feat(admin,player,api): 玩家账号密码管理与代理上下分

新增玩家头像、可查密码与全局改密/改账号开关；玩家资料页合并账号密码展示；代理直属玩家列表支持自定义上下分。

Co-authored-by: Cursor <cursoragent@cursor.com>

apps/api/src/domains/identity/auth.service.ts

@@ -3,6 +3,7 @@ import { JwtService } from '@nestjs/jwt';
 import { ConfigService } from '@nestjs/config';
 import * as bcrypt from 'bcryptjs';
 import { PrismaService } from '../../shared/prisma/prisma.service';
+import { SystemConfigService } from '../../shared/config/system-config.service';
 
 const MAX_LOGIN_FAILS = 5;
 const LOCK_DURATION_MS = 15 * 60 * 1000;
@@ -20,6 +21,7 @@ export class AuthService {
     private prisma: PrismaService,
     private jwt: JwtService,
     private config: ConfigService,
+    private systemConfig: SystemConfigService,
   ) {}
 
   /** 平台管理员 / 代理统一登录（按 userType 签发对应 JWT） */
@@ -107,6 +109,11 @@ export class AuthService {
     const auth = await this.prisma.userAuth.findUnique({ where: { userId } });
     if (!auth) throw new UnauthorizedException('User not found');
 
+    const settings = await this.systemConfig.getPlayerAccountSettings();
+    if (!settings.allowPasswordChange) {
+      throw new ForbiddenException('当前平台未开放玩家自行修改密码');
+    }
+
     const valid = await bcrypt.compare(oldPassword, auth.passwordHash);
     if (!valid) throw new UnauthorizedException('Invalid old password');
 
@@ -115,6 +122,10 @@ export class AuthService {
       where: { userId },
       data: { passwordHash: hash },
     });
+    await this.prisma.userPreference.updateMany({
+      where: { userId },
+      data: { managedPassword: null },
+    });
     return { success: true };
   }