fix: implement strict regex validation (no pure numbers, no special chars) on both frontend user creation form and backend auth service

inventory-web/src/views/system/UserCreate.vue

@@ -302,10 +302,30 @@ const roleOptions = computed(() => {
   return options
 })
 
+// 自定义校验：仅支持中英文、数字，禁止纯数字，禁止特殊字符
+const validateNameStrict = (rule: any, value: string, callback: any) => {
+  if (!value) {
+    callback(new Error('该字段不能为空'));
+    return;
+  }
+  const reg = /^(?!\d+$)[a-zA-Z0-9\u4e00-\u9fa5]+$/;
+  if (!reg.test(value)) {
+    callback(new Error('仅支持中英文和数字，不能为纯数字，且不支持特殊字符'));
+  } else {
+    callback();
+  }
+};
+
 const rules = computed(() => {
   const commonRules: any = {
-    cn_name: [{ required: true, message: '请输入真实姓名', trigger: 'blur' }],
-    username: [{ required: true, message: '账号不能为空', trigger: 'blur' }],
+    cn_name: [
+      { required: true, message: '请输入真实姓名', trigger: 'blur' },
+      { validator: validateNameStrict, trigger: 'blur' }
+    ],
+    username: [
+      { required: true, message: '账号不能为空', trigger: 'blur' },
+      { validator: validateNameStrict, trigger: 'blur' }
+    ],
     role: [{ required: true, message: '请选择角色', trigger: 'change' }],
     department: [{ required: true, message: '请输入或选择部门', trigger: ['blur', 'change'] }],
     email: [