refactor(api): 统一前端API调用使用apiFetch并优化错误处理

refactor: 替换直接fetch调用为apiFetch以统一处理错误和响应
fix(server): 改进QR码验证的错误消息和密码哈希处理

backend/server.js

@@ -95,11 +95,21 @@ async function startServer() {
   app.post('/api/clock', authenticateJWT, async (req, res) => {
     try {
       const { userId, eventType, qrCodeValue, latitude, longitude } = req.body
+
       const [qrRows] = await db.execute('SELECT name, is_active FROM qr_codes WHERE id = ?', [
         qrCodeValue,
       ])
-      if (qrRows.length === 0 || !qrRows[0].is_active) {
-        return res.status(400).json({ message: 'Invalid or inactive QR Code.' })
+
+      if (qrRows.length === 0) {
+        // This code is not in the database at all.
+        return res.status(400).json({ message: 'Invalid QR Code scanned.' })
+      }
+
+      if (!qrRows[0].is_active) {
+        // This code exists but has been deactivated.
+        return res
+          .status(400)
+          .json({ message: 'This QR Code has expired and is no longer active.' })
       }
       const [lastEventRows] = await db.execute(
         'SELECT event_type FROM clock_records WHERE worker_id = ? ORDER BY timestamp DESC LIMIT 1',
@@ -204,8 +214,8 @@ async function startServer() {
       if (!username || !password || !fullName) {
         return res.status(400).json({ message: 'Username, password, and full name are required.' })
       }
-      const saltRounds = 10;
-      const hashedPassword = await bcrypt.hash(password, saltRounds);
+      const saltRounds = 10
+      const hashedPassword = await bcrypt.hash(password, saltRounds)
       const [result] = await db.execute(
         "INSERT INTO workers (username, password_hash, full_name, role) VALUES (?, ?, ?, 'worker')",
         [username, hashedPassword, fullName],