fix: add local dev env vars and fix DB password format

- start.sh: add placeholder env vars (ALIPAY_PUB, BAIDU_SMS_*) for local dev
- conf/config.json: fix DB password to AES-encoded format

conf/config.json

@@ -44,7 +44,7 @@
 			"kwargs":{
 				"user":"test",
 				"db":"sage",
-				"password":"SS+C1MDMJrslBwGzYIv3nQ==",
+			"password": "xGatnL1idCnFRCe4FaIWRQ==",
 				"charset": "utf8mb4",
 				"host":"db"
 			}

start.sh

@@ -11,6 +11,14 @@ set -e
 # 切换到脚本所在目录
 cd "$(dirname "$0")"
 
+# 本地开发环境变量（占位值，生产环境由系统配置）
+export ALIPAY_PUB="$(pwd)/alipay_pub.pem"
+export ALIPAY_PRIV="$(pwd)/alipay_priv.pem"
+export BAIDU_SMS_ACCESS_KEY="dev-placeholder"
+export BAIDU_SMS_ACCESS_KEY_SECRET="dev-placeholder"
+export BAIDU_SMS_HOST="smsv3.bj.baidubce.com"
+export BAIDU_SMS_SIGNATURE_ID="dev-placeholder"
+
 # 配置
 WORKDIR="$(pwd)"
 PYTHON="./py3/bin/python"

wwwroot/menu.ui

@@ -108,6 +108,22 @@
 				"name": "permission",
 				"label": "权限管理",
 				"url": "{{entire_url('rbac/permission')}}"
+			},
+			{
+				"name": "rbac_tools",
+				"label": "RBAC工具",
+				"items":[
+					{
+						"name": "list_path_roles",
+						"label": "查询路径权限角色",
+						"url": "{{entire_url('rbac/list_path_roles.ui')}}"
+					},
+					{
+						"name": "find_unauth_files",
+						"label": "扫描未授权文件",
+						"url": "{{entire_url('rbac/find_unauth_files.dspy')}}"
+					}
+				]
 			}
 {% endif %}
 {% if 'reseller.operator' in roles or 'customer.operator' in roles or 'owner.operator' in roles %}