feat(P2): 实现质量保障类5项功能(无障碍/视觉回归/通知渠道/漏洞扫描/灾备)

## 新增功能

### 1. 屏幕阅读器兼容性增强（a11y）
- 无障碍工具库：src/shared/lib/a11y.ts
- aria-live Hook：src/shared/hooks/use-aria-live.ts
- a11y 组件：skip-link/visually-hidden/focus-trap/aria-status
- 增强 UI：table.tsx 系统性 ARIA role，dialog.tsx aria-modal
- 审计文档：docs/accessibility/a11y-audit.md（WCAG 2.1 AA 清单）

### 2. 视觉回归测试
- 测试套件：tests/visual/（homepage + 3 个 dashboard）
- 3 视口（desktop/tablet/mobile）× 2 主题（light/dark）
- 动态元素遮罩，避免误报
- playwright.config.ts 新增 visual-chromium 项目
- 文档：docs/testing/visual-regression.md

### 3. 短信/微信推送渠道集成
- 新模块：src/modules/notifications/
- 4 个渠道：SMS（阿里云/腾讯云）、WeChat（公众号）、Email（SMTP）、In-App
- 分发器按用户偏好并行多渠道发送
- 外部 SDK 动态 import，Mock 模式开发可用
- 文档：docs/notifications/channels.md

### 4. 漏洞扫描 CI 集成
- CI security-scan job：npm audit + Snyk + Trivy FS + OWASP ZAP
- 独立工作流 security.yml：每周一深度扫描 + 容器镜像扫描
- 配置：suppressions.json + .trivyignore
- 本地脚本：security-scan.sh/ps1
- 文档：docs/security/scanning.md（SLA 分级）

### 5. 灾备方案
- 脚本：backup-verify/backup-offsite-sync/dr-drill/failover/health-check
- CI 增强：备份后校验+异地同步，每周灾备演练
- 独立工作流 dr-drill.yml：每周一凌晨 4 点自动演练
- 文档：docs/dr/dr-plan.md（RTO 4h/RPO 24h）+ dr-runbook.md（6 故障场景）

## 验证
- npx tsc --noEmit：0 错误
- npm run lint：0 错误 0 警告

tests/visual/admin-dashboard.spec.ts

@@ -0,0 +1,67 @@
+import { expect, test } from "@playwright/test"
+import { setupAuthState } from "./helpers/auth"
+import { buildMaskOption, maskDynamicElements, setTheme, setViewport, waitForPageReady } from "./helpers/visual-helpers"
+import { SCREENSHOT_DEFAULT_OPTIONS, THEMES, VIEWPORT_LIST, snapshotName } from "./visual.config"
+
+/**
+ * 管理员仪表盘视觉回归测试
+ *
+ * 登录后访问 /admin/dashboard,在 desktop/tablet/mobile 三种视口
+ * 以及 light/dark 两种主题下进行整页快照,
+ * 并单独对侧边栏与主内容区做组件级快照。
+ *
+ * 需要数据库环境以完成登录流程;未配置 DATABASE_URL 时自动跳过。
+ */
+test.describe("Admin dashboard visual regression", () => {
+  test.skip(!process.env.DATABASE_URL, "requires DATABASE_URL for authenticated visual tests")
+
+  for (const viewport of VIEWPORT_LIST) {
+    for (const theme of THEMES) {
+      test(`admin-dashboard @ ${viewport} @ ${theme}`, async ({ page }) => {
+        await setViewport(page, viewport)
+        await setTheme(page, theme)
+        await setupAuthState(page, "admin")
+        await page.goto("/admin/dashboard")
+        await waitForPageReady(page)
+
+        const masks = await maskDynamicElements(page, ["[data-testid='stat-card-value']", "[data-testid='chart']"])
+        await expect(page).toHaveScreenshot(snapshotName("admin-dashboard", viewport, theme), {
+          ...SCREENSHOT_DEFAULT_OPTIONS,
+          ...buildMaskOption(masks),
+        })
+      })
+    }
+  }
+
+  test("admin-dashboard sidebar component @ desktop @ light", async ({ page }) => {
+    test.skip(!process.env.DATABASE_URL, "requires DATABASE_URL for authenticated visual tests")
+    await setViewport(page, "desktop")
+    await setTheme(page, "light")
+    await setupAuthState(page, "admin")
+    await page.goto("/admin/dashboard")
+    await waitForPageReady(page)
+
+    const sidebar = page.locator("[data-testid='sidebar'], aside, nav").first()
+    const masks = await maskDynamicElements(page)
+    await expect(sidebar).toHaveScreenshot("admin-dashboard-sidebar-desktop-light.png", {
+      ...SCREENSHOT_DEFAULT_OPTIONS,
+      ...buildMaskOption(masks),
+    })
+  })
+
+  test("admin-dashboard main content @ desktop @ light", async ({ page }) => {
+    test.skip(!process.env.DATABASE_URL, "requires DATABASE_URL for authenticated visual tests")
+    await setViewport(page, "desktop")
+    await setTheme(page, "light")
+    await setupAuthState(page, "admin")
+    await page.goto("/admin/dashboard")
+    await waitForPageReady(page)
+
+    const main = page.locator("main").first()
+    const masks = await maskDynamicElements(page, ["[data-testid='stat-card-value']", "[data-testid='chart']"])
+    await expect(main).toHaveScreenshot("admin-dashboard-main-desktop-light.png", {
+      ...SCREENSHOT_DEFAULT_OPTIONS,
+      ...buildMaskOption(masks),
+    })
+  })
+})

tests/visual/helpers/auth.ts

@@ -0,0 +1,59 @@
+/**
+ * 视觉测试认证辅助
+ *
+ * 提供登录辅助函数与 storageState 持久化能力,
+ * 避免每个视觉测试用例都重复走登录流程。
+ */
+import type { Page } from "@playwright/test"
+import { STORAGE_STATE_DIR, type UserRole } from "../visual.config"
+
+/** 测试账号配置(可通过环境变量覆盖) */
+export const TEST_ACCOUNTS: Record<UserRole, { email: string; password: string }> = {
+  admin: {
+    email: process.env.VISUAL_ADMIN_EMAIL ?? "admin@xiaoxue.edu.cn",
+    password: process.env.VISUAL_ADMIN_PASSWORD ?? "123456",
+  },
+  teacher: {
+    email: process.env.VISUAL_TEACHER_EMAIL ?? "admin@xiaoxue.edu.cn",
+    password: process.env.VISUAL_TEACHER_PASSWORD ?? "123456",
+  },
+  student: {
+    email: process.env.VISUAL_STUDENT_EMAIL ?? "admin@xiaoxue.edu.cn",
+    password: process.env.VISUAL_STUDENT_PASSWORD ?? "123456",
+  },
+}
+
+/** 角色对应的 storageState 文件路径(相对项目根) */
+export function storageStatePath(role: UserRole): string {
+  return `${STORAGE_STATE_DIR}/${role}.json`
+}
+
+/**
+ * 在页面上执行登录流程
+ *
+ * 走真实的 UI 登录流程,以便 next-auth cookie 写入浏览器上下文。
+ */
+export async function loginByUI(page: Page, role: UserRole): Promise<void> {
+  const { email, password } = TEST_ACCOUNTS[role]
+  await page.goto("/login")
+  await page.getByLabel("Email").fill(email)
+  await page.getByLabel("Password").fill(password)
+  await page.getByRole("button", { name: "Sign In with Email" }).click()
+  // 等待离开登录页
+  await page.waitForURL((url) => !url.pathname.startsWith("/login"), { timeout: 30000 })
+}
+
+/**
+ * 设置认证状态
+ *
+ * 若已存在该角色的 storageState 文件,则直接复用;
+ * 否则走 UI 登录流程并保存 storageState 以便后续复用。
+ *
+ * @param page Playwright Page 实例
+ * @param role 角色
+ */
+export async function setupAuthState(page: Page, role: UserRole): Promise<void> {
+  // Playwright 在 project 配置里通过 storageState 注入更高效,
+  // 这里提供运行时降级方案:直接走 UI 登录。
+  await loginByUI(page, role)
+}

tests/visual/helpers/visual-helpers.ts

@@ -0,0 +1,104 @@
+/**
+ * 视觉测试通用辅助
+ *
+ * 提供视口切换、主题切换、页面就绪等待以及动态元素遮罩能力,
+ * 用于消除视觉快照中的误报。
+ */
+import type { Locator, Page } from "@playwright/test"
+import { VIEWPORTS, type ThemeName, type ViewportSize } from "../visual.config"
+
+/**
+ * 设置视口尺寸
+ * @param page Playwright Page 实例
+ * @param size 视口标识 desktop | tablet | mobile
+ */
+export async function setViewport(page: Page, size: ViewportSize): Promise<void> {
+  const viewport = VIEWPORTS[size]
+  await page.setViewportSize({ width: viewport.width, height: viewport.height })
+}
+
+/**
+ * 设置主题
+ *
+ * 项目使用 next-themes(attribute="class"),通过在 <html> 上切换 class 实现。
+ * 这里直接操作 localStorage 与 DOM,避免依赖主题切换 UI。
+ *
+ * @param page Playwright Page 实例
+ * @param theme 主题 light | dark
+ */
+export async function setTheme(page: Page, theme: ThemeName): Promise<void> {
+  // next-themes 默认将主题持久化在 localStorage 的 "theme" key
+  await page.addInitScript((themeValue) => {
+    try {
+      window.localStorage.setItem("theme", themeValue)
+    } catch {
+      // 忽略 localStorage 不可用的情况
+    }
+  }, theme)
+  // 若页面已加载,同步切换 DOM class
+  const htmlClass = await page.evaluate(() => document.documentElement.className)
+  const nextClass = theme === "dark" ? `${htmlClass} dark` : htmlClass.replace(/\bdark\b/g, "").trim()
+  await page.evaluate((cls) => {
+    document.documentElement.className = cls
+  }, nextClass)
+}
+
+/**
+ * 等待页面就绪
+ *
+ * 等待 networkidle、字体加载以及主内容渲染完成,
+ * 确保快照稳定。
+ */
+export async function waitForPageReady(page: Page): Promise<void> {
+  await page.waitForLoadState("networkidle")
+  // 等待字体加载完成,避免文字位移
+  await page.evaluate(() => document.fonts.ready)
+  // 给 React hydration 一点缓冲
+  await page.waitForTimeout(300)
+}
+
+/**
+ * 默认需要遮罩的动态元素选择器
+ * - 时间戳
+ * - 用户头像/用户名
+ * - 实时数据
+ */
+const DEFAULT_DYNAMIC_SELECTORS = [
+  "[data-testid='timestamp']",
+  "[data-testid='current-time']",
+  "[data-testid='user-avatar']",
+  "[data-testid='user-name']",
+  "time",
+  "[data-visual-dynamic]",
+]
+
+/**
+ * 遮罩动态元素
+ *
+ * 将指定选择器匹配的元素用纯色块覆盖,
+ * 避免时间戳、用户名等动态内容导致快照误报。
+ *
+ * @param page Playwright Page 实例
+ * @param selectors 额外需要遮罩的选择器(会与默认列表合并)
+ */
+export async function maskDynamicElements(page: Page, selectors: string[] = []): Promise<Locator[]> {
+  const allSelectors = [...new Set([...DEFAULT_DYNAMIC_SELECTORS, ...selectors])]
+  const masks: Locator[] = []
+  for (const selector of allSelectors) {
+    const locator = page.locator(selector)
+    const count = await locator.count()
+    if (count > 0) {
+      masks.push(locator)
+    }
+  }
+  return masks
+}
+
+/**
+ * 生成 toHaveScreenshot 的 mask 选项
+ *
+ * 配合 maskDynamicElements 使用,将动态元素从对比中遮罩。
+ */
+export function buildMaskOption(masks: Locator[]) {
+  return masks.length > 0 ? { mask: masks } : {}
+}

tests/visual/homepage.spec.ts

@@ -0,0 +1,29 @@
+import { expect, test } from "@playwright/test"
+import { setTheme, setViewport, waitForPageReady, maskDynamicElements, buildMaskOption } from "./helpers/visual-helpers"
+import { SCREENSHOT_DEFAULT_OPTIONS, THEMES, VIEWPORT_LIST, snapshotName } from "./visual.config"
+
+/**
+ * 首页(登录页)视觉回归测试
+ *
+ * 覆盖 desktop / tablet / mobile 三种视口,
+ * 以及 light / dark 两种主题。
+ * 快照命名: homepage-{viewport}-{theme}.png
+ */
+test.describe("Homepage visual regression", () => {
+  for (const viewport of VIEWPORT_LIST) {
+    for (const theme of THEMES) {
+      test(`homepage @ ${viewport} @ ${theme}`, async ({ page }) => {
+        await setViewport(page, viewport)
+        await setTheme(page, theme)
+        await page.goto("/login")
+        await waitForPageReady(page)
+
+        const masks = await maskDynamicElements(page)
+        await expect(page).toHaveScreenshot(snapshotName("homepage", viewport, theme), {
+          ...SCREENSHOT_DEFAULT_OPTIONS,
+          ...buildMaskOption(masks),
+        })
+      })
+    }
+  }
+})

tests/visual/student-dashboard.spec.ts

@@ -0,0 +1,67 @@
+import { expect, test } from "@playwright/test"
+import { setupAuthState } from "./helpers/auth"
+import { buildMaskOption, maskDynamicElements, setTheme, setViewport, waitForPageReady } from "./helpers/visual-helpers"
+import { SCREENSHOT_DEFAULT_OPTIONS, THEMES, VIEWPORT_LIST, snapshotName } from "./visual.config"
+
+/**
+ * 学生仪表盘视觉回归测试
+ *
+ * 登录后访问 /student/dashboard,在 desktop/tablet/mobile 三种视口
+ * 以及 light/dark 两种主题下进行整页快照,
+ * 并单独对关键组件做组件级快照。
+ *
+ * 需要数据库环境以完成登录流程;未配置 DATABASE_URL 时自动跳过。
+ */
+test.describe("Student dashboard visual regression", () => {
+  test.skip(!process.env.DATABASE_URL, "requires DATABASE_URL for authenticated visual tests")
+
+  for (const viewport of VIEWPORT_LIST) {
+    for (const theme of THEMES) {
+      test(`student-dashboard @ ${viewport} @ ${theme}`, async ({ page }) => {
+        await setViewport(page, viewport)
+        await setTheme(page, theme)
+        await setupAuthState(page, "student")
+        await page.goto("/student/dashboard")
+        await waitForPageReady(page)
+
+        const masks = await maskDynamicElements(page, ["[data-testid='grade-value']", "[data-testid='attendance-rate']", "[data-testid='assignment-item']"])
+        await expect(page).toHaveScreenshot(snapshotName("student-dashboard", viewport, theme), {
+          ...SCREENSHOT_DEFAULT_OPTIONS,
+          ...buildMaskOption(masks),
+        })
+      })
+    }
+  }
+
+  test("student-dashboard sidebar component @ desktop @ light", async ({ page }) => {
+    test.skip(!process.env.DATABASE_URL, "requires DATABASE_URL for authenticated visual tests")
+    await setViewport(page, "desktop")
+    await setTheme(page, "light")
+    await setupAuthState(page, "student")
+    await page.goto("/student/dashboard")
+    await waitForPageReady(page)
+
+    const sidebar = page.locator("[data-testid='sidebar'], aside, nav").first()
+    const masks = await maskDynamicElements(page)
+    await expect(sidebar).toHaveScreenshot("student-dashboard-sidebar-desktop-light.png", {
+      ...SCREENSHOT_DEFAULT_OPTIONS,
+      ...buildMaskOption(masks),
+    })
+  })
+
+  test("student-dashboard main content @ desktop @ light", async ({ page }) => {
+    test.skip(!process.env.DATABASE_URL, "requires DATABASE_URL for authenticated visual tests")
+    await setViewport(page, "desktop")
+    await setTheme(page, "light")
+    await setupAuthState(page, "student")
+    await page.goto("/student/dashboard")
+    await waitForPageReady(page)
+
+    const main = page.locator("main").first()
+    const masks = await maskDynamicElements(page, ["[data-testid='grade-value']", "[data-testid='attendance-rate']", "[data-testid='assignment-item']"])
+    await expect(main).toHaveScreenshot("student-dashboard-main-desktop-light.png", {
+      ...SCREENSHOT_DEFAULT_OPTIONS,
+      ...buildMaskOption(masks),
+    })
+  })
+})

tests/visual/teacher-dashboard.spec.ts

@@ -0,0 +1,67 @@
+import { expect, test } from "@playwright/test"
+import { setupAuthState } from "./helpers/auth"
+import { buildMaskOption, maskDynamicElements, setTheme, setViewport, waitForPageReady } from "./helpers/visual-helpers"
+import { SCREENSHOT_DEFAULT_OPTIONS, THEMES, VIEWPORT_LIST, snapshotName } from "./visual.config"
+
+/**
+ * 教师仪表盘视觉回归测试
+ *
+ * 登录后访问 /teacher/dashboard,在 desktop/tablet/mobile 三种视口
+ * 以及 light/dark 两种主题下进行整页快照,
+ * 并单独对关键组件做组件级快照。
+ *
+ * 需要数据库环境以完成登录流程;未配置 DATABASE_URL 时自动跳过。
+ */
+test.describe("Teacher dashboard visual regression", () => {
+  test.skip(!process.env.DATABASE_URL, "requires DATABASE_URL for authenticated visual tests")
+
+  for (const viewport of VIEWPORT_LIST) {
+    for (const theme of THEMES) {
+      test(`teacher-dashboard @ ${viewport} @ ${theme}`, async ({ page }) => {
+        await setViewport(page, viewport)
+        await setTheme(page, theme)
+        await setupAuthState(page, "teacher")
+        await page.goto("/teacher/dashboard")
+        await waitForPageReady(page)
+
+        const masks = await maskDynamicElements(page, ["[data-testid='stat-card-value']", "[data-testid='chart']", "[data-testid='schedule-item']"])
+        await expect(page).toHaveScreenshot(snapshotName("teacher-dashboard", viewport, theme), {
+          ...SCREENSHOT_DEFAULT_OPTIONS,
+          ...buildMaskOption(masks),
+        })
+      })
+    }
+  }
+
+  test("teacher-dashboard sidebar component @ desktop @ light", async ({ page }) => {
+    test.skip(!process.env.DATABASE_URL, "requires DATABASE_URL for authenticated visual tests")
+    await setViewport(page, "desktop")
+    await setTheme(page, "light")
+    await setupAuthState(page, "teacher")
+    await page.goto("/teacher/dashboard")
+    await waitForPageReady(page)
+
+    const sidebar = page.locator("[data-testid='sidebar'], aside, nav").first()
+    const masks = await maskDynamicElements(page)
+    await expect(sidebar).toHaveScreenshot("teacher-dashboard-sidebar-desktop-light.png", {
+      ...SCREENSHOT_DEFAULT_OPTIONS,
+      ...buildMaskOption(masks),
+    })
+  })
+
+  test("teacher-dashboard main content @ desktop @ light", async ({ page }) => {
+    test.skip(!process.env.DATABASE_URL, "requires DATABASE_URL for authenticated visual tests")
+    await setViewport(page, "desktop")
+    await setTheme(page, "light")
+    await setupAuthState(page, "teacher")
+    await page.goto("/teacher/dashboard")
+    await waitForPageReady(page)
+
+    const main = page.locator("main").first()
+    const masks = await maskDynamicElements(page, ["[data-testid='stat-card-value']", "[data-testid='chart']", "[data-testid='schedule-item']"])
+    await expect(main).toHaveScreenshot("teacher-dashboard-main-desktop-light.png", {
+      ...SCREENSHOT_DEFAULT_OPTIONS,
+      ...buildMaskOption(masks),
+    })
+  })
+})

tests/visual/visual.config.ts

@@ -0,0 +1,102 @@
+/**
+ * 视觉回归测试配置
+ *
+ * 定义需要视觉测试的页面、视口尺寸、主题以及快照存储路径。
+ * 被 tests/visual 下的 spec 文件与 helpers 共享使用。
+ */
+
+/** 视口尺寸标识 */
+export type ViewportSize = "desktop" | "tablet" | "mobile"
+
+/** 主题标识 */
+export type ThemeName = "light" | "dark"
+
+/** 角色标识 */
+export type UserRole = "admin" | "teacher" | "student"
+
+/** 视口像素配置 */
+export const VIEWPORTS: Record<ViewportSize, { width: number; height: number }> = {
+  desktop: { width: 1920, height: 1080 },
+  tablet: { width: 768, height: 1024 },
+  mobile: { width: 375, height: 812 },
+}
+
+/** 主题列表 */
+export const THEMES: ThemeName[] = ["light", "dark"]
+
+/** 视口列表 */
+export const VIEWPORT_LIST: ViewportSize[] = ["desktop", "tablet", "mobile"]
+
+/** 快照基线存储目录(相对项目根) */
+export const SNAPSHOT_BASE_DIR = "tests/visual/__screenshots__"
+
+/** storageState 存储目录(相对项目根) */
+export const STORAGE_STATE_DIR = "tests/visual/.auth"
+
+/** 角色对应的登录后仪表盘路由 */
+export const DASHBOARD_ROUTES: Record<UserRole, string> = {
+  admin: "/admin/dashboard",
+  teacher: "/teacher/dashboard",
+  student: "/student/dashboard",
+}
+
+/** 视觉测试目标页面定义 */
+export interface VisualPageTarget {
+  /** 页面名称,用于快照命名 */
+  name: string
+  /** 相对 baseURL 的路径 */
+  path: string
+  /** 是否需要登录 */
+  requiresAuth: boolean
+  /** 登录角色(requiresAuth=true 时必填) */
+  role?: UserRole
+  /** 页面描述 */
+  description: string
+}
+
+/** 需要进行视觉测试的页面清单 */
+export const VISUAL_PAGES: VisualPageTarget[] = [
+  {
+    name: "homepage",
+    path: "/login",
+    requiresAuth: false,
+    description: "登录页",
+  },
+  {
+    name: "admin-dashboard",
+    path: "/admin/dashboard",
+    requiresAuth: true,
+    role: "admin",
+    description: "管理员仪表盘",
+  },
+  {
+    name: "teacher-dashboard",
+    path: "/teacher/dashboard",
+    requiresAuth: true,
+    role: "teacher",
+    description: "教师仪表盘",
+  },
+  {
+    name: "student-dashboard",
+    path: "/student/dashboard",
+    requiresAuth: true,
+    role: "student",
+    description: "学生仪表盘",
+  },
+]
+
+/** toHaveScreenshot 的默认选项 */
+export const SCREENSHOT_DEFAULT_OPTIONS = {
+  maxDiffPixelRatio: 0.01,
+  animations: "disabled" as const,
+  caret: "hide" as const,
+  scale: "css" as const,
+}
+
+/**
+ * 生成快照文件名
+ * @example homepage-desktop-light.png
+ */
+export function snapshotName(pageName: string, viewport: ViewportSize, theme: ThemeName): string {
+  return `${pageName}-${viewport}-${theme}.png`
+}