🚫 feat(web): add 403 Forbidden page and AdminRoute guard

- Add new Forbidden page at /forbidden (`web/src/pages/Forbidden/index.js`)
  - Use Semi-UI Empty with IllustrationNoAccess (250x250)
  - Update i18n description to: '您无权访问此页面，请联系管理员~'
  - Align visual style with existing 404 page
- Introduce `AdminRoute` in `web/src/helpers/auth.js`
  - Use `UserContext`/localStorage; redirect to `/forbidden` when `!user` or `user.role < 10`
- Protect console/admin routes with `AdminRoute` and register `/forbidden` in `web/src/App.js`
- Update `web/src/i18n/locales/en.json`
  - Add English translation for the new forbidden message
  - Remove legacy "没有权限" entry
- Lint passes; no runtime errors observed

web/src/App.js

@@ -21,10 +21,11 @@ import React, { lazy, Suspense } from 'react';
 import { Route, Routes, useLocation } from 'react-router-dom';
 import Loading from './components/common/ui/Loading.js';
 import User from './pages/User';
-import { AuthRedirect, PrivateRoute } from './helpers';
+import { AuthRedirect, PrivateRoute, AdminRoute } from './helpers';
 import RegisterForm from './components/auth/RegisterForm.js';
 import LoginForm from './components/auth/LoginForm.js';
 import NotFound from './pages/NotFound';
+import Forbidden from './pages/Forbidden';
 import Setting from './pages/Setting';
 
 import PasswordResetForm from './components/auth/PasswordResetForm.js';
@@ -72,20 +73,24 @@ function App() {
             </Suspense>
           }
         />
+        <Route
+          path='/forbidden'
+          element={<Forbidden />}
+        />
         <Route
           path='/console/models'
           element={
-            <PrivateRoute>
+            <AdminRoute>
               <ModelPage />
-            </PrivateRoute>
+            </AdminRoute>
           }
         />
         <Route
           path='/console/channel'
           element={
-            <PrivateRoute>
+            <AdminRoute>
               <Channel />
-            </PrivateRoute>
+            </AdminRoute>
           }
         />
         <Route
@@ -107,17 +112,17 @@ function App() {
         <Route
           path='/console/redemption'
           element={
-            <PrivateRoute>
+            <AdminRoute>
               <Redemption />
-            </PrivateRoute>
+            </AdminRoute>
           }
         />
         <Route
           path='/console/user'
           element={
-            <PrivateRoute>
+            <AdminRoute>
               <User />
-            </PrivateRoute>
+            </AdminRoute>
           }
         />
         <Route
@@ -183,11 +188,11 @@ function App() {
         <Route
           path='/console/setting'
           element={
-            <PrivateRoute>
+            <AdminRoute>
               <Suspense fallback={<Loading></Loading>} key={location.pathname}>
                 <Setting />
               </Suspense>
-            </PrivateRoute>
+            </AdminRoute>
           }
         />
         <Route

web/src/helpers/auth.js

@@ -49,4 +49,20 @@ function PrivateRoute({ children }) {
   return children;
 }
 
+export function AdminRoute({ children }) {
+  const raw = localStorage.getItem('user');
+  if (!raw) {
+    return <Navigate to='/login' state={{ from: history.location }} />;
+  }
+  try {
+    const user = JSON.parse(raw);
+    if (user && typeof user.role === 'number' && user.role >= 10) {
+      return children;
+    }
+  } catch (e) {
+    // ignore
+  }
+  return <Navigate to='/forbidden' replace />;
+}
+
 export { PrivateRoute };

web/src/i18n/locales/en.json

@@ -1459,6 +1459,7 @@
   "设计与开发由": "Designed & Developed with love by",
   "演示站点": "Demo Site",
   "页面未找到，请检查您的浏览器地址是否正确": "Page not found, please check if your browser address is correct",
+  "您无权访问此页面，请联系管理员": "You do not have permission to access this page. Please contact the administrator.",
   "New API项目仓库地址：": "New API project repository address: ",
   "© {{currentYear}}": "© {{currentYear}}",
   "| 基于": " | Based on ",

web/src/pages/Forbidden/index.js

@@ -0,0 +1,40 @@
+/*
+Copyright (C) 2025 QuantumNous
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU Affero General Public License as
+published by the Free Software Foundation, either version 3 of the
+License, or (at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU Affero General Public License for more details.
+
+You should have received a copy of the GNU Affero General Public License
+along with this program. If not, see <https://www.gnu.org/licenses/>.
+
+For commercial licensing, please contact [email protected]
+*/
+
+import React from 'react';
+import { Empty } from '@douyinfe/semi-ui';
+import { IllustrationNoAccess, IllustrationNoAccessDark } from '@douyinfe/semi-illustrations';
+import { useTranslation } from 'react-i18next';
+
+const Forbidden = () => {
+  const { t } = useTranslation();
+  return (
+    <div className="flex justify-center items-center h-screen p-8">
+      <Empty
+        image={<IllustrationNoAccess style={{ width: 250, height: 250 }} />}
+        darkModeImage={<IllustrationNoAccessDark style={{ width: 250, height: 250 }} />}
+        description={t('您无权访问此页面，请联系管理员')}
+      />
+    </div>
+  );
+};
+
+export default Forbidden;
+
+

web/src/pages/NotFound/index.js

@@ -25,7 +25,7 @@ import { useTranslation } from 'react-i18next';
 const NotFound = () => {
   const { t } = useTranslation();
   return (
-    <div className="flex justify-center items-center h-screen p-8 mt-[60px]">
+    <div className="flex justify-center items-center h-screen p-8">
       <Empty
         image={<IllustrationNotFound style={{ width: 250, height: 250 }} />}
         darkModeImage={<IllustrationNotFoundDark style={{ width: 250, height: 250 }} />}