// Login + Email OTP flow const ADMIN_EMAILS = ["tsechun@duidui.app", "chu@duidui.app"]; const LoginScreen = ({ onLogin }) => { const [step, setStep] = useState("credentials"); // credentials -> otp const [email, setEmail] = useState(""); const [password, setPassword] = useState(""); const [otp, setOtp] = useState(["", "", "", "", "", ""]); const [loading, setLoading] = useState(false); const [error, setError] = useState(""); const [resendIn, setResendIn] = useState(0); const otpRefs = useRef([]); useEffect(() => { if (resendIn <= 0) return; const t = setTimeout(() => setResendIn(r => r - 1), 1000); return () => clearTimeout(t); }, [resendIn]); const submitCred = async () => { setError(""); if (!email || !password) { setError("請輸入帳號與密碼"); return; } if (!ADMIN_EMAILS.includes(email)) { setError("帳號或密碼錯誤"); return; } setLoading(true); try { const verifyRes = await fetch("/api/admin/auth/verify", { method: "POST", headers: { "Content-Type": "application/json" }, body: JSON.stringify({ email, password }), }); if (!verifyRes.ok) { const d = await verifyRes.json().catch(() => ({})); setError(d.error || "帳號或密碼錯誤"); setLoading(false); return; } } catch { setError("網路錯誤,請稍後再試"); setLoading(false); return; } localStorage.setItem("adminEmail", email); try { const res = await fetch("/api/admin/otp/send", { method: "POST", headers: { "Content-Type": "application/json" }, body: JSON.stringify({ email }), }); if (!res.ok) { const data = await res.json().catch(() => ({})); setError(data.error || "驗證碼發送失敗,請稍後再試"); setLoading(false); return; } setStep("otp"); setResendIn(30); } catch { setError("網路錯誤,請稍後再試"); } setLoading(false); }; const submitOtp = async () => { const code = otp.join(""); if (code.length < 6) { setError("請輸入完整 6 位驗證碼"); return; } setError(""); setLoading(true); try { const res = await fetch("/api/admin/otp/verify", { method: "POST", headers: { "Content-Type": "application/json" }, body: JSON.stringify({ email, token: code }), }); if (!res.ok) { setError("驗證碼錯誤,請重新輸入"); setLoading(false); setOtp(["","","","","",""]); otpRefs.current[0]?.focus(); return; } onLogin?.(email); } catch { setError("網路錯誤,請稍後再試"); setLoading(false); } }; const setOtpDigit = (i, v) => { v = v.replace(/\D/g, "").slice(0, 1); const next = [...otp]; next[i] = v; setOtp(next); if (v && i < 5) otpRefs.current[i + 1]?.focus(); }; const onOtpKeyDown = (i, e) => { if (e.key === "Backspace" && !otp[i] && i > 0) otpRefs.current[i - 1]?.focus(); if (e.key === "Enter" && otp.every(d => d)) submitOtp(); }; const onOtpPaste = (e) => { const digits = e.clipboardData.getData("text").replace(/\D/g,"").slice(0,6); if (digits.length) { e.preventDefault(); const next = digits.padEnd(6, "").split("").slice(0,6); setOtp(next.map(d => d || "")); otpRefs.current[Math.min(digits.length, 5)]?.focus(); } }; return (
{/* Left: brand */}
堆堆
© 2026 DuiDui Studio
{/* Right: form */}
{step === "credentials" ? ( <>
登入後台
僅限獲授權人員使用。所有操作皆會被記錄。
setEmail(e.target.value)} placeholder="admin@duidui.app"/>
setPassword(e.target.value)} placeholder="••••••••"/>
{error &&
{error}
}
) : ( <>
輸入 Email 驗證碼
已將 6 位驗證碼發送至 {email.replace(/(.{2}).+(@.+)/, "$1•••$2")},5 分鐘內有效。
{otp.map((d, i) => ( otpRefs.current[i] = el} value={d} onChange={e => setOtpDigit(i, e.target.value)} onKeyDown={e => onOtpKeyDown(i, e)} onPaste={i === 0 ? onOtpPaste : undefined} inputMode="numeric" maxLength={1} style={{ width: 48, height: 56, fontSize: 22, textAlign: "center", border: "1.5px solid " + (d ? "var(--ink)" : "var(--border-strong)"), borderRadius: 10, fontFamily: "var(--font-mono)", fontWeight: 600, outline: 0, background: "var(--surface)", transition: "border-color .15s", }} /> ))}
{error &&
{error}
}
沒收到驗證碼?{" "} {resendIn > 0 ? ( 可於 {resendIn} 秒後重發 ) : ( )}
)}
); }; const BrandMark = ({ size = 28 }) => ( ); Object.assign(window, { LoginScreen, BrandMark });