?.data?.Code || 0,
   );
-  if (code === 1402 || code === 1403 || code === 403) {
+  if (isPermissionDeniedErrorCode(code)) {
     return true;
   }
 
@@ -517,6 +518,22 @@ const getPermissionErrorMessage = () => {
     : translated;
 };
 
+const getLocalIdentityFallback = () => {
+  const candidates = [
+    localStorage.getItem("account"),
+    localStorage.getItem("username"),
+  ];
+
+  for (const candidate of candidates) {
+    const normalized = String(candidate || "").trim();
+    if (normalized) {
+      return normalized;
+    }
+  }
+
+  return "";
+};
+
 const fetchCurrentUserPermissionCodes = async () => {
   const permissionReadersByLoginType = {
     admin: {
@@ -537,14 +554,12 @@ const fetchCurrentUserPermissionCodes = async () => {
     permissionReadersByLoginType[loginType.value] ||
     permissionReadersByLoginType.admin;
 
-  const identity = getUserIdentity(
-    loginType.value,
-    localStorage.getItem("token") || "",
-  );
+  const identity =
+    getUserIdentity(loginType.value, localStorage.getItem("token") || "") ||
+    getLocalIdentityFallback();
 
   if (!identity) {
-    showWarningNotification(getPermissionErrorMessage());
-    return { ok: false, codes: [] };
+    return { ok: false, reason: "identity_missing", codes: [] };
   }
 
   try {
@@ -560,8 +575,16 @@ const fetchCurrentUserPermissionCodes = async () => {
 
     return { ok: true, codes: mergedCodes };
   } catch (error) {
-    showWarningNotification(getPermissionErrorMessage());
-    return { ok: false, codes: [] };
+    const reason = isPermissionDeniedError(error)
+      ? "permission_denied"
+      : "request_failed";
+
+    if (import.meta.env.DEV && reason === "request_failed") {
+      // eslint-disable-next-line no-console
+      console.warn("[Permissions] Failed to sync permission codes:", error);
+    }
+
+    return { ok: false, reason, codes: [] };
   }
 };
 
@@ -658,6 +681,15 @@ const refreshMenu = async () => {
       ? syncedPermissionCodes.codes
       : allowedPermListFromMenu;
 
+    const shouldShowPermissionWarning =
+      !syncedPermissionCodes.ok &&
+      syncedPermissionCodes.reason === "request_failed" &&
+      allowedPermList.length === 0;
+
+    if (shouldShowPermissionWarning) {
+      showWarningNotification(getPermissionErrorMessage());
+    }
+
     persistAllowedAccessCache(allowedMenuKeys, allowedPaths, allowedPermList);
     const currentPath = normalizePath(router.currentRoute.value.path);
     const hasDashboardPath = allowedPaths.some(
diff --git a/src/router/index.js b/src/router/index.js
index 30ad1c4..fad8274 100644
--- a/src/router/index.js
+++ b/src/router/index.js
@@ -341,13 +341,13 @@ const router = createRouter({
   routes,
 });
 
-router.beforeEach((to, from, next) => {
+router.beforeEach(async (to, from, next) => {
   if (to.meta.public) {
     return next();
   }
 
   if (to.matched.some((record) => record.meta.requiresAuth)) {
-    if (!checkTokenValidity()) {
+    if (!(await checkTokenValidity())) {
       return next({ name: "signin" });
     }
 
diff --git a/src/utils/auth.js b/src/utils/auth.js
index d4be519..8482fdc 100644
--- a/src/utils/auth.js
+++ b/src/utils/auth.js
@@ -1,10 +1,117 @@
 import router from "@/router";
+import api from "@/api";
 import { showErrorNotification } from "@/utils/index";
 import i18n from "@/i18n";
 import { signOut } from "@/api/basicapi";
 import { clearRowVersionCache } from "@/api/baseapi";
+import { API_ENDPOINTS } from "@/config/apiEndpoints";
+import {
+  API_SUCCESS_CODE,
+  HTTP_STATUS,
+  isPermissionDeniedBusinessCode,
+  isTokenInvalidBusinessCode,
+  normalizeCode,
+} from "@/common/errorCodes";
+import { BaseFields } from "@/entities/common.entity";
 import { isTokenExpired } from "@/utils/jwt";
 
+const TOKEN_VALIDATION_CACHE_TTL_MS = 60 * 1000;
+
+const tokenValidationCache = {
+  token: "",
+  valid: false,
+  validatedAt: 0,
+  pendingToken: "",
+  pendingPromise: null,
+};
+
+const clearTokenValidationCache = () => {
+  tokenValidationCache.token = "";
+  tokenValidationCache.valid = false;
+  tokenValidationCache.validatedAt = 0;
+  tokenValidationCache.pendingToken = "";
+  tokenValidationCache.pendingPromise = null;
+};
+
+const isTokenValidationCacheFresh = (token) => {
+  if (!token || tokenValidationCache.token !== token) {
+    return false;
+  }
+
+  return (
+    Date.now() - tokenValidationCache.validatedAt <=
+    TOKEN_VALIDATION_CACHE_TTL_MS
+  );
+};
+
+const isExplicitInvalidTokenError = (error) => {
+  const businessCode = normalizeCode(
+    error?.Code || error?.code || error?.response?.data?.Code,
+  );
+  const httpStatus = normalizeCode(error?.response?.status);
+  return (
+    isTokenInvalidBusinessCode(businessCode) ||
+    httpStatus === HTTP_STATUS.UNAUTHORIZED
+  );
+};
+
+const validateTokenWithServer = async (token) => {
+  if (!token) {
+    return false;
+  }
+
+  if (isTokenValidationCacheFresh(token)) {
+    return tokenValidationCache.valid;
+  }
+
+  if (
+    tokenValidationCache.pendingPromise &&
+    tokenValidationCache.pendingToken === token
+  ) {
+    return tokenValidationCache.pendingPromise;
+  }
+
+  const pendingPromise = (async () => {
+    try {
+      const response = await api.post(
+        API_ENDPOINTS.routes.MENU_BUILD_MENU_ALL,
+        { [BaseFields.USER_TOKEN]: token },
+        {
+          skipBusinessErrorHandling: true,
+          skipHttpErrorHandling: true,
+        },
+      );
+
+      const payload = response?.data || {};
+      const code = normalizeCode(payload?.Code);
+      const valid =
+        payload?.Success === true ||
+        code === API_SUCCESS_CODE ||
+        isPermissionDeniedBusinessCode(code);
+
+      tokenValidationCache.token = token;
+      tokenValidationCache.valid = valid;
+      tokenValidationCache.validatedAt = Date.now();
+      return valid;
+    } catch (error) {
+      const valid = !isExplicitInvalidTokenError(error);
+
+      tokenValidationCache.token = token;
+      tokenValidationCache.valid = valid;
+      tokenValidationCache.validatedAt = Date.now();
+      return valid;
+    } finally {
+      tokenValidationCache.pendingToken = "";
+      tokenValidationCache.pendingPromise = null;
+    }
+  })();
+
+  tokenValidationCache.pendingToken = token;
+  tokenValidationCache.pendingPromise = pendingPromise;
+
+  return pendingPromise;
+};
+
 export function redirectToLogin(
   message = i18n.global.t("message.loginExpired"),
   clearStorage = false,
@@ -12,6 +119,14 @@ export function redirectToLogin(
   if (clearStorage) {
     localStorage.removeItem("token");
     localStorage.removeItem("username");
+    localStorage.removeItem("account");
+    localStorage.removeItem("allowedPerms");
+    localStorage.removeItem("allowedPaths");
+    localStorage.removeItem("allowedMenuKeys");
+    localStorage.removeItem("allowedPathsToken");
+    localStorage.removeItem("allowedPathsExpire");
+    localStorage.removeItem("allowedPathsIssuedAt");
+    clearTokenValidationCache();
     clearRowVersionCache();
   }
 
@@ -35,6 +150,7 @@ export async function handleLogout() {
       localStorage.removeItem("allowedPathsToken");
       localStorage.removeItem("allowedPathsExpire");
       localStorage.removeItem("allowedPathsIssuedAt");
+      clearTokenValidationCache();
       clearRowVersionCache();
       router.push("/signin");
     }
@@ -43,13 +159,19 @@ export async function handleLogout() {
   }
 }
 
-export function checkTokenValidity(redirect = false) {
+export async function checkTokenValidity(redirect = false) {
   void redirect;
   const token = localStorage.getItem("token");
 
   if (!token) {
+    clearTokenValidationCache();
+    return false;
+  }
+
+  if (isTokenExpired(token, 300)) {
+    clearTokenValidationCache();
     return false;
   }
 
-  return !isTokenExpired(token, 300);
+  return validateTokenWithServer(token);
 }
diff --git a/src/utils/initialize.js b/src/utils/initialize.js
index 8fa4dbf..102efc0 100644
--- a/src/utils/initialize.js
+++ b/src/utils/initialize.js
@@ -28,7 +28,7 @@ export const initializeApplication = async () => {
 
     try {
       // 5. 验证 token 有效性
-      if (!checkTokenValidity(false)) {
+      if (!(await checkTokenValidity(false))) {
         // 不自动重定向，我们要自己控制
         localStorage.removeItem("token");
         localStorage.removeItem("username");
diff --git a/src/utils/jwt.js b/src/utils/jwt.js
index 3ad55d8..7d18444 100644
--- a/src/utils/jwt.js
+++ b/src/utils/jwt.js
@@ -52,6 +52,9 @@ export const decodeJwtPayload = (token) => {
   }
 
   try {
+    // SECURITY NOTICE:
+    // jwt-decode only parses payload and does NOT verify signature.
+    // Never trust decoded content for authentication/authorization decisions.
     return jwtDecode(normalizedToken);
   } catch (error) {
     return null;
diff --git a/src/utils/permission.js b/src/utils/permission.js
index 090da8b..9ad6e57 100644
--- a/src/utils/permission.js
+++ b/src/utils/permission.js
@@ -1,28 +1,43 @@
-export function getAllowedMenuKeys() {
+const PERMISSION_CACHE_KEYS = Object.freeze({
+  perms: "allowedPerms",
+  menuKeys: "allowedMenuKeys",
+});
+
+const readArrayCache = (key) => {
+  const raw = localStorage.getItem(key);
+  if (raw === null) {
+    return { exists: false, valid: false, value: [] };
+  }
+
   try {
-    const raw = localStorage.getItem("allowedMenuKeys");
-    const parsed = raw ? JSON.parse(raw) : [];
-    return Array.isArray(parsed) ? parsed : [];
+    const parsed = JSON.parse(raw);
+    if (Array.isArray(parsed)) {
+      return { exists: true, valid: true, value: parsed };
+    }
+    return { exists: true, valid: false, value: [] };
   } catch {
-    return [];
+    return { exists: true, valid: false, value: [] };
   }
+};
+
+export function getAllowedMenuKeys() {
+  return readArrayCache(PERMISSION_CACHE_KEYS.menuKeys).value;
 }
 
 export function getAllowedPerms() {
-  try {
-    const raw = localStorage.getItem("allowedPerms");
-    const parsed = raw ? JSON.parse(raw) : [];
-    return Array.isArray(parsed) ? parsed : [];
-  } catch {
-    return [];
-  }
+  return readArrayCache(PERMISSION_CACHE_KEYS.perms).value;
 }
 
 export function isPermissionCacheInitialized() {
-  return (
-    localStorage.getItem("allowedPerms") !== null ||
-    localStorage.getItem("allowedMenuKeys") !== null
-  );
+  const perms = readArrayCache(PERMISSION_CACHE_KEYS.perms);
+  const menuKeys = readArrayCache(PERMISSION_CACHE_KEYS.menuKeys);
+
+  if (!perms.exists && !menuKeys.exists) {
+    return false;
+  }
+
+  // Valid empty arrays still mean "initialized" (user may legitimately have no permissions).
+  return perms.valid || menuKeys.valid;
 }
 
 /**
diff --git a/src/views/home/HomeView.vue b/src/views/home/HomeView.vue
index ba2327f..9ece0ee 100644
--- a/src/views/home/HomeView.vue
+++ b/src/views/home/HomeView.vue
@@ -167,6 +167,7 @@ import { useI18n } from "vue-i18n";
 import { fetchAdmins } from "@/api/administratorapi";
 import { getServerVersion } from "@/api/basicapi";
 import { fetchEmployeeDetail, fetchEmployees } from "@/api/employeeapi";
+import { isPermissionDeniedErrorCode } from "@/common/errorCodes";
 import { resolveErrorMessage } from "@/common/errorHandler";
 import { AdministratorFields } from "@/entities/administrator.entity";
 import { BaseFields } from "@/entities/common.entity";
@@ -221,7 +222,7 @@ const isPermissionDeniedError = (error) => {
   const code = Number(
     error?.code || error?.Code || error?.response?.data?.Code || 0,
   );
-  if (code === 1402 || code === 1403 || code === 403) {
+  if (isPermissionDeniedErrorCode(code)) {
     return true;
   }
 
-- 
Gitee


From fd387824f25a9a3d49071cc115de5625f2edf257 Mon Sep 17 00:00:00 2001
From: ck_yeun9 <jackson@oscode.top>
Date: Wed, 18 Feb 2026 01:05:00 +0800
Subject: [PATCH 08/10] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E9=98=BB=E6=96=AD?=
 =?UTF-8?q?=E9=A1=B9?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/api/baseapi.js | 195 ++++++++++++++++++++++++++++++++++++++++++++-
 src/utils/auth.js  |  96 +++++++++++++++-------
 src/utils/csrf.js  |  13 +--
 3 files changed, 268 insertions(+), 36 deletions(-)

diff --git a/src/api/baseapi.js b/src/api/baseapi.js
index 3adfae4..adb0a09 100644
--- a/src/api/baseapi.js
+++ b/src/api/baseapi.js
@@ -11,6 +11,11 @@ const ROW_VERSION_CONFLICT_MESSAGE =
   "Data has changed, please refresh and retry";
 const ROW_VERSION_CONFLICT_HINT = "数据已变更，请刷新后重试";
 
+const IDEMPOTENCY_KEY_HEADER = "Idempotency-Key";
+const CSRF_TOKEN_HEADER = "X-CSRF-TOKEN-HEADER";
+const NON_IDEMPOTENT_METHODS = new Set(["post", "put", "patch"]);
+const IDEMPOTENT_METHODS = new Set(["get", "head", "options", "delete"]);
+
 // entityKey -> { rows: Map<recordId, rowVersion>, touchedAt: number }
 const rowVersionCache = new Map();
 
@@ -421,26 +426,206 @@ const attachRowVersionFromCache = (config) => {
   return config;
 };
 
+const getNormalizedMethod = (method) =>
+  String(method || "get")
+    .trim()
+    .toLowerCase();
+
+const isNonIdempotentRequest = (config) =>
+  NON_IDEMPOTENT_METHODS.has(getNormalizedMethod(config?.method));
+
+const cloneRequestData = (data) => {
+  if (data === null || data === undefined) {
+    return data;
+  }
+
+  if (typeof FormData !== "undefined" && data instanceof FormData) {
+    const cloned = new FormData();
+    data.forEach((value, key) => {
+      cloned.append(key, value);
+    });
+    return cloned;
+  }
+
+  if (
+    typeof URLSearchParams !== "undefined" &&
+    data instanceof URLSearchParams
+  ) {
+    return new URLSearchParams(data.toString());
+  }
+
+  if (typeof structuredClone === "function") {
+    try {
+      return structuredClone(data);
+    } catch {
+      // Fallback below.
+    }
+  }
+
+  if (typeof data === "object") {
+    try {
+      return JSON.parse(JSON.stringify(data));
+    } catch {
+      // Keep original when cloning is not possible.
+    }
+  }
+
+  return data;
+};
+
+const cacheRawRequestData = (config) => {
+  if (!config || Object.prototype.hasOwnProperty.call(config, "__rawRequestData")) {
+    return config;
+  }
+
+  config.__rawRequestData = cloneRequestData(config.data);
+  return config;
+};
+
+const restoreRawRequestData = (config) => {
+  if (!config || !Object.prototype.hasOwnProperty.call(config, "__rawRequestData")) {
+    return config;
+  }
+
+  config.data = cloneRequestData(config.__rawRequestData);
+  return config;
+};
+
+const ensureHeaders = (config) => {
+  config.headers ||= {};
+  return config.headers;
+};
+
+const setHeaderValue = (config, headerName, headerValue) => {
+  const headers = ensureHeaders(config);
+  if (typeof headers.set === "function") {
+    headers.set(headerName, headerValue);
+    return;
+  }
+
+  headers[headerName] = headerValue;
+};
+
+const getHeaderValue = (config, headerName) => {
+  const headers = config?.headers;
+  if (!headers) {
+    return "";
+  }
+
+  if (typeof headers.get === "function") {
+    return (
+      headers.get(headerName) || headers.get(headerName.toLowerCase()) || ""
+    );
+  }
+
+  const direct =
+    headers[headerName] ||
+    headers[headerName.toLowerCase()] ||
+    headers[headerName.toUpperCase()];
+  if (direct) {
+    return direct;
+  }
+
+  const matchedKey = Object.keys(headers).find(
+    (key) => key.toLowerCase() === headerName.toLowerCase(),
+  );
+  return matchedKey ? headers[matchedKey] : "";
+};
+
+const generateIdempotencyKey = () => {
+  if (
+    typeof crypto !== "undefined" &&
+    typeof crypto.randomUUID === "function"
+  ) {
+    return crypto.randomUUID();
+  }
+
+  return `idem-${Date.now()}-${Math.random().toString(16).slice(2)}`;
+};
+
+const attachIdempotencyKey = (config) => {
+  if (!isNonIdempotentRequest(config)) {
+    return config;
+  }
+
+  const existingKey = String(
+    config.__idempotencyKey || getHeaderValue(config, IDEMPOTENCY_KEY_HEADER) || "",
+  ).trim();
+  const idempotencyKey = existingKey || generateIdempotencyKey();
+
+  config.__idempotencyKey = idempotencyKey;
+  setHeaderValue(config, IDEMPOTENCY_KEY_HEADER, idempotencyKey);
+  return config;
+};
+
+const canRetryRequest = (config) => {
+  const method = getNormalizedMethod(config?.method);
+
+  if (IDEMPOTENT_METHODS.has(method)) {
+    return true;
+  }
+  if (!NON_IDEMPOTENT_METHODS.has(method)) {
+    return false;
+  }
+
+  const idempotencyKey = String(
+    config?.__idempotencyKey ||
+      getHeaderValue(config, IDEMPOTENCY_KEY_HEADER) ||
+      "",
+  ).trim();
+
+  // Non-idempotent requests are retried only when a stable idempotency key exists.
+  return idempotencyKey.length > 0;
+};
+
+const refreshRetrySensitiveFields = async (config, error) => {
+  restoreRawRequestData(config);
+
+  const statusCode = Number(error?.response?.status || 0);
+  const shouldRefreshCsrf = isNonIdempotentRequest(config) || statusCode === 403;
+
+  if (shouldRefreshCsrf) {
+    try {
+      await csrfTokenManager.refreshToken({ silent: true });
+    } catch {
+      // Keep fallback path below with existing token/cookie value.
+    }
+  }
+
+  const csrfToken = csrfTokenManager.getToken();
+  if (csrfToken) {
+    setHeaderValue(config, CSRF_TOKEN_HEADER, csrfToken);
+  }
+};
+
 const setAuthorizationHeader = (config) => {
   const token = localStorage.getItem("token");
   if (token) {
-    config.headers.Authorization = `Bearer ${token}`;
+    setHeaderValue(config, "Authorization", `Bearer ${token}`);
   }
   return config;
 };
 
 const retryRequest = async (error) => {
-  const failedRequest = error.config;
+  const failedRequest = error?.config;
+  if (!failedRequest) {
+    return Promise.reject(error);
+  }
 
   if (failedRequest._retry) {
     return Promise.reject(error);
   }
 
+  if (!canRetryRequest(failedRequest)) {
+    return Promise.reject(error);
+  }
+
   failedRequest._retry = true;
+  await refreshRetrySensitiveFields(failedRequest, error);
 
   const token = localStorage.getItem("token");
   if (token) {
-    failedRequest.headers.Authorization = `Bearer ${token}`;
+    setHeaderValue(failedRequest, "Authorization", `Bearer ${token}`);
     return api(failedRequest);
   }
 
@@ -470,12 +655,14 @@ api.interceptors.request.use(
       pruneRowVersionCache();
     }
 
+    config = cacheRawRequestData(config);
     config = setAuthorizationHeader(config);
+    config = attachIdempotencyKey(config);
     config = attachRowVersionFromCache(config);
 
     const csrfToken = csrfTokenManager.getToken();
     if (csrfToken) {
-      config.headers["X-CSRF-TOKEN-HEADER"] = csrfToken;
+      setHeaderValue(config, CSRF_TOKEN_HEADER, csrfToken);
     }
 
     return config;
diff --git a/src/utils/auth.js b/src/utils/auth.js
index 8482fdc..1e0fe1c 100644
--- a/src/utils/auth.js
+++ b/src/utils/auth.js
@@ -16,6 +16,8 @@ import { BaseFields } from "@/entities/common.entity";
 import { isTokenExpired } from "@/utils/jwt";
 
 const TOKEN_VALIDATION_CACHE_TTL_MS = 60 * 1000;
+const TOKEN_VALIDATION_MAX_ATTEMPTS = 3;
+const TOKEN_VALIDATION_RETRY_BASE_DELAY_MS = 300;
 
 const tokenValidationCache = {
   token: "",
@@ -33,6 +35,13 @@ const clearTokenValidationCache = () => {
   tokenValidationCache.pendingPromise = null;
 };
 
+const saveTokenValidationResult = (token, valid) => {
+  tokenValidationCache.token = token;
+  tokenValidationCache.valid = valid;
+  tokenValidationCache.validatedAt = Date.now();
+  return valid;
+};
+
 const isTokenValidationCacheFresh = (token) => {
   if (!token || tokenValidationCache.token !== token) {
     return false;
@@ -55,6 +64,27 @@ const isExplicitInvalidTokenError = (error) => {
   );
 };
 
+const isRetryableTokenValidationError = (error) => {
+  if (isExplicitInvalidTokenError(error)) {
+    return false;
+  }
+
+  const httpStatus = normalizeCode(error?.response?.status);
+  if (!httpStatus) {
+    return true;
+  }
+
+  return httpStatus >= 500;
+};
+
+const getTokenValidationRetryDelayMs = (attempt) =>
+  TOKEN_VALIDATION_RETRY_BASE_DELAY_MS * 2 ** Math.max(0, attempt - 1);
+
+const sleep = (delayMs) =>
+  new Promise((resolve) => {
+    setTimeout(resolve, delayMs);
+  });
+
 const validateTokenWithServer = async (token) => {
   if (!token) {
     return false;
@@ -73,33 +103,45 @@ const validateTokenWithServer = async (token) => {
 
   const pendingPromise = (async () => {
     try {
-      const response = await api.post(
-        API_ENDPOINTS.routes.MENU_BUILD_MENU_ALL,
-        { [BaseFields.USER_TOKEN]: token },
-        {
-          skipBusinessErrorHandling: true,
-          skipHttpErrorHandling: true,
-        },
-      );
-
-      const payload = response?.data || {};
-      const code = normalizeCode(payload?.Code);
-      const valid =
-        payload?.Success === true ||
-        code === API_SUCCESS_CODE ||
-        isPermissionDeniedBusinessCode(code);
-
-      tokenValidationCache.token = token;
-      tokenValidationCache.valid = valid;
-      tokenValidationCache.validatedAt = Date.now();
-      return valid;
-    } catch (error) {
-      const valid = !isExplicitInvalidTokenError(error);
-
-      tokenValidationCache.token = token;
-      tokenValidationCache.valid = valid;
-      tokenValidationCache.validatedAt = Date.now();
-      return valid;
+      for (
+        let attempt = 1;
+        attempt <= TOKEN_VALIDATION_MAX_ATTEMPTS;
+        attempt += 1
+      ) {
+        try {
+          const response = await api.post(
+            API_ENDPOINTS.routes.MENU_BUILD_MENU_ALL,
+            { [BaseFields.USER_TOKEN]: token },
+            {
+              skipBusinessErrorHandling: true,
+              skipHttpErrorHandling: true,
+            },
+          );
+
+          const payload = response?.data || {};
+          const code = normalizeCode(payload?.Code);
+          const valid =
+            payload?.Success === true ||
+            code === API_SUCCESS_CODE ||
+            isPermissionDeniedBusinessCode(code);
+
+          return saveTokenValidationResult(token, valid);
+        } catch (error) {
+          const retryable = isRetryableTokenValidationError(error);
+          const hasRemainingAttempts = attempt < TOKEN_VALIDATION_MAX_ATTEMPTS;
+
+          if (retryable && hasRemainingAttempts) {
+            await sleep(getTokenValidationRetryDelayMs(attempt));
+            continue;
+          }
+
+          // Permission-related failures still indicate a valid login session.
+          const valid = retryable ? false : !isExplicitInvalidTokenError(error);
+          return saveTokenValidationResult(token, valid);
+        }
+      }
+
+      return saveTokenValidationResult(token, false);
     } finally {
       tokenValidationCache.pendingToken = "";
       tokenValidationCache.pendingPromise = null;
diff --git a/src/utils/csrf.js b/src/utils/csrf.js
index 3d47b40..a4a8cf9 100644
--- a/src/utils/csrf.js
+++ b/src/utils/csrf.js
@@ -76,7 +76,8 @@ class CsrfTokenManager {
     }
   }
 
-  async refreshToken() {
+  async refreshToken(options = {}) {
+    const { silent = false } = options || {};
     if (this.isRefreshing) {
       return new Promise((resolve) => {
         this.subscribers.push((token) => {
@@ -118,10 +119,12 @@ class CsrfTokenManager {
 
       return this.token;
     } catch (error) {
-      showErrorNotification(
-        i18n.global.t("message.verifyCsrfTokenFailed"),
-        error,
-      );
+      if (!silent) {
+        showErrorNotification(
+          i18n.global.t("message.verifyCsrfTokenFailed"),
+          error,
+        );
+      }
       throw error;
     } finally {
       this.isRefreshing = false;
-- 
Gitee


From 94adacbf162204dec466980037cfce1a2a88b89a Mon Sep 17 00:00:00 2001
From: ck_yeun9 <jackson@oscode.top>
Date: Wed, 18 Feb 2026 01:32:34 +0800
Subject: [PATCH 09/10] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E9=98=BB=E6=96=AD?=
 =?UTF-8?q?=E9=A1=B9=E3=80=82=20=E4=BC=98=E5=8C=96=E6=94=B9=E8=BF=9B?=
 =?UTF-8?q?=E9=A1=B9=E3=80=82?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/api/baseapi.js          |  10 +--
 src/common/errorHandler.js  |   3 +-
 src/layouts/MainLayout.vue  |  24 ++++---
 src/router/index.js         |  11 +--
 src/utils/auth.js           |   9 +--
 src/utils/initialize.js     |   5 +-
 src/utils/tokenStorage.js   | 133 ++++++++++++++++++++++++++++++++++++
 src/views/SignInView.vue    |   3 +-
 src/views/home/HomeView.vue |   7 +-
 9 files changed, 177 insertions(+), 28 deletions(-)
 create mode 100644 src/utils/tokenStorage.js

diff --git a/src/api/baseapi.js b/src/api/baseapi.js
index adb0a09..6644bd4 100644
--- a/src/api/baseapi.js
+++ b/src/api/baseapi.js
@@ -1,6 +1,8 @@
 import axios from "axios";
 import { csrfTokenManager } from "@/utils/csrf";
 import { handleApiError, handleHttpError } from "@/common/errorHandler";
+import { ERROR_CODES } from "@/common/errorCodes";
+import { getStoredToken } from "@/utils/tokenStorage";
 
 const ACTION_PREFIX_REGEX =
   /^(Select|GetAll|Get|Build|Read|Insert|Add|Create|Update|Upd|Delete|Del)/i;
@@ -394,7 +396,7 @@ const attachRowVersionFromCache = (config) => {
       const conflictError = new Error(
         ROW_VERSION_CONFLICT_HINT || ROW_VERSION_CONFLICT_MESSAGE,
       );
-      conflictError.code = 1409;
+      conflictError.code = ERROR_CODES.CONCURRENCY_CONFLICT;
       conflictError.data = { unresolvedIds };
       throw conflictError;
     }
@@ -599,7 +601,7 @@ const refreshRetrySensitiveFields = async (config, error) => {
 };
 
 const setAuthorizationHeader = (config) => {
-  const token = localStorage.getItem("token");
+  const token = getStoredToken();
   if (token) {
     setHeaderValue(config, "Authorization", `Bearer ${token}`);
   }
@@ -623,7 +625,7 @@ const retryRequest = async (error) => {
   failedRequest._retry = true;
   await refreshRetrySensitiveFields(failedRequest, error);
 
-  const token = localStorage.getItem("token");
+  const token = getStoredToken();
   if (token) {
     setHeaderValue(failedRequest, "Authorization", `Bearer ${token}`);
     return api(failedRequest);
@@ -648,7 +650,7 @@ const toBusinessErrorPayload = (error) => {
 
 api.interceptors.request.use(
   async (config) => {
-    const token = localStorage.getItem("token");
+    const token = getStoredToken();
     if (!token && rowVersionCache.size > 0) {
       clearRowVersionCache();
     } else {
diff --git a/src/common/errorHandler.js b/src/common/errorHandler.js
index 44441d7..019ec5b 100644
--- a/src/common/errorHandler.js
+++ b/src/common/errorHandler.js
@@ -1,6 +1,7 @@
 import i18n from "@/i18n";
 import { showErrorNotification, showWarningNotification } from "@/utils";
 import { redirectToLogin, handleLogout } from "@/utils/auth";
+import { getStoredToken } from "@/utils/tokenStorage";
 import {
   ERROR_CODES,
   HTTP_STATUS,
@@ -106,7 +107,7 @@ export function handleApiError(resData, response) {
     isTokenInvalidBusinessCode(code) ||
     (typeof message === "string" && message.includes("Token"))
   ) {
-    const token = localStorage.getItem("token");
+    const token = getStoredToken();
     if (!token) {
       // 没有 token，直接跳转登录并显示后端消息（如果有）
       redirectToLogin(backendMessage || i18n.global.t("message.loginExpired"));
diff --git a/src/layouts/MainLayout.vue b/src/layouts/MainLayout.vue
index 4f24b48..66803ac 100644
--- a/src/layouts/MainLayout.vue
+++ b/src/layouts/MainLayout.vue
@@ -284,6 +284,11 @@ import {
 import { clearRowVersionCache } from "@/api/baseapi";
 import { isPermissionDeniedErrorCode } from "@/common/errorCodes";
 import { decodeJwtPayload, getUserIdentity, isTokenExpired } from "@/utils/jwt";
+import {
+  clearStoredToken,
+  getStoredToken,
+  getStoredTokenCacheKey,
+} from "@/utils/tokenStorage";
 
 const serverVersion = ref("");
 
@@ -476,8 +481,9 @@ const persistAllowedAccessCache = (
   localStorage.setItem("allowedPaths", JSON.stringify(allowedPaths));
   localStorage.setItem("allowedPerms", JSON.stringify(allowedPerms));
 
-  const currentToken = localStorage.getItem("token") || "";
-  localStorage.setItem("allowedPathsToken", currentToken);
+  const currentToken = getStoredToken();
+  const currentTokenCacheKey = getStoredTokenCacheKey();
+  localStorage.setItem("allowedPathsToken", currentTokenCacheKey);
 
   const tokenPayload = decodeJwtPayload(currentToken);
   const tokenIssuedAt = Number(tokenPayload?.iat);
@@ -555,7 +561,7 @@ const fetchCurrentUserPermissionCodes = async () => {
     permissionReadersByLoginType.admin;
 
   const identity =
-    getUserIdentity(loginType.value, localStorage.getItem("token") || "") ||
+    getUserIdentity(loginType.value, getStoredToken()) ||
     getLocalIdentityFallback();
 
   if (!identity) {
@@ -638,7 +644,7 @@ const selectedKeys = computed(() => {
 const refreshMenu = async () => {
   try {
     const menuItems = await fetchMenusTree({
-      [BaseFields.USER_TOKEN]: localStorage.getItem("token"),
+      [BaseFields.USER_TOKEN]: getStoredToken(),
     });
     const currentOpenKeys = [...openKeys.value];
 
@@ -965,7 +971,8 @@ const handleDisableTwoFactor = async () => {
 };
 
 const checkLoginStatus = () => {
-  const storedToken = localStorage.getItem("token") || "";
+  const storedToken = getStoredToken();
+  const storedTokenCacheKey = getStoredTokenCacheKey();
 
   if (storedToken && !isTokenExpired(storedToken)) {
     isLoggedIn.value = true;
@@ -980,7 +987,8 @@ const checkLoginStatus = () => {
     const now = Math.floor(Date.now() / 1000);
 
     const isAllowedTokenMismatch =
-      cachedAllowedToken.length > 0 && cachedAllowedToken !== storedToken;
+      cachedAllowedToken.length > 0 &&
+      cachedAllowedToken !== storedTokenCacheKey;
     const isAllowedCacheExpired =
       Number.isFinite(cachedAllowedExpireAt) && cachedAllowedExpireAt <= now;
     const isAllowedExpireMismatch =
@@ -1008,7 +1016,7 @@ const checkLoginStatus = () => {
   loginType.value = "admin";
   allowedPermissionCodes.value = [];
   username.value = "";
-  localStorage.removeItem("token");
+  clearStoredToken();
   localStorage.removeItem("username");
   localStorage.removeItem("account");
   localStorage.removeItem("loginType");
@@ -1022,7 +1030,7 @@ const logout = async () => {
     showErrorNotification(response.Message || t("message.logoutFailed"));
     return;
   }
-  localStorage.removeItem("token");
+  clearStoredToken();
   localStorage.removeItem("username");
   localStorage.removeItem("account");
   localStorage.removeItem("loginType");
diff --git a/src/router/index.js b/src/router/index.js
index fad8274..42250f6 100644
--- a/src/router/index.js
+++ b/src/router/index.js
@@ -3,6 +3,7 @@ import { checkTokenValidity } from "../utils/auth";
 import { getPageTitle } from "@/utils/pageTitle";
 import i18n from "@/i18n";
 import { hasPermission } from "@/utils/permission";
+import { getStoredTokenCacheKey } from "@/utils/tokenStorage";
 
 const normalizePath = (path) => (path || "").replace(/\/$/, "");
 
@@ -11,8 +12,8 @@ const canAccessDashboardFromCache = () => {
     return false;
   }
 
-  const currentToken = localStorage.getItem("token") || "";
-  if (!currentToken) {
+  const currentTokenCacheKey = getStoredTokenCacheKey();
+  if (!currentTokenCacheKey) {
     return false;
   }
 
@@ -23,7 +24,7 @@ const canAccessDashboardFromCache = () => {
   const hasAllowedPathsCache =
     rawAllowedPaths !== null &&
     allowedPathsToken.length > 0 &&
-    allowedPathsToken === currentToken &&
+    allowedPathsToken === currentTokenCacheKey &&
     Number.isFinite(allowedPathsExpire) &&
     allowedPathsExpire > now;
 
@@ -369,7 +370,7 @@ router.beforeEach(async (to, from, next) => {
 
       // 基于后端返回的菜单（权限）结果做前端路由访问控制（路径白名单）
       const raw = localStorage.getItem("allowedPaths");
-      const currentToken = localStorage.getItem("token") || "";
+      const currentTokenCacheKey = getStoredTokenCacheKey();
       const allowedPathsToken = localStorage.getItem("allowedPathsToken") || "";
       const allowedPathsExpire = Number(
         localStorage.getItem("allowedPathsExpire"),
@@ -378,7 +379,7 @@ router.beforeEach(async (to, from, next) => {
       const hasAllowedPathsCache =
         raw !== null &&
         allowedPathsToken.length > 0 &&
-        allowedPathsToken === currentToken &&
+        allowedPathsToken === currentTokenCacheKey &&
         Number.isFinite(allowedPathsExpire) &&
         allowedPathsExpire > now;
       const parsed = raw ? JSON.parse(raw) : [];
diff --git a/src/utils/auth.js b/src/utils/auth.js
index 1e0fe1c..40e5924 100644
--- a/src/utils/auth.js
+++ b/src/utils/auth.js
@@ -14,6 +14,7 @@ import {
 } from "@/common/errorCodes";
 import { BaseFields } from "@/entities/common.entity";
 import { isTokenExpired } from "@/utils/jwt";
+import { clearStoredToken, getStoredToken } from "@/utils/tokenStorage";
 
 const TOKEN_VALIDATION_CACHE_TTL_MS = 60 * 1000;
 const TOKEN_VALIDATION_MAX_ATTEMPTS = 3;
@@ -159,7 +160,7 @@ export function redirectToLogin(
   clearStorage = false,
 ) {
   if (clearStorage) {
-    localStorage.removeItem("token");
+    clearStoredToken();
     localStorage.removeItem("username");
     localStorage.removeItem("account");
     localStorage.removeItem("allowedPerms");
@@ -180,10 +181,10 @@ export function redirectToLogin(
 
 export async function handleLogout() {
   try {
-    const token = localStorage.getItem("token");
+    const token = getStoredToken();
     if (token) {
       await signOut();
-      localStorage.removeItem("token");
+      clearStoredToken();
       localStorage.removeItem("username");
       localStorage.removeItem("account");
       localStorage.removeItem("allowedPerms");
@@ -203,7 +204,7 @@ export async function handleLogout() {
 
 export async function checkTokenValidity(redirect = false) {
   void redirect;
-  const token = localStorage.getItem("token");
+  const token = getStoredToken();
 
   if (!token) {
     clearTokenValidationCache();
diff --git a/src/utils/initialize.js b/src/utils/initialize.js
index 102efc0..82cb93c 100644
--- a/src/utils/initialize.js
+++ b/src/utils/initialize.js
@@ -1,6 +1,7 @@
 import { checkTokenValidity, redirectToLogin } from "./auth";
 import { csrfTokenManager } from "./csrf";
 import router from "@/router";
+import { clearStoredToken, getStoredToken } from "@/utils/tokenStorage";
 
 export const initializeApplication = async () => {
   try {
@@ -20,7 +21,7 @@ export const initializeApplication = async () => {
     }
 
     // 4. 获取并验证 JWT token
-    const token = localStorage.getItem("token");
+    const token = getStoredToken();
     if (!token) {
       redirectToLogin("请先登录", false); // 不清除存储，因为本来就没有token
       return;
@@ -30,7 +31,7 @@ export const initializeApplication = async () => {
       // 5. 验证 token 有效性
       if (!(await checkTokenValidity(false))) {
         // 不自动重定向，我们要自己控制
-        localStorage.removeItem("token");
+        clearStoredToken();
         localStorage.removeItem("username");
         redirectToLogin("登录已过期，请重新登录", true); // 清除无效的token
         return;
diff --git a/src/utils/tokenStorage.js b/src/utils/tokenStorage.js
new file mode 100644
index 0000000..e44b6f2
--- /dev/null
+++ b/src/utils/tokenStorage.js
@@ -0,0 +1,133 @@
+const TOKEN_STORAGE_KEY = "token";
+const TOKEN_STORAGE_PREFIX = "obf:v1:";
+
+const getLocalStorage = () => {
+  if (typeof window === "undefined") {
+    return null;
+  }
+
+  try {
+    return window.localStorage;
+  } catch {
+    return null;
+  }
+};
+
+const normalizeToken = (value) =>
+  typeof value === "string" ? value.trim() : "";
+
+const reverseText = (value) => value.split("").reverse().join("");
+
+const encodeBase64 = (value) => btoa(value);
+const decodeBase64 = (value) => atob(value);
+
+export const obscureToken = (token) => {
+  const normalized = normalizeToken(token);
+  if (!normalized) {
+    return "";
+  }
+
+  return `${TOKEN_STORAGE_PREFIX}${encodeBase64(reverseText(normalized))}`;
+};
+
+export const unobscureToken = (storedValue) => {
+  const normalized = normalizeToken(storedValue);
+  if (!normalized) {
+    return "";
+  }
+
+  if (!normalized.startsWith(TOKEN_STORAGE_PREFIX)) {
+    return normalized;
+  }
+
+  const payload = normalized.slice(TOKEN_STORAGE_PREFIX.length);
+  if (!payload) {
+    return "";
+  }
+
+  try {
+    return reverseText(decodeBase64(payload));
+  } catch {
+    return "";
+  }
+};
+
+const migrateLegacyTokenIfNeeded = (storage, rawToken, token) => {
+  if (!storage || !rawToken || !token) {
+    return;
+  }
+
+  if (!rawToken.startsWith(TOKEN_STORAGE_PREFIX)) {
+    storage.setItem(TOKEN_STORAGE_KEY, obscureToken(token));
+  }
+};
+
+export const getStoredToken = () => {
+  const storage = getLocalStorage();
+  if (!storage) {
+    return "";
+  }
+
+  const rawToken = normalizeToken(storage.getItem(TOKEN_STORAGE_KEY));
+  if (!rawToken) {
+    return "";
+  }
+
+  const token = unobscureToken(rawToken);
+  if (!token) {
+    storage.removeItem(TOKEN_STORAGE_KEY);
+    return "";
+  }
+
+  migrateLegacyTokenIfNeeded(storage, rawToken, token);
+  return token;
+};
+
+export const getStoredTokenCacheKey = () => {
+  const storage = getLocalStorage();
+  if (!storage) {
+    return "";
+  }
+
+  const rawToken = normalizeToken(storage.getItem(TOKEN_STORAGE_KEY));
+  if (!rawToken) {
+    return "";
+  }
+
+  const token = unobscureToken(rawToken);
+  if (!token) {
+    storage.removeItem(TOKEN_STORAGE_KEY);
+    return "";
+  }
+
+  const cacheKey = rawToken.startsWith(TOKEN_STORAGE_PREFIX)
+    ? rawToken
+    : obscureToken(token);
+  migrateLegacyTokenIfNeeded(storage, rawToken, token);
+  return cacheKey;
+};
+
+export const setStoredToken = (token) => {
+  const storage = getLocalStorage();
+  if (!storage) {
+    return;
+  }
+
+  const normalized = normalizeToken(token);
+  if (!normalized) {
+    storage.removeItem(TOKEN_STORAGE_KEY);
+    return;
+  }
+
+  storage.setItem(TOKEN_STORAGE_KEY, obscureToken(normalized));
+};
+
+export const clearStoredToken = () => {
+  const storage = getLocalStorage();
+  if (!storage) {
+    return;
+  }
+
+  storage.removeItem(TOKEN_STORAGE_KEY);
+};
+
diff --git a/src/views/SignInView.vue b/src/views/SignInView.vue
index 9732c15..a698c24 100644
--- a/src/views/SignInView.vue
+++ b/src/views/SignInView.vue
@@ -128,6 +128,7 @@ import {
 } from "../api/basicapi";
 import { clearRowVersionCache } from "@/api/baseapi";
 import { useI18n } from "vue-i18n";
+import { setStoredToken } from "@/utils/tokenStorage";
 
 const { t, locale } = useI18n();
 const currentLocale = ref(locale.value);
@@ -212,7 +213,7 @@ const clearPermissionCache = () => {
 const persistLoginData = async (userData, loginType) => {
   clearPermissionCache();
   clearRowVersionCache();
-  localStorage.setItem("token", userData.UserToken);
+  setStoredToken(userData.UserToken);
   localStorage.setItem(
     "username",
     userData.Name || userData.UserName || userData.Username || form.Account,
diff --git a/src/views/home/HomeView.vue b/src/views/home/HomeView.vue
index 9ece0ee..2d50ee4 100644
--- a/src/views/home/HomeView.vue
+++ b/src/views/home/HomeView.vue
@@ -174,6 +174,7 @@ import { BaseFields } from "@/entities/common.entity";
 import { EmployeeFields } from "@/entities/employee.entity";
 import { formatDate, formatDateTime, showErrorNotification } from "@/utils";
 import { decodeJwtPayload, getUserIdentity } from "@/utils/jwt";
+import { getStoredToken } from "@/utils/tokenStorage";
 
 const { t, locale } = useI18n();
 
@@ -357,7 +358,7 @@ const pickAdminFromItems = (items, keyword) => {
 };
 
 const resolveEmployeeId = async () => {
-  const token = localStorage.getItem("token") || "";
+  const token = getStoredToken();
   const payload = decodeJwtPayload(token) || {};
   const tokenIdentity = getUserIdentity("employee", token);
 
@@ -422,7 +423,7 @@ const loadEmployeeProfile = async () => {
 
 const loadAdminProfile = async () => {
   try {
-    const token = localStorage.getItem("token") || "";
+    const token = getStoredToken();
     const payload = decodeJwtPayload(token) || {};
     const tokenIdentity = getUserIdentity("admin", token);
 
@@ -475,7 +476,7 @@ const loadAdminProfile = async () => {
 };
 
 const loadEnvironmentInfo = async () => {
-  const token = localStorage.getItem("token") || "";
+  const token = getStoredToken();
   const payload = decodeJwtPayload(token) || {};
 
   const tokenIssuedAt = Number(payload?.iat);
-- 
Gitee


From d0ea6ff20eeaea88832276f6486c1cfd643ef76f Mon Sep 17 00:00:00 2001
From: ck_yeun9 <jackson@oscode.top>
Date: Wed, 18 Feb 2026 01:53:50 +0800
Subject: [PATCH 10/10] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E6=94=B9=E8=BF=9B?=
 =?UTF-8?q?=E9=A1=B9?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/api/baseapi.js | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/src/api/baseapi.js b/src/api/baseapi.js
index 6644bd4..a9a9e9c 100644
--- a/src/api/baseapi.js
+++ b/src/api/baseapi.js
@@ -9,9 +9,8 @@ const ACTION_PREFIX_REGEX =
 const SUFFIX_CLEANUP_REGEX = /(AllCanUse|CanUseAll|All|List)$/i;
 const ROW_VERSION_CACHE_TTL_MS = 10 * 60 * 1000;
 const ROW_VERSION_CACHE_MAX_ENTITIES = 200;
-const ROW_VERSION_CONFLICT_MESSAGE =
-  "Data has changed, please refresh and retry";
-const ROW_VERSION_CONFLICT_HINT = "数据已变更，请刷新后重试";
+const ROW_VERSION_CONFLICT_MESSAGE = i18n.global.t("concurrencyConflict");
+const ROW_VERSION_CONFLICT_HINT = i18n.global.t("concurrencyConflictHint");
 
 const IDEMPOTENCY_KEY_HEADER = "Idempotency-Key";
 const CSRF_TOKEN_HEADER = "X-CSRF-TOKEN-HEADER";
-- 
Gitee