Address code review feedback: protect types.js endpoint and improve code readability

Co-authored-by: qaiu <29825328+qaiu@users.noreply.github.com>

Author: Copilot

web-front/src/views/Playground.vue

@@ -21,7 +21,7 @@
       <span style="margin-left: 10px;">正在检查访问权限...</span>
     </div>
 
-    <div v-if="!loading && !authChecking && !authed" class="playground-auth-overlay">
+    <div v-if="shouldShowAuthUI" class="playground-auth-overlay">
       <div class="playground-auth-card">
         <div class="auth-icon">
           <el-icon :size="50"><Lock /></el-icon>
@@ -787,6 +787,11 @@ async function parseById(
     const editorTheme = computed(() => {
       return isDarkMode.value ? 'vs-dark' : 'vs';
     });
+    
+    // 计算属性：是否需要显示密码输入界面
+    const shouldShowAuthUI = computed(() => {
+      return !loading.value && !authChecking.value && !authed.value;
+    });
 
     // 编辑器配置
     const editorOptions = {
@@ -1613,6 +1618,7 @@ curl "${baseUrl}/json/parser?url=${encodeURIComponent(exampleUrl)}"</pre>
       testing,
       isDarkMode,
       editorTheme,
+      shouldShowAuthUI,
       editorOptions,
       // 加载和认证
       loading,

web-service/src/main/java/cn/qaiu/lz/web/controller/PlaygroundApi.java

@@ -311,10 +311,17 @@ public Future<JsonObject> test(RoutingContext ctx) {
     /**
      * 获取types.js文件内容
      *
+     * @param ctx 路由上下文
      * @param response HTTP响应
      */
     @RouteMapping(value = "/types.js", method = RouteMethod.GET)
-    public void getTypesJs(HttpServerResponse response) {
+    public void getTypesJs(RoutingContext ctx, HttpServerResponse response) {
+        // 权限检查
+        if (!checkAuth(ctx)) {
+            ResponseUtil.fireJsonResultResponse(response, JsonResult.error("未授权访问"));
+            return;
+        }
+        
         try (InputStream inputStream = getClass().getClassLoader()
                 .getResourceAsStream("custom-parsers/types.js")) {