feat: Iteration 1 — 审计日志IP记录、文件上传、医护端API、小程序角色切换

Iteration 1 六项任务全部完成：

1. 审计日志IP记录 — task_local RequestInfo 自动注入 IP/user_agent
2. 文件上传服务 — multipart 上传 + ServeDir 静态文件服务
3. 医护端后端API — 医生工作台仪表盘 + 患者标签CRUD + 会话已读
4. 小程序角色切换 — 登录后根据角色跳转医护台/患者首页
5. 小程序安全加固 — secure-storage 开发模式警告
6. 讨论记录归档 — docs/discussions/

crates/erp-server/src/handlers/mod.rs

@@ -2,3 +2,4 @@ pub mod audit_log;
 pub mod crypto_admin;
 pub mod health;
 pub mod openapi;
+pub mod upload;

crates/erp-server/src/handlers/upload.rs

@@ -0,0 +1,148 @@
+use axum::Extension;
+use axum::extract::{FromRef, Multipart, State};
+use axum::response::Json;
+use erp_core::error::AppError;
+use erp_core::types::{ApiResponse, TenantContext};
+use serde::Serialize;
+use uuid::Uuid;
+
+use crate::state::AppState;
+
+#[derive(Debug, Serialize, utoipa::ToSchema)]
+pub struct UploadResp {
+    pub url: String,
+    pub filename: String,
+    pub size: u64,
+    pub content_type: String,
+}
+
+/// 上传单个文件。
+///
+/// 接受 multipart/form-data，将文件保存到本地目录，
+/// 返回可通过 `/uploads/` 前缀访问的 URL。
+#[utoipa::path(
+    post,
+    path = "/upload",
+    request_body(content_type = "multipart/form-data"),
+    responses(
+        (status = 200, description = "上传成功", body = ApiResponse<UploadResp>),
+        (status = 413, description = "文件过大"),
+        (status = 400, description = "无文件或不支持的类型"),
+    ),
+    tag = "文件上传",
+)]
+pub async fn upload_file<S>(
+    State(state): State<AppState>,
+    Extension(ctx): Extension<TenantContext>,
+    mut multipart: Multipart,
+) -> Result<Json<ApiResponse<UploadResp>>, AppError>
+where
+    AppState: FromRef<S>,
+    S: Clone + Send + Sync + 'static,
+{
+    let max_size = state.config.storage.max_file_size_bytes();
+    let upload_dir = &state.config.storage.upload_dir;
+
+    // 确保上传目录存在
+    let base_dir = std::path::Path::new(upload_dir);
+    let tenant_dir = base_dir.join(ctx.tenant_id.to_string());
+    tokio::fs::create_dir_all(&tenant_dir).await.map_err(|e| {
+        AppError::Internal(format!("创建上传目录失败: {}", e))
+    })?;
+
+    // 读取第一个 field 作为上传文件
+    let field = multipart
+        .next_field()
+        .await
+        .map_err(|e| AppError::Validation(format!("读取上传数据失败: {}", e)))?
+        .ok_or_else(|| AppError::Validation("未找到上传文件".to_string()))?;
+
+    let content_type = field
+        .content_type()
+        .unwrap_or("application/octet-stream")
+        .to_string();
+
+    // 验证文件类型
+    validate_content_type(&content_type)?;
+
+    let original_name = field
+        .name()
+        .unwrap_or("file")
+        .to_string();
+
+    let data = field
+        .bytes()
+        .await
+        .map_err(|e| AppError::Validation(format!("读取文件数据失败: {}", e)))?;
+
+    if data.len() as u64 > max_size {
+        return Err(AppError::Validation(format!(
+            "文件大小超过限制（最大 {}）",
+            format_size(max_size)
+        )));
+    }
+
+    // 生成唯一文件名，保留原始扩展名
+    let ext = std::path::Path::new(&original_name)
+        .extension()
+        .and_then(|e| e.to_str())
+        .unwrap_or("bin");
+    let file_id = Uuid::now_v7();
+    let filename = format!("{}.{}", file_id, ext);
+
+    let file_path = tenant_dir.join(&filename);
+    let data_vec: Vec<u8> = data.to_vec();
+    tokio::fs::write(&file_path, &data_vec)
+        .await
+        .map_err(|e| AppError::Internal(format!("写入文件失败: {}", e)))?;
+
+    let url = format!("/uploads/{}/{}", ctx.tenant_id, filename);
+
+    tracing::info!(
+        tenant_id = %ctx.tenant_id,
+        filename = %filename,
+        size = data_vec.len(),
+        content_type = %content_type,
+        "文件上传成功"
+    );
+
+    Ok(Json(ApiResponse::ok(UploadResp {
+        url,
+        filename: original_name,
+        size: data_vec.len() as u64,
+        content_type,
+    })))
+}
+
+/// 允许的文件类型
+fn validate_content_type(content_type: &str) -> Result<(), AppError> {
+    const ALLOWED: &[&str] = &[
+        "image/jpeg",
+        "image/png",
+        "image/gif",
+        "image/webp",
+        "application/pdf",
+        "application/msword",
+        "application/vnd.openxmlformats-officedocument.wordprocessingml.document",
+        "application/vnd.ms-excel",
+        "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet",
+    ];
+
+    if !ALLOWED.contains(&content_type) {
+        return Err(AppError::Validation(format!(
+            "不支持的文件类型: {}",
+            content_type
+        )));
+    }
+    Ok(())
+}
+
+fn format_size(bytes: u64) -> String {
+    if bytes >= 1024 * 1024 * 1024 {
+        format!("{}GB", bytes / (1024 * 1024 * 1024))
+    } else if bytes >= 1024 * 1024 {
+        format!("{}MB", bytes / (1024 * 1024))
+    } else {
+        format!("{}KB", bytes / 1024)
+    }
+}