feat: 用户名密码登录注册系统

- 新增 /api/auth/register 和 /api/auth/login 接口，使用 bcryptjs 哈希密码
- User 模型改为 username + passwordHash，id 自动生成 cuid
- 新增 AuthModal 组件（登录/注册双标签页），替换旧的 ProfileSetupModal
- 重写 /profile 页面：支持修改用户名、密码、头像、绑定邮箱、退出登录
- /api/user PUT 支持密码修改（需验证当前密码）和用户名唯一性校验
- 游客模式保留，右上角显示"登录"按钮；登录后显示头像和用户名
- 全局 nickname -> username 重命名（types、SwipeDeck、RoomManageModal、buildRoomStatus）
- 新增 logout() 清除登录态并重新生成游客 UUID

src/app/api/user/route.ts

@@ -0,0 +1,96 @@
+import { NextRequest, NextResponse } from "next/server";
+import { prisma } from "@/lib/prisma";
+import bcrypt from "bcryptjs";
+
+export async function GET(req: NextRequest) {
+  const userId = req.nextUrl.searchParams.get("id");
+  if (!userId) {
+    return NextResponse.json(null);
+  }
+
+  const user = await prisma.user.findUnique({ where: { id: userId } });
+  if (!user) {
+    return NextResponse.json(null);
+  }
+
+  return NextResponse.json({
+    id: user.id,
+    username: user.username,
+    avatar: user.avatar,
+    email: user.email,
+    preferences: JSON.parse(user.preferences),
+    createdAt: user.createdAt.toISOString(),
+  });
+}
+
+export async function PUT(req: NextRequest) {
+  const body = await req.json();
+  const { userId } = body;
+
+  if (!userId) {
+    return NextResponse.json({ error: "缺少用户 ID" }, { status: 400 });
+  }
+
+  const existing = await prisma.user.findUnique({ where: { id: userId } });
+  if (!existing) {
+    return NextResponse.json({ error: "用户不存在" }, { status: 404 });
+  }
+
+  const updateData: Record<string, unknown> = {};
+
+  if (body.username !== undefined) {
+    const trimmed = body.username.trim();
+    if (trimmed.length < 2 || trimmed.length > 16) {
+      return NextResponse.json({ error: "用户名需要 2-16 个字符" }, { status: 400 });
+    }
+    if (trimmed !== existing.username) {
+      const taken = await prisma.user.findUnique({ where: { username: trimmed } });
+      if (taken) {
+        return NextResponse.json({ error: "用户名已被占用" }, { status: 409 });
+      }
+    }
+    updateData.username = trimmed;
+  }
+
+  if (body.newPassword !== undefined) {
+    if (!body.currentPassword) {
+      return NextResponse.json({ error: "请输入当前密码" }, { status: 400 });
+    }
+    const valid = await bcrypt.compare(body.currentPassword, existing.passwordHash);
+    if (!valid) {
+      return NextResponse.json({ error: "当前密码错误" }, { status: 403 });
+    }
+    if (body.newPassword.length < 6) {
+      return NextResponse.json({ error: "新密码至少 6 个字符" }, { status: 400 });
+    }
+    updateData.passwordHash = await bcrypt.hash(body.newPassword, 10);
+  }
+
+  if (body.avatar !== undefined) {
+    updateData.avatar = body.avatar;
+  }
+
+  if (body.email !== undefined) {
+    if (body.email && !/^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(body.email)) {
+      return NextResponse.json({ error: "邮箱格式不正确" }, { status: 400 });
+    }
+    updateData.email = body.email || null;
+  }
+
+  if (body.preferences !== undefined) {
+    updateData.preferences = JSON.stringify(body.preferences);
+  }
+
+  const user = await prisma.user.update({
+    where: { id: userId },
+    data: updateData,
+  });
+
+  return NextResponse.json({
+    id: user.id,
+    username: user.username,
+    avatar: user.avatar,
+    email: user.email,
+    preferences: JSON.parse(user.preferences),
+  });
+}