feat(login): Add verification code login functionality

- Add verification code login endpoint to support passwordless authentication via email or phone
- Add send login verification code endpoint to initiate verification code delivery
- Implement verificationCodeLogin method in LoginService to handle verification code authentication
- Implement sendLoginVerificationCode method in LoginService to send verification codes to users
- Add VerificationCodeLoginRequest and related DTOs to support new login flow
- Add VerificationCodeLoginDto and SendLoginVerificationCodeDto for API request validation
- Implement verificationCodeLogin and sendLoginVerificationCode in LoginCoreService
- Add comprehensive Swagger documentation for new endpoints with proper status codes and responses
- Support test mode for verification code delivery with 206 Partial Content status
- Fix UsersService dependency injection in test specifications to use string token
- Enhance authentication options by providing passwordless login alternative to traditional password-based authentication

src/business/login/login.controller.ts

@@ -23,7 +23,7 @@ import { Controller, Post, Put, Body, HttpCode, HttpStatus, ValidationPipe, UseP
 import { ApiTags, ApiOperation, ApiResponse as SwaggerApiResponse, ApiBody } from '@nestjs/swagger';
 import { Response } from 'express';
 import { LoginService, ApiResponse, LoginResponse } from './login.service';
-import { LoginDto, RegisterDto, GitHubOAuthDto, ForgotPasswordDto, ResetPasswordDto, ChangePasswordDto, EmailVerificationDto, SendEmailVerificationDto } from '../../dto/login.dto';
+import { LoginDto, RegisterDto, GitHubOAuthDto, ForgotPasswordDto, ResetPasswordDto, ChangePasswordDto, EmailVerificationDto, SendEmailVerificationDto, VerificationCodeLoginDto, SendLoginVerificationCodeDto } from '../../dto/login.dto';
 import { 
   LoginResponseDto, 
   RegisterResponseDto, 
@@ -398,6 +398,96 @@ export class LoginController {
     }
   }
 
+  /**
+   * 验证码登录
+   * 
+   * @param verificationCodeLoginDto 验证码登录数据
+   * @returns 登录结果
+   */
+  @ApiOperation({ 
+    summary: '验证码登录', 
+    description: '使用邮箱或手机号和验证码进行登录，无需密码' 
+  })
+  @ApiBody({ type: VerificationCodeLoginDto })
+  @SwaggerApiResponse({ 
+    status: 200, 
+    description: '验证码登录成功', 
+    type: LoginResponseDto 
+  })
+  @SwaggerApiResponse({ 
+    status: 400, 
+    description: '请求参数错误' 
+  })
+  @SwaggerApiResponse({ 
+    status: 401, 
+    description: '验证码错误或已过期' 
+  })
+  @SwaggerApiResponse({ 
+    status: 404, 
+    description: '用户不存在' 
+  })
+  @Post('verification-code-login')
+  @HttpCode(HttpStatus.OK)
+  @UsePipes(new ValidationPipe({ transform: true }))
+  async verificationCodeLogin(@Body() verificationCodeLoginDto: VerificationCodeLoginDto): Promise<ApiResponse<LoginResponse>> {
+    return await this.loginService.verificationCodeLogin({
+      identifier: verificationCodeLoginDto.identifier,
+      verificationCode: verificationCodeLoginDto.verification_code
+    });
+  }
+
+  /**
+   * 发送登录验证码
+   * 
+   * @param sendLoginVerificationCodeDto 发送验证码数据
+   * @param res Express响应对象
+   * @returns 发送结果
+   */
+  @ApiOperation({ 
+    summary: '发送登录验证码', 
+    description: '向用户邮箱或手机发送登录验证码' 
+  })
+  @ApiBody({ type: SendLoginVerificationCodeDto })
+  @SwaggerApiResponse({ 
+    status: 200, 
+    description: '验证码发送成功', 
+    type: ForgotPasswordResponseDto 
+  })
+  @SwaggerApiResponse({ 
+    status: 206, 
+    description: '测试模式：验证码已生成但未真实发送', 
+    type: ForgotPasswordResponseDto 
+  })
+  @SwaggerApiResponse({ 
+    status: 400, 
+    description: '请求参数错误' 
+  })
+  @SwaggerApiResponse({ 
+    status: 404, 
+    description: '用户不存在' 
+  })
+  @SwaggerApiResponse({ 
+    status: 429, 
+    description: '发送频率过高' 
+  })
+  @Post('send-login-verification-code')
+  @UsePipes(new ValidationPipe({ transform: true }))
+  async sendLoginVerificationCode(
+    @Body() sendLoginVerificationCodeDto: SendLoginVerificationCodeDto,
+    @Res() res: Response
+  ): Promise<void> {
+    const result = await this.loginService.sendLoginVerificationCode(sendLoginVerificationCodeDto.identifier);
+    
+    // 根据结果设置不同的状态码
+    if (result.success) {
+      res.status(HttpStatus.OK).json(result);
+    } else if (result.error_code === 'TEST_MODE_ONLY') {
+      res.status(HttpStatus.PARTIAL_CONTENT).json(result); // 206 Partial Content
+    } else {
+      res.status(HttpStatus.BAD_REQUEST).json(result);
+    }
+  }
+
   /**
    * 调试验证码信息
    * 仅用于开发和调试

src/business/login/login.service.ts

@@ -17,7 +17,7 @@
  */
 
 import { Injectable, Logger } from '@nestjs/common';
-import { LoginCoreService, LoginRequest, RegisterRequest, GitHubOAuthRequest, PasswordResetRequest, AuthResult } from '../../core/login_core/login_core.service';
+import { LoginCoreService, LoginRequest, RegisterRequest, GitHubOAuthRequest, PasswordResetRequest, AuthResult, VerificationCodeLoginRequest } from '../../core/login_core/login_core.service';
 import { Users } from '../../core/db/users/users.entity';
 
 /**
@@ -475,6 +475,96 @@ export class LoginService {
     // 简单的Base64编码（实际应用中应使用JWT）
     return Buffer.from(JSON.stringify(payload)).toString('base64');
   }
+  /**
+   * 验证码登录
+   * 
+   * @param loginRequest 验证码登录请求
+   * @returns 登录响应
+   */
+  async verificationCodeLogin(loginRequest: VerificationCodeLoginRequest): Promise<ApiResponse<LoginResponse>> {
+    try {
+      this.logger.log(`验证码登录尝试: ${loginRequest.identifier}`);
+
+      // 调用核心服务进行验证码认证
+      const authResult = await this.loginCoreService.verificationCodeLogin(loginRequest);
+
+      // 生成访问令牌
+      const accessToken = this.generateAccessToken(authResult.user);
+
+      // 格式化响应数据
+      const response: LoginResponse = {
+        user: this.formatUserInfo(authResult.user),
+        access_token: accessToken,
+        is_new_user: authResult.isNewUser,
+        message: '验证码登录成功'
+      };
+
+      this.logger.log(`验证码登录成功: ${authResult.user.username} (ID: ${authResult.user.id})`);
+
+      return {
+        success: true,
+        data: response,
+        message: '验证码登录成功'
+      };
+    } catch (error) {
+      this.logger.error(`验证码登录失败: ${loginRequest.identifier}`, error instanceof Error ? error.stack : String(error));
+      
+      return {
+        success: false,
+        message: error instanceof Error ? error.message : '验证码登录失败',
+        error_code: 'VERIFICATION_CODE_LOGIN_FAILED'
+      };
+    }
+  }
+
+  /**
+   * 发送登录验证码
+   * 
+   * @param identifier 邮箱或手机号
+   * @returns 响应结果
+   */
+  async sendLoginVerificationCode(identifier: string): Promise<ApiResponse<{ verification_code?: string; is_test_mode?: boolean }>> {
+    try {
+      this.logger.log(`发送登录验证码: ${identifier}`);
+
+      // 调用核心服务发送验证码
+      const result = await this.loginCoreService.sendLoginVerificationCode(identifier);
+
+      this.logger.log(`登录验证码已发送: ${identifier}`);
+
+      // 根据是否为测试模式返回不同的状态和消息
+      if (result.isTestMode) {
+        // 测试模式：验证码生成但未真实发送
+        return {
+          success: false, // 测试模式下不算真正成功
+          data: { 
+            verification_code: result.code,
+            is_test_mode: true
+          },
+          message: '⚠️ 测试模式：验证码已生成但未真实发送。请在控制台查看验证码，或配置邮件服务以启用真实发送。',
+          error_code: 'TEST_MODE_ONLY'
+        };
+      } else {
+        // 真实发送模式
+        return {
+          success: true,
+          data: { 
+            is_test_mode: false
+          },
+          message: '验证码已发送，请查收'
+        };
+      }
+    } catch (error) {
+      this.logger.error(`发送登录验证码失败: ${identifier}`, error instanceof Error ? error.stack : String(error));
+      
+      return {
+        success: false,
+        message: error instanceof Error ? error.message : '发送验证码失败',
+        error_code: 'SEND_LOGIN_CODE_FAILED'
+      };
+    }
+  }
+
   /**
    * 调试验证码信息
    *