From 4244b2316905f57f0521ea6e0af66600c91c6b5c Mon Sep 17 00:00:00 2001
From: mcoo <2435932516@qq.com>
Date: Sun, 17 May 2020 12:10:56 +0800
Subject: [PATCH] =?UTF-8?q?=E6=B7=BB=E5=8A=A0=E5=90=8E=E5=8F=B0=E7=AE=A1?=
 =?UTF-8?q?=E7=90=86=E5=8A=9F=E8=83=BD?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 go.mod                         |   1 +
 go.sum                         |   7 +
 main.go                        | 116 +++++++++-
 models/model.go                | 215 +++++++++++++++---
 static/js/vue-clipboard.min.js |   1 +
 templates/cf.html              | 386 +++++++++++++++++++++++++++++++++
 templates/home.html            |   7 +-
 templates/user.html            |   6 +-
 8 files changed, 709 insertions(+), 30 deletions(-)
 create mode 100644 static/js/vue-clipboard.min.js
 create mode 100644 templates/cf.html

diff --git a/go.mod b/go.mod
index 786d82d..f8fa46e 100644
--- a/go.mod
+++ b/go.mod
@@ -27,6 +27,7 @@ require (
 	github.com/onsi/ginkgo v1.12.0 // indirect
 	github.com/onsi/gomega v1.10.0 // indirect
 	github.com/peterh/liner v1.2.0 // indirect
+	github.com/revel/revel v0.21.0
 	github.com/sergi/go-diff v1.1.0 // indirect
 	github.com/sirupsen/logrus v1.6.0 // indirect
 	github.com/snowlyg/IrisAdminApi/backend v0.0.0-20200430125255-66139b78ce02
diff --git a/go.sum b/go.sum
index 1148318..d2bc1b1 100644
--- a/go.sum
+++ b/go.sum
@@ -170,6 +170,7 @@ github.com/hpcloud/tail v1.0.0 h1:nfCOvKYfkgYP8hkirhJocXT2+zOD8yUNjXaWfTlyFKI=
 github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
 github.com/imkira/go-interpol v1.1.0 h1:KIiKr0VSG2CUW1hl1jpiyuzuJeKUUpC8iM1AIE7N1Vk=
 github.com/imkira/go-interpol v1.1.0/go.mod h1:z0h2/2T3XF8kyEPpRgJ3kmNv+C43p+I/CoI+jC3w2iA=
+github.com/inconshreveable/log15 v0.0.0-20180818164646-67afb5ed74ec h1:CGkYB1Q7DSsH/ku+to+foV4agt2F2miquaLUgF6L178=
 github.com/inconshreveable/log15 v0.0.0-20180818164646-67afb5ed74ec/go.mod h1:cOaXtrgN4ScfRrD9Bre7U1thNq5RtJ8ZoP4iXVGRj6o=
 github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NHg9XEKhtSvM=
 github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
@@ -370,9 +371,12 @@ github.com/prometheus/procfs v0.0.0-20190117184657-bf6a532e95b1/go.mod h1:c3At6R
 github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
 github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU=
 github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4=
+github.com/revel/config v0.21.0 h1:Bw4iXLGAuD/Di2HEhPSOyDywrTlFIXUMbds91lXTtTU=
 github.com/revel/config v0.21.0/go.mod h1:GT4a9px5kDGRqLizcw/md0QFErrhen76toz4qS3oIoI=
+github.com/revel/log15 v2.11.20+incompatible h1:JkA4tbwIo/UGEMumY50zndKq816RQW3LQ0wIpRc+32U=
 github.com/revel/log15 v2.11.20+incompatible/go.mod h1:l0WmLRs+IM1hBl4noJiBc2tZQiOgZyXzS1mdmFt+5Gc=
 github.com/revel/pathtree v0.0.0-20140121041023-41257a1839e9/go.mod h1:TmlwoRLDvgRjoTe6rbsxIaka/CulzYrgfef7iNJcEWY=
+github.com/revel/revel v0.21.0 h1:E6kDJmpJSDb0F8XwbyG5h4ayzpZ+8Wcw2IiPZW/2qSc=
 github.com/revel/revel v0.21.0/go.mod h1:VZWJnHjpDEtuGUuZJ2NO42XryitrtwsdVaJxfDeo5yc=
 github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg=
 github.com/russross/blackfriday v0.0.0-20180428102519-11635eb403ff/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g=
@@ -425,6 +429,7 @@ github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UV
 github.com/stretchr/testify v1.4.0 h1:2E4SXV/wtOkTonXsotYi4li6zVWxYlZuYNCXe9XRJyk=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
 github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
+github.com/twinj/uuid v1.0.0 h1:fzz7COZnDrXGTAOHGuUGYd6sG+JMq+AoE7+Jlu0przk=
 github.com/twinj/uuid v1.0.0/go.mod h1:mMgcE1RHFUFqe5AfiwlINXisXfDGro23fWdPUfOMjRY=
 github.com/ugorji/go v1.1.2/go.mod h1:hnLbHMwcvSihnDhEfx2/BzKp2xb0Y+ErdfYcrs9tkJQ=
 github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc=
@@ -588,8 +593,10 @@ gopkg.in/ini.v1 v1.51.1 h1:GyboHr4UqMiLUybYjd22ZjQIKEJEpgtLXtuGbR21Oho=
 gopkg.in/ini.v1 v1.51.1/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/mgo.v2 v2.0.0-20180705113604-9856a29383ce h1:xcEWjVhvbDy+nHP67nPDDpbYrY+ILlfndk4bRioVHaU=
 gopkg.in/mgo.v2 v2.0.0-20180705113604-9856a29383ce/go.mod h1:yeKp02qBN3iKW1OzL3MGk2IdtZzaj7SFntXj72NppTA=
+gopkg.in/natefinch/lumberjack.v2 v2.0.0 h1:1Lc07Kr7qY4U2YPouBjpCLxpiyxIVoxqXgkXLknAOE8=
 gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k=
 gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo=
+gopkg.in/stack.v0 v0.0.0-20141108040640-9b43fcefddd0 h1:lMH45EKqD8Nf6LwoF+43YOKjOAEEHQRVgDyG8RCV4MU=
 gopkg.in/stack.v0 v0.0.0-20141108040640-9b43fcefddd0/go.mod h1:kl/bNzW/jgTgUOCGDj3XPn9/Hbfhw6pjfBRUnaTioFQ=
 gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ=
 gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
diff --git a/main.go b/main.go
index 7f05980..b00e259 100644
--- a/main.go
+++ b/main.go
@@ -14,7 +14,9 @@ import (
 	"github.com/kataras/iris/v12/middleware/recover"
 	"github.com/kataras/iris/v12/mvc"
 	"github.com/kataras/iris/v12/sessions"
+	"html"
 	"regexp"
+	"strconv"
 	"time"
 )
 
@@ -23,6 +25,9 @@ var (
 	protectUrl = []string{
 		"^/admin",
 	}
+	adminUrl = []string{
+		"^/admin/cf",
+	}
 	Client = netutil.Client(time.Duration(20 * time.Second))
 )
 
@@ -34,7 +39,9 @@ func main() {
 	protect := csrf.Protect([]byte(conf.Sysconfig.CsrfKey), csrf.Secure(false), csrf.ErrorHandler(csrfError))
 	user := mvc.New(app.Party("/", protect))
 	user.Handle(new(RootController))
-	app.RegisterView(iris.Django("./templates", ".html"))
+	temple := iris.Django("./templates", ".html")
+	temple.Reload(conf.Sysconfig.Debug)
+	app.RegisterView(temple)
 	app.OnErrorCode(iris.StatusNotFound, notFound)
 	app.HandleDir("/static", "static")
 	iris.RegisterOnInterrupt(func() {
@@ -76,6 +83,24 @@ func before(ctx iris.Context) {
 			return
 		}
 	}
+	adminProtect := false
+	for i := range adminUrl {
+		match, _ := regexp.MatchString(adminUrl[i], ctx.Path())
+		if match {
+			adminProtect = true
+			break
+		}
+	}
+	if adminProtect {
+		session := sess.Start(ctx)
+		if session.Get("role") != 1 {
+			ctx.ViewData("code", "401 Error")
+			ctx.ViewData("error", `您的用户权限不够<a href="/admin">首页</a>`)
+			ctx.StatusCode(401)
+			ctx.View("error.html")
+			return
+		}
+	}
 	ctx.Next()
 }
 func csrfError(ctx iris.Context) {
@@ -165,7 +190,7 @@ func (c *RootController) PostApiRegister() iris.Map {
 		return iris.Map{"status": false, "data": "请进行行为验证!"}
 	}
 	mail := c.Ctx.FormValue("mail")
-	err := models.Register(c.Ctx.FormValue("name"), mail, c.Ctx.FormValue("password"), c.Ctx.FormValue("repeat-password"))
+	err := models.Register(c.Ctx.FormValue("name"), mail, c.Ctx.FormValue("password"), c.Ctx.FormValue("repeat-password"), c.Ctx.RemoteAddr())
 	if err != nil {
 		return iris.Map{"status": false, "data": err.Error()}
 	}
@@ -185,13 +210,16 @@ func (c *RootController) PostApiVerifypassword() iris.Map {
 	if !result.Success {
 		return iris.Map{"status": false, "data": "请进行行为验证!"}
 	}
-	user, err := models.VerifyPassword(c.Ctx.FormValue("mail"), c.Ctx.FormValue("password"))
+	user, err := models.VerifyPassword(c.Ctx.FormValue("mail"), c.Ctx.FormValue("password"), c.Ctx.RemoteAddr())
 	if err != nil {
 		if conf.Sysconfig.Debug {
 			return iris.Map{"status": false, "data": err.Error()}
 		}
 		return iris.Map{"status": false, "data": "邮箱或密码错误"}
 	}
+	if user.Role == -1 {
+		return iris.Map{"status": false, "data": "用户已被封禁"}
+	}
 	session := sess.Start(c.Ctx)
 	session.Set("name", user.Name)
 	session.Set("role", user.Role)
@@ -303,3 +331,85 @@ func (c *RootController) PostAdminEditUser() iris.Map {
 		"data":   "修改成功",
 	}
 }
+func (c *RootController) GetAdminCf() mvc.Result {
+	session := sess.Start(c.Ctx)
+	keys, err := models.GetKeyByMail(session.GetString("mail"))
+	if err != nil {
+		keys = nil
+	}
+	notice, err := models.ReadSetting("notice")
+	if err != nil {
+		notice = ""
+	}
+
+	return mvc.View{
+		Name: "cf.html",
+		Data: iris.Map{"uid": session.Get("uid"), "csrf": csrf.TemplateField(c.Ctx), "notice": notice, "name": session.Get("name"), "mail": session.Get("mail"), "keys": keys, "role": session.Get("role"), "key": csrf.Token(c.Ctx)},
+	}
+}
+func (c *RootController) GetAdminCfUsersBy(fun, page, pagesize int) iris.Map {
+	if fun == 0 {
+		count, err := models.GetUserCount()
+		if err != nil {
+			return iris.Map{"status": false, "data": err.Error()}
+		}
+		return iris.Map{"status": true, "data": count}
+	}
+	users, err := models.GetPageUsers(page, pagesize)
+	if err != nil {
+		return iris.Map{"status": false, "data": err.Error()}
+	}
+	return iris.Map{"status": true, "data": users}
+
+}
+func (c *RootController) PostAdminCfUpset() iris.Map {
+	err := models.WriteSetting("notice", html.UnescapeString(c.Ctx.FormValue("notice")))
+	if err != nil {
+		return iris.Map{"status": false, "data": err.Error()}
+	}
+	return iris.Map{"status": true, "data": "修改成功!"}
+}
+func (c *RootController) PostAdminCfBan() iris.Map {
+	id, err := strconv.Atoi(c.Ctx.FormValueDefault("id", "-1"))
+	if err != nil {
+		return iris.Map{"status": false, "data": err.Error()}
+	}
+	err = models.BanUser(id)
+	if err != nil {
+		return iris.Map{"status": false, "data": err.Error()}
+	}
+	return iris.Map{"status": true, "data": "封禁成功"}
+}
+func (c *RootController) PostAdminCfUnban() iris.Map {
+	id, err := strconv.Atoi(c.Ctx.FormValueDefault("id", "-1"))
+	if err != nil {
+		return iris.Map{"status": false, "data": err.Error()}
+	}
+	err = models.UnBanUser(id)
+	if err != nil {
+		return iris.Map{"status": false, "data": err.Error()}
+	}
+	return iris.Map{"status": true, "data": "解除封禁成功"}
+}
+func (c *RootController) PostAdminCfRemove() iris.Map {
+	id, err := strconv.Atoi(c.Ctx.FormValueDefault("id", "-1"))
+	if err != nil {
+		return iris.Map{"status": false, "data": err.Error()}
+	}
+	err = models.RemoveUser(id)
+	if err != nil {
+		return iris.Map{"status": false, "data": err.Error()}
+	}
+	return iris.Map{"status": true, "data": "删除账号成功"}
+}
+func (c *RootController) PostAdminCfReset() iris.Map {
+	id, err := strconv.Atoi(c.Ctx.FormValueDefault("id", "-1"))
+	if err != nil {
+		return iris.Map{"status": false, "data": err.Error()}
+	}
+	newPassword, err := models.ResetPasswordById(id)
+	if err != nil {
+		return iris.Map{"status": false, "data": err.Error()}
+	}
+	return iris.Map{"status": true, "data": newPassword}
+}
diff --git a/models/model.go b/models/model.go
index 369983c..7e3e33d 100644
--- a/models/model.go
+++ b/models/model.go
@@ -2,31 +2,39 @@ package models
 
 import (
 	"coffee-keys-go/sysinit"
+	"crypto/md5"
+	"database/sql/driver"
 	"encoding/base64"
+	"encoding/hex"
 	"errors"
+	"fmt"
 	"golang.org/x/crypto/bcrypt"
+	"math/rand"
 	"regexp"
+	"strconv"
 	"strings"
 	"time"
 )
 
 // 用户表
 type User struct {
-	Id       int    `gorm:"primary_key" json:"id"`
-	Name     string `gorm:"unique;VARCHAR(191)" json:"name"`
-	Mail     string `gorm:"unique;VARCHAR(191)" json:"mail"`
-	Password string `gorm:"not null VARCHAR(191)" json:"password"`
-	Date     time.Time
-	Role     int
+	Id       int      `gorm:"primary_key" json:"id"`
+	Name     string   `gorm:"unique;VARCHAR(191)" json:"name"`
+	Mail     string   `gorm:"unique;VARCHAR(191)" json:"mail"`
+	Password string   `gorm:"not null VARCHAR(191)" json:"password"`
+	Date     JSONTime `json:"date"`
+	Regip    string   `gorm:"unique;VARCHAR(191)" json:"regip"`
+	Recip    string   `gorm:"unique;VARCHAR(191)" json:"recip"`
+	Role     int      `json:"role"`
 }
 
 // 密匙表
 type Pubkey struct {
-	Id     int       `gorm:"primary_key" json:"id"`
-	U_id   int       `json:"u_id"`
-	Pubkey string    `gorm:"unique;VARCHAR(191)" json:"pubkey"`
-	Info   string    `gorm:"unique;VARCHAR(191)" json:"info"`
-	Date   time.Time `json:"date"`
+	Id          int      `gorm:"primary_key" json:"id"`
+	U_id        int      `json:"u_id"`
+	Pubkey      string   `gorm:"unique;VARCHAR(191)" json:"pubkey"`
+	Description string   `gorm:"unique;VARCHAR(191)" json:"description"`
+	Date        JSONTime `json:"date"`
 }
 
 // 设置表
@@ -36,6 +44,49 @@ type Setting struct {
 	Data string `gorm:"unique;VARCHAR(191)" json:"data"`
 }
 
+type JSONTime struct {
+	time.Time
+}
+
+func (t JSONTime) String() string {
+	return fmt.Sprintf("%s", t.Format("2006-01-02 15:04:05"))
+}
+
+func (t JSONTime) MarshalBinary() ([]byte, error) {
+	formatted := fmt.Sprintf("\"%s\"", t.Format("2006-01-02 15:04:05"))
+	return []byte(formatted), nil
+}
+
+// MarshalJSON on JSONTime format Time field with %Y-%m-%d %H:%M:%S
+func (t JSONTime) MarshalJSON() ([]byte, error) {
+	formatted := fmt.Sprintf("\"%s\"", t.Format("2006-01-02 15:04:05"))
+	return []byte(formatted), nil
+}
+
+func (t JSONTime) MarshalText() ([]byte, error) {
+	formatted := fmt.Sprintf("\"%s\"", t.Format("2006-01-02 15:04:05"))
+	return []byte(formatted), nil
+}
+
+// Value insert timestamp into mysql need this function.
+func (t JSONTime) Value() (driver.Value, error) {
+	var zeroTime time.Time
+	if t.Time.UnixNano() == zeroTime.UnixNano() {
+		return nil, nil
+	}
+	return t.Time, nil
+}
+
+// Scan valueof time.Time
+func (t *JSONTime) Scan(v interface{}) error {
+	value, ok := v.(time.Time)
+	if ok {
+		*t = JSONTime{Time: value}
+		return nil
+	}
+	return fmt.Errorf("can not convert %v to timestamp", v)
+}
+
 // 通过邮箱获取用户
 func GetUserByMail(mail string) (User, error) {
 	var user User
@@ -46,6 +97,40 @@ func GetUserByMail(mail string) (User, error) {
 	return user, nil
 }
 
+// 通过用户的ID获取用户
+func GetUserById(id int) (User, error) {
+	var user User
+	m := sysinit.Db.Where("id = ?", id).First(&user)
+	if m.Error != nil {
+		return User{}, m.Error
+	}
+	return user, nil
+}
+
+// 获取所有的用户 废弃
+func GetAllUser() ([]User, error) {
+	var users []User
+	m := sysinit.Db.Find(&users)
+	if m.Error != nil {
+		return nil, m.Error
+	}
+	return users, nil
+}
+
+// 获取指定页数的用户
+func GetPageUsers(page, pageSize int) ([]User, error) {
+	var users []User
+	u := sysinit.Db.Limit(pageSize).Offset((page - 1) * pageSize).Order("id asc").Find(&users)
+	return users, u.Error
+}
+
+// 获取用户数目
+func GetUserCount() (int, error) {
+	var total int = 0
+	u := sysinit.Db.Model(&User{}).Count(&total)
+	return total, u.Error
+}
+
 // 通过邮箱获取密匙
 func GetKeyByMail(mail string) ([]Pubkey, error) {
 	var pubkeys []Pubkey
@@ -53,6 +138,9 @@ func GetKeyByMail(mail string) ([]Pubkey, error) {
 	if err != nil {
 		return nil, err
 	}
+	if user.Role == -1 {
+		return nil, errors.New("用户已被封禁")
+	}
 	m := sysinit.Db.Where("u_id = ?", user.Id).Find(&pubkeys)
 	if m.Error != nil {
 		return nil, m.Error
@@ -71,12 +159,14 @@ func GetKeyById(id int) (Pubkey, error) {
 }
 
 // 验证用户密码
-func VerifyPassword(mail, password string) (User, error) {
+func VerifyPassword(mail, password, ip string) (User, error) {
 	user, err := GetUserByMail(mail)
 	if err != nil {
 		return user, err
 	} else {
 		if CheckPassword(user.Password, password) {
+			user.Recip = ip
+			sysinit.Db.Save(&user)
 			return user, nil
 		} else {
 			return User{}, errors.New("用户名密码不正确")
@@ -88,10 +178,10 @@ func VerifyPassword(mail, password string) (User, error) {
 // 新建key
 func CreateKey(u_id int, publickey, info string) error {
 	key := Pubkey{
-		Info:   info,
-		Date:   time.Now(),
-		Pubkey: publickey,
-		U_id:   u_id,
+		Description: info,
+		Date:        JSONTime{time.Now()},
+		Pubkey:      publickey,
+		U_id:        u_id,
 	}
 	return sysinit.Db.Create(&key).Error
 }
@@ -138,7 +228,7 @@ func CheckPassword(oldHash, newPassword string) bool {
 }
 
 // 用户注册函数
-func Register(name, mail, password, password2 string) error {
+func Register(name, mail, password, password2, ip string) error {
 	isok, err := regexp.Match(`^[A-Za-z0-9]+@[a-zA-Z0-9_-]+(\.[a-zA-Z0-9_-]+)+$`, []byte(mail))
 	if err != nil {
 		return err
@@ -163,9 +253,11 @@ func Register(name, mail, password, password2 string) error {
 
 	user := User{
 		Mail:     mail,
-		Date:     time.Now(),
+		Date:     JSONTime{time.Now()},
 		Password: hashpassword,
 		Name:     strings.ReplaceAll(name, " ", ""),
+		Recip:    ip,
+		Regip:    ip,
 	}
 	return sysinit.Db.Create(&user).Error
 }
@@ -196,8 +288,8 @@ func EditUser(mail, oldpassword, newname, newpassword string) error {
 	if newname != "" {
 		user.Name = strings.ReplaceAll(newname, " ", "")
 	}
-	sysinit.Db.Save(user)
-	return nil
+	err = sysinit.Db.Save(&user).Error
+	return err
 }
 
 // 读数据库设置
@@ -212,10 +304,83 @@ func ReadSetting(name string) (string, error) {
 
 // 写数据库设置
 func WriteSetting(name, data string) error {
-	var setting = Setting{
-		Name: name,
-		Data: data,
+	var setting Setting
+	m := sysinit.Db.Where("name = ?", name).First(&setting)
+	if m.Error != nil {
+		return m.Error
+	}
+	setting.Data = data
+	return sysinit.Db.Save(&setting).Error
+}
+
+// 通过ID封禁用户
+func BanUser(id int) error {
+	user, err := GetUserById(id)
+	if err != nil {
+		return err
+	}
+	if user.Role == 1 {
+		return errors.New("管理员账号禁止操作")
+	}
+	user.Role = -1
+	return sysinit.Db.Save(&user).Error
+}
+
+// 通过ID解除封禁用户
+func UnBanUser(id int) error {
+	user, err := GetUserById(id)
+	if err != nil {
+		return err
+	}
+	if user.Role == 1 {
+		return errors.New("管理员账号禁止操作")
+	}
+	user.Role = 0
+	return sysinit.Db.Save(&user).Error
+}
+
+// 通过ID删除用户
+func RemoveUser(id int) error {
+	user, err := GetUserById(id)
+	if err != nil {
+		return err
+	}
+	if user.Role == 1 {
+		return errors.New("管理员账号禁止操作")
+	}
+	err = sysinit.Db.Where("u_id=?", user.Id).Delete(&Pubkey{}).Error
+	if err != nil {
+		return err
+	}
+	return sysinit.Db.Delete(&user).Error
+}
+
+// 通过ID重置用户密码
+func ResetPasswordById(id int) (string, error) {
+	user, err := GetUserById(id)
+	if err != nil {
+		return "", err
 	}
-	m := sysinit.Db.Save(setting)
-	return m.Error
+	if user.Role == 1 {
+		return "", errors.New("管理员账号禁止操作")
+	}
+	salt := int(time.Now().Unix())
+	newPassword := md5V(strconv.Itoa(salt + rand.Intn(100)))
+	newHashPassword, err := HashPassword(newPassword)
+	if err != nil {
+		return "", err
+	}
+	user.Password = newHashPassword
+	err = sysinit.Db.Save(&user).Error
+	if err != nil {
+		return "", err
+	}
+
+	return newPassword, nil
+}
+
+func md5V(str string) string {
+	h := md5.New()
+	h.Write([]byte(str))
+	return hex.EncodeToString(h.Sum(nil))
 }
diff --git a/static/js/vue-clipboard.min.js b/static/js/vue-clipboard.min.js
new file mode 100644
index 0000000..8a1b335
--- /dev/null
+++ b/static/js/vue-clipboard.min.js
@@ -0,0 +1 @@
+(function(){function r(e,n,t){function o(i,f){if(!n[i]){if(!e[i]){var c="function"==typeof require&&require;if(!f&&c)return c(i,!0);if(u)return u(i,!0);var a=new Error("Cannot find module '"+i+"'");throw a.code="MODULE_NOT_FOUND",a}var p=n[i]={exports:{}};e[i][0].call(p.exports,function(r){var n=e[i][1][r];return o(n||r)},p,p.exports,r,e,n,t)}return n[i].exports}for(var u="function"==typeof require&&require,i=0;i<t.length;i++)o(t[i]);return o}return r})()({1:[function(require,module,exports){(function(global){var VueClipboard=require("./vue-clipboard.js");global.VueClipboard=VueClipboard;window.Vue&&global.Vue.use(VueClipboard)}).call(this,typeof global!=="undefined"?global:typeof self!=="undefined"?self:typeof window!=="undefined"?window:{})},{"./vue-clipboard.js":3}],2:[function(require,module,exports){!function(t,e){"object"==typeof exports&&"object"==typeof module?module.exports=e():"function"==typeof define&&define.amd?define([],e):"object"==typeof exports?exports.ClipboardJS=e():t.ClipboardJS=e()}(this,function(){return function(n){var o={};function r(t){if(o[t])return o[t].exports;var e=o[t]={i:t,l:!1,exports:{}};return n[t].call(e.exports,e,e.exports,r),e.l=!0,e.exports}return r.m=n,r.c=o,r.d=function(t,e,n){r.o(t,e)||Object.defineProperty(t,e,{enumerable:!0,get:n})},r.r=function(t){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(t,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(t,"__esModule",{value:!0})},r.t=function(e,t){if(1&t&&(e=r(e)),8&t)return e;if(4&t&&"object"==typeof e&&e&&e.__esModule)return e;var n=Object.create(null);if(r.r(n),Object.defineProperty(n,"default",{enumerable:!0,value:e}),2&t&&"string"!=typeof e)for(var o in e)r.d(n,o,function(t){return e[t]}.bind(null,o));return n},r.n=function(t){var e=t&&t.__esModule?function(){return t.default}:function(){return t};return r.d(e,"a",e),e},r.o=function(t,e){return Object.prototype.hasOwnProperty.call(t,e)},r.p="",r(r.s=0)}([function(t,e,n){"use strict";var r="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(t){return typeof t}:function(t){return t&&"function"==typeof Symbol&&t.constructor===Symbol&&t!==Symbol.prototype?"symbol":typeof t},i=function(){function o(t,e){for(var n=0;n<e.length;n++){var o=e[n];o.enumerable=o.enumerable||!1,o.configurable=!0,"value"in o&&(o.writable=!0),Object.defineProperty(t,o.key,o)}}return function(t,e,n){return e&&o(t.prototype,e),n&&o(t,n),t}}(),a=o(n(1)),c=o(n(3)),u=o(n(4));function o(t){return t&&t.__esModule?t:{default:t}}var l=function(t){function o(t,e){!function(t,e){if(!(t instanceof e))throw new TypeError("Cannot call a class as a function")}(this,o);var n=function(t,e){if(!t)throw new ReferenceError("this hasn't been initialised - super() hasn't been called");return!e||"object"!=typeof e&&"function"!=typeof e?t:e}(this,(o.__proto__||Object.getPrototypeOf(o)).call(this));return n.resolveOptions(e),n.listenClick(t),n}return function(t,e){if("function"!=typeof e&&null!==e)throw new TypeError("Super expression must either be null or a function, not "+typeof e);t.prototype=Object.create(e&&e.prototype,{constructor:{value:t,enumerable:!1,writable:!0,configurable:!0}}),e&&(Object.setPrototypeOf?Object.setPrototypeOf(t,e):t.__proto__=e)}(o,c.default),i(o,[{key:"resolveOptions",value:function(){var t=0<arguments.length&&void 0!==arguments[0]?arguments[0]:{};this.action="function"==typeof t.action?t.action:this.defaultAction,this.target="function"==typeof t.target?t.target:this.defaultTarget,this.text="function"==typeof t.text?t.text:this.defaultText,this.container="object"===r(t.container)?t.container:document.body}},{key:"listenClick",value:function(t){var e=this;this.listener=(0,u.default)(t,"click",function(t){return e.onClick(t)})}},{key:"onClick",value:function(t){var e=t.delegateTarget||t.currentTarget;this.clipboardAction&&(this.clipboardAction=null),this.clipboardAction=new a.default({action:this.action(e),target:this.target(e),text:this.text(e),container:this.container,trigger:e,emitter:this})}},{key:"defaultAction",value:function(t){return s("action",t)}},{key:"defaultTarget",value:function(t){var e=s("target",t);if(e)return document.querySelector(e)}},{key:"defaultText",value:function(t){return s("text",t)}},{key:"destroy",value:function(){this.listener.destroy(),this.clipboardAction&&(this.clipboardAction.destroy(),this.clipboardAction=null)}}],[{key:"isSupported",value:function(){var t=0<arguments.length&&void 0!==arguments[0]?arguments[0]:["copy","cut"],e="string"==typeof t?[t]:t,n=!!document.queryCommandSupported;return e.forEach(function(t){n=n&&!!document.queryCommandSupported(t)}),n}}]),o}();function s(t,e){var n="data-clipboard-"+t;if(e.hasAttribute(n))return e.getAttribute(n)}t.exports=l},function(t,e,n){"use strict";var o,r="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(t){return typeof t}:function(t){return t&&"function"==typeof Symbol&&t.constructor===Symbol&&t!==Symbol.prototype?"symbol":typeof t},i=function(){function o(t,e){for(var n=0;n<e.length;n++){var o=e[n];o.enumerable=o.enumerable||!1,o.configurable=!0,"value"in o&&(o.writable=!0),Object.defineProperty(t,o.key,o)}}return function(t,e,n){return e&&o(t.prototype,e),n&&o(t,n),t}}(),a=n(2),c=(o=a)&&o.__esModule?o:{default:o};var u=function(){function e(t){!function(t,e){if(!(t instanceof e))throw new TypeError("Cannot call a class as a function")}(this,e),this.resolveOptions(t),this.initSelection()}return i(e,[{key:"resolveOptions",value:function(){var t=0<arguments.length&&void 0!==arguments[0]?arguments[0]:{};this.action=t.action,this.container=t.container,this.emitter=t.emitter,this.target=t.target,this.text=t.text,this.trigger=t.trigger,this.selectedText=""}},{key:"initSelection",value:function(){this.text?this.selectFake():this.target&&this.selectTarget()}},{key:"selectFake",value:function(){var t=this,e="rtl"==document.documentElement.getAttribute("dir");this.removeFake(),this.fakeHandlerCallback=function(){return t.removeFake()},this.fakeHandler=this.container.addEventListener("click",this.fakeHandlerCallback)||!0,this.fakeElem=document.createElement("textarea"),this.fakeElem.style.fontSize="12pt",this.fakeElem.style.border="0",this.fakeElem.style.padding="0",this.fakeElem.style.margin="0",this.fakeElem.style.position="absolute",this.fakeElem.style[e?"right":"left"]="-9999px";var n=window.pageYOffset||document.documentElement.scrollTop;this.fakeElem.style.top=n+"px",this.fakeElem.setAttribute("readonly",""),this.fakeElem.value=this.text,this.container.appendChild(this.fakeElem),this.selectedText=(0,c.default)(this.fakeElem),this.copyText()}},{key:"removeFake",value:function(){this.fakeHandler&&(this.container.removeEventListener("click",this.fakeHandlerCallback),this.fakeHandler=null,this.fakeHandlerCallback=null),this.fakeElem&&(this.container.removeChild(this.fakeElem),this.fakeElem=null)}},{key:"selectTarget",value:function(){this.selectedText=(0,c.default)(this.target),this.copyText()}},{key:"copyText",value:function(){var e=void 0;try{e=document.execCommand(this.action)}catch(t){e=!1}this.handleResult(e)}},{key:"handleResult",value:function(t){this.emitter.emit(t?"success":"error",{action:this.action,text:this.selectedText,trigger:this.trigger,clearSelection:this.clearSelection.bind(this)})}},{key:"clearSelection",value:function(){this.trigger&&this.trigger.focus(),window.getSelection().removeAllRanges()}},{key:"destroy",value:function(){this.removeFake()}},{key:"action",set:function(){var t=0<arguments.length&&void 0!==arguments[0]?arguments[0]:"copy";if(this._action=t,"copy"!==this._action&&"cut"!==this._action)throw new Error('Invalid "action" value, use either "copy" or "cut"')},get:function(){return this._action}},{key:"target",set:function(t){if(void 0!==t){if(!t||"object"!==(void 0===t?"undefined":r(t))||1!==t.nodeType)throw new Error('Invalid "target" value, use a valid Element');if("copy"===this.action&&t.hasAttribute("disabled"))throw new Error('Invalid "target" attribute. Please use "readonly" instead of "disabled" attribute');if("cut"===this.action&&(t.hasAttribute("readonly")||t.hasAttribute("disabled")))throw new Error('Invalid "target" attribute. You can\'t cut text from elements with "readonly" or "disabled" attributes');this._target=t}},get:function(){return this._target}}]),e}();t.exports=u},function(t,e){t.exports=function(t){var e;if("SELECT"===t.nodeName)t.focus(),e=t.value;else if("INPUT"===t.nodeName||"TEXTAREA"===t.nodeName){var n=t.hasAttribute("readonly");n||t.setAttribute("readonly",""),t.select(),t.setSelectionRange(0,t.value.length),n||t.removeAttribute("readonly"),e=t.value}else{t.hasAttribute("contenteditable")&&t.focus();var o=window.getSelection(),r=document.createRange();r.selectNodeContents(t),o.removeAllRanges(),o.addRange(r),e=o.toString()}return e}},function(t,e){function n(){}n.prototype={on:function(t,e,n){var o=this.e||(this.e={});return(o[t]||(o[t]=[])).push({fn:e,ctx:n}),this},once:function(t,e,n){var o=this;function r(){o.off(t,r),e.apply(n,arguments)}return r._=e,this.on(t,r,n)},emit:function(t){for(var e=[].slice.call(arguments,1),n=((this.e||(this.e={}))[t]||[]).slice(),o=0,r=n.length;o<r;o++)n[o].fn.apply(n[o].ctx,e);return this},off:function(t,e){var n=this.e||(this.e={}),o=n[t],r=[];if(o&&e)for(var i=0,a=o.length;i<a;i++)o[i].fn!==e&&o[i].fn._!==e&&r.push(o[i]);return r.length?n[t]=r:delete n[t],this}},t.exports=n},function(t,e,n){var d=n(5),h=n(6);t.exports=function(t,e,n){if(!t&&!e&&!n)throw new Error("Missing required arguments");if(!d.string(e))throw new TypeError("Second argument must be a String");if(!d.fn(n))throw new TypeError("Third argument must be a Function");if(d.node(t))return s=e,f=n,(l=t).addEventListener(s,f),{destroy:function(){l.removeEventListener(s,f)}};if(d.nodeList(t))return a=t,c=e,u=n,Array.prototype.forEach.call(a,function(t){t.addEventListener(c,u)}),{destroy:function(){Array.prototype.forEach.call(a,function(t){t.removeEventListener(c,u)})}};if(d.string(t))return o=t,r=e,i=n,h(document.body,o,r,i);throw new TypeError("First argument must be a String, HTMLElement, HTMLCollection, or NodeList");var o,r,i,a,c,u,l,s,f}},function(t,n){n.node=function(t){return void 0!==t&&t instanceof HTMLElement&&1===t.nodeType},n.nodeList=function(t){var e=Object.prototype.toString.call(t);return void 0!==t&&("[object NodeList]"===e||"[object HTMLCollection]"===e)&&"length"in t&&(0===t.length||n.node(t[0]))},n.string=function(t){return"string"==typeof t||t instanceof String},n.fn=function(t){return"[object Function]"===Object.prototype.toString.call(t)}},function(t,e,n){var a=n(7);function i(t,e,n,o,r){var i=function(e,n,t,o){return function(t){t.delegateTarget=a(t.target,n),t.delegateTarget&&o.call(e,t)}}.apply(this,arguments);return t.addEventListener(n,i,r),{destroy:function(){t.removeEventListener(n,i,r)}}}t.exports=function(t,e,n,o,r){return"function"==typeof t.addEventListener?i.apply(null,arguments):"function"==typeof n?i.bind(null,document).apply(null,arguments):("string"==typeof t&&(t=document.querySelectorAll(t)),Array.prototype.map.call(t,function(t){return i(t,e,n,o,r)}))}},function(t,e){if("undefined"!=typeof Element&&!Element.prototype.matches){var n=Element.prototype;n.matches=n.matchesSelector||n.mozMatchesSelector||n.msMatchesSelector||n.oMatchesSelector||n.webkitMatchesSelector}t.exports=function(t,e){for(;t&&9!==t.nodeType;){if("function"==typeof t.matches&&t.matches(e))return t;t=t.parentNode}}}])})},{}],3:[function(require,module,exports){var Clipboard=require("clipboard/dist/clipboard.min.js");var VueClipboardConfig={autoSetContainer:false,appendToBody:true};var VueClipboard={install:function(Vue){Vue.prototype.$clipboardConfig=VueClipboardConfig;Vue.prototype.$copyText=function(text,container){return new Promise(function(resolve,reject){var fakeElement=document.createElement("button");var clipboard=new Clipboard(fakeElement,{text:function(){return text},action:function(){return"copy"},container:typeof container==="object"?container:document.body});clipboard.on("success",function(e){clipboard.destroy();resolve(e)});clipboard.on("error",function(e){clipboard.destroy();reject(e)});if(VueClipboardConfig.appendToBody)document.body.appendChild(fakeElement);fakeElement.click();if(VueClipboardConfig.appendToBody)document.body.removeChild(fakeElement)})};Vue.directive("clipboard",{bind:function(el,binding,vnode){if(binding.arg==="success"){el._vClipboard_success=binding.value}else if(binding.arg==="error"){el._vClipboard_error=binding.value}else{var clipboard=new Clipboard(el,{text:function(){return binding.value},action:function(){return binding.arg==="cut"?"cut":"copy"},container:VueClipboardConfig.autoSetContainer?el:undefined});clipboard.on("success",function(e){var callback=el._vClipboard_success;callback&&callback(e)});clipboard.on("error",function(e){var callback=el._vClipboard_error;callback&&callback(e)});el._vClipboard=clipboard}},update:function(el,binding){if(binding.arg==="success"){el._vClipboard_success=binding.value}else if(binding.arg==="error"){el._vClipboard_error=binding.value}else{el._vClipboard.text=function(){return binding.value};el._vClipboard.action=function(){return binding.arg==="cut"?"cut":"copy"}}},unbind:function(el,binding){if(binding.arg==="success"){delete el._vClipboard_success}else if(binding.arg==="error"){delete el._vClipboard_error}else{el._vClipboard.destroy();delete el._vClipboard}}})},config:VueClipboardConfig};if(typeof exports==="object"){module.exports=VueClipboard}else if(typeof define==="function"&&define.amd){define([],function(){return VueClipboard})}},{"clipboard/dist/clipboard.min.js":2}]},{},[1]);
\ No newline at end of file
diff --git a/templates/cf.html b/templates/cf.html
new file mode 100644
index 0000000..221056a
--- /dev/null
+++ b/templates/cf.html
@@ -0,0 +1,386 @@
+<!DOCTYPE html>
+<html>
+
+<head>
+    <meta charset="utf-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0, shrink-to-fit=no">
+    <title>Super-Coffee</title>
+    <link rel="stylesheet" href="/static/assets/bootstrap/css/bootstrap.min.css">
+    <link rel="stylesheet"
+          href="https://fonts.googleapis.com/css?family=Nunito:200,200i,300,300i,400,400i,600,600i,700,700i,800,800i,900,900i">
+    <link rel="stylesheet" href="/static/assets/fonts/fontawesome-all.min.css">
+    <link href="/static/css/toastr.css" rel="stylesheet"/>
+</head>
+
+<body id="page-top">
+<div id="wrapper">
+    <nav class="navbar navbar-dark align-items-start sidebar sidebar-dark accordion bg-gradient-primary p-0">
+        <div class="container-fluid d-flex flex-column p-0">
+            <a class="navbar-brand d-flex justify-content-center align-items-center sidebar-brand m-0" href="#">
+                <div class="sidebar-brand-icon rotate-n-15"><i class="fas fa-cube"></i></div>
+                <div class="sidebar-brand-text mx-3"><span>Super-Coffee</span></div>
+            </a>
+            <hr class="sidebar-divider my-0">
+            <ul class="nav navbar-nav text-light" id="accordionSidebar">
+                <li class="nav-item" role="presentation"><a class="nav-link" href="/admin"><i
+                        class="fas fa-tachometer-alt"></i><span>首页</span></a></li>
+                <li class="nav-item" role="presentation"><a class="nav-link" href="/admin/user"><i
+                        class="fas fa-user-alt"></i><span>个人信息</span></a></li>
+                {% if role == 1 %}
+                <li class="nav-item" role="presentation"><a class="nav-link" href="/admin/cf"><i
+                        class="fas fa-coffee"></i><span>后台管理</span></a></li>
+                {% endif %}
+                <li class="nav-item" role="presentation"><a class="nav-link" href="/admin/logout"><i
+                        class="fas fa-sign-out-alt"></i><span>登出</span></a></li>
+            </ul>
+            <div class="text-center d-none d-md-inline">
+                <button class="btn rounded-circle border-0" id="sidebarToggle" type="button"></button>
+            </div>
+        </div>
+    </nav>
+    <div class="d-flex flex-column" id="content-wrapper">
+        <div id="content">
+            <nav class="navbar navbar-light navbar-expand bg-white shadow mb-4 topbar static-top">
+                <div class="container-fluid">
+                    <button class="btn btn-link d-md-none rounded-circle mr-3" id="sidebarToggleTop" type="button"><i
+                            class="fas fa-bars"></i></button>
+                    <form class="form-inline d-none d-sm-inline-block mr-auto ml-md-3 my-2 my-md-0 mw-100 navbar-search">
+                        <div class="input-group"><input class="bg-light form-control border-0 small" type="text"
+                                                        placeholder="Search for ...">
+                            <div class="input-group-append">
+                                <button class="btn btn-primary py-0" type="button"><i class="fas fa-search"></i>
+                                </button>
+                            </div>
+                        </div>
+                    </form>
+
+                </div>
+            </nav>
+            <div class="container-fluid">
+                <h3 class="text-dark mb-4">后台管理 你好管理员{{ name }}</h3>
+                {% verbatim %}
+                <div id="app" class="row">
+                    <div class="col-md-4">
+                        <div class="card shadow mb-5">
+                            <div class="card-header py-3">
+                                <p class="text-primary m-0 font-weight-bold">网站设置</p>
+                            </div>
+
+                            <div class="card-body">
+                                <div class="row">
+                                    <div class="col-md-12">
+                                        <div class="form-group"><label
+                                                for="notice"><strong>公告内容</strong> 支持HTML<br></label><textarea
+                                                id="notice" class="form-control form-control-user"
+                                                placeholder="这里是在首页上显示的公告" v-model="notice"
+                                                rows="6"></textarea></div>
+
+                                        <div class="form-group">
+                                            <button class="btn btn-primary btn-sm" id="btn_edit" @click="upSet">
+                                                保存
+                                            </button>
+                                        </div>
+                                    </div>
+                                </div>
+                            </div>
+                        </div>
+                    </div>
+                    <div class="col-md-8">
+                        <div class="card shadow mb-5">
+                            <div class="card-header py-3"><p class="text-primary m-0 font-weight-bold">管理员操作说明</p></div>
+                            <div class="card-body">
+                                叽里呱啦
+                            </div>
+
+                        </div>
+                    </div>
+                    <div class="col-md-12">
+                        <div class="card shadow mb-5">
+                            <div class="card-header py-3">
+                                <p class="text-primary m-0 font-weight-bold">用户管理</p>
+                            </div>
+
+                            <div class="card-body">
+                                <div class="row">
+                                    <div class="col-md-12">
+                                        <table class="table table-responsive-lg">
+                                            <thead>
+                                            <tr>
+                                                <th scope="col">#</th>
+                                                <th scope="col">用户名</th>
+                                                <th scope="col">邮箱</th>
+                                                <th scope="col">用户组</th>
+                                                <th scope="col">最近登录IP</th>
+                                                <th scope="col">注册IP</th>
+                                                <th scope="col">注册时间</th>
+                                                <th scope="col">操作</th>
+                                            </tr>
+                                            </thead>
+                                            <tbody>
+                                            <tr v-for="(i,index) in users">
+                                                <td scope="row">{{ i.id }}</td>
+                                                <td>{{ i.name }}</td>
+                                                <td>{{ i.mail }}</td>
+                                                <td>{{ i.role===1?"超级管理员" :"" }}{{ i.role===0?"普通用户" :"" }}{{
+                                                    i.role===-1?"已封禁" :"" }}
+                                                </td>
+                                                <td>{{ i.recip }}</td>
+                                                <td>{{ i.regip }}</td>
+
+                                                <td>{{ i.date }}</td>
+                                                <td>
+                                                    <div class="btn-group" role="group" :aria-label="i.name">
+                                                        <button type="button" @click="resetPassword(i.id)"
+                                                                class="btn btn-primary">密码重置
+                                                        </button>
+                                                        <button v-show="i.role!==-1" type="button"
+                                                                @click="banUser(i.id,index)"
+                                                                class="btn btn-warning">用户禁用
+                                                        </button>
+                                                        <button v-show="i.role===-1" type="button"
+                                                                @click="unBanUser(i.id,index)"
+                                                                class="btn btn-success">用户启用
+                                                        </button>
+
+                                                        <button data-toggle="tooltip" data-placement="top"
+                                                                title="你确定要删除吗,这是不可逆的！" type="button"
+                                                                @click="removeUser(i.id,index)"
+                                                                class="btn btn-danger btn-secondary">用户删除
+                                                        </button>
+                                                    </div>
+                                                </td>
+                                            </tr>
+                                            </tbody>
+
+                                        </table>
+
+                                    </div>
+                                </div>
+                            </div>
+                            <div class="card-footer">
+                                <div class="fa-pull-right ">共{{ Math.ceil(total/pagesize) }}页,{{ total }}个用户</div>
+                                <nav class="fa-pull-left">
+                                    <ul class="pagination">
+                                        <li class="page-item" :class="{'disabled':page===1}">
+                                            <div class="page-link" @click="prePage">上一页</div>
+                                        </li>
+                                        <li v-for="i in Math.ceil(total/pagesize)" :class="{ 'active':i===page }"
+                                            class="page-item">
+                                            <div @click="change(i)" class="page-link">{{ i }}</div>
+                                        </li>
+                                        <li class="page-item" :class="{'disabled':page===Math.ceil(total/pagesize)}">
+                                            <div class="page-link" @click="nextPage">下一页</div>
+                                        </li>
+                                    </ul>
+                                </nav>
+                            </div>
+                        </div>
+                    </div>
+
+                </div>
+                {% endverbatim %}
+            </div>
+        </div>
+        <footer class="bg-white sticky-footer">
+            <div class="container my-auto">
+                <div class="text-center my-auto copyright"><span>Super-Coffee © 2020</span></div>
+            </div>
+        </footer>
+    </div>
+    <a class="border rounded d-inline scroll-to-top" href="#page-top"><i class="fas fa-angle-up"></i></a></div>
+<script src="/static/assets/js/jquery.min.js"></script>
+<script src="https://cdn.jsdelivr.net/npm/axios/dist/axios.min.js"></script>
+<script src="https://cdn.jsdelivr.net/npm/vue/dist/vue.js"></script>
+<script src="/static/js/vue-clipboard.min.js"></script>
+<script src="/static/assets/bootstrap/js/bootstrap.min.js"></script>
+<script src="/static/assets/js/theme.js"></script>
+<script src="/static/js/toastr.min.js"></script>
+<script>
+    toastr.options = {
+        "closeButton": true,
+        "debug": false,
+        "newestOnTop": false,
+        "progressBar": true,
+        "positionClass": "toast-top-center",
+        "preventDuplicates": false,
+        "onclick": null,
+        "showDuration": "300",
+        "hideDuration": "1000",
+        "timeOut": "5000",
+        "extendedTimeOut": "1000",
+        "showEasing": "swing",
+        "hideEasing": "linear",
+        "showMethod": "fadeIn",
+        "hideMethod": "fadeOut"
+    }
+</script>
+
+<script>
+    var app = new Vue({
+        el: "#app",
+        data: {
+            notice: '{{ notice|safe }}',
+            users: [],
+            total: 0,
+            page: 1,
+            pagesize: 7
+        },
+        methods: {
+            banUser: function (id, index) {
+                let that = this;
+                let data = new FormData();
+                data.append("id", id);
+                axios({
+                    url: "/admin/cf/ban",
+                    method: "post",
+                    data: data,
+                    headers: {"X-Csrf-Token": "{{ key }}"},
+                }).then(function (req) {
+                    if (req.data.status === true) {
+                        toastr.success(req.data.data);
+                        that.users[index].role = -1;
+                    } else {
+                        toastr.error(req.data.data);
+                    }
+                })
+            },
+            unBanUser: function (id, index) {
+                let that = this;
+                let data = new FormData();
+                data.append("id", id);
+                axios({
+                    url: "/admin/cf/unban",
+                    method: "post",
+                    data: data,
+                    headers: {"X-Csrf-Token": "{{ key }}"},
+                }).then(function (req) {
+                    if (req.data.status === true) {
+                        toastr.success(req.data.data);
+                        that.users[index].role = 0;
+                    } else {
+                        toastr.error(req.data.data);
+                    }
+                })
+            },
+            removeUser: function (id, index) {
+                let data = new FormData();
+                data.append("id", id);
+                axios({
+                    url: "/admin/cf/remove",
+                    method: "post",
+                    data: data,
+                    headers: {"X-Csrf-Token": "{{ key }}"},
+                }).then(function (req) {
+                    if (req.data.status === true) {
+                        app.users.splice(index,1);
+                        app.total -=1;
+                        toastr.success(req.data.data);
+                    } else {
+                        toastr.error(req.data.data);
+                    }
+                })
+            },
+            resetPassword: function (id) {
+                let data = new FormData();
+                data.append("id", id);
+                let that = this;
+                axios({
+                    url: "/admin/cf/reset",
+                    method: "post",
+                    data: data,
+                    headers: {"X-Csrf-Token": "{{ key }}"},
+                }).then(function (req) {
+                    if (req.data.status === true) {
+                        toastr.success("密码重置成功,新密码已尝试放入你的剪切板,新密码为" + req.data.data);
+                        that.$copyText(req.data.data).then(function (e) {
+                            toastr.success("复制剪切板成功");
+                        }, function (e) {
+                            toastr.error("复制剪切板失败" + e);
+                        })
+                    } else {
+                        toastr.error(req.data.data);
+                    }
+                })
+            },
+            upSet: function () {
+                let data = new FormData();
+                data.append("notice", this.notice)
+                axios({
+                    url: "/admin/cf/upset",
+                    method: "post",
+                    data: data,
+                    headers: {"X-Csrf-Token": "{{ key }}"}
+                }).then(function (req) {
+                    if (req.data.status === true) {
+                        toastr.success("修改成功");
+                    } else {
+                        toastr.error(req.data.data);
+                    }
+                })
+            },
+            nextPage: function () {
+                this.page += 1;
+                axios({
+                    url: "/admin/cf/users/1/" + this.page + "/" + this.pagesize,
+                    method: "get",
+                }).then(function (req) {
+                    if (req.data.status === true) {
+                        app.users = req.data.data;
+                    } else {
+                        toastr.error(req.data.data);
+                    }
+                })
+
+            },
+            prePage: function () {
+                this.page -= 1;
+                axios({
+                    url: "/admin/cf/users/1/" + this.page + "/" + this.pagesize,
+                    method: "get",
+                }).then(function (req) {
+                    if (req.data.status === true) {
+                        app.users = req.data.data;
+                    } else {
+                        toastr.error(req.data.data);
+                    }
+                })
+            },
+            change: function (i) {
+                this.page = i;
+                axios({
+                    url: "/admin/cf/users/1/" + this.page + "/" + this.pagesize,
+                    method: "get",
+                }).then(function (req) {
+                    if (req.data.status === true) {
+                        app.users = req.data.data;
+                    } else {
+                        toastr.error(req.data.data);
+                    }
+                })
+            }
+        },
+    })
+    axios({
+        url: "/admin/cf/users/0/0/0",
+        method: "get",
+    }).then(function (req) {
+        if (req.data.status === true) {
+            app.total = req.data.data;
+        } else {
+            toastr.error(req.data.data);
+        }
+    })
+    axios({
+        url: "/admin/cf/users/1/1/" + app.pagesize,
+        method: "get",
+    }).then(function (req) {
+        if (req.data.status === true) {
+            app.users = req.data.data;
+        } else {
+            toastr.error(req.data.data);
+        }
+    })
+</script>
+</body>
+
+</html>
\ No newline at end of file
diff --git a/templates/home.html b/templates/home.html
index eda01eb..d7f64ff 100644
--- a/templates/home.html
+++ b/templates/home.html
@@ -26,8 +26,13 @@
                                 class="fas fa-tachometer-alt"></i><span>首页</span></a></li>
                 <li class="nav-item" role="presentation"><a class="nav-link" href="/admin/user"><i
                                 class="fas fa-user-alt"></i><span>个人信息</span></a></li>
+                {% if role == 1 %}
+                <li class="nav-item" role="presentation"><a class="nav-link" href="/admin/cf"><i
+                                class="fas fa-coffee"></i><span>后台管理</span></a></li>
+                {% endif %}
                 <li class="nav-item" role="presentation"><a class="nav-link" href="/admin/logout"><i
                                 class="fas fa-sign-out-alt"></i><span>登出</span></a></li>
+
             </ul>
             <div class="text-center d-none d-md-inline">
                 <button class="btn rounded-circle border-0" id="sidebarToggle" type="button"></button>
@@ -116,7 +121,7 @@ <h3 class="text-dark mb-4">你好{{ name }}</h3>
                                             <li class="list-group-item">
                                                 <div class="row align-items-center no-gutters">
                                                     <div class="col mr-2">
-                                                        <h6 class="mb-0"><strong><a href="#" class="alert-link" onclick="getkey({{ i.Id }});return false;">{{ i.Info }}</a></strong></h6><span class="text-xs">{{ i.Date }}</span>
+                                                        <h6 class="mb-0"><strong><a href="#" class="alert-link" onclick="getkey({{ i.Id }});return false;">{{ i.Description }}</a></strong></h6><span class="text-xs">{{ i.Date }}</span>
                                                     </div>
                                                     <div class="col-auto">
                                                         <a class="btn btn-danger btn-sm d-none d-sm-inline-block"
diff --git a/templates/user.html b/templates/user.html
index 4e95edf..f841792 100644
--- a/templates/user.html
+++ b/templates/user.html
@@ -26,6 +26,10 @@
                                 class="fas fa-tachometer-alt"></i><span>首页</span></a></li>
                 <li class="nav-item" role="presentation"><a class="nav-link" href="/admin/user"><i
                                 class="fas fa-user-alt"></i><span>个人信息</span></a></li>
+                {% if role == 1 %}
+                <li class="nav-item" role="presentation"><a class="nav-link" href="/admin/cf"><i
+                                class="fas fa-coffee"></i><span>后台管理</span></a></li>
+                {% endif %}
                 <li class="nav-item" role="presentation"><a class="nav-link" href="/admin/logout"><i
                                 class="fas fa-sign-out-alt"></i><span>登出</span></a></li>
             </ul>
@@ -140,7 +144,7 @@ <h3 class="text-dark mb-4">你好{{ name }}</h3>
             data: $('#edit').serialize(),
             headers: {"X-Csrf-Token": "{{ key }}"},
             success: function (result) {
-                if (result.status == false) {
+                if (result.status === false) {
                     document.getElementById("btn_edit").disabled=false;
                     toastr.error("修改错误: " + result.data);
                 } else {