auth: switch user login to session token and decouple tenant access

web/index.html

@@ -287,7 +287,8 @@ createApp({
     const keyForm = ref({ scope:'all', ttl:0 });
     const userForm = ref({ role:'operator', email:'', password:'' });
 
-    const isAdmin = computed(() => role.value === 'admin' && localStorage.getItem('t') === localStorage.getItem('master_t'));
+    const tokenType = ref('');
+    const isAdmin = computed(() => role.value === 'admin' && tokenType.value !== 'session');
     const filteredTabs = computed(() => isAdmin.value ? tabs : tabs.filter(t => !['tenants','apikeys','users','enroll'].includes(t.id)));
     const filteredNodes = computed(() => {
       const k = (nodeKeyword.value || '').trim().toLowerCase();
@@ -340,6 +341,7 @@ createApp({
         localStorage.setItem('t', d.token || '');
         role.value = d.role || '';
         status.value = d.status ?? 1;
+        tokenType.value = d.token_type || (localStorage.getItem('t') === localStorage.getItem('master_t') ? 'master' : 'apikey');
         if (status.value !== 1) throw new Error('账号已停用');
         loggedIn.value = true;
         await refreshAll();
@@ -356,6 +358,7 @@ createApp({
       localStorage.removeItem('master_t');
       loggedIn.value = false;
       role.value = '';
+      tokenType.value = '';
       stopTimer();
     };
 
@@ -537,7 +540,7 @@ createApp({
     });
 
     return {
-      buildVersion, tab, filteredTabs, loggedIn, busy, msg, msgType, role, status,
+      buildVersion, tab, filteredTabs, loggedIn, busy, msg, msgType, role, status, tokenType,
       loginTenant, loginUser, loginPass, loginToken, loginErr, refreshSec,
       health, stats, nodes, nodeKeyword, filteredNodes, sd, connectForm,
       tenants, activeTenant, keys, users, enrolls, tenantForm, keyForm, userForm,