feat: 门户网站初始提交

- Go + Gin + html/template 服务端渲染
- 主页：Google 风格搜索框 + 导航卡片
- 后台：卡片 CRUD、搜索引擎配置、主页背景/标题配置
- 图片上传：支持 jpg/jpeg/png/gif，自动压缩，缩略图参数 ?thumb=1
- 安全：登录日志、修改密码、IP 自动封禁、IP 白名单
- 访问统计：主页访问/卡片点击/搜索追踪、实时流量、IP 统计
- SQLite 存储（modernc.org/sqlite，纯 Go）
- 内存 Session + bcrypt 密码哈希

session/session.go

@@ -0,0 +1,65 @@
+package session
+
+import (
+	"crypto/rand"
+	"encoding/hex"
+	"sync"
+	"time"
+)
+
+// SessionData holds the data stored in a session.
+type SessionData struct {
+	AdminID   int
+	Username  string
+	CreatedAt time.Time
+}
+
+// SessionStore is an in-memory session store with RWMutex for concurrent safety.
+type SessionStore struct {
+	store map[string]*SessionData
+	mu    sync.RWMutex
+}
+
+// NewSessionStore creates a new SessionStore instance.
+func NewSessionStore() *SessionStore {
+	return &SessionStore{
+		store: make(map[string]*SessionData),
+	}
+}
+
+// Create creates a new session for the given admin and returns the session ID.
+func (s *SessionStore) Create(adminID int, username string) string {
+	sessionID := generateSessionID()
+	data := &SessionData{
+		AdminID:   adminID,
+		Username:  username,
+		CreatedAt: time.Now(),
+	}
+
+	s.mu.Lock()
+	s.store[sessionID] = data
+	s.mu.Unlock()
+
+	return sessionID
+}
+
+// Get retrieves session data by session ID. Returns nil if not found.
+func (s *SessionStore) Get(sessionID string) *SessionData {
+	s.mu.RLock()
+	defer s.mu.RUnlock()
+	return s.store[sessionID]
+}
+
+// Delete removes a session by session ID.
+func (s *SessionStore) Delete(sessionID string) {
+	s.mu.Lock()
+	delete(s.store, sessionID)
+	s.mu.Unlock()
+}
+
+// generateSessionID creates a cryptographically random session ID.
+func generateSessionID() string {
+	b := make([]byte, 32)
+	_, _ = rand.Read(b)
+	return hex.EncodeToString(b)
+}