feat(api/web): 实现API请求签名验证功能并优化测试环境配置

refactor(db): 重构查询条件类到query目录下

test: 添加登录流程测试脚本和测试数据

chore: 添加crypto-js依赖用于签名验证

ci: 配置测试环境数据库和端口设置

test-signature.js

@@ -0,0 +1,49 @@
+const CryptoJS = require('crypto-js')
+
+const SIGNATURE_SECRET = 'NovalonManageSystemSecretKey2026'
+
+function generateSignature(method, path, query = '', body = '', timestamp, nonce) {
+  const stringToSign = [
+    method,
+    path,
+    query || '',
+    body || '',
+    timestamp.toString(),
+    nonce
+  ].join('\n')
+  
+  console.log('String to sign:', stringToSign)
+  
+  const signature = CryptoJS.HmacSHA256(stringToSign, SIGNATURE_SECRET)
+  const signatureBase64 = CryptoJS.enc.Base64.stringify(signature)
+  
+  return signatureBase64
+}
+
+function generateNonce() {
+  const timestamp = Date.now().toString(36)
+  const randomPart = Math.random().toString(36).substring(2, 15)
+  return `${timestamp}-${randomPart}`
+}
+
+const timestamp = Date.now()
+const nonce = generateNonce()
+const method = 'POST'
+const path = '/api/auth/login'
+const query = ''
+const body = JSON.stringify({ username: 'admin', password: 'admin123' })
+
+const signature = generateSignature(method, path, query, body, timestamp, nonce)
+
+console.log('\nGenerated Signature Headers:')
+console.log('X-Signature:', signature)
+console.log('X-Timestamp:', timestamp)
+console.log('X-Nonce:', nonce)
+
+console.log('\ncurl command:')
+console.log(`curl -X POST http://localhost:8080/api/auth/login \\
+  -H "Content-Type: application/json" \\
+  -H "X-Signature: ${signature}" \\
+  -H "X-Timestamp: ${timestamp}" \\
+  -H "X-Nonce: ${nonce}" \\
+  -d '${body}'`)