移除 backend .env，暂时关闭 JWT，改为一次性登录

web/backend/internal/handlers/auth.go

@@ -54,13 +54,9 @@ func (d *Deps) Login(w http.ResponseWriter, r *http.Request) {
 		writeErr(w, http.StatusUnauthorized, "用户名或密码错误")
 		return
 	}
-	token, _, err := d.JWT.Issue(u.ID, u.Username, u.Role)
-	if err != nil {
-		writeErr(w, http.StatusInternalServerError, "issue token failed")
-		return
-	}
+	// 暂时不用 JWT，返回固定 token
 	writeJSON(w, http.StatusOK, loginResp{
-		Token: token,
+		Token: "noop",
 		User: publicUserView{
 			ID:                  u.ID,
 			Username:            u.Username,

web/backend/internal/handlers/deps.go

@@ -5,16 +5,14 @@ import (
 	"log"
 	"net/http"
 
-	"trade/web/internal/auth"
 	"trade/web/internal/store"
 )
 
 // Deps 是所有 handler 需要的运行时依赖,在 router 装配时一次性注入。
 type Deps struct {
-	Auth        *store.AuthStore
-	Futures     *store.FuturesStore
-	JWT         *auth.Manager
-	TushareURL  string
+	Auth       *store.AuthStore
+	Futures    *store.FuturesStore
+	TushareURL string
 }
 
 func writeJSON(w http.ResponseWriter, status int, body any) {