feat: 登录页密码+验证码双模式 / 首页岗位优化 / 法律页面 / 后端接口完善

- 前端：登录页重构，支持密码登录、验证码登录、注册三种模式
- 前端：首页热门岗位添加「参考示例」标签，去虚构数据
- 前端：面试页顶部优化，岗位名+状态标签展示
- 前端：新增用户协议、隐私政策页面及免责声明
- 后端：新增 POST /api/user/register 注册接口
- 后端：新增 POST /api/user/set-password 设置密码接口
- 后端：修复 user.schema.ts unique 索引导致 null 冲突问题
- 后端：新增 payment-order.schema、positions.schema、site-config.schema
- 后端：package.json 新增 postbuild 脚本自动复制证书
- 管理后台：新增订单管理 Tab

backend/src/modules/positions/positions.controller.ts

@@ -1,17 +1,54 @@
-import { Controller, Get } from '@nestjs/common'
+import { Controller, Get, Body, Post, Delete, Param, UseGuards, HttpException, HttpStatus } from '@nestjs/common'
+import { InjectModel } from '@nestjs/mongoose'
+import { Model } from 'mongoose'
+import { HotPosition, HotPositionDocument } from './positions.schema'
+import { JwtAuthGuard } from '../../common/guards/jwt-auth.guard'
 import { Public } from '../../common/decorators/public.decorator'
+import { CurrentUser } from '../../common/decorators/current-user.decorator'
+import { User, UserDocument } from '../user/user.schema'
 
 @Controller('positions')
 export class PositionsController {
+  constructor(
+    @InjectModel(HotPosition.name) private positionModel: Model<HotPositionDocument>,
+    @InjectModel(User.name) private userModel: Model<UserDocument>,
+  ) {}
+
   @Public()
   @Get('hot')
-  hot() {
-    return [
-      { name: '前端工程师', salary: '15-25K', company: '腾讯' },
-      { name: '后端工程师', salary: '18-30K', company: '阿里巴巴' },
-      { name: 'AI 算法工程师', salary: '20-35K', company: '字节跳动' },
-      { name: '产品经理', salary: '12-20K', company: '美团' },
-      { name: 'UI 设计师', salary: '10-18K', company: '网易' },
-    ]
+  async hot() {
+    return this.positionModel.find({ active: true }).sort({ sort: 1 }).lean().exec()
+  }
+
+  // ─── 管理后台 CRUD ──────────────────────
+
+  @UseGuards(JwtAuthGuard)
+  @Post('admin/list')
+  async adminList(@CurrentUser('userId') adminUserId: string) {
+    const admin = await this.userModel.findById(adminUserId).exec()
+    if (admin?.role !== 'admin') throw new HttpException('无权限', HttpStatus.FORBIDDEN)
+    return this.positionModel.find().sort({ sort: 1 }).lean().exec()
+  }
+
+  @UseGuards(JwtAuthGuard)
+  @Post('admin/save')
+  async save(@Body() body: HotPosition & { _id?: string }, @CurrentUser('userId') adminUserId: string) {
+    const admin = await this.userModel.findById(adminUserId).exec()
+    if (admin?.role !== 'admin') throw new HttpException('无权限', HttpStatus.FORBIDDEN)
+    if (body._id) {
+      await this.positionModel.findByIdAndUpdate(body._id, body).exec()
+      return { success: true }
+    }
+    const created = await this.positionModel.create(body)
+    return { success: true, id: created._id }
+  }
+
+  @UseGuards(JwtAuthGuard)
+  @Delete('admin/:id')
+  async remove(@Param('id') id: string, @CurrentUser('userId') adminUserId: string) {
+    const admin = await this.userModel.findById(adminUserId).exec()
+    if (admin?.role !== 'admin') throw new HttpException('无权限', HttpStatus.FORBIDDEN)
+    await this.positionModel.findByIdAndDelete(id).exec()
+    return { success: true }
   }
 }