Add Resend email provider and default login redirect

backend/internal/handler/admin/setting_handler.go

@@ -91,6 +91,10 @@ func (h *SettingHandler) GetSettings(c *gin.Context) {
 		SMTPFrom:                             settings.SMTPFrom,
 		SMTPFromName:                         settings.SMTPFromName,
 		SMTPUseTLS:                           settings.SMTPUseTLS,
+		EmailProvider:                        settings.EmailProvider,
+		ResendAPIKeyConfigured:               settings.ResendAPIKeyConfigured,
+		ResendFrom:                           settings.ResendFrom,
+		ResendFromName:                       settings.ResendFromName,
 		TurnstileEnabled:                     settings.TurnstileEnabled,
 		TurnstileSiteKey:                     settings.TurnstileSiteKey,
 		TurnstileSecretKeyConfigured:         settings.TurnstileSecretKeyConfigured,
@@ -151,6 +155,10 @@ type UpdateSettingsRequest struct {
 	SMTPFrom     string `json:"smtp_from_email"`
 	SMTPFromName string `json:"smtp_from_name"`
 	SMTPUseTLS   bool   `json:"smtp_use_tls"`
+	EmailProvider string `json:"email_provider" binding:"omitempty,oneof=smtp resend"`
+	ResendAPIKey  string `json:"resend_api_key"`
+	ResendFrom    string `json:"resend_from_email"`
+	ResendFromName string `json:"resend_from_name"`
 
 	// Cloudflare Turnstile 设置
 	TurnstileEnabled   bool   `json:"turnstile_enabled"`
@@ -234,6 +242,15 @@ func (h *SettingHandler) UpdateSettings(c *gin.Context) {
 	if req.SMTPPort <= 0 {
 		req.SMTPPort = 587
 	}
+	req.EmailProvider = strings.TrimSpace(req.EmailProvider)
+	if req.EmailProvider == "" {
+		req.EmailProvider = previousSettings.EmailProvider
+		if req.EmailProvider == "" {
+			req.EmailProvider = service.EmailProviderSMTP
+		}
+	}
+	req.ResendFrom = strings.TrimSpace(req.ResendFrom)
+	req.ResendFromName = strings.TrimSpace(req.ResendFromName)
 	req.DefaultSubscriptions = normalizeDefaultSubscriptions(req.DefaultSubscriptions)
 
 	// Turnstile 参数验证
@@ -476,6 +493,10 @@ func (h *SettingHandler) UpdateSettings(c *gin.Context) {
 		SMTPFrom:                         req.SMTPFrom,
 		SMTPFromName:                     req.SMTPFromName,
 		SMTPUseTLS:                       req.SMTPUseTLS,
+		EmailProvider:                    req.EmailProvider,
+		ResendAPIKey:                     req.ResendAPIKey,
+		ResendFrom:                       req.ResendFrom,
+		ResendFromName:                   req.ResendFromName,
 		TurnstileEnabled:                 req.TurnstileEnabled,
 		TurnstileSiteKey:                 req.TurnstileSiteKey,
 		TurnstileSecretKey:               req.TurnstileSecretKey,
@@ -573,6 +594,10 @@ func (h *SettingHandler) UpdateSettings(c *gin.Context) {
 		SMTPFrom:                             updatedSettings.SMTPFrom,
 		SMTPFromName:                         updatedSettings.SMTPFromName,
 		SMTPUseTLS:                           updatedSettings.SMTPUseTLS,
+		EmailProvider:                        updatedSettings.EmailProvider,
+		ResendAPIKeyConfigured:               updatedSettings.ResendAPIKeyConfigured,
+		ResendFrom:                           updatedSettings.ResendFrom,
+		ResendFromName:                       updatedSettings.ResendFromName,
 		TurnstileEnabled:                     updatedSettings.TurnstileEnabled,
 		TurnstileSiteKey:                     updatedSettings.TurnstileSiteKey,
 		TurnstileSecretKeyConfigured:         updatedSettings.TurnstileSecretKeyConfigured,
@@ -674,6 +699,18 @@ func diffSettings(before *service.SystemSettings, after *service.SystemSettings,
 	if before.SMTPUseTLS != after.SMTPUseTLS {
 		changed = append(changed, "smtp_use_tls")
 	}
+	if before.EmailProvider != after.EmailProvider {
+		changed = append(changed, "email_provider")
+	}
+	if req.ResendAPIKey != "" {
+		changed = append(changed, "resend_api_key")
+	}
+	if before.ResendFrom != after.ResendFrom {
+		changed = append(changed, "resend_from_email")
+	}
+	if before.ResendFromName != after.ResendFromName {
+		changed = append(changed, "resend_from_name")
+	}
 	if before.TurnstileEnabled != after.TurnstileEnabled {
 		changed = append(changed, "turnstile_enabled")
 	}
@@ -874,6 +911,37 @@ func (h *SettingHandler) TestSMTPConnection(c *gin.Context) {
 	response.Success(c, gin.H{"message": "SMTP connection successful"})
 }
 
+type TestResendRequest struct {
+	ResendAPIKey string `json:"resend_api_key"`
+}
+
+// TestResendConnection tests Resend API connectivity.
+// POST /api/v1/admin/settings/test-resend
+func (h *SettingHandler) TestResendConnection(c *gin.Context) {
+	var req TestResendRequest
+	if err := c.ShouldBindJSON(&req); err != nil {
+		response.BadRequest(c, "Invalid request: "+err.Error())
+		return
+	}
+
+	apiKey := strings.TrimSpace(req.ResendAPIKey)
+	if apiKey == "" {
+		savedConfig, err := h.emailService.GetResendConfig(c.Request.Context())
+		if err == nil && savedConfig != nil {
+			apiKey = savedConfig.APIKey
+		}
+	}
+
+	if err := h.emailService.TestResendConnectionWithConfig(c.Request.Context(), &service.ResendConfig{
+		APIKey: apiKey,
+	}); err != nil {
+		response.BadRequest(c, "Resend connection test failed: "+err.Error())
+		return
+	}
+
+	response.Success(c, gin.H{"message": "Resend connection successful"})
+}
+
 // SendTestEmailRequest 发送测试邮件请求
 type SendTestEmailRequest struct {
 	Email        string `json:"email" binding:"required,email"`
@@ -901,20 +969,38 @@ func (h *SettingHandler) SendTestEmail(c *gin.Context) {
 
 	// 如果未提供密码，从数据库获取已保存的密码
 	password := req.SMTPPassword
+	var savedConfig *service.SMTPConfig
 	if password == "" {
-		savedConfig, err := h.emailService.GetSMTPConfig(c.Request.Context())
+		var err error
+		savedConfig, err = h.emailService.GetSMTPConfig(c.Request.Context())
 		if err == nil && savedConfig != nil {
 			password = savedConfig.Password
 		}
 	}
+	if savedConfig == nil && (strings.TrimSpace(req.SMTPFrom) == "" || strings.TrimSpace(req.SMTPFromName) == "") {
+		var err error
+		savedConfig, err = h.emailService.GetSMTPConfig(c.Request.Context())
+		if err != nil {
+			savedConfig = nil
+		}
+	}
+
+	from := strings.TrimSpace(req.SMTPFrom)
+	if from == "" && savedConfig != nil {
+		from = savedConfig.From
+	}
+	fromName := strings.TrimSpace(req.SMTPFromName)
+	if fromName == "" && savedConfig != nil {
+		fromName = savedConfig.FromName
+	}
 
 	config := &service.SMTPConfig{
 		Host:     req.SMTPHost,
 		Port:     req.SMTPPort,
 		Username: req.SMTPUsername,
 		Password: password,
-		From:     req.SMTPFrom,
-		FromName: req.SMTPFromName,
+		From:     from,
+		FromName: fromName,
 		UseTLS:   req.SMTPUseTLS,
 	}
 
@@ -930,7 +1016,8 @@ func (h *SettingHandler) SendTestEmail(c *gin.Context) {
         .container { max-width: 600px; margin: 0 auto; background-color: #ffffff; border-radius: 8px; overflow: hidden; box-shadow: 0 2px 8px rgba(0,0,0,0.1); }
         .header { background: linear-gradient(135deg, #667eea 0%, #764ba2 100%); color: white; padding: 30px; text-align: center; }
         .content { padding: 40px 30px; text-align: center; }
-        .success { color: #10b981; font-size: 48px; margin-bottom: 20px; }
+        .success { display: none; }
+        .success-ok { color: #10b981; font-size: 48px; margin-bottom: 20px; }
         .footer { background-color: #f8f9fa; padding: 20px; text-align: center; color: #999; font-size: 12px; }
     </style>
 </head>
@@ -940,7 +1027,10 @@ func (h *SettingHandler) SendTestEmail(c *gin.Context) {
             <h1>` + siteName + `</h1>
         </div>
         <div class="content">
+            <!--
             <div class="success">✓</div>
+            -->
+            <div class="success-ok">OK</div>
             <h2>Email Configuration Successful!</h2>
             <p>This is a test email to verify your SMTP settings are working correctly.</p>
         </div>
@@ -960,6 +1050,100 @@ func (h *SettingHandler) SendTestEmail(c *gin.Context) {
 	response.Success(c, gin.H{"message": "Test email sent successfully"})
 }
 
+type SendResendTestEmailRequest struct {
+	Email          string `json:"email" binding:"required,email"`
+	ResendAPIKey   string `json:"resend_api_key"`
+	ResendFrom     string `json:"resend_from_email" binding:"omitempty,email"`
+	ResendFromName string `json:"resend_from_name"`
+}
+
+// SendResendTestEmail sends a test email using Resend.
+// POST /api/v1/admin/settings/send-test-email-resend
+func (h *SettingHandler) SendResendTestEmail(c *gin.Context) {
+	var req SendResendTestEmailRequest
+	if err := c.ShouldBindJSON(&req); err != nil {
+		response.BadRequest(c, "Invalid request: "+err.Error())
+		return
+	}
+
+	apiKey := strings.TrimSpace(req.ResendAPIKey)
+	var savedConfig *service.ResendConfig
+	if apiKey == "" {
+		var err error
+		savedConfig, err = h.emailService.GetResendConfig(c.Request.Context())
+		if err == nil && savedConfig != nil {
+			apiKey = savedConfig.APIKey
+		}
+	}
+	if savedConfig == nil && (strings.TrimSpace(req.ResendFrom) == "" || strings.TrimSpace(req.ResendFromName) == "") {
+		var err error
+		savedConfig, err = h.emailService.GetResendConfig(c.Request.Context())
+		if err != nil {
+			savedConfig = nil
+		}
+	}
+
+	from := strings.TrimSpace(req.ResendFrom)
+	if from == "" && savedConfig != nil {
+		from = savedConfig.From
+	}
+	fromName := strings.TrimSpace(req.ResendFromName)
+	if fromName == "" && savedConfig != nil {
+		fromName = savedConfig.FromName
+	}
+
+	config := &service.ResendConfig{
+		APIKey:   apiKey,
+		From:     from,
+		FromName: fromName,
+	}
+
+	siteName := h.settingService.GetSiteName(c.Request.Context())
+	subject := "[" + siteName + "] Resend Test Email"
+	body := `
+<!DOCTYPE html>
+<html>
+<head>
+    <meta charset="UTF-8">
+    <style>
+        body { font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif; background-color: #f5f5f5; margin: 0; padding: 20px; }
+        .container { max-width: 600px; margin: 0 auto; background-color: #ffffff; border-radius: 8px; overflow: hidden; box-shadow: 0 2px 8px rgba(0,0,0,0.1); }
+        .header { background: linear-gradient(135deg, #0f172a 0%, #2563eb 100%); color: white; padding: 30px; text-align: center; }
+        .content { padding: 40px 30px; text-align: center; }
+        .success { display: none; }
+        .success-ok { color: #10b981; font-size: 48px; margin-bottom: 20px; }
+        .footer { background-color: #f8f9fa; padding: 20px; text-align: center; color: #999; font-size: 12px; }
+    </style>
+</head>
+<body>
+    <div class="container">
+        <div class="header">
+            <h1>` + siteName + `</h1>
+        </div>
+        <div class="content">
+            <!--
+            <div class="success">✓</div>
+            -->
+            <div class="success-ok">OK</div>
+            <h2>Resend API Configuration Successful!</h2>
+            <p>This is a test email sent through the Resend API.</p>
+        </div>
+        <div class="footer">
+            <p>This is an automated test message.</p>
+        </div>
+    </div>
+</body>
+</html>
+`
+
+	if err := h.emailService.SendEmailWithResendConfig(c.Request.Context(), config, req.Email, subject, body); err != nil {
+		response.BadRequest(c, "Failed to send Resend test email: "+err.Error())
+		return
+	}
+
+	response.Success(c, gin.H{"message": "Resend test email sent successfully"})
+}
+
 // GetAdminAPIKey 获取管理员 API Key 状态
 // GET /api/v1/admin/settings/admin-api-key
 func (h *SettingHandler) GetAdminAPIKey(c *gin.Context) {

backend/internal/handler/dto/settings.go

@@ -34,6 +34,10 @@ type SystemSettings struct {
 	SMTPFrom               string `json:"smtp_from_email"`
 	SMTPFromName           string `json:"smtp_from_name"`
 	SMTPUseTLS             bool   `json:"smtp_use_tls"`
+	EmailProvider          string `json:"email_provider"`
+	ResendAPIKeyConfigured bool   `json:"resend_api_key_configured"`
+	ResendFrom             string `json:"resend_from_email"`
+	ResendFromName         string `json:"resend_from_name"`
 
 	TurnstileEnabled             bool   `json:"turnstile_enabled"`
 	TurnstileSiteKey             string `json:"turnstile_site_key"`

backend/internal/server/routes/admin.go

@@ -398,7 +398,9 @@ func registerSettingsRoutes(admin *gin.RouterGroup, h *handler.Handlers) {
 		adminSettings.GET("", h.Admin.Setting.GetSettings)
 		adminSettings.PUT("", h.Admin.Setting.UpdateSettings)
 		adminSettings.POST("/test-smtp", h.Admin.Setting.TestSMTPConnection)
+		adminSettings.POST("/test-resend", h.Admin.Setting.TestResendConnection)
 		adminSettings.POST("/send-test-email", h.Admin.Setting.SendTestEmail)
+		adminSettings.POST("/send-test-email-resend", h.Admin.Setting.SendResendTestEmail)
 		// Admin API Key 管理
 		adminSettings.GET("/admin-api-key", h.Admin.Setting.GetAdminAPIKey)
 		adminSettings.POST("/admin-api-key/regenerate", h.Admin.Setting.RegenerateAdminAPIKey)

backend/internal/service/domain_constants.go

@@ -91,6 +91,10 @@ const (
 	SettingKeySMTPFrom     = "smtp_from"      // 发件人地址
 	SettingKeySMTPFromName = "smtp_from_name" // 发件人名称
 	SettingKeySMTPUseTLS   = "smtp_use_tls"   // 是否使用TLS
+	SettingKeyEmailProvider = "email_provider" // 邮件发送方式: smtp | resend
+	SettingKeyResendAPIKey  = "resend_api_key" // Resend API Key
+	SettingKeyResendFrom    = "resend_from"    // Resend 发件人地址
+	SettingKeyResendFromName = "resend_from_name" // Resend 发件人名称
 
 	// Cloudflare Turnstile 设置
 	SettingKeyTurnstileEnabled   = "turnstile_enabled"    // 是否启用 Turnstile 验证

backend/internal/service/email_service.go

@@ -1,17 +1,23 @@
 package service
 
 import (
+	"bytes"
 	"context"
 	"crypto/rand"
 	"crypto/subtle"
 	"crypto/tls"
 	"encoding/hex"
+	"encoding/json"
+	"errors"
 	"fmt"
+	"io"
 	"log"
 	"math/big"
+	"net/http"
 	"net/smtp"
 	"net/url"
 	"strconv"
+	"strings"
 	"time"
 
 	infraerrors "github.com/Wei-Shaw/sub2api/internal/pkg/errors"
@@ -67,6 +73,11 @@ const (
 
 	// Password reset email cooldown (prevent email bombing)
 	passwordResetEmailCooldown = 30 * time.Second
+
+	EmailProviderSMTP   = "smtp"
+	EmailProviderResend = "resend"
+
+	defaultResendAPIBaseURL = "https://api.resend.com"
 )
 
 // SMTPConfig SMTP配置
@@ -80,17 +91,27 @@ type SMTPConfig struct {
 	UseTLS   bool
 }
 
+type ResendConfig struct {
+	APIKey   string
+	From     string
+	FromName string
+}
+
 // EmailService 邮件服务
 type EmailService struct {
-	settingRepo SettingRepository
-	cache       EmailCache
+	settingRepo       SettingRepository
+	cache             EmailCache
+	httpClient        *http.Client
+	resendAPIBaseURL  string
 }
 
 // NewEmailService 创建邮件服务实例
 func NewEmailService(settingRepo SettingRepository, cache EmailCache) *EmailService {
 	return &EmailService{
-		settingRepo: settingRepo,
-		cache:       cache,
+		settingRepo:      settingRepo,
+		cache:            cache,
+		httpClient:       &http.Client{Timeout: 15 * time.Second},
+		resendAPIBaseURL: defaultResendAPIBaseURL,
 	}
 }
 
@@ -136,12 +157,62 @@ func (s *EmailService) GetSMTPConfig(ctx context.Context) (*SMTPConfig, error) {
 	}, nil
 }
 
+func (s *EmailService) GetResendConfig(ctx context.Context) (*ResendConfig, error) {
+	keys := []string{
+		SettingKeyResendAPIKey,
+		SettingKeyResendFrom,
+		SettingKeyResendFromName,
+	}
+
+	settings, err := s.settingRepo.GetMultiple(ctx, keys)
+	if err != nil {
+		return nil, fmt.Errorf("get resend settings: %w", err)
+	}
+
+	config := &ResendConfig{
+		APIKey:   strings.TrimSpace(settings[SettingKeyResendAPIKey]),
+		From:     strings.TrimSpace(settings[SettingKeyResendFrom]),
+		FromName: strings.TrimSpace(settings[SettingKeyResendFromName]),
+	}
+	if config.APIKey == "" || config.From == "" {
+		return nil, ErrEmailNotConfigured
+	}
+	return config, nil
+}
+
+func (s *EmailService) GetEmailProvider(ctx context.Context) (string, error) {
+	provider, err := s.settingRepo.GetValue(ctx, SettingKeyEmailProvider)
+	if err != nil {
+		if errors.Is(err, ErrSettingNotFound) {
+			return EmailProviderSMTP, nil
+		}
+		return "", fmt.Errorf("get email provider: %w", err)
+	}
+	provider = strings.TrimSpace(provider)
+	if provider == EmailProviderResend {
+		return EmailProviderResend, nil
+	}
+	return EmailProviderSMTP, nil
+}
+
 // SendEmail 发送邮件（使用数据库中保存的配置）
 func (s *EmailService) SendEmail(ctx context.Context, to, subject, body string) error {
-	config, err := s.GetSMTPConfig(ctx)
+	provider, err := s.GetEmailProvider(ctx)
 	if err != nil {
 		return err
 	}
+	if provider == EmailProviderResend {
+		config, configErr := s.GetResendConfig(ctx)
+		if configErr != nil {
+			return configErr
+		}
+		return s.SendEmailWithResendConfig(ctx, config, to, subject, body)
+	}
+
+	config, configErr := s.GetSMTPConfig(ctx)
+	if configErr != nil {
+		return configErr
+	}
 	return s.SendEmailWithConfig(config, to, subject, body)
 }
 
@@ -165,6 +236,42 @@ func (s *EmailService) SendEmailWithConfig(config *SMTPConfig, to, subject, body
 	return smtp.SendMail(addr, auth, config.From, []string{to}, []byte(msg))
 }
 
+func (s *EmailService) SendEmailWithResendConfig(ctx context.Context, config *ResendConfig, to, subject, body string) error {
+	if config == nil || strings.TrimSpace(config.APIKey) == "" || strings.TrimSpace(config.From) == "" {
+		return ErrEmailNotConfigured
+	}
+
+	payload := map[string]any{
+		"from":    formatEmailSender(config.FromName, config.From),
+		"to":      []string{to},
+		"subject": subject,
+		"html":    body,
+	}
+
+	bodyBytes, err := json.Marshal(payload)
+	if err != nil {
+		return fmt.Errorf("marshal resend payload: %w", err)
+	}
+
+	req, err := http.NewRequestWithContext(ctx, http.MethodPost, s.resendAPIBaseURL+"/emails", bytes.NewReader(bodyBytes))
+	if err != nil {
+		return fmt.Errorf("build resend request: %w", err)
+	}
+	req.Header.Set("Authorization", "Bearer "+config.APIKey)
+	req.Header.Set("Content-Type", "application/json")
+
+	resp, err := s.httpClient.Do(req)
+	if err != nil {
+		return fmt.Errorf("resend request failed: %w", err)
+	}
+	defer func() { _ = resp.Body.Close() }()
+
+	if resp.StatusCode < 200 || resp.StatusCode >= 300 {
+		return fmt.Errorf("resend send failed: %s", readEmailAPIError(resp))
+	}
+	return nil
+}
+
 // sendMailTLS 使用TLS发送邮件
 func (s *EmailService) sendMailTLS(addr string, auth smtp.Auth, from, to string, msg []byte, host string) error {
 	tlsConfig := &tls.Config{
@@ -218,6 +325,30 @@ func (s *EmailService) sendMailTLS(addr string, auth smtp.Auth, from, to string,
 	return nil
 }
 
+func formatEmailSender(name, email string) string {
+	email = strings.TrimSpace(email)
+	name = strings.TrimSpace(name)
+	if name == "" {
+		return email
+	}
+	return fmt.Sprintf("%s <%s>", name, email)
+}
+
+func readEmailAPIError(resp *http.Response) string {
+	if resp == nil {
+		return "empty response"
+	}
+	body, err := io.ReadAll(io.LimitReader(resp.Body, 8192))
+	if err != nil {
+		return resp.Status
+	}
+	trimmed := strings.TrimSpace(string(body))
+	if trimmed == "" {
+		return resp.Status
+	}
+	return fmt.Sprintf("%s - %s", resp.Status, trimmed)
+}
+
 // GenerateVerifyCode 生成6位数字验证码
 func (s *EmailService) GenerateVerifyCode() (string, error) {
 	const digits = "0123456789"
@@ -386,6 +517,29 @@ func (s *EmailService) TestSMTPConnectionWithConfig(config *SMTPConfig) error {
 	return client.Quit()
 }
 
+func (s *EmailService) TestResendConnectionWithConfig(ctx context.Context, config *ResendConfig) error {
+	if config == nil || strings.TrimSpace(config.APIKey) == "" {
+		return ErrEmailNotConfigured
+	}
+
+	req, err := http.NewRequestWithContext(ctx, http.MethodGet, s.resendAPIBaseURL+"/domains", nil)
+	if err != nil {
+		return fmt.Errorf("build resend request: %w", err)
+	}
+	req.Header.Set("Authorization", "Bearer "+config.APIKey)
+
+	resp, err := s.httpClient.Do(req)
+	if err != nil {
+		return fmt.Errorf("resend request failed: %w", err)
+	}
+	defer func() { _ = resp.Body.Close() }()
+
+	if resp.StatusCode < 200 || resp.StatusCode >= 300 {
+		return fmt.Errorf("resend connection failed: %s", readEmailAPIError(resp))
+	}
+	return nil
+}
+
 // GeneratePasswordResetToken generates a secure 32-byte random token (64 hex characters)
 func (s *EmailService) GeneratePasswordResetToken() (string, error) {
 	bytes := make([]byte, 32)

backend/internal/service/email_service_resend_test.go

@@ -0,0 +1,153 @@
+//go:build unit
+
+package service
+
+import (
+	"context"
+	"encoding/json"
+	"net/http"
+	"net/http/httptest"
+	"testing"
+
+	"github.com/stretchr/testify/require"
+)
+
+type emailServiceRepoStub struct {
+	settings map[string]string
+}
+
+func (s *emailServiceRepoStub) Get(ctx context.Context, key string) (*Setting, error) {
+	panic("unexpected Get call")
+}
+
+func (s *emailServiceRepoStub) GetValue(ctx context.Context, key string) (string, error) {
+	if value, ok := s.settings[key]; ok {
+		return value, nil
+	}
+	return "", ErrSettingNotFound
+}
+
+func (s *emailServiceRepoStub) Set(ctx context.Context, key, value string) error {
+	panic("unexpected Set call")
+}
+
+func (s *emailServiceRepoStub) GetMultiple(ctx context.Context, keys []string) (map[string]string, error) {
+	values := make(map[string]string, len(keys))
+	for _, key := range keys {
+		if value, ok := s.settings[key]; ok {
+			values[key] = value
+		}
+	}
+	return values, nil
+}
+
+func (s *emailServiceRepoStub) SetMultiple(ctx context.Context, settings map[string]string) error {
+	panic("unexpected SetMultiple call")
+}
+
+func (s *emailServiceRepoStub) GetAll(ctx context.Context) (map[string]string, error) {
+	panic("unexpected GetAll call")
+}
+
+func (s *emailServiceRepoStub) Delete(ctx context.Context, key string) error {
+	panic("unexpected Delete call")
+}
+
+func TestEmailService_SendEmail_UsesResendProvider(t *testing.T) {
+	type resendPayload struct {
+		From    string   `json:"from"`
+		To      []string `json:"to"`
+		Subject string   `json:"subject"`
+		HTML    string   `json:"html"`
+	}
+
+	var (
+		gotMethod  string
+		gotPath    string
+		gotAuth    string
+		gotPayload resendPayload
+	)
+
+	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		gotMethod = r.Method
+		gotPath = r.URL.Path
+		gotAuth = r.Header.Get("Authorization")
+
+		require.NoError(t, json.NewDecoder(r.Body).Decode(&gotPayload))
+		w.WriteHeader(http.StatusAccepted)
+	}))
+	defer server.Close()
+
+	repo := &emailServiceRepoStub{
+		settings: map[string]string{
+			SettingKeyEmailProvider:  EmailProviderResend,
+			SettingKeyResendAPIKey:   "re_test_key",
+			SettingKeyResendFrom:     "noreply@example.com",
+			SettingKeyResendFromName: "XAPI",
+		},
+	}
+
+	svc := NewEmailService(repo, nil)
+	svc.httpClient = server.Client()
+	svc.resendAPIBaseURL = server.URL
+
+	err := svc.SendEmail(context.Background(), "user@example.com", "Hello", "<p>World</p>")
+	require.NoError(t, err)
+	require.Equal(t, http.MethodPost, gotMethod)
+	require.Equal(t, "/emails", gotPath)
+	require.Equal(t, "Bearer re_test_key", gotAuth)
+	require.Equal(t, "XAPI <noreply@example.com>", gotPayload.From)
+	require.Equal(t, []string{"user@example.com"}, gotPayload.To)
+	require.Equal(t, "Hello", gotPayload.Subject)
+	require.Equal(t, "<p>World</p>", gotPayload.HTML)
+}
+
+func TestEmailService_TestResendConnectionWithConfig(t *testing.T) {
+	var (
+		gotMethod string
+		gotPath   string
+		gotAuth   string
+	)
+
+	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		gotMethod = r.Method
+		gotPath = r.URL.Path
+		gotAuth = r.Header.Get("Authorization")
+		w.WriteHeader(http.StatusOK)
+	}))
+	defer server.Close()
+
+	svc := NewEmailService(&emailServiceRepoStub{}, nil)
+	svc.httpClient = server.Client()
+	svc.resendAPIBaseURL = server.URL
+
+	err := svc.TestResendConnectionWithConfig(context.Background(), &ResendConfig{
+		APIKey: "re_test_key",
+	})
+	require.NoError(t, err)
+	require.Equal(t, http.MethodGet, gotMethod)
+	require.Equal(t, "/domains", gotPath)
+	require.Equal(t, "Bearer re_test_key", gotAuth)
+}
+
+func TestEmailService_SendEmailWithResendConfig_ReportsAPIError(t *testing.T) {
+	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		w.WriteHeader(http.StatusBadRequest)
+		_, _ = w.Write([]byte(`{"message":"invalid from address"}`))
+	}))
+	defer server.Close()
+
+	svc := NewEmailService(&emailServiceRepoStub{}, nil)
+	svc.httpClient = server.Client()
+	svc.resendAPIBaseURL = server.URL
+
+	err := svc.SendEmailWithResendConfig(context.Background(), &ResendConfig{
+		APIKey:   "re_test_key",
+		From:     "noreply@example.com",
+		FromName: "XAPI",
+	}, "user@example.com", "Hello", "<p>World</p>")
+
+	require.Error(t, err)
+	require.ErrorContains(t, err, "400 Bad Request")
+	require.ErrorContains(t, err, "invalid from address")
+}

backend/internal/service/setting_service.go

@@ -398,6 +398,9 @@ func (s *SettingService) UpdateSettings(ctx context.Context, settings *SystemSet
 		normalizedWhitelist = []string{}
 	}
 	settings.RegistrationEmailSuffixWhitelist = normalizedWhitelist
+	if settings.EmailProvider == "" {
+		settings.EmailProvider = EmailProviderSMTP
+	}
 
 	updates := make(map[string]string)
 
@@ -420,11 +423,17 @@ func (s *SettingService) UpdateSettings(ctx context.Context, settings *SystemSet
 	updates[SettingKeySMTPPort] = strconv.Itoa(settings.SMTPPort)
 	updates[SettingKeySMTPUsername] = settings.SMTPUsername
 	if settings.SMTPPassword != "" {
-		updates[SettingKeySMTPPassword] = settings.SMTPPassword
+	updates[SettingKeySMTPPassword] = settings.SMTPPassword
 	}
 	updates[SettingKeySMTPFrom] = settings.SMTPFrom
 	updates[SettingKeySMTPFromName] = settings.SMTPFromName
 	updates[SettingKeySMTPUseTLS] = strconv.FormatBool(settings.SMTPUseTLS)
+	updates[SettingKeyEmailProvider] = settings.EmailProvider
+	if settings.ResendAPIKey != "" {
+		updates[SettingKeyResendAPIKey] = settings.ResendAPIKey
+	}
+	updates[SettingKeyResendFrom] = settings.ResendFrom
+	updates[SettingKeyResendFromName] = settings.ResendFromName
 
 	// Cloudflare Turnstile 设置（只有非空才更新密钥）
 	updates[SettingKeyTurnstileEnabled] = strconv.FormatBool(settings.TurnstileEnabled)
@@ -745,6 +754,10 @@ func (s *SettingService) InitializeDefaultSettings(ctx context.Context) error {
 		SettingKeyDefaultSubscriptions:             "[]",
 		SettingKeySMTPPort:                         "587",
 		SettingKeySMTPUseTLS:                       "false",
+		SettingKeyEmailProvider:                   EmailProviderSMTP,
+		SettingKeyResendAPIKey:                    "",
+		SettingKeyResendFrom:                      "",
+		SettingKeyResendFromName:                  "",
 		// Model fallback defaults
 		SettingKeyEnableModelFallback:      "false",
 		SettingKeyFallbackModelAnthropic:   "claude-3-5-sonnet-20241022",
@@ -790,6 +803,10 @@ func (s *SettingService) parseSettings(settings map[string]string) *SystemSettin
 		SMTPFromName:                     settings[SettingKeySMTPFromName],
 		SMTPUseTLS:                       settings[SettingKeySMTPUseTLS] == "true",
 		SMTPPasswordConfigured:           settings[SettingKeySMTPPassword] != "",
+		EmailProvider:                    s.getStringOrDefault(settings, SettingKeyEmailProvider, EmailProviderSMTP),
+		ResendFrom:                       settings[SettingKeyResendFrom],
+		ResendFromName:                   settings[SettingKeyResendFromName],
+		ResendAPIKeyConfigured:           settings[SettingKeyResendAPIKey] != "",
 		TurnstileEnabled:                 settings[SettingKeyTurnstileEnabled] == "true",
 		TurnstileSiteKey:                 settings[SettingKeyTurnstileSiteKey],
 		TurnstileSecretKeyConfigured:     settings[SettingKeyTurnstileSecretKey] != "",
@@ -831,7 +848,11 @@ func (s *SettingService) parseSettings(settings map[string]string) *SystemSettin
 
 	// 敏感信息直接返回，方便测试连接时使用
 	result.SMTPPassword = settings[SettingKeySMTPPassword]
+	result.ResendAPIKey = settings[SettingKeyResendAPIKey]
 	result.TurnstileSecretKey = settings[SettingKeyTurnstileSecretKey]
+	if result.EmailProvider != EmailProviderSMTP && result.EmailProvider != EmailProviderResend {
+		result.EmailProvider = EmailProviderSMTP
+	}
 
 	// LinuxDo Connect 设置：
 	// - 兼容 config.yaml/env（避免老部署因为未迁移到数据库设置而被意外关闭）

backend/internal/service/setting_service_update_test.go

@@ -194,6 +194,41 @@ func TestSettingService_UpdateSettings_RegistrationEmailSuffixWhitelist_Invalid(
 	require.Equal(t, "INVALID_REGISTRATION_EMAIL_SUFFIX_WHITELIST", infraerrors.Reason(err))
 }
 
+func TestSettingService_UpdateSettings_PersistsResendSettings(t *testing.T) {
+	repo := &settingUpdateRepoStub{}
+	svc := NewSettingService(repo, &config.Config{})
+
+	err := svc.UpdateSettings(context.Background(), &SystemSettings{
+		EmailProvider: EmailProviderResend,
+		ResendAPIKey:  "re_test_key",
+		ResendFrom:    "noreply@example.com",
+		ResendFromName: "XAPI",
+	})
+
+	require.NoError(t, err)
+	require.Equal(t, EmailProviderResend, repo.updates[SettingKeyEmailProvider])
+	require.Equal(t, "re_test_key", repo.updates[SettingKeyResendAPIKey])
+	require.Equal(t, "noreply@example.com", repo.updates[SettingKeyResendFrom])
+	require.Equal(t, "XAPI", repo.updates[SettingKeyResendFromName])
+}
+
+func TestSettingService_ParseSettings_ExposesResendState(t *testing.T) {
+	svc := NewSettingService(&settingUpdateRepoStub{}, &config.Config{})
+
+	settings := svc.parseSettings(map[string]string{
+		SettingKeyEmailProvider: EmailProviderResend,
+		SettingKeyResendAPIKey:  "re_test_key",
+		SettingKeyResendFrom:    "noreply@example.com",
+		SettingKeyResendFromName: "XAPI",
+	})
+
+	require.Equal(t, EmailProviderResend, settings.EmailProvider)
+	require.True(t, settings.ResendAPIKeyConfigured)
+	require.Equal(t, "re_test_key", settings.ResendAPIKey)
+	require.Equal(t, "noreply@example.com", settings.ResendFrom)
+	require.Equal(t, "XAPI", settings.ResendFromName)
+}
+
 func TestParseDefaultSubscriptions_NormalizesValues(t *testing.T) {
 	got := parseDefaultSubscriptions(`[{"group_id":11,"validity_days":30},{"group_id":11,"validity_days":60},{"group_id":0,"validity_days":10},{"group_id":12,"validity_days":99999}]`)
 	require.Equal(t, []DefaultSubscriptionSetting{

backend/internal/service/settings_view.go

@@ -18,6 +18,11 @@ type SystemSettings struct {
 	SMTPFrom               string
 	SMTPFromName           string
 	SMTPUseTLS             bool
+	EmailProvider          string
+	ResendAPIKey           string
+	ResendAPIKeyConfigured bool
+	ResendFrom             string
+	ResendFromName         string
 
 	TurnstileEnabled             bool
 	TurnstileSiteKey             string

frontend/src/api/admin/settings.ts

@@ -51,6 +51,10 @@ export interface SystemSettings {
   smtp_from_email: string
   smtp_from_name: string
   smtp_use_tls: boolean
+  email_provider: 'smtp' | 'resend' | string
+  resend_api_key_configured: boolean
+  resend_from_email: string
+  resend_from_name: string
   // Cloudflare Turnstile settings
   turnstile_enabled: boolean
   turnstile_site_key: string
@@ -119,6 +123,10 @@ export interface UpdateSettingsRequest {
   smtp_from_email?: string
   smtp_from_name?: string
   smtp_use_tls?: boolean
+  email_provider?: 'smtp' | 'resend' | string
+  resend_api_key?: string
+  resend_from_email?: string
+  resend_from_name?: string
   turnstile_enabled?: boolean
   turnstile_site_key?: string
   turnstile_secret_key?: string
@@ -172,6 +180,10 @@ export interface TestSmtpRequest {
   smtp_use_tls: boolean
 }
 
+export interface TestResendRequest {
+  resend_api_key: string
+}
+
 /**
  * Test SMTP connection with provided config
  * @param config - SMTP configuration to test
@@ -182,6 +194,11 @@ export async function testSmtpConnection(config: TestSmtpRequest): Promise<{ mes
   return data
 }
 
+export async function testResendConnection(config: TestResendRequest): Promise<{ message: string }> {
+  const { data } = await apiClient.post<{ message: string }>('/admin/settings/test-resend', config)
+  return data
+}
+
 /**
  * Send test email request
  */
@@ -196,6 +213,13 @@ export interface SendTestEmailRequest {
   smtp_use_tls: boolean
 }
 
+export interface SendResendTestEmailRequest {
+  email: string
+  resend_api_key: string
+  resend_from_email: string
+  resend_from_name: string
+}
+
 /**
  * Send test email with provided SMTP config
  * @param request - Email address and SMTP config
@@ -209,6 +233,16 @@ export async function sendTestEmail(request: SendTestEmailRequest): Promise<{ me
   return data
 }
 
+export async function sendResendTestEmail(
+  request: SendResendTestEmailRequest
+): Promise<{ message: string }> {
+  const { data } = await apiClient.post<{ message: string }>(
+    '/admin/settings/send-test-email-resend',
+    request
+  )
+  return data
+}
+
 /**
  * Admin API Key status response
  */
@@ -524,7 +558,9 @@ export const settingsAPI = {
   getSettings,
   updateSettings,
   testSmtpConnection,
+  testResendConnection,
   sendTestEmail,
+  sendResendTestEmail,
   getAdminApiKey,
   regenerateAdminApiKey,
   deleteAdminApiKey,

frontend/src/i18n/locales/en.ts

@@ -4245,9 +4245,33 @@ export default {
         useTls: 'Use TLS',
         useTlsHint: 'Enable TLS encryption for SMTP connection'
       },
+      resend: {
+        title: 'Resend API Settings',
+        description: 'Configure Resend API delivery for environments where SMTP ports are blocked',
+        testConnection: 'Test API Connection',
+        testing: 'Testing...',
+        provider: 'Active Email Provider',
+        providerHint: 'System emails such as verification codes and password reset links use the selected provider',
+        providerSmtp: 'SMTP',
+        providerResend: 'Resend API',
+        apiKey: 'Resend API Key',
+        apiKeyPlaceholder: 're_...',
+        apiKeyHint: 'Leave empty to keep the existing API key',
+        apiKeyConfiguredPlaceholder: 're_********************************',
+        apiKeyConfiguredHint: 'API key configured. Leave empty to keep the current value.',
+        fromEmail: 'Resend From Email',
+        fromEmailPlaceholder: "noreply{'@'}your-domain.com",
+        fromName: 'Resend From Name',
+        fromNamePlaceholder: 'Sub2API',
+        connectionSuccess: 'Resend API connection successful',
+        connectionFailed: 'Resend API connection test failed',
+        testEmailSent: 'Resend test email sent successfully',
+        testEmailFailed: 'Failed to send Resend test email'
+      },
       testEmail: {
         title: 'Send Test Email',
         description: 'Send a test email to verify your SMTP configuration',
+        descriptionResend: 'Send a test email using the currently selected Resend API configuration',
         recipientEmail: 'Recipient Email',
         recipientEmailPlaceholder: "test{'@'}example.com",
         sendTestEmail: 'Send Test Email',

frontend/src/i18n/locales/zh.ts

@@ -4410,9 +4410,33 @@ export default {
         useTls: '使用 TLS',
         useTlsHint: '为 SMTP 连接启用 TLS 加密'
       },
+      resend: {
+        title: 'Resend API 设置',
+        description: '为 SMTP 端口受限的环境配置 Resend API 发信',
+        testConnection: '测试 API 连接',
+        testing: '测试中...',
+        provider: '当前邮件提供商',
+        providerHint: '验证码、重置密码等系统邮件会使用这里选择的提供商发送',
+        providerSmtp: 'SMTP',
+        providerResend: 'Resend API',
+        apiKey: 'Resend API Key',
+        apiKeyPlaceholder: 're_...',
+        apiKeyHint: '留空则保留当前 API Key',
+        apiKeyConfiguredPlaceholder: 're_********************************',
+        apiKeyConfiguredHint: 'API Key 已配置，留空则保留当前值。',
+        fromEmail: 'Resend 发件邮箱',
+        fromEmailPlaceholder: "noreply{'@'}your-domain.com",
+        fromName: 'Resend 发件人名称',
+        fromNamePlaceholder: 'Sub2API',
+        connectionSuccess: 'Resend API 连接成功',
+        connectionFailed: 'Resend API 连接测试失败',
+        testEmailSent: 'Resend 测试邮件发送成功',
+        testEmailFailed: 'Resend 测试邮件发送失败'
+      },
       testEmail: {
         title: '发送测试邮件',
         description: '发送测试邮件以验证 SMTP 配置',
+        descriptionResend: '使用当前选择的 Resend API 配置发送测试邮件',
         recipientEmail: '收件人邮箱',
         recipientEmailPlaceholder: "test{'@'}example.com",
         sendTestEmail: '发送测试邮件',

frontend/src/router/__tests__/routes.spec.ts

@@ -0,0 +1,69 @@
+import { beforeEach, describe, expect, it, vi } from 'vitest'
+import { createPinia, setActivePinia } from 'pinia'
+
+const mockAuthStore = {
+  isAuthenticated: false,
+  isAdmin: false,
+  isSimpleMode: false,
+  checkAuth: vi.fn()
+}
+
+const mockAppStore = {
+  siteName: 'Test Site',
+  backendModeEnabled: false,
+  cachedPublicSettings: null
+}
+
+const mockAdminSettingsStore = {
+  customMenuItems: []
+}
+
+vi.mock('@/composables/useNavigationLoading', () => ({
+  useNavigationLoadingState: () => ({
+    startNavigation: vi.fn(),
+    endNavigation: vi.fn(),
+    isLoading: { value: false }
+  })
+}))
+
+vi.mock('@/composables/useRoutePrefetch', () => ({
+  useRoutePrefetch: () => ({
+    triggerPrefetch: vi.fn(),
+    cancelPendingPrefetch: vi.fn(),
+    resetPrefetchState: vi.fn()
+  })
+}))
+
+vi.mock('@/stores/auth', () => ({
+  useAuthStore: () => mockAuthStore
+}))
+
+vi.mock('@/stores/app', () => ({
+  useAppStore: () => mockAppStore
+}))
+
+vi.mock('@/stores/adminSettings', () => ({
+  useAdminSettingsStore: () => mockAdminSettingsStore
+}))
+
+describe('router routes', () => {
+  beforeEach(() => {
+    setActivePinia(createPinia())
+    mockAuthStore.isAuthenticated = false
+    mockAuthStore.isAdmin = false
+    mockAuthStore.isSimpleMode = false
+    mockAuthStore.checkAuth.mockClear()
+    mockAppStore.siteName = 'Test Site'
+    mockAppStore.backendModeEnabled = false
+    mockAppStore.cachedPublicSettings = null
+    mockAdminSettingsStore.customMenuItems = []
+    vi.resetModules()
+  })
+
+  it('redirects / to /login', async () => {
+    const { default: router } = await import('../index')
+    const rootRoute = router.options.routes.find((route) => route.path === '/')
+
+    expect(rootRoute?.redirect).toBe('/login')
+  })
+})

frontend/src/router/index.ts

@@ -115,7 +115,7 @@ const routes: RouteRecordRaw[] = [
   // ==================== User Routes ====================
   {
     path: '/',
-    redirect: '/home'
+    redirect: '/login'
   },
   {
     path: '/dashboard',

frontend/src/views/admin/SettingsView.vue

@@ -1706,6 +1706,109 @@
           </div>
         </div>
 
+        <div v-if="form.email_verify_enabled" class="card">
+          <div
+            class="flex items-center justify-between border-b border-gray-100 px-6 py-4 dark:border-dark-700"
+          >
+            <div>
+              <h2 class="text-lg font-semibold text-gray-900 dark:text-white">
+                {{ t('admin.settings.resend.title') }}
+              </h2>
+              <p class="mt-1 text-sm text-gray-500 dark:text-gray-400">
+                {{ t('admin.settings.resend.description') }}
+              </p>
+            </div>
+            <button
+              type="button"
+              @click="testResendConnection"
+              :disabled="testingResend"
+              class="btn btn-secondary btn-sm"
+            >
+              <svg v-if="testingResend" class="h-4 w-4 animate-spin" fill="none" viewBox="0 0 24 24">
+                <circle
+                  class="opacity-25"
+                  cx="12"
+                  cy="12"
+                  r="10"
+                  stroke="currentColor"
+                  stroke-width="4"
+                ></circle>
+                <path
+                  class="opacity-75"
+                  fill="currentColor"
+                  d="M4 12a8 8 0 018-8V0C5.373 0 0 5.373 0 12h4zm2 5.291A7.962 7.962 0 014 12H0c0 3.042 1.135 5.824 3 7.938l3-2.647z"
+                ></path>
+              </svg>
+              {{
+                testingResend
+                  ? t('admin.settings.resend.testing')
+                  : t('admin.settings.resend.testConnection')
+              }}
+            </button>
+          </div>
+          <div class="space-y-6 p-6">
+            <div>
+              <label class="mb-2 block text-sm font-medium text-gray-700 dark:text-gray-300">
+                {{ t('admin.settings.resend.provider') }}
+              </label>
+              <select v-model="form.email_provider" class="input">
+                <option value="smtp">{{ t('admin.settings.resend.providerSmtp') }}</option>
+                <option value="resend">{{ t('admin.settings.resend.providerResend') }}</option>
+              </select>
+              <p class="mt-1.5 text-xs text-gray-500 dark:text-gray-400">
+                {{ t('admin.settings.resend.providerHint') }}
+              </p>
+            </div>
+
+            <div class="grid grid-cols-1 gap-6 md:grid-cols-2">
+              <div class="md:col-span-2">
+                <label class="mb-2 block text-sm font-medium text-gray-700 dark:text-gray-300">
+                  {{ t('admin.settings.resend.apiKey') }}
+                </label>
+                <input
+                  v-model="form.resend_api_key"
+                  type="password"
+                  class="input"
+                  :placeholder="
+                    form.resend_api_key_configured
+                      ? t('admin.settings.resend.apiKeyConfiguredPlaceholder')
+                      : t('admin.settings.resend.apiKeyPlaceholder')
+                  "
+                />
+                <p class="mt-1.5 text-xs text-gray-500 dark:text-gray-400">
+                  {{
+                    form.resend_api_key_configured
+                      ? t('admin.settings.resend.apiKeyConfiguredHint')
+                      : t('admin.settings.resend.apiKeyHint')
+                  }}
+                </p>
+              </div>
+              <div>
+                <label class="mb-2 block text-sm font-medium text-gray-700 dark:text-gray-300">
+                  {{ t('admin.settings.resend.fromEmail') }}
+                </label>
+                <input
+                  v-model="form.resend_from_email"
+                  type="email"
+                  class="input"
+                  :placeholder="t('admin.settings.resend.fromEmailPlaceholder')"
+                />
+              </div>
+              <div>
+                <label class="mb-2 block text-sm font-medium text-gray-700 dark:text-gray-300">
+                  {{ t('admin.settings.resend.fromName') }}
+                </label>
+                <input
+                  v-model="form.resend_from_name"
+                  type="text"
+                  class="input"
+                  :placeholder="t('admin.settings.resend.fromNamePlaceholder')"
+                />
+              </div>
+            </div>
+          </div>
+        </div>
+
         <!-- Send Test Email - Only show when email verification is enabled -->
         <div v-if="form.email_verify_enabled" class="card">
           <div class="border-b border-gray-100 px-6 py-4 dark:border-dark-700">
@@ -1713,7 +1816,11 @@
               {{ t('admin.settings.testEmail.title') }}
             </h2>
             <p class="mt-1 text-sm text-gray-500 dark:text-gray-400">
-              {{ t('admin.settings.testEmail.description') }}
+              {{
+                form.email_provider === 'resend'
+                  ? t('admin.settings.testEmail.descriptionResend')
+                  : t('admin.settings.testEmail.description')
+              }}
             </p>
           </div>
           <div class="p-6">
@@ -1851,6 +1958,7 @@ const { copyToClipboard } = useClipboard()
 const loading = ref(true)
 const saving = ref(false)
 const testingSmtp = ref(false)
+const testingResend = ref(false)
 const sendingTestEmail = ref(false)
 const testEmailAddress = ref('')
 const registrationEmailSuffixWhitelistTags = ref<string[]>([])
@@ -1916,6 +2024,7 @@ interface DefaultSubscriptionGroupOption {
 
 type SettingsForm = SystemSettings & {
   smtp_password: string
+  resend_api_key: string
   turnstile_secret_key: string
   linuxdo_connect_client_secret: string
 }
@@ -1954,6 +2063,11 @@ const form = reactive<SettingsForm>({
   smtp_from_email: '',
   smtp_from_name: '',
   smtp_use_tls: true,
+  email_provider: 'smtp',
+  resend_api_key: '',
+  resend_api_key_configured: false,
+  resend_from_email: '',
+  resend_from_name: '',
   // Cloudflare Turnstile
   turnstile_enabled: false,
   turnstile_site_key: '',
@@ -2133,6 +2247,7 @@ async function loadSettings() {
     )
     registrationEmailSuffixWhitelistDraft.value = ''
     form.smtp_password = ''
+    form.resend_api_key = ''
     form.turnstile_secret_key = ''
     form.linuxdo_connect_client_secret = ''
   } catch (error: any) {
@@ -2232,6 +2347,10 @@ async function saveSettings() {
       smtp_from_email: form.smtp_from_email,
       smtp_from_name: form.smtp_from_name,
       smtp_use_tls: form.smtp_use_tls,
+      email_provider: form.email_provider,
+      resend_api_key: form.resend_api_key || undefined,
+      resend_from_email: form.resend_from_email,
+      resend_from_name: form.resend_from_name,
       turnstile_enabled: form.turnstile_enabled,
       turnstile_site_key: form.turnstile_site_key,
       turnstile_secret_key: form.turnstile_secret_key || undefined,
@@ -2257,6 +2376,7 @@ async function saveSettings() {
     )
     registrationEmailSuffixWhitelistDraft.value = ''
     form.smtp_password = ''
+    form.resend_api_key = ''
     form.turnstile_secret_key = ''
     form.linuxdo_connect_client_secret = ''
     // Refresh cached settings so sidebar/header update immediately
@@ -2293,6 +2413,22 @@ async function testSmtpConnection() {
   }
 }
 
+async function testResendConnection() {
+  testingResend.value = true
+  try {
+    const result = await adminAPI.settings.testResendConnection({
+      resend_api_key: form.resend_api_key
+    })
+    appStore.showSuccess(result.message || t('admin.settings.resend.connectionSuccess'))
+  } catch (error: any) {
+    appStore.showError(
+      t('admin.settings.resend.connectionFailed') + ': ' + (error.message || t('common.unknownError'))
+    )
+  } finally {
+    testingResend.value = false
+  }
+}
+
 async function sendTestEmail() {
   if (!testEmailAddress.value) {
     appStore.showError(t('admin.settings.testEmail.enterRecipientHint'))
@@ -2301,21 +2437,37 @@ async function sendTestEmail() {
 
   sendingTestEmail.value = true
   try {
-    const result = await adminAPI.settings.sendTestEmail({
-      email: testEmailAddress.value,
-      smtp_host: form.smtp_host,
-      smtp_port: form.smtp_port,
-      smtp_username: form.smtp_username,
-      smtp_password: form.smtp_password,
-      smtp_from_email: form.smtp_from_email,
-      smtp_from_name: form.smtp_from_name,
-      smtp_use_tls: form.smtp_use_tls
-    })
+    const result = form.email_provider === 'resend'
+      ? await adminAPI.settings.sendResendTestEmail({
+          email: testEmailAddress.value,
+          resend_api_key: form.resend_api_key,
+          resend_from_email: form.resend_from_email,
+          resend_from_name: form.resend_from_name
+        })
+      : await adminAPI.settings.sendTestEmail({
+          email: testEmailAddress.value,
+          smtp_host: form.smtp_host,
+          smtp_port: form.smtp_port,
+          smtp_username: form.smtp_username,
+          smtp_password: form.smtp_password,
+          smtp_from_email: form.smtp_from_email,
+          smtp_from_name: form.smtp_from_name,
+          smtp_use_tls: form.smtp_use_tls
+        })
     // API returns { message: "..." } on success, errors are thrown as exceptions
-    appStore.showSuccess(result.message || t('admin.settings.testEmailSent'))
+    appStore.showSuccess(
+      result.message ||
+        (form.email_provider === 'resend'
+          ? t('admin.settings.resend.testEmailSent')
+          : t('admin.settings.testEmailSent'))
+    )
   } catch (error: any) {
     appStore.showError(
-      t('admin.settings.failedToSendTestEmail') + ': ' + (error.message || t('common.unknownError'))
+      (form.email_provider === 'resend'
+        ? t('admin.settings.resend.testEmailFailed')
+        : t('admin.settings.failedToSendTestEmail')) +
+        ': ' +
+        (error.message || t('common.unknownError'))
     )
   } finally {
     sendingTestEmail.value = false