fix: sms login 直接更新 last_login 绕过 CRUD 权限

backend/app/api/v1/module_system/auth/service.py

@@ -216,8 +216,13 @@ class LoginService:
             raise CustomException(msg="用户不存在")
 
         # 更新最后登录时间
-        auth = AuthSchema(db=db)
-        user = await UserCRUD(auth).update_last_login_crud(id=user.id)
+        from datetime import datetime
+        stmt = select(UserModel).where(UserModel.id == user.id)
+        result = await db.execute(stmt)
+        user = result.scalar_one_or_none()
+        if user:
+            user.last_login = datetime.now()
+            await db.flush()
         if not user:
             raise CustomException(msg="用户不存在")